mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 08:14:24 +03:00
some refactoring
This commit is contained in:
parent
bf6ea35145
commit
c461fdca54
|
@ -7,7 +7,7 @@ $ python ./safe2bin.py -i output.txt -o output.txt.bin
|
|||
|
||||
This will create an binary decoded file output.txt.bin. For example,
|
||||
if the content of output.txt is: "\ttest\t\x32\x33\x34\nnewline" it will
|
||||
be decoded to: " test 234
|
||||
be decoded to: " test 234
|
||||
newline"
|
||||
|
||||
If you skip the output file name, general rule is that the binary
|
||||
|
|
|
@ -11,6 +11,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import binascii
|
||||
import re
|
||||
import string
|
||||
import os
|
||||
import sys
|
||||
|
||||
|
@ -23,9 +24,33 @@ HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\x[0-9A-Fa-f]{2})"
|
|||
# Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n)
|
||||
SAFE_ENCODE_SLASH_REPLACEMENTS = "\\\t\n\r\x0b\x0c"
|
||||
|
||||
def safecharencode(value):
|
||||
"""
|
||||
Returns safe representation of a given basestring value
|
||||
|
||||
>>> safecharencode(u'test123')
|
||||
u'test123'
|
||||
>>> safecharencode(u'test\x01\x02\xff')
|
||||
u'test\\01\\02\\03\\ff'
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if isinstance(value, basestring):
|
||||
for char in SAFE_ENCODE_SLASH_REPLACEMENTS:
|
||||
retVal = retVal.replace(char, repr(char).strip('\''))
|
||||
|
||||
retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\\x%02x' % ord(y)), retVal, unicode())
|
||||
|
||||
elif isinstance(value, list):
|
||||
for i in xrange(len(value)):
|
||||
retVal[i] = safecharencode(value[i])
|
||||
|
||||
return retVal
|
||||
|
||||
def safechardecode(value):
|
||||
"""
|
||||
Decode safe(hex) encoded values
|
||||
Reverse function to safecharencode
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
|
|
@ -21,10 +21,10 @@ import string
|
|||
import struct
|
||||
import urllib
|
||||
|
||||
from extra.safe2bin.safe2bin import safecharencode
|
||||
from extra.safe2bin.safe2bin import safechardecode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import logger
|
||||
from lib.core.settings import HEX_ENCODED_CHAR_REGEX
|
||||
from lib.core.settings import SAFE_ENCODE_SLASH_REPLACEMENTS
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.core.settings import URLENCODE_CHAR_LIMIT
|
||||
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
|
||||
|
@ -136,52 +136,3 @@ def htmlunescape(value):
|
|||
retVal = value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(''', "'").replace(' ', ' ')
|
||||
retVal = re.sub('&#(\d+);', lambda x: unichr(int(x.group(1))), retVal)
|
||||
return retVal
|
||||
|
||||
def safecharencode(value):
|
||||
"""
|
||||
Returns safe representation of a given basestring value
|
||||
|
||||
>>> safecharencode(u'test123')
|
||||
u'test123'
|
||||
>>> safecharencode(u'test\x01\x02\xff')
|
||||
u'test\\01\\02\\03\\ff'
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if isinstance(value, basestring):
|
||||
for char in SAFE_ENCODE_SLASH_REPLACEMENTS:
|
||||
retVal = retVal.replace(char, repr(char).strip('\''))
|
||||
|
||||
retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\\x%02x' % ord(y)), retVal, unicode())
|
||||
|
||||
elif isinstance(value, list):
|
||||
for i in xrange(len(value)):
|
||||
retVal[i] = safecharencode(value[i])
|
||||
|
||||
return retVal
|
||||
|
||||
def safechardecode(value):
|
||||
"""
|
||||
Reverse function to safecharencode
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
if isinstance(value, basestring):
|
||||
regex = re.compile(HEX_ENCODED_CHAR_REGEX)
|
||||
|
||||
while True:
|
||||
match = regex.search(retVal)
|
||||
if match:
|
||||
retVal = retVal.replace(match.group("result"), binascii.unhexlify(match.group("result").lstrip('\\x')))
|
||||
else:
|
||||
break
|
||||
|
||||
for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]:
|
||||
retVal = retVal.replace(repr(char).strip('\''), char)
|
||||
|
||||
elif isinstance(value, (list, tuple)):
|
||||
for i in xrange(len(value)):
|
||||
retVal[i] = safechardecode(value[i])
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -304,9 +304,3 @@ MAX_INT = sys.maxint
|
|||
|
||||
# Parameters to be ignored in detection phase (upper case)
|
||||
IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
|
||||
|
||||
# Regex used for recognition of hex encoded characters
|
||||
HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\x[0-9A-Fa-f]{2})"
|
||||
|
||||
# Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n)
|
||||
SAFE_ENCODE_SLASH_REPLACEMENTS = "\\\t\n\r\x0b\x0c"
|
||||
|
|
Loading…
Reference in New Issue
Block a user