refactoring for issue #51

lib/core/agent.py

@@ -11,7 +11,7 @@ from xml.etree import ElementTree as ET
 
 from lib.core.common import Backend
 from lib.core.common import extractRegexResult
-from lib.core.common import getSPQLSnippet
+from lib.core.common import getSQLSnippet
 from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomInt
@@ -820,7 +820,7 @@ class Agent:
 
     def runAsDBMSUser(self, query):
         if conf.dCred and "Ad Hoc Distributed Queries" not in query:
-            query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
+            query = getSQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
 
         return query
 

lib/core/common.py

@@ -1543,15 +1543,15 @@ def parseXmlFile(xmlFile, handler):
     with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
         parse(stream, handler)
 
-def getSPQLSnippet(dbms, name, **variables):
+def getSQLSnippet(dbms, sfile, **variables):
     """
-    Returns content of SP(Q)L snippet located inside "procs" directory
+    Returns content of SQL snippet located inside 'procs/' directory
     """
 
-    filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], "%s.txt" % name)
+    filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
     checkFile(filename)
-    retVal = readCachedFileContent(filename)
 
+    retVal = readCachedFileContent(filename)
     retVal = re.sub(r"#.+", "", retVal)
     retVal = re.sub(r"(?s);\s+", "; ", retVal).strip()
 
@@ -1565,8 +1565,9 @@ def getSPQLSnippet(dbms, name, **variables):
         retVal = retVal.replace(_, randomInt())
 
     _ = re.search(r"%(\w+)%", retVal, re.I)
+
     if _:
-        errMsg = "unresolved variable '%s' in SPL snippet '%s'" % (_.group(1), name)
+        errMsg = "unresolved variable '%s' in SQL file '%s'" % (_.group(1), sfile)
         raise sqlmapGenericException, errMsg
 
     return retVal

lib/takeover/abstraction.py

@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
 from extra.safe2bin.safe2bin import safechardecode
 from lib.core.common import dataToStdout
 from lib.core.common import Backend
-from lib.core.common import getSPQLSnippet
+from lib.core.common import getSQLSnippet
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import readInput
 from lib.core.data import conf
@@ -163,12 +163,12 @@ class Abstraction(Web, UDF, xp_cmdshell):
             choice = readInput(msg, default="Y")
 
             if not choice or choice in ("y", "Y"):
-                expression = getSPQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1")
+                expression = getSQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1")
                 inject.goStacked(expression)
 
         # TODO: add support for PostgreSQL
         #elif Backend.isDbms(DBMS.PGSQL):
-        #    expression = getSPQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1")
+        #    expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1")
         #    inject.goStacked(expression)
 
     def initEnv(self, mandatory=True, detailed=False, web=False):

lib/takeover/xp_cmdshell.py

@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
 from lib.core.agent import agent
 from lib.core.common import Backend
 from lib.core.common import getLimitRange
-from lib.core.common import getSPQLSnippet
+from lib.core.common import getSQLSnippet
 from lib.core.common import hashDBWrite
 from lib.core.common import isListLike
 from lib.core.common import isNoneValue
@@ -48,14 +48,14 @@ class xp_cmdshell:
         if Backend.isVersionWithin(("2005", "2008")):
             logger.debug("activating sp_OACreate")
 
-            cmd = getSPQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
+            cmd = getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
             inject.goStacked(agent.runAsDBMSUser(cmd))
 
         self.__randStr = randomStr(lowercase=True)
         self.__xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
         self.xpCmdshellStr = "master..%s" % self.__xpCmdshellNew
 
-        cmd = getSPQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)
+        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)
 
         if Backend.isVersionWithin(("2005", "2008")):
             cmd += ";RECONFIGURE WITH OVERRIDE"
@@ -67,7 +67,7 @@ class xp_cmdshell:
         debugMsg += "stored procedure"
         logger.debug(debugMsg)
 
-        cmd = getSPQLSnippet(DBMS.MSSQL, "configure_xp_cmdshell", ENABLE=str(mode))
+        cmd = getSQLSnippet(DBMS.MSSQL, "configure_xp_cmdshell", ENABLE=str(mode))
 
         return cmd
 
@@ -77,9 +77,9 @@ class xp_cmdshell:
         logger.debug(debugMsg)
 
         if mode == 1:
-            cmd = getSPQLSnippet(DBMS.MSSQL, "enable_xp_cmdshell_2000", ENABLE=str(mode))
+            cmd = getSQLSnippet(DBMS.MSSQL, "enable_xp_cmdshell_2000", ENABLE=str(mode))
         else:
-            cmd = getSPQLSnippet(DBMS.MSSQL, "disable_xp_cmdshell_2000", ENABLE=str(mode))
+            cmd = getSQLSnippet(DBMS.MSSQL, "disable_xp_cmdshell_2000", ENABLE=str(mode))
 
         return cmd
 

lib/techniques/dns/use.py

@@ -16,7 +16,7 @@ from lib.core.common import calculateDeltaSeconds
 from lib.core.common import dataToStdout
 from lib.core.common import decodeHexValue
 from lib.core.common import extractRegexResult
-from lib.core.common import getSPQLSnippet
+from lib.core.common import getSQLSnippet
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import randomInt
@@ -67,7 +67,7 @@ def dnsUse(payload, expression):
                 nulledCastedField = agent.hexConvertField(nulledCastedField)
                 expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
 
-                expressionRequest = getSPQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dName)
+                expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dName)
                 expressionUnescaped = unescaper.unescape(expressionRequest)
 
                 if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):

procs/README.txt

@@ -1,3 +1,4 @@
-Files in this folder represent SPL/SQL snippets used by sqlmap on the target
+Files in this folder represent SQL snippets used by sqlmap on the target
-system. They are licensed under the terms of the GNU Lesser General Public
+system.
-License.
+They are licensed under the terms of the GNU Lesser General Public License
+where not specified otherwise.