further enum refactoring

lib/controller/controller.py

@@ -27,6 +27,8 @@ from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.enums import HTTPMETHOD
+from lib.core.enums import PLACE
 from lib.core.exception import exceptionsTuple
 from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.exception import sqlmapSilentQuitException
@@ -126,9 +128,9 @@ def start():
             parseTargetUrl()
 
             testSqlInj = False
-            if "GET" in conf.parameters:
+            if PLACE.GET in conf.parameters:
-                for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters["GET"]):
+                for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters[PLACE.GET]):
-                    paramKey = (conf.hostname, conf.path, "GET", parameter)
+                    paramKey = (conf.hostname, conf.path, PLACE.GET, parameter)
                     if paramKey not in kb.testedParams:
                         testSqlInj = True
                         break
@@ -144,7 +146,7 @@ def start():
 
             if conf.multipleTargets:
                 hostCount += 1
-                message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
+                message = "url %d:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
 
                 if conf.cookie:
                     message += "\nCookie: %s" % conf.cookie
@@ -183,7 +185,7 @@ def start():
                 if cookieStr:
                     cookieStr = cookieStr[:-1]
 
-                    if "Cookie" in conf.parameters:
+                    if PLACE.COOKIE in conf.parameters:
                         message  = "you provided an HTTP Cookie header value. "
                         message += "The target url provided its own Cookie within "
                         message += "the HTTP Set-Cookie header. Do you want to "
@@ -196,11 +198,11 @@ def start():
 
                     if setCookieAsInjectable:
                         conf.httpHeaders.append(("Cookie", cookieStr))
-                        conf.parameters["Cookie"] = cookieStr
+                        conf.parameters[PLACE.COOKIE] = cookieStr
-                        __paramDict = paramToDict("Cookie", cookieStr)
+                        __paramDict = paramToDict(PLACE.COOKIE, cookieStr)
 
                         if __paramDict:
-                            conf.paramDict["Cookie"] = __paramDict
+                            conf.paramDict[PLACE.COOKIE] = __paramDict
                             # TODO: consider the following line in __setRequestParams()
                             __testableParameters = True
 
@@ -212,7 +214,7 @@ def start():
 
                 # Do a little prioritization reorder of a testable parameter list 
                 parameters = conf.parameters.keys()
-                for place in ('POST', 'GET'):
+                for place in (PLACE.URI, PLACE.POST, PLACE.GET):
                     if place in parameters:
                         parameters.remove(place)
                         parameters.insert(0, place)

lib/core/enums.py

@@ -33,3 +33,8 @@ class PLACE:
     URI     = "URI"
     COOKIE  = "Cookie"
     UA      = "User-Agent"
+
+class HTTPMETHOD:
+    GET     = "GET"
+    POST    = "POST"
+    HEAD    = "HEAD"

lib/core/option.py

@@ -42,6 +42,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.datatype import advancedDict
+from lib.core.enums import HTTPMETHOD
 from lib.core.enums import PRIORITY
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
@@ -780,15 +781,15 @@ def __setHTTPMethod():
     if conf.method:
         conf.method = conf.method.upper()
 
-        if conf.method not in ("GET", "POST"):
+        if conf.method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
             warnMsg  = "'%s' " % conf.method
             warnMsg += "is an unsupported HTTP method, "
-            warnMsg += "setting to default method, GET"
+            warnMsg += "setting to default method, %s" % HTTPMETHOD.GET
             logger.warn(warnMsg)
 
-            conf.method = "GET"
+            conf.method = HTTPMETHOD.GET
     else:
-        conf.method = "GET"
+        conf.method = HTTPMETHOD.GET
 
     debugMsg = "setting the HTTP method to %s" % conf.method
     logger.debug(debugMsg)

lib/core/target.py

@@ -21,6 +21,8 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.dump import dumper
+from lib.core.enums import HTTPMETHOD
+from lib.core.enums import PLACE
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapSyntaxException
@@ -41,39 +43,39 @@ def __setRequestParams():
     __testableParameters = False
 
     # Perform checks on GET parameters
-    if conf.parameters.has_key("GET") and conf.parameters["GET"]:
+    if conf.parameters.has_key(PLACE.GET) and conf.parameters[PLACE.GET]:
-        parameters = conf.parameters["GET"]
+        parameters = conf.parameters[PLACE.GET]
-        __paramDict = paramToDict("GET", parameters)
+        __paramDict = paramToDict(PLACE.GET, parameters)
 
         if __paramDict:
-            conf.paramDict["GET"] = __paramDict
+            conf.paramDict[PLACE.GET] = __paramDict
             __testableParameters = True
 
     # Perform checks on POST parameters
-    if conf.method == "POST" and not conf.data:
+    if conf.method == HTTPMETHOD.POST and not conf.data:
         errMsg = "HTTP POST method depends on HTTP data value to be posted"
         raise sqlmapSyntaxException, errMsg
 
     if conf.data:
         conf.data = conf.data.replace("\n", " ")
-        conf.parameters["POST"] = conf.data
+        conf.parameters[PLACE.POST] = conf.data
 
         # Check if POST data is in xml syntax
         if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
             conf.paramDict["POSTxml"] = True
             __paramDict = paramToDict("POSTxml", conf.data)
         else:
-            __paramDict = paramToDict("POST", conf.data)
+            __paramDict = paramToDict(PLACE.POST, conf.data)
 
         if __paramDict:
-            conf.paramDict["POST"] = __paramDict
+            conf.paramDict[PLACE.POST] = __paramDict
             __testableParameters = True
 
-        conf.method = "POST"
+        conf.method = HTTPMETHOD.POST
 
     if "*" in conf.url:
-        conf.parameters["URI"] = conf.url
+        conf.parameters[PLACE.URI] = conf.url
-        conf.paramDict["URI"] = {}
+        conf.paramDict[PLACE.URI] = {}
         parts = conf.url.split("*")
         for i in range(len(parts)-1):
             result = str()
@@ -81,17 +83,17 @@ def __setRequestParams():
                 result += parts[j]
                 if i == j:
                     result += "*"
-            conf.paramDict["URI"]["#%d*" % (i+1)] = result
+            conf.paramDict[PLACE.URI]["#%d*" % (i+1)] = result
         conf.url = conf.url.replace("*", str())
         __testableParameters = True
 
     # Perform checks on Cookie parameters
     if conf.cookie:
-        conf.parameters["Cookie"] = conf.cookie
+        conf.parameters[PLACE.COOKIE] = conf.cookie
-        __paramDict = paramToDict("Cookie", conf.cookie)
+        __paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
 
         if __paramDict:
-            conf.paramDict["Cookie"] = __paramDict
+            conf.paramDict[PLACE.COOKIE] = __paramDict
             __testableParameters = True
 
     # Perform checks on User-Agent header value
@@ -99,7 +101,7 @@ def __setRequestParams():
         for httpHeader, headerValue in conf.httpHeaders:
             if httpHeader == "User-Agent":
                 # No need for url encoding/decoding the user agent
-                conf.parameters["User-Agent"] = headerValue
+                conf.parameters[PLACE.UA] = headerValue
 
                 condition  = not conf.testParameter
                 condition |= "User-Agent" in conf.testParameter
@@ -108,7 +110,7 @@ def __setRequestParams():
                 condition |= "ua" in conf.testParameter
 
                 if condition:
-                    conf.paramDict["User-Agent"] = { "User-Agent": headerValue }
+                    conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
                     __testableParameters = True
 
     if not conf.parameters:
@@ -140,11 +142,11 @@ def findPageForms():
         test = readInput(message, default="Y")
 
         if not test or test[0] in ("y", "Y"):
-            if method == "POST":
+            if method == HTTPMETHOD.POST:
                 message = " Edit POST data [default: %s]: " % (data if data else "")
                 test = readInput(message, default=data)
 
-            elif method == "GET":
+            elif method == HTTPMETHOD.GET:
                 if url.find("?") > -1:
                     firstPart = url[:url.find("?")]
                     secondPart = url[url.find("?")+1:]

lib/request/connect.py

@@ -26,6 +26,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.common import sanitizeAsciiString
+from lib.core.enums import HTTPMETHOD
 from lib.core.enums import PLACE
 from lib.core.exception import sqlmapConnectionException
 from lib.request.basic import decodePage
@@ -114,7 +115,7 @@ class Connect:
                     url = "%s?%s" % (url, get)
                     requestMsg += "?%s" % get
 
-                if conf.method == "POST":
+                if conf.method == HTTPMETHOD.POST:
                     if conf.parameters.has_key(PLACE.POST) and not post:
                         post = conf.parameters[PLACE.POST]
 
@@ -354,7 +355,7 @@ class Connect:
 
         if not content and not response and kb.nullConnection:
             if kb.nullConnection == "HEAD":
-                method = "HEAD"
+                method = HTTPMETHOD.HEAD
             elif kb.nullConnection == "Range":
                 if not auxHeaders:
                     auxHeaders = {}

plugins/dbms/mysql/fingerprint.py

@@ -19,6 +19,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
+from lib.core.enums import PLACE
 from lib.core.session import setDbms
 from lib.core.settings import MYSQL_ALIASES
 from lib.request import inject
@@ -163,7 +164,7 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "confirming MySQL"
             logger.info(infoMsg)
 
-            payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != "URI" else "AND ISNULL(1 DIV 0)")
+            payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != PLACE.URI else "AND ISNULL(1 DIV 0)")
             result  = Request.queryPage(payload)
 
             if not result: