refactoring regarding __START__,...

lib/core/common.py

@@ -61,7 +61,11 @@ from lib.core.settings import ORACLE_ALIASES
 from lib.core.settings import SQLITE_ALIASES
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import FIREBIRD_ALIASES
-
+from lib.core.settings import DUMP_NEWLINE_MARKER
+from lib.core.settings import DUMP_DEL_MARKER
+from lib.core.settings import DUMP_TAB_MARKER
+from lib.core.settings import DUMP_START_MARKER
+from lib.core.settings import DUMP_STOP_MARKER
 
 class UnicodeRawConfigParser(RawConfigParser):
     """
@@ -558,9 +562,20 @@ def replaceNewlineTabs(inpStr, stdout=False):
     if stdout:
         replacedString = inpStr.replace("\n", " ").replace("\t", " ")
     else:
-        replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
+        replacedString = inpStr.replace("\n", DUMP_NEWLINE_MARKER).replace("\t", DUMP_TAB_MARKER)
 
-    replacedString = replacedString.replace(kb.misc.delimiter, "__DEL__")
+    replacedString = replacedString.replace(kb.misc.delimiter, DUMP_DEL_MARKER)
+
+    return replacedString
+
+def restoreDumpMarkedChars(inpStr, onlyNewlineTab=False):
+    replacedString = inpStr
+
+    if isinstance(replacedString, basestring):
+        replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_TAB_MARKER, "\t")
+        if not onlyNewlineTab:
+            replacedString = replacedString.replace(DUMP_START_MARKER, "").replace(DUMP_STOP_MARKER, "")
+            replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ")
 
     return replacedString
 
@@ -838,13 +853,13 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
     data = []
 
     outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) )
-    outCond2 = ( output.startswith("__START__") and output.endswith("__STOP__") )
+    outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) )
 
     if outCond1 or outCond2:
         if outCond1:
             regExpr = '%s(.*?)%s' % (kb.misc.start, kb.misc.stop)
         elif outCond2:
-            regExpr = '__START__(.*?)__STOP__'
+            regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER)
 
         output = re.findall(regExpr, output, re.S)
 
@@ -855,7 +870,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
                         )
 
         if partial or not condition:
-            logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output])
+            logOutput = "".join(["%s%s%s" % (DUMP_START_MARKER, replaceNewlineTabs(value), DUMP_STOP_MARKER) for value in output])
             dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput))
 
         if sort:
@@ -864,8 +879,8 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
         for entry in output:
             info = []
 
-            if "__DEL__" in entry:
+            if DUMP_DEL_MARKER in entry:
-                entry = entry.split("__DEL__")
+                entry = entry.split(DUMP_DEL_MARKER)
             else:
                 entry = entry.split(kb.misc.delimiter)
 

lib/core/dump.py

@@ -14,6 +14,7 @@ import os
 from lib.core.common import dataToDumpFile
 from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
+from lib.core.common import restoreDumpMarkedChars
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -39,13 +40,8 @@ class Dump:
 
         conf.loggedToOut = True
 
-    def __formatString(self, string):
+    def __formatString(self, inpStr):
-        string = getUnicode(string)
+        return restoreDumpMarkedChars(getUnicode(inpStr))
-        string = string.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
-        string = string.replace("__START__", "").replace("__STOP__", "")
-        string = string.replace("__DEL__", ", ")
-
-        return string
 
     def setOutputFile(self):
         self.__outputFile = "%s%slog" % (conf.outputPath, os.sep)

lib/core/settings.py

@@ -33,7 +33,14 @@ LOGGER_HANDLER.setFormatter(FORMATTER)
 LOGGER.addHandler(LOGGER_HANDLER)
 LOGGER.setLevel(logging.WARN)
 
-# error based injection
+# dump markers
+DUMP_NEWLINE_MARKER = "__NEWLINE__"
+DUMP_DEL_MARKER     = "__DEL__"
+DUMP_TAB_MARKER     = "__TAB__"
+DUMP_START_MARKER   = "__START__"
+DUMP_STOP_MARKER    = "__STOP__"
+
+# error based injection markers
 ERROR_SPACE        = ":_:"
 ERROR_EMPTY_CHAR   = ":x:"
 ERROR_START_CHAR   = ":s:"

lib/core/xmldump.py

@@ -12,6 +12,7 @@ from xml.parsers.expat import ExpatError
 
 from extra.prettyprint import prettyprint
 from lib.core.common import getUnicode
+from lib.core.common import restoreDumpMarkedChars
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.exception import sqlmapFilePathException
@@ -137,12 +138,8 @@ class XMLDump:
             attr.nodeValue = getUnicode(attrValue)
         return attr
 
-    def __formatString(self, string):
+    def __formatString(self, inpStr):
-        string = getUnicode(string)
+        return restoreDumpMarkedChars(getUnicode(inpStr))
-        string = string.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
-        string = string.replace("__START__", "").replace("__STOP__", "")
-        string = string.replace("__DEL__", ", ")
-        return string
 
     def string(self, header, data, sort=True):
         '''

lib/request/inject.py

@@ -21,7 +21,6 @@ from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomInt
 from lib.core.common import readInput
-from lib.core.common import replaceNewlineTabs
 from lib.core.common import safeStringFormat
 from lib.core.convert import urlencode
 from lib.core.data import conf

lib/utils/resume.py

@@ -14,13 +14,16 @@ from lib.core.common import calculateDeltaSeconds
 from lib.core.common import dataToSessionFile
 from lib.core.common import safeStringFormat
 from lib.core.common import randomStr
-from lib.core.common import replaceNewlineTabs
+from lib.core.common import restoreDumpMarkedChars
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.unescaper import unescaper
 from lib.techniques.blind.inference import bisection
+from lib.core.settings import DUMP_START_MARKER
+from lib.core.settings import DUMP_STOP_MARKER
+from lib.core.settings import DUMP_DEL_MARKER
 
 def queryOutputLength(expression, payload):
     """
@@ -105,16 +108,16 @@ def resume(expression, payload):
         if not resumedValue:
             return None
 
-        resumedValue = resumedValue.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
+        resumedValue = restoreDumpMarkedChars(resumedValue, True)
 
         if resumedValue[-1] == "]":
             resumedValue = resumedValue[:-1]
 
             infoMsg  = "read from file '%s': " % conf.sessionFile
-            logValue = re.findall("__START__(.*?)__STOP__", resumedValue, re.S)
+            logValue = re.findall("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), resumedValue, re.S)
 
             if logValue:
-                logValue = ", ".join([value.replace("__DEL__", ", ") for value in logValue])
+                logValue = ", ".join([value.replace(DUMP_DEL_MARKER, ", ") for value in logValue])
             else:
                 logValue = resumedValue