sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

further enum refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-08 09:44:32 +00:00
parent 862395ced1
commit d551423379
6 changed files with 48 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/controller/controller.py
View File

@ -27,6 +27,8 @@ from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PLACE
from lib.core.exception import exceptionsTuple
from lib.core.exception import sqlmapNotVulnerableException
from lib.core.exception import sqlmapSilentQuitException
@ -126,9 +128,9 @@ def start():
parseTargetUrl()
testSqlInj = False
if "GET" in conf.parameters:
for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters["GET"]):
paramKey = (conf.hostname, conf.path, "GET", parameter)
if PLACE.GET in conf.parameters:
for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters[PLACE.GET]):
paramKey = (conf.hostname, conf.path, PLACE.GET, parameter)
if paramKey not in kb.testedParams:
testSqlInj = True
break
@ -144,7 +146,7 @@ def start():
if conf.multipleTargets:
hostCount += 1
message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
message = "url %d:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
if conf.cookie:
message += "\nCookie: %s" % conf.cookie
@ -183,7 +185,7 @@ def start():
if cookieStr:
cookieStr = cookieStr[:-1]
if "Cookie" in conf.parameters:
if PLACE.COOKIE in conf.parameters:
message = "you provided an HTTP Cookie header value. "
message += "The target url provided its own Cookie within "
message += "the HTTP Set-Cookie header. Do you want to "
@ -196,11 +198,11 @@ def start():
if setCookieAsInjectable:
conf.httpHeaders.append(("Cookie", cookieStr))
conf.parameters["Cookie"] = cookieStr
__paramDict = paramToDict("Cookie", cookieStr)
conf.parameters[PLACE.COOKIE] = cookieStr
__paramDict = paramToDict(PLACE.COOKIE, cookieStr)
if __paramDict:
conf.paramDict["Cookie"] = __paramDict
conf.paramDict[PLACE.COOKIE] = __paramDict
# TODO: consider the following line in __setRequestParams()
__testableParameters = True
@ -212,7 +214,7 @@ def start():
# Do a little prioritization reorder of a testable parameter list
parameters = conf.parameters.keys()
for place in ('POST', 'GET'):
for place in (PLACE.URI, PLACE.POST, PLACE.GET):
if place in parameters:
parameters.remove(place)
parameters.insert(0, place)

5
lib/core/enums.py
View File

@ -33,3 +33,8 @@ class PLACE:
URI = "URI"
COOKIE = "Cookie"
UA = "User-Agent"
class HTTPMETHOD:
GET = "GET"
POST = "POST"
HEAD = "HEAD"

9
lib/core/option.py
View File

@ -42,6 +42,7 @@ from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
from lib.core.datatype import advancedDict
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PRIORITY
from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapGenericException
@ -780,15 +781,15 @@ def __setHTTPMethod():
if conf.method:
conf.method = conf.method.upper()
if conf.method not in ("GET", "POST"):
if conf.method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
warnMsg = "'%s' " % conf.method
warnMsg += "is an unsupported HTTP method, "
warnMsg += "setting to default method, GET"
warnMsg += "setting to default method, %s" % HTTPMETHOD.GET
logger.warn(warnMsg)
conf.method = "GET"
conf.method = HTTPMETHOD.GET
else:
conf.method = "GET"
conf.method = HTTPMETHOD.GET
debugMsg = "setting the HTTP method to %s" % conf.method
logger.debug(debugMsg)

40
lib/core/target.py
View File

@ -21,6 +21,8 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.dump import dumper
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PLACE
from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapGenericException
from lib.core.exception import sqlmapSyntaxException
@ -41,39 +43,39 @@ def __setRequestParams():
__testableParameters = False
# Perform checks on GET parameters
if conf.parameters.has_key("GET") and conf.parameters["GET"]:
parameters = conf.parameters["GET"]
__paramDict = paramToDict("GET", parameters)
if conf.parameters.has_key(PLACE.GET) and conf.parameters[PLACE.GET]:
parameters = conf.parameters[PLACE.GET]
__paramDict = paramToDict(PLACE.GET, parameters)
if __paramDict:
conf.paramDict["GET"] = __paramDict
conf.paramDict[PLACE.GET] = __paramDict
__testableParameters = True
# Perform checks on POST parameters
if conf.method == "POST" and not conf.data:
if conf.method == HTTPMETHOD.POST and not conf.data:
errMsg = "HTTP POST method depends on HTTP data value to be posted"
raise sqlmapSyntaxException, errMsg
if conf.data:
conf.data = conf.data.replace("\n", " ")
conf.parameters["POST"] = conf.data
conf.parameters[PLACE.POST] = conf.data
# Check if POST data is in xml syntax
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
conf.paramDict["POSTxml"] = True
__paramDict = paramToDict("POSTxml", conf.data)
else:
__paramDict = paramToDict("POST", conf.data)
__paramDict = paramToDict(PLACE.POST, conf.data)
if __paramDict:
conf.paramDict["POST"] = __paramDict
conf.paramDict[PLACE.POST] = __paramDict
__testableParameters = True
conf.method = "POST"
conf.method = HTTPMETHOD.POST
if "*" in conf.url:
conf.parameters["URI"] = conf.url
conf.paramDict["URI"] = {}
conf.parameters[PLACE.URI] = conf.url
conf.paramDict[PLACE.URI] = {}
parts = conf.url.split("*")
for i in range(len(parts)-1):
result = str()
@ -81,17 +83,17 @@ def __setRequestParams():
result += parts[j]
if i == j:
result += "*"
conf.paramDict["URI"]["#%d*" % (i+1)] = result
conf.paramDict[PLACE.URI]["#%d*" % (i+1)] = result
conf.url = conf.url.replace("*", str())
__testableParameters = True
# Perform checks on Cookie parameters
if conf.cookie:
conf.parameters["Cookie"] = conf.cookie
__paramDict = paramToDict("Cookie", conf.cookie)
conf.parameters[PLACE.COOKIE] = conf.cookie
__paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
if __paramDict:
conf.paramDict["Cookie"] = __paramDict
conf.paramDict[PLACE.COOKIE] = __paramDict
__testableParameters = True
# Perform checks on User-Agent header value
@ -99,7 +101,7 @@ def __setRequestParams():
for httpHeader, headerValue in conf.httpHeaders:
if httpHeader == "User-Agent":
# No need for url encoding/decoding the user agent
conf.parameters["User-Agent"] = headerValue
conf.parameters[PLACE.UA] = headerValue
condition = not conf.testParameter
condition |= "User-Agent" in conf.testParameter
@ -108,7 +110,7 @@ def __setRequestParams():
condition |= "ua" in conf.testParameter
if condition:
conf.paramDict["User-Agent"] = { "User-Agent": headerValue }
conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
__testableParameters = True
if not conf.parameters:
@ -140,11 +142,11 @@ def findPageForms():
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
if method == "POST":
if method == HTTPMETHOD.POST:
message = " Edit POST data [default: %s]: " % (data if data else "")
test = readInput(message, default=data)
elif method == "GET":
elif method == HTTPMETHOD.GET:
if url.find("?") > -1:
firstPart = url[:url.find("?")]
secondPart = url[url.find("?")+1:]

7
lib/request/connect.py
View File

@ -26,6 +26,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.common import sanitizeAsciiString
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PLACE
from lib.core.exception import sqlmapConnectionException
from lib.request.basic import decodePage
@ -114,7 +115,7 @@ class Connect:
url = "%s?%s" % (url, get)
requestMsg += "?%s" % get
if conf.method == "POST":
if conf.method == HTTPMETHOD.POST:
if conf.parameters.has_key(PLACE.POST) and not post:
post = conf.parameters[PLACE.POST]
@ -354,7 +355,7 @@ class Connect:
if not content and not response and kb.nullConnection:
if kb.nullConnection == "HEAD":
method = "HEAD"
method = HTTPMETHOD.HEAD
elif kb.nullConnection == "Range":
if not auxHeaders:
auxHeaders = {}
@ -370,7 +371,7 @@ class Connect:
if not pageLength:
page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404)
if conf.textOnly:
page = getFilteredPageContent(page)

3
plugins/dbms/mysql/fingerprint.py
View File

@ -19,6 +19,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import PLACE
from lib.core.session import setDbms
from lib.core.settings import MYSQL_ALIASES
from lib.request import inject
@ -163,7 +164,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "confirming MySQL"
logger.info(infoMsg)
payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != "URI" else "AND ISNULL(1 DIV 0)")
payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != PLACE.URI else "AND ISNULL(1 DIV 0)")
result = Request.queryPage(payload)
if not result: