few fixes and minor cosmetics

2025-04-07 02:34:16 +03:00 · 2011-07-08 06:02:31 +00:00 · 2011-07-08 06:02:31 +00:00 · c517e97a44
commit c517e97a44
parent aedcf8c8d7
13 changed files with 59 additions and 54 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -41,8 +41,8 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
-from lib.core.datatype import advancedDict
-from lib.core.datatype import injectionDict
+from lib.core.datatype import AttribDict
+from lib.core.datatype import InjectionDict
 from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import NULLCONNECTION
@ -68,7 +68,7 @@ from lib.techniques.union.use import configUnion
 def checkSqlInjection(place, parameter, value):
    # Store here the details about boundaries and payload used to
    # successfully inject
-    injection = injectionDict()
+    injection = InjectionDict()

    # Localized thread data needed for some methods
    threadData = getCurrentThreadData()
@ -452,7 +452,7 @@ def checkSqlInjection(place, parameter, value):
                        if vector is None and "vector" in test and test.vector is not None:
                            vector = "%s%s" % (test.vector, comment)

-                        injection.data[stype] = advancedDict()
+                        injection.data[stype] = AttribDict()
                        injection.data[stype].title = title
                        injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload)
                        injection.data[stype].where = where
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -21,7 +21,7 @@ from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
-from lib.core.datatype import advancedDict
+from lib.core.datatype import AttribDict
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1925,9 +1925,7 @@ def pushValue(value):
    Push value to the stack (thread dependent)
    """

-    # TODO: quick fix
-    #getCurrentThreadData().valueStack.append(copy.deepcopy(value))
-    getCurrentThreadData().valueStack.append(value)
+    getCurrentThreadData().valueStack.append(copy.deepcopy(value))

 def popValue():
    """
--- a/lib/core/data.py
+++ b/lib/core/data.py
@ -7,21 +7,21 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

-from lib.core.datatype import advancedDict
+from lib.core.datatype import AttribDict
 from lib.core.settings import LOGGER

 # sqlmap paths
-paths = advancedDict()
+paths = AttribDict()

 # object to store original command line options
-cmdLineOptions = advancedDict()
+cmdLineOptions = AttribDict()

 # object to share within function and classes command
 # line options and settings
-conf = advancedDict()
+conf = AttribDict()

 # object to share within function and classes results
-kb = advancedDict()
+kb = AttribDict()

 # object with each database management system specific queries
 queries = {}
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@ -7,9 +7,12 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import copy
+import types
+
 from lib.core.exception import sqlmapDataException

-class advancedDict(dict):
+class AttribDict(dict):
    """
    This class defines the sqlmap object, inheriting from Python data
    type dictionary.
@ -46,7 +49,7 @@ class advancedDict(dict):
        """

        # This test allows attributes to be set in the __init__ method
-        if not self.__dict__.has_key('_advancedDict__initialised'):
+        if not self.__dict__.has_key('_AttribDict__initialised'):
            return dict.__setattr__(self, item, value)

        # Any normal attributes are handled normally
@ -62,9 +65,20 @@ class advancedDict(dict):
    def __setstate__(self, dict):
        self.__dict__ = dict

-class injectionDict(advancedDict):
+    def __deepcopy__(self, memo):
+        retVal = self.__class__()
+        memo[id(self)] = retVal
+        for attr in dir(self):
+            if not attr.startswith('_'):
+                value = getattr(self, attr)
+                if not isinstance(value, (types.BuiltinFunctionType, types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
+                    setattr(retVal, attr, copy.deepcopy(value, memo))
+
+        return retVal
+
+class InjectionDict(AttribDict):
    def __init__(self):
-        advancedDict.__init__(self)
+        AttribDict.__init__(self)

        self.place = None
        self.parameter = None
@ -75,11 +89,11 @@ class injectionDict(advancedDict):

        # data is a dict with various stype, each which is a dict with
        # all the information specific for that stype
-        self.data = advancedDict()
+        self.data = AttribDict()

        # conf is a dict which stores current snapshot of important
        # options used during detection
-        self.conf = advancedDict()
+        self.conf = AttribDict()

        self.dbms = None
        self.dbms_version = None
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@ -7,7 +7,7 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

-from lib.core.datatype import advancedDict
+from lib.core.datatype import AttribDict

 _defaults =  {
               "timeSec":      5,
@ -25,4 +25,4 @@ _defaults =  {
               "tech":         "BEUST"
             }

-defaults = advancedDict(_defaults)
+defaults = AttribDict(_defaults)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -55,8 +55,8 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
-from lib.core.datatype import advancedDict
-from lib.core.datatype import injectionDict
+from lib.core.datatype import AttribDict
+from lib.core.datatype import InjectionDict
 from lib.core.defaults import defaults
 from lib.core.enums import DBMS
 from lib.core.enums import HTTPHEADER
@ -963,7 +963,7 @@ def __setPrefixSuffix():
    if conf.prefix is not None and conf.suffix is not None:
        # Create a custom boundary object for user's supplied prefix
        # and suffix
-        boundary = advancedDict()
+        boundary = AttribDict()

        boundary.level = 1
        boundary.clause = [ 0 ]
@ -1381,18 +1381,18 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.alwaysRefresh = None
    kb.arch = None
    kb.authHeader = None
-    kb.bannerFp = advancedDict()
+    kb.bannerFp = AttribDict()

-    kb.brute = advancedDict({'tables':[], 'columns':[]})
+    kb.brute = AttribDict({'tables':[], 'columns':[]})
    kb.bruteMode = False

-    kb.cache = advancedDict()
+    kb.cache = AttribDict()
    kb.cache.content = {}
    kb.cache.regex = {}
    kb.cache.stdev = {}

    kb.commonOutputs = None
-    kb.data = advancedDict()
+    kb.data = AttribDict()
    kb.dataOutputFlag = False

    # Active back-end DBMS fingerprint
@ -1415,10 +1415,10 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.hintValue = None
    kb.htmlFp = []
    kb.ignoreTimeout = False
-    kb.injection = injectionDict()
+    kb.injection = InjectionDict()
    kb.injections = []

-    kb.locks = advancedDict()
+    kb.locks = AttribDict()
    kb.locks.cacheLock = threading.Lock()
    kb.locks.logLock = threading.Lock()
    kb.locks.ioLock = threading.Lock()
@ -1459,7 +1459,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.uChar = "NULL"
    kb.xpCmdshellAvailable = False

-    kb.misc = advancedDict()
+    kb.misc = AttribDict()
    kb.misc.delimiter = randomStr(length=6, lowercase=True)
    kb.misc.start = ":%s:" % randomStr(length=3, lowercase=True)
    kb.misc.stop = ":%s:" % randomStr(length=3, lowercase=True)
@ -1795,7 +1795,7 @@ def __resolveCrossReferences():
    lib.core.threads.readInput = readInput
    lib.core.common.getPageTemplate = getPageTemplate

-def init(inputOptions=advancedDict(), overrideOptions=False):
+def init(inputOptions=AttribDict(), overrideOptions=False):
    """
    Set attributes into both configuration and knowledge base singletons
    based upon command line and configuration file options.
--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -20,7 +20,7 @@ from lib.core.convert import base64unpickle
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
-from lib.core.datatype import injectionDict
+from lib.core.datatype import InjectionDict
 from lib.core.enums import DBMS
 from lib.core.enums import OS
 from lib.core.enums import PAYLOAD
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@ -15,7 +15,7 @@ from thread import error as threadError

 from lib.core.data import kb
 from lib.core.data import logger
-from lib.core.datatype import advancedDict
+from lib.core.datatype import AttribDict
 from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapThreadException
@ -23,7 +23,7 @@ from lib.core.exception import sqlmapValueException
 from lib.core.settings import MAX_NUMBER_OF_THREADS
 from lib.core.settings import PYVERSION

-shared = advancedDict()
+shared = AttribDict()

 class _ThreadData(threading.local):
    """
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@ -8,10 +8,10 @@ See the file 'doc/COPYING' for copying permission
 """

 from lib.core.common import Backend
-from lib.core.datatype import advancedDict
+from lib.core.datatype import AttribDict
 from lib.core.settings import EXCLUDE_UNESCAPE

-class Unescaper(advancedDict):
+class Unescaper(AttribDict):
    def unescape(self, expression, quote=True, dbms=None):
        if expression is None:
            return expression
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@ -11,7 +11,7 @@ from xml.etree import ElementTree as et

 from lib.core.data import conf
 from lib.core.data import paths
-from lib.core.datatype import advancedDict
+from lib.core.datatype import AttribDict

 def cleanupVals(text, tag):
    if tag in ("clause", "where"):
@ -42,7 +42,7 @@ def cleanupVals(text, tag):

 def parseXmlNode(node):
    for element in node.getiterator('boundary'):
-        boundary = advancedDict()
+        boundary = AttribDict()

        for child in element.getchildren():
            if child.text:
@ -54,7 +54,7 @@ def parseXmlNode(node):
        conf.boundaries.append(boundary)

    for element in node.getiterator('test'):
-        test = advancedDict()
+        test = AttribDict()

        for child in element.getchildren():
            if child.text and child.text.strip():
@ -65,7 +65,7 @@ def parseXmlNode(node):
                    test[child.tag] = None
                    continue
                else:
-                    test[child.tag] = advancedDict()
+                    test[child.tag] = AttribDict()

                for gchild in child.getchildren():
                    if gchild.tag in test[child.tag]:
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -881,19 +881,11 @@ class Enumeration:
                query = safeStringFormat(query, conf.db)

            value = inject.getValue(query, blind=False)
-            value = filter(lambda x: x, value)
+            value = arrayizeValue(filter(lambda x: x, value))

            if not isNoneValue(value):
-                if Backend.isDbms(DBMS.SQLITE):
-                    if isinstance(value, basestring):
-                        value = [[ DBMS.SQLITE, value ]]
-                    elif isinstance(value, (list, tuple, set)):
-                        newValue = []
-
-                        for v in value:
-                            newValue.append([ DBMS.SQLITE, v])
-
-                        value = newValue
+                if len(value) > 0 and not isinstance(value[0], (list, tuple)):
+                    value = zip([conf.db for i in xrange(len(value))], value)

                for db, table in value:
                    db = safeSQLIdentificatorNaming(db)
--- a/xml/queries.xml
+++ b/xml/queries.xml
@ -48,7 +48,7 @@
            <blind query="SELECT DISTINCT(schema_name) FROM information_schema.SCHEMATA LIMIT %d,1" query2="SELECT DISTINCT(db) FROM mysql.db LIMIT %d,1" count="SELECT COUNT(DISTINCT(schema_name)) FROM information_schema.SCHEMATA" count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db"/>
        </dbs>
        <tables>
-            <inband query="SELECT table_schema,table_name FROM information_schema.TABLES" condition="table_schema"/>
+            <inband query="SELECT table_name FROM information_schema.TABLES" condition="table_schema"/>
            <blind query="SELECT table_name FROM information_schema.TABLES WHERE table_schema='%s' LIMIT %d,1" count="SELECT COUNT(table_name) FROM information_schema.TABLES WHERE table_schema='%s'"/>
        </tables>
        <columns>
@ -366,6 +366,7 @@
        <dbs/>
        <!--MSysObjects have no read permission by default-->
        <tables>
+            <inband query="SELECT Name FROM MSysObjects WHERE Type=1"/>
            <blind query="SELECT MIN(Name) FROM MSysObjects WHERE Type=1 AND Name>'%s'" count="SELECT COUNT(Name) FROM MSysObjects WHERE Type=1"/>
        </tables>
        <dump_table>
@ -465,7 +466,7 @@
        <tables>
            <inband query="SELECT tablename FROM domain.tables WHERE schemaname=%s AND type='TABLE'"/>
            <blind/>
-        </tables>
+        </tables> 
        <dbs>
            <inband query="SELECT DISTINCT(schemaname) FROM domain.tables"/>
            <blind/>