From d5514233793c34eaa60b20e259b964a09b8627e2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 8 Nov 2010 09:44:32 +0000 Subject: [PATCH] further enum refactoring --- lib/controller/controller.py | 20 +++++++++------- lib/core/enums.py | 5 ++++ lib/core/option.py | 9 +++---- lib/core/target.py | 40 ++++++++++++++++--------------- lib/request/connect.py | 7 +++--- plugins/dbms/mysql/fingerprint.py | 3 ++- 6 files changed, 48 insertions(+), 36 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 3e2db5c3d..a347ff013 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -27,6 +27,8 @@ from lib.core.common import readInput from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.enums import HTTPMETHOD +from lib.core.enums import PLACE from lib.core.exception import exceptionsTuple from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import sqlmapSilentQuitException @@ -126,9 +128,9 @@ def start(): parseTargetUrl() testSqlInj = False - if "GET" in conf.parameters: - for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters["GET"]): - paramKey = (conf.hostname, conf.path, "GET", parameter) + if PLACE.GET in conf.parameters: + for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters[PLACE.GET]): + paramKey = (conf.hostname, conf.path, PLACE.GET, parameter) if paramKey not in kb.testedParams: testSqlInj = True break @@ -144,7 +146,7 @@ def start(): if conf.multipleTargets: hostCount += 1 - message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl) + message = "url %d:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl) if conf.cookie: message += "\nCookie: %s" % conf.cookie @@ -183,7 +185,7 @@ def start(): if cookieStr: cookieStr = cookieStr[:-1] - if "Cookie" in conf.parameters: + if PLACE.COOKIE in conf.parameters: message = "you provided an HTTP Cookie header value. " message += "The target url provided its own Cookie within " message += "the HTTP Set-Cookie header. Do you want to " @@ -196,11 +198,11 @@ def start(): if setCookieAsInjectable: conf.httpHeaders.append(("Cookie", cookieStr)) - conf.parameters["Cookie"] = cookieStr - __paramDict = paramToDict("Cookie", cookieStr) + conf.parameters[PLACE.COOKIE] = cookieStr + __paramDict = paramToDict(PLACE.COOKIE, cookieStr) if __paramDict: - conf.paramDict["Cookie"] = __paramDict + conf.paramDict[PLACE.COOKIE] = __paramDict # TODO: consider the following line in __setRequestParams() __testableParameters = True @@ -212,7 +214,7 @@ def start(): # Do a little prioritization reorder of a testable parameter list parameters = conf.parameters.keys() - for place in ('POST', 'GET'): + for place in (PLACE.URI, PLACE.POST, PLACE.GET): if place in parameters: parameters.remove(place) parameters.insert(0, place) diff --git a/lib/core/enums.py b/lib/core/enums.py index 49852d36b..f68d4d310 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -33,3 +33,8 @@ class PLACE: URI = "URI" COOKIE = "Cookie" UA = "User-Agent" + +class HTTPMETHOD: + GET = "GET" + POST = "POST" + HEAD = "HEAD" \ No newline at end of file diff --git a/lib/core/option.py b/lib/core/option.py index 87d8a0de2..cd6df3bc4 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -42,6 +42,7 @@ from lib.core.data import logger from lib.core.data import paths from lib.core.data import queries from lib.core.datatype import advancedDict +from lib.core.enums import HTTPMETHOD from lib.core.enums import PRIORITY from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapGenericException @@ -780,15 +781,15 @@ def __setHTTPMethod(): if conf.method: conf.method = conf.method.upper() - if conf.method not in ("GET", "POST"): + if conf.method not in (HTTPMETHOD.GET, HTTPMETHOD.POST): warnMsg = "'%s' " % conf.method warnMsg += "is an unsupported HTTP method, " - warnMsg += "setting to default method, GET" + warnMsg += "setting to default method, %s" % HTTPMETHOD.GET logger.warn(warnMsg) - conf.method = "GET" + conf.method = HTTPMETHOD.GET else: - conf.method = "GET" + conf.method = HTTPMETHOD.GET debugMsg = "setting the HTTP method to %s" % conf.method logger.debug(debugMsg) diff --git a/lib/core/target.py b/lib/core/target.py index ecc3bc96a..b1ebed912 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -21,6 +21,8 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths from lib.core.dump import dumper +from lib.core.enums import HTTPMETHOD +from lib.core.enums import PLACE from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapGenericException from lib.core.exception import sqlmapSyntaxException @@ -41,39 +43,39 @@ def __setRequestParams(): __testableParameters = False # Perform checks on GET parameters - if conf.parameters.has_key("GET") and conf.parameters["GET"]: - parameters = conf.parameters["GET"] - __paramDict = paramToDict("GET", parameters) + if conf.parameters.has_key(PLACE.GET) and conf.parameters[PLACE.GET]: + parameters = conf.parameters[PLACE.GET] + __paramDict = paramToDict(PLACE.GET, parameters) if __paramDict: - conf.paramDict["GET"] = __paramDict + conf.paramDict[PLACE.GET] = __paramDict __testableParameters = True # Perform checks on POST parameters - if conf.method == "POST" and not conf.data: + if conf.method == HTTPMETHOD.POST and not conf.data: errMsg = "HTTP POST method depends on HTTP data value to be posted" raise sqlmapSyntaxException, errMsg if conf.data: conf.data = conf.data.replace("\n", " ") - conf.parameters["POST"] = conf.data + conf.parameters[PLACE.POST] = conf.data # Check if POST data is in xml syntax if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data): conf.paramDict["POSTxml"] = True __paramDict = paramToDict("POSTxml", conf.data) else: - __paramDict = paramToDict("POST", conf.data) + __paramDict = paramToDict(PLACE.POST, conf.data) if __paramDict: - conf.paramDict["POST"] = __paramDict + conf.paramDict[PLACE.POST] = __paramDict __testableParameters = True - conf.method = "POST" + conf.method = HTTPMETHOD.POST if "*" in conf.url: - conf.parameters["URI"] = conf.url - conf.paramDict["URI"] = {} + conf.parameters[PLACE.URI] = conf.url + conf.paramDict[PLACE.URI] = {} parts = conf.url.split("*") for i in range(len(parts)-1): result = str() @@ -81,17 +83,17 @@ def __setRequestParams(): result += parts[j] if i == j: result += "*" - conf.paramDict["URI"]["#%d*" % (i+1)] = result + conf.paramDict[PLACE.URI]["#%d*" % (i+1)] = result conf.url = conf.url.replace("*", str()) __testableParameters = True # Perform checks on Cookie parameters if conf.cookie: - conf.parameters["Cookie"] = conf.cookie - __paramDict = paramToDict("Cookie", conf.cookie) + conf.parameters[PLACE.COOKIE] = conf.cookie + __paramDict = paramToDict(PLACE.COOKIE, conf.cookie) if __paramDict: - conf.paramDict["Cookie"] = __paramDict + conf.paramDict[PLACE.COOKIE] = __paramDict __testableParameters = True # Perform checks on User-Agent header value @@ -99,7 +101,7 @@ def __setRequestParams(): for httpHeader, headerValue in conf.httpHeaders: if httpHeader == "User-Agent": # No need for url encoding/decoding the user agent - conf.parameters["User-Agent"] = headerValue + conf.parameters[PLACE.UA] = headerValue condition = not conf.testParameter condition |= "User-Agent" in conf.testParameter @@ -108,7 +110,7 @@ def __setRequestParams(): condition |= "ua" in conf.testParameter if condition: - conf.paramDict["User-Agent"] = { "User-Agent": headerValue } + conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue } __testableParameters = True if not conf.parameters: @@ -140,11 +142,11 @@ def findPageForms(): test = readInput(message, default="Y") if not test or test[0] in ("y", "Y"): - if method == "POST": + if method == HTTPMETHOD.POST: message = " Edit POST data [default: %s]: " % (data if data else "") test = readInput(message, default=data) - elif method == "GET": + elif method == HTTPMETHOD.GET: if url.find("?") > -1: firstPart = url[:url.find("?")] secondPart = url[url.find("?")+1:] diff --git a/lib/request/connect.py b/lib/request/connect.py index 33f5f2504..feb3e626c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -26,6 +26,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.common import sanitizeAsciiString +from lib.core.enums import HTTPMETHOD from lib.core.enums import PLACE from lib.core.exception import sqlmapConnectionException from lib.request.basic import decodePage @@ -114,7 +115,7 @@ class Connect: url = "%s?%s" % (url, get) requestMsg += "?%s" % get - if conf.method == "POST": + if conf.method == HTTPMETHOD.POST: if conf.parameters.has_key(PLACE.POST) and not post: post = conf.parameters[PLACE.POST] @@ -354,7 +355,7 @@ class Connect: if not content and not response and kb.nullConnection: if kb.nullConnection == "HEAD": - method = "HEAD" + method = HTTPMETHOD.HEAD elif kb.nullConnection == "Range": if not auxHeaders: auxHeaders = {} @@ -370,7 +371,7 @@ class Connect: if not pageLength: page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404) - + if conf.textOnly: page = getFilteredPageContent(page) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index b0fab96cf..6696cdabf 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -19,6 +19,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.enums import DBMS +from lib.core.enums import PLACE from lib.core.session import setDbms from lib.core.settings import MYSQL_ALIASES from lib.request import inject @@ -163,7 +164,7 @@ class Fingerprint(GenericFingerprint): infoMsg = "confirming MySQL" logger.info(infoMsg) - payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != "URI" else "AND ISNULL(1 DIV 0)") + payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != PLACE.URI else "AND ISNULL(1 DIV 0)") result = Request.queryPage(payload) if not result: