From bfce7210e6a3447bfa54234db180dc4186a0e00e Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Tue, 29 Jan 2013 15:34:20 +0000 Subject: [PATCH] improvements to the dump library to output to the API data fetched properly formatted (issue #297) --- lib/controller/action.py | 11 ++++----- lib/core/dump.py | 48 ++++++++++++++++++++++++++++++---------- 2 files changed, 42 insertions(+), 17 deletions(-) diff --git a/lib/controller/action.py b/lib/controller/action.py index 481bc825a..b258cb35d 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -12,6 +12,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths +from lib.core.enums import API_CONTENT_TYPE from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapUnsupportedDBMSException from lib.core.settings import SUPPORTED_DBMS @@ -77,7 +78,7 @@ def action(): if conf.getPasswordHashes: try: conf.dumper.userSettings("database management system users password hashes", - conf.dbmsHandler.getPasswordHashes(), "password hash") + conf.dbmsHandler.getPasswordHashes(), "password hash", API_CONTENT_TYPE.PASSWORDS) except SqlmapNoneDataException, ex: logger.critical(ex) except: @@ -86,7 +87,7 @@ def action(): if conf.getPrivileges: try: conf.dumper.userSettings("database management system users privileges", - conf.dbmsHandler.getPrivileges(), "privilege") + conf.dbmsHandler.getPrivileges(), "privilege", API_CONTENT_TYPE.PRIVILEGES) except SqlmapNoneDataException, ex: logger.critical(ex) except: @@ -95,7 +96,7 @@ def action(): if conf.getRoles: try: conf.dumper.userSettings("database management system users roles", - conf.dbmsHandler.getRoles(), "role") + conf.dbmsHandler.getRoles(), "role", API_CONTENT_TYPE.ROLES) except SqlmapNoneDataException, ex: logger.critical(ex) except: @@ -111,10 +112,10 @@ def action(): conf.dumper.dbTables(tableExists(paths.COMMON_TABLES)) if conf.getSchema: - conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema()) + conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), API_CONTENT_TYPE.SCHEMA) if conf.getColumns: - conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns()) + conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), API_CONTENT_TYPE.COLUMNS) if conf.getCount: conf.dumper.dbTablesCount(conf.dbmsHandler.getCount()) diff --git a/lib/core/dump.py b/lib/core/dump.py index f2e7c9318..1e0570870 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -85,8 +85,8 @@ class Dump(object): def getOutputFile(self): return self._outputFile - def singleString(self, data): - self._write(data) + def singleString(self, data, content_type=None): + self._write(data, content_type=content_type) def string(self, header, data, content_type=None, sort=True): kb.stickyLevel = None @@ -161,9 +161,6 @@ class Dump(object): def userSettings(self, header, userSettings, subHeader, content_type=None): self._areAdmins = set() - if userSettings: - self._write("%s:" % header) - if isinstance(userSettings, (tuple, list, set)): self._areAdmins = userSettings[1] userSettings = userSettings[0] @@ -171,6 +168,13 @@ class Dump(object): users = userSettings.keys() users.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x) + if hasattr(conf, "api"): + self._write(userSettings, content_type=content_type) + return + + if userSettings: + self._write("%s:" % header) + for user in users: settings = userSettings[user] @@ -196,8 +200,12 @@ class Dump(object): def dbs(self, dbs): self.lister("available databases", dbs, content_type=API_CONTENT_TYPE.DBS) - def dbTables(self, dbTables, content_type=API_CONTENT_TYPE.TABLES): + def dbTables(self, dbTables): if isinstance(dbTables, dict) and len(dbTables) > 0: + if hasattr(conf, "api"): + self._write(dbTables, content_type=API_CONTENT_TYPE.TABLES) + return + maxlength = 0 for tables in dbTables.values(): @@ -230,12 +238,16 @@ class Dump(object): self._write("+%s+\n" % lines) elif dbTables is None or len(dbTables) == 0: - self.singleString("No tables found") + self.singleString("No tables found", content_type=API_CONTENT_TYPE.TABLES) else: - self.string("tables", dbTables) + self.string("tables", dbTables, content_type=API_CONTENT_TYPE.TABLES) - def dbTableColumns(self, tableColumns, content_type=API_CONTENT_TYPE.COLUMNS): + def dbTableColumns(self, tableColumns, content_type=None): if isinstance(tableColumns, dict) and len(tableColumns) > 0: + if hasattr(conf, "api"): + self._write(tableColumns, content_type=content_type) + return + for db, tables in tableColumns.items(): if not db: db = "All" @@ -301,8 +313,12 @@ class Dump(object): else: self._write("+%s+\n" % lines1) - def dbTablesCount(self, dbTables, content_type=API_CONTENT_TYPE.COUNT): + def dbTablesCount(self, dbTables): if isinstance(dbTables, dict) and len(dbTables) > 0: + if hasattr(conf, "api"): + self._write(dbTables, content_type=API_CONTENT_TYPE.COUNT) + return + maxlength1 = len("Table") maxlength2 = len("Entries") @@ -343,7 +359,7 @@ class Dump(object): else: logger.error("unable to retrieve the number of entries for any table") - def dbTableValues(self, tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE): + def dbTableValues(self, tableValues): replication = None rtable = None dumpFP = None @@ -356,6 +372,10 @@ class Dump(object): db = "All" table = tableValues["__infos__"]["table"] + if hasattr(conf, "api"): + self._write(tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE) + return + if conf.dumpFormat == DUMP_FORMAT.SQLITE: replication = Replication("%s%s%s.sqlite3" % (conf.dumpPath, os.sep, unsafeSQLIdentificatorNaming(db))) elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML): @@ -549,7 +569,11 @@ class Dump(object): dumpFP.close() logger.info("table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName)) - def dbColumns(self, dbColumnsDict, colConsider, dbs, content_type=API_CONTENT_TYPE.COLUMNS): + def dbColumns(self, dbColumnsDict, colConsider, dbs): + if hasattr(conf, "api"): + self._write(dbColumnsDict, content_type=API_CONTENT_TYPE.COLUMNS) + return + for column in dbColumnsDict.keys(): if colConsider == "1": colConsiderStr = "s like '" + column + "' were"