From e3ddbe751f6e9e8c4c724846707c6c3ab0d14d4c Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 2 Dec 2008 23:49:38 +0000
Subject: [PATCH] Minor code refactoring

---
 lib/core/agent.py                  | 21 ++++++++++++---------
 lib/request/inject.py              | 10 +---------
 lib/techniques/blind/inference.py  | 10 +++++-----
 lib/techniques/inband/union/use.py |  3 ++-
 4 files changed, 20 insertions(+), 24 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index fa75bbea1..40cb23aaa 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -232,17 +232,20 @@ class Agent:
         fieldsNoSelect       = query
 
         if fieldsSelectTop:
-            fieldsToCast = fieldsSelectTop.groups()[0]
+            fieldsToCastStr = fieldsSelectTop.groups()[0]
         elif fieldsSelectDistinct:
-            fieldsToCast = fieldsSelectDistinct.groups()[0]
+            fieldsToCastStr = fieldsSelectDistinct.groups()[0]
         elif fieldsSelectFrom:
-            fieldsToCast = fieldsSelectFrom.groups()[0]
+            fieldsToCastStr = fieldsSelectFrom.groups()[0]
         elif fieldsSelect:
-            fieldsToCast = fieldsSelect.groups()[0]
+            fieldsToCastStr = fieldsSelect.groups()[0]
         elif fieldsNoSelect:
-            fieldsToCast = fieldsNoSelect
+            fieldsToCastStr = fieldsNoSelect
 
-        return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast
+        fieldsToCastList = fieldsToCastStr.replace(", ", ",")
+        fieldsToCastList = fieldsToCastList.split(",")
+
+        return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCastList, fieldsToCastStr
 
 
     def concatQuery(self, query):
@@ -274,9 +277,9 @@ class Agent:
         concatQuery = ""
         query = query.replace(", ", ",")
 
-        fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast = self.getFields(query)
-        castedFields = self.nullCastConcatFields(fieldsToCast)
-        concatQuery = query.replace(fieldsToCast, castedFields, 1)
+        fieldsSelectFrom, fieldsSelect, fieldsNoSelect, _, fieldsToCastStr = self.getFields(query)
+        castedFields = self.nullCastConcatFields(fieldsToCastStr)
+        concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
 
         if kb.dbms == "MySQL":
             if fieldsSelectFrom:
diff --git a/lib/request/inject.py b/lib/request/inject.py
index ffafeaaac..4ef520386 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -46,14 +46,6 @@ from lib.utils.resume import queryOutputLength
 from lib.utils.resume import resume
 
 
-def __getFieldsProxy(expression):
-    _, _, _, expressionFields = agent.getFields(expression)
-    expressionFieldsList = expressionFields.replace(", ", ",")
-    expressionFieldsList = expressionFieldsList.split(",")
-
-    return expressionFields, expressionFieldsList
-
-
 def __goInference(payload, expression):
     start = time.time()
 
@@ -123,7 +115,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None):
         return output
 
     if kb.dbmsDetected:
-        expressionFields, expressionFieldsList = __getFieldsProxy(expression)
+        _, _, _, expressionFieldsList, expressionFields = agent.getFields(expression)
 
         if len(expressionFieldsList) > 1:
             infoMsg  = "the SQL query provided has more than a field. "
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 8e327b2d9..334124194 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -47,12 +47,12 @@ def bisection(payload, expression, length=None):
     """
 
     if kb.dbmsDetected:
-        _, _, _, fieldToCast = agent.getFields(expression)
-        nulledCastedField    = agent.nullAndCastField(fieldToCast)
-        expressionReplaced   = expression.replace(fieldToCast, nulledCastedField, 1)
-        expressionUnescaped  = unescaper.unescape(expressionReplaced)
+        _, _, _, _, fieldToCastStr = agent.getFields(expression)
+        nulledCastedField          = agent.nullAndCastField(fieldToCastStr)
+        expressionReplaced         = expression.replace(fieldToCastStr, nulledCastedField, 1)
+        expressionUnescaped        = unescaper.unescape(expressionReplaced)
     else:
-        expressionUnescaped  = unescaper.unescape(expression)
+        expressionUnescaped        = unescaper.unescape(expression)
 
     infoMsg = "query: %s" % expressionUnescaped
     logger.info(infoMsg)
diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py
index fc934376c..7f92c0766 100644
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -94,7 +94,7 @@ def __unionPosition(count, expression, negative=False):
         warnMsg += "%s inband sql injection vulnerability" % negLogMsg
 
         if negLogMsg == "partial":
-            warnMsg += ", sqlmap will retrieve the expression output "
+            warnMsg += ", sqlmap will retrieve the query output "
             warnMsg += "through blind sql injection technique"
 
         logger.warn(warnMsg)
@@ -143,6 +143,7 @@ def unionUse(expression):
     # TODO: if conf.paramNegative == True and query can returns multiple
     # entries, get once per time in a for cycle, see lib/request/inject.py
     # like for --sql-query and --sql-shell
+    _, _, _, expressionFieldsList, expressionFields = agent.getFields(origExpr)
 
     # Forge the inband SQL injection request
     query = agent.forgeInbandQuery(expression)