mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-04-04 17:24:20 +03:00
Minor code refactoring
This commit is contained in:
parent
4cb161ce4f
commit
e3ddbe751f
|
@ -232,17 +232,20 @@ class Agent:
|
|||
fieldsNoSelect = query
|
||||
|
||||
if fieldsSelectTop:
|
||||
fieldsToCast = fieldsSelectTop.groups()[0]
|
||||
fieldsToCastStr = fieldsSelectTop.groups()[0]
|
||||
elif fieldsSelectDistinct:
|
||||
fieldsToCast = fieldsSelectDistinct.groups()[0]
|
||||
fieldsToCastStr = fieldsSelectDistinct.groups()[0]
|
||||
elif fieldsSelectFrom:
|
||||
fieldsToCast = fieldsSelectFrom.groups()[0]
|
||||
fieldsToCastStr = fieldsSelectFrom.groups()[0]
|
||||
elif fieldsSelect:
|
||||
fieldsToCast = fieldsSelect.groups()[0]
|
||||
fieldsToCastStr = fieldsSelect.groups()[0]
|
||||
elif fieldsNoSelect:
|
||||
fieldsToCast = fieldsNoSelect
|
||||
fieldsToCastStr = fieldsNoSelect
|
||||
|
||||
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast
|
||||
fieldsToCastList = fieldsToCastStr.replace(", ", ",")
|
||||
fieldsToCastList = fieldsToCastList.split(",")
|
||||
|
||||
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCastList, fieldsToCastStr
|
||||
|
||||
|
||||
def concatQuery(self, query):
|
||||
|
@ -274,9 +277,9 @@ class Agent:
|
|||
concatQuery = ""
|
||||
query = query.replace(", ", ",")
|
||||
|
||||
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast = self.getFields(query)
|
||||
castedFields = self.nullCastConcatFields(fieldsToCast)
|
||||
concatQuery = query.replace(fieldsToCast, castedFields, 1)
|
||||
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, _, fieldsToCastStr = self.getFields(query)
|
||||
castedFields = self.nullCastConcatFields(fieldsToCastStr)
|
||||
concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
|
||||
|
||||
if kb.dbms == "MySQL":
|
||||
if fieldsSelectFrom:
|
||||
|
|
|
@ -46,14 +46,6 @@ from lib.utils.resume import queryOutputLength
|
|||
from lib.utils.resume import resume
|
||||
|
||||
|
||||
def __getFieldsProxy(expression):
|
||||
_, _, _, expressionFields = agent.getFields(expression)
|
||||
expressionFieldsList = expressionFields.replace(", ", ",")
|
||||
expressionFieldsList = expressionFieldsList.split(",")
|
||||
|
||||
return expressionFields, expressionFieldsList
|
||||
|
||||
|
||||
def __goInference(payload, expression):
|
||||
start = time.time()
|
||||
|
||||
|
@ -123,7 +115,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None):
|
|||
return output
|
||||
|
||||
if kb.dbmsDetected:
|
||||
expressionFields, expressionFieldsList = __getFieldsProxy(expression)
|
||||
_, _, _, expressionFieldsList, expressionFields = agent.getFields(expression)
|
||||
|
||||
if len(expressionFieldsList) > 1:
|
||||
infoMsg = "the SQL query provided has more than a field. "
|
||||
|
|
|
@ -47,12 +47,12 @@ def bisection(payload, expression, length=None):
|
|||
"""
|
||||
|
||||
if kb.dbmsDetected:
|
||||
_, _, _, fieldToCast = agent.getFields(expression)
|
||||
nulledCastedField = agent.nullAndCastField(fieldToCast)
|
||||
expressionReplaced = expression.replace(fieldToCast, nulledCastedField, 1)
|
||||
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
||||
_, _, _, _, fieldToCastStr = agent.getFields(expression)
|
||||
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
||||
else:
|
||||
expressionUnescaped = unescaper.unescape(expression)
|
||||
expressionUnescaped = unescaper.unescape(expression)
|
||||
|
||||
infoMsg = "query: %s" % expressionUnescaped
|
||||
logger.info(infoMsg)
|
||||
|
|
|
@ -94,7 +94,7 @@ def __unionPosition(count, expression, negative=False):
|
|||
warnMsg += "%s inband sql injection vulnerability" % negLogMsg
|
||||
|
||||
if negLogMsg == "partial":
|
||||
warnMsg += ", sqlmap will retrieve the expression output "
|
||||
warnMsg += ", sqlmap will retrieve the query output "
|
||||
warnMsg += "through blind sql injection technique"
|
||||
|
||||
logger.warn(warnMsg)
|
||||
|
@ -143,6 +143,7 @@ def unionUse(expression):
|
|||
# TODO: if conf.paramNegative == True and query can returns multiple
|
||||
# entries, get once per time in a for cycle, see lib/request/inject.py
|
||||
# like for --sql-query and --sql-shell
|
||||
_, _, _, expressionFieldsList, expressionFields = agent.getFields(origExpr)
|
||||
|
||||
# Forge the inband SQL injection request
|
||||
query = agent.forgeInbandQuery(expression)
|
||||
|
|
Loading…
Reference in New Issue
Block a user