From cc7c5e79505f41d76f2eeb8e118fef5953bbde99 Mon Sep 17 00:00:00 2001
From: Aridhi-Dhia-eddine <dhiadhia045@gmail.com>
Date: Fri, 12 Apr 2024 01:54:24 +0100
Subject: [PATCH] Rework:solve problem of saving result of --sql-query in CSV
 file

---
 lib/core/dump.py          | 37 +++++++++++++++++++++++++++++++++++++
 plugins/generic/custom.py |  4 +++-
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 42f713efd..d2f89e165 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -7,6 +7,9 @@ See the file 'LICENSE' for copying permission
 
 import hashlib
 import os
+
+import csv
+
 import re
 import shutil
 import tempfile
@@ -709,7 +712,41 @@ class Dump(object):
 
     def sqlQuery(self, query, queryRes):
         self.string(query, queryRes, content_type=CONTENT_TYPE.SQL_QUERY)
+        print ("mon output est ",queryRes)
 
+        #code to extract columns from the request
+        deb="SELECT"
+        fin="FROM"
+        temp1=(query.upper()).find(deb)
+        #print ("mon output est ",temp1)
+        temp2=(query.upper()).find(fin)
+        #print ("mon output est ",temp2)
+        T=len(deb)-temp1+1
+        temp_res=query[T:temp2]
+        temp_res=(temp_res.strip()).split(',')
+        print ("mon output est ",temp_res)
+        #******************************************
+        #dictionarie for every value in queryRes
+        dt_save=[]
+        for i in range (len(queryRes)):
+            s=queryRes[i]
+            d={}
+            for j in range(len(temp_res)):
+                d.update({temp_res[j]:s[j]})
+            dt_save.append(d)
+        print(dt_save)
+        #*******************************************
+        file_csv="data_save.csv"
+        if(len(queryRes)!=0):
+            with open(file_csv,mode='w',newline='') as file_csv:
+                writer=csv.DictWriter(file_csv,fieldnames=temp_res)
+                writer.writeheader()
+                for part in dt_save:
+                    writer.writerow(part)
+                print("data saved in csv format under "+"'"+os.path.realpath("data_save.csv")+"'")
+        else:
+            print("data don't exist to create CSV file")
+            
     def rFile(self, fileData):
         self.lister("files saved to", fileData, sort=False, content_type=CONTENT_TYPE.FILE_READ)
 
diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py
index dbfd589dc..6162c2ead 100644
--- a/plugins/generic/custom.py
+++ b/plugins/generic/custom.py
@@ -78,11 +78,13 @@ class Custom(object):
                 inject.goStacked(query)
 
                 output = NULL
-
+                
         except SqlmapNoneDataException as ex:
             logger.warning(ex)
+        
 
         return output
+    
 
     def sqlShell(self):
         infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()