sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-22 10:54:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

code cleanup

Browse Source
This commit is contained in:
Bernardo Damele 2015-02-21 12:59:44 +00:00
parent 8be24d3e9b
commit d235ee375b
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/controller/checks.py
View File

@ -65,7 +65,6 @@ from lib.core.settings import FORMAT_EXCEPTION_STRINGS
from lib.core.settings import HEURISTIC_CHECK_ALPHABET from lib.core.settings import HEURISTIC_CHECK_ALPHABET
from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import SUPPORTED_DBMS
from lib.core.settings import UNKNOWN_DBMS
from lib.core.settings import URI_HTTP_HEADER from lib.core.settings import URI_HTTP_HEADER
from lib.core.settings import LOWER_RATIO_BOUND from lib.core.settings import LOWER_RATIO_BOUND
from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import UPPER_RATIO_BOUND
@ -125,8 +124,8 @@ def checkSqlInjection(place, parameter, value):
if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) \ if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) \
and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or \ and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or \
kb.heuristicDbms or injection.dbms): kb.heuristicDbms or injection.dbms):
msg = "do you want to include all tests for '%s' " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms) msg = "for the remaining tests, do you want to include all tests "
msg += "extending provided " msg += "for '%s' extending provided " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms)
msg += "level (%d)" % conf.level if conf.level < 5 else "" msg += "level (%d)" % conf.level if conf.level < 5 else ""
msg += " and " if conf.level < 5 and conf.risk < 3 else "" msg += " and " if conf.level < 5 and conf.risk < 3 else ""
msg += "risk (%d)" % conf.risk if conf.risk < 3 else "" msg += "risk (%d)" % conf.risk if conf.risk < 3 else ""
@ -436,6 +435,7 @@ def checkSqlInjection(place, parameter, value):
trueSet = set(extractTextTagContent(truePage)) trueSet = set(extractTextTagContent(truePage))
falseSet = set(extractTextTagContent(falsePage)) falseSet = set(extractTextTagContent(falsePage))
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage and _.strip() not in threadData.lastComparisonHeaders else None for _ in (trueSet - falseSet))) candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage and _.strip() not in threadData.lastComparisonHeaders else None for _ in (trueSet - falseSet)))
if candidates: if candidates:
conf.string = candidates[0] conf.string = candidates[0]
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'")) infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
@ -509,8 +509,8 @@ def checkSqlInjection(place, parameter, value):
Backend.forceDbms(kb.heuristicDbms) Backend.forceDbms(kb.heuristicDbms)
if unionExtended: if unionExtended:
infoMsg = "automatically extending ranges " infoMsg = "automatically extending ranges for UNION "
infoMsg += "for UNION query injection technique tests as " infoMsg += "query injection technique tests as "
infoMsg += "there is at least one other (potential) " infoMsg += "there is at least one other (potential) "
infoMsg += "technique found" infoMsg += "technique found"
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
@ -555,12 +555,15 @@ def checkSqlInjection(place, parameter, value):
for dKey, dValue in test.details.items(): for dKey, dValue in test.details.items():
if dKey == "dbms": if dKey == "dbms":
injection.dbms = dValue injection.dbms = dValue
if not isinstance(dValue, list): if not isinstance(dValue, list):
Backend.setDbms(dValue) Backend.setDbms(dValue)
else: else:
Backend.forceDbms(dValue[0], True) Backend.forceDbms(dValue[0], True)
elif dKey == "dbms_version" and injection.dbms_version is None and not conf.testFilter: elif dKey == "dbms_version" and injection.dbms_version is None and not conf.testFilter:
injection.dbms_version = Backend.setVersion(dValue) injection.dbms_version = Backend.setVersion(dValue)
elif dKey == "os" and injection.os is None: elif dKey == "os" and injection.os is None:
injection.os = Backend.setOs(dValue) injection.os = Backend.setOs(dValue)
@ -806,14 +809,12 @@ def checkFilteredChars(injection):
def heuristicCheckSqlInjection(place, parameter): def heuristicCheckSqlInjection(place, parameter):
if kb.nullConnection: if kb.nullConnection:
debugMsg = "heuristic check skipped " debugMsg = "heuristic check skipped because NULL connection used"
debugMsg += "because NULL connection used"
logger.debug(debugMsg) logger.debug(debugMsg)
return None return None
if wasLastResponseDBMSError(): if wasLastResponseDBMSError():
debugMsg = "heuristic check skipped " debugMsg = "heuristic check skipped because original page content "
debugMsg += "because original page content "
debugMsg += "contains DBMS error" debugMsg += "contains DBMS error"
logger.debug(debugMsg) logger.debug(debugMsg)
return None return None