sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

some more refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2011-04-19 23:04:10 +00:00
parent 3b133303bf
commit df0331fe9b
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/controller/checks.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import logging
import re import re
import socket import socket
import time import time
@ -31,6 +32,7 @@ from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import showStaticWords from lib.core.common import showStaticWords
from lib.core.common import singleTimeLogMessage
from lib.core.common import trimAlphaNum from lib.core.common import trimAlphaNum
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastRequestDBMSError
from lib.core.common import wasLastRequestHTTPError from lib.core.common import wasLastRequestHTTPError
@ -202,9 +204,6 @@ def checkSqlInjection(place, parameter, value):
infoMsg = "testing '%s'" % title infoMsg = "testing '%s'" % title
logger.info(infoMsg) logger.info(infoMsg)
# Flag used for signaling warning messages regarding unescaping
genericWarningFlag = False
# Force back-end DBMS according to the current # Force back-end DBMS according to the current
# test value for proper payload unescaping # test value for proper payload unescaping
Backend.forceDbms(dbms[0] if isinstance(dbms, list) else dbms) Backend.forceDbms(dbms[0] if isinstance(dbms, list) else dbms)
@ -387,14 +386,11 @@ def checkSqlInjection(place, parameter, value):
configUnion(test.request.char, test.request.columns) configUnion(test.request.char, test.request.columns)
if not Backend.getIdentifiedDbms() and not genericWarningFlag: if not Backend.getIdentifiedDbms():
warnMsg = "using unescaped version of the test " warnMsg = "using unescaped version of the test "
warnMsg += "because of zero knowledge of the " warnMsg += "because of zero knowledge of the "
warnMsg += "back-end DBMS" warnMsg += "back-end DBMS"
logger.warn(warnMsg) singleTimeLogMessage(warnMsg, logging.WARN, title)
# Set the flag preventing bulking of the message for the same test
genericWarningFlag = True
# Test for UNION query SQL injection # Test for UNION query SQL injection
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix) reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)