code refactoring and some fixes

2025-01-23 15:54:24 +03:00 · 2010-12-18 09:51:34 +00:00 · 2010-12-18 09:51:34 +00:00 · fe67d3827c
commit fe67d3827c
parent a067e805fa
10 changed files with 53 additions and 50 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -292,9 +292,9 @@ def checkSqlInjection(place, parameter, value):
                        boundPayload = agent.cleanupPayload(boundPayload, value)
                        cmpPayload = agent.payload(place, parameter, value, boundPayload)

-                        # Useful to set conf.matchRatio at first based on
+                        # Useful to set kb.matchRatio at first based on
                        # the False response content
-                        conf.matchRatio = None
+                        kb.matchRatio = None
                        _ = Request.queryPage(cmpPayload, place)

                        # Perform the test's True request
@ -308,7 +308,6 @@ def checkSqlInjection(place, parameter, value):
                                infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
                                logger.info(infoMsg)

-                                kb.paramMatchRatio[(place, parameter)] = conf.matchRatio
                                injectable = True

                    # In case of error-based or UNION query SQL injections
@ -382,6 +381,7 @@ def checkSqlInjection(place, parameter, value):
                    injection.data[stype].where = where
                    injection.data[stype].vector = vector
                    injection.data[stype].comment = comment
+                    injection.data[stype].matchRatio = kb.matchRatio
                    injection.data[stype].templatePayload = templatePayload

                    if hasattr(test, "details"):
@ -455,7 +455,7 @@ def checkDynParam(place, parameter, value):
    dynamicity might depend on another parameter.
    """

-    conf.matchRatio = None
+    kb.matchRatio = None

    infoMsg = "testing if %s parameter '%s' is dynamic" % (place, parameter)
    logger.info(infoMsg)
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -37,7 +37,6 @@ from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapValueException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
-from lib.core.session import setMatchRatio
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv

@ -382,14 +381,6 @@ def start():
                    condition = True

                if condition:
-                    if kb.paramMatchRatio:
-                        key = (kb.injection.place, kb.injection.parameter)
-                        if key in kb.paramMatchRatio:
-                            conf.matchRatio = kb.paramMatchRatio[key]
-                            setMatchRatio()
-                        else:
-                            conf.matchRatio = None
-
                    action()

        except KeyboardInterrupt:
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -48,6 +48,7 @@ from lib.core.convert import htmlunescape
 from lib.core.convert import urlencode
 from lib.core.enums import DBMS
 from lib.core.enums import PLACE
+from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapNoneDataException
@ -1652,6 +1653,9 @@ def logHTTPTraffic(requestLogMsg, responseLogMsg):

    kb.locks.reqLock.release()

+def getPageTemplate(payload, place):
+    pass
+
 def getPublicTypeMembers(type_, onlyValues=False):
    """
    Useful for getting members from types (e.g. in enums)
@ -1667,6 +1671,16 @@ def getPublicTypeMembers(type_, onlyValues=False):

    return retVal

+def enumValueToNameLookup(type_, value_):
+    retVal = None
+
+    for name, value in getPublicTypeMembers(type_):
+        if value == value_:
+            retVal = name
+            break
+
+    return retVal
+
 def extractRegexResult(regex, content, flags=0):
    retVal = None

@ -1758,3 +1772,12 @@ def getTechniqueData(technique=None):

 def isTechniqueAvailable(technique=None):
    return getTechniqueData(technique) is not None
+
+def initTechnique(technique=None):
+    data = getTechniqueData(technique)
+    if data:
+        kb.pageTemplate = getPageTemplate(data.templatePayload, kb.injection.place)
+        kb.matchRatio = data.matchRatio
+    else:
+        warnMsg = "there is no injection data available for technique '%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique)
+        logger.warn(warnMsg)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1091,7 +1091,6 @@ def __setConfAttributes():
    conf.httpHeaders      = []
    conf.hostname         = None
    conf.loggedToOut      = None
-    conf.matchRatio       = None
    conf.multipleTargets  = False
    conf.outputPath       = None
    conf.paramDict        = {}
@ -1169,6 +1168,7 @@ def __setKnowledgeBaseAttributes():
    kb.locks.reqLock   = threading.Lock()
    kb.locks.seqLock   = None

+    kb.matchRatio      = None
    kb.nullConnection  = None
    kb.pageTemplate    = None
    kb.pageTemplates   = advancedDict()
@ -1181,7 +1181,6 @@ def __setKnowledgeBaseAttributes():
    kb.osSP            = None

    kb.pageStable      = None
-    kb.paramMatchRatio = {}
    kb.partRun         = None
    kb.proxyAuthHeader = None
    kb.queryCounter    = 0
--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -65,17 +65,6 @@ def setRegexp():
    if condition:
        dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, safeFormatString(conf.regexp)))

-def setMatchRatio():
-    condition = (
-                  isinstance(conf.matchRatio, (int, float))
-                  and ( not kb.resumedQueries
-                  or ( kb.resumedQueries.has_key(conf.url) and not
-                  kb.resumedQueries[conf.url].has_key("Match ratio") ) )
-                )
-
-    if condition:
-        dataToSessionFile("[%s][%s][%s][Match ratio][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), conf.matchRatio))
-
 def setInjection(inj):
    """
    Save information retrieved about injection place and parameter in the
@ -336,17 +325,6 @@ def resumeConfKb(expression, url, value):
            if not test or test[0] in ("y", "Y"):
                conf.regexp = regexp

-    elif expression == "Match ratio" and url == conf.url and conf.matchRatio is None:
-        matchRatio = value[:-1]
-
-        logMsg = "resuming match ratio '%s' from session file" % matchRatio
-        logger.info(logMsg)
-
-        try:
-            conf.matchRatio = round(float(matchRatio), 3)
-        except ValueError:
-            pass
-
    elif expression == "Injection data" and url == conf.url:
        injection = base64unpickle(value[:-1])
        logMsg = "resuming injection data from session file"
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -21,7 +21,7 @@ VERSION_STRING     = "sqlmap/%s" % VERSION
 DESCRIPTION        = "automatic SQL injection and database takeover tool"
 SITE               = "http://sqlmap.sourceforge.net"

-# minimum distance of ratio from conf.matchRatio to result in True
+# minimum distance of ratio from kb.matchRatio to result in True
 DIFF_TOLERANCE     = 0.05
 CONSTANT_RATIO     = 0.9

--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -89,16 +89,16 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):

    # If the url is stable and we did not set yet the match ratio and the
    # current injected value changes the url page content
-    if conf.matchRatio is None:
+    if kb.matchRatio is None:
        if conf.thold:
-            conf.matchRatio = conf.thold
+            kb.matchRatio = conf.thold

        elif kb.pageStable and ratio > 0.6 and ratio < 0.99:
-            conf.matchRatio = ratio
-            logger.debug("setting match ratio for current parameter to %.3f" % conf.matchRatio)
+            kb.matchRatio = ratio
+            logger.debug("setting match ratio for current parameter to %.3f" % kb.matchRatio)

        elif not kb.pageStable or ( kb.pageStable and ratio < 0.6 ):
-            conf.matchRatio = CONSTANT_RATIO
+            kb.matchRatio = CONSTANT_RATIO
            logger.debug("setting match ratio for current parameter to default value 0.900")

    # If it has been requested to return the ratio and not a comparison
@ -109,11 +109,11 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
    elif ratio == 1:
        return True

-    elif conf.matchRatio is None:
+    elif kb.matchRatio is None:
        return None

    else:
-        if conf.matchRatio == CONSTANT_RATIO or conf.thold:
-            return ratio > conf.matchRatio
+        if kb.matchRatio == CONSTANT_RATIO or conf.thold:
+            return ratio > kb.matchRatio
        else:
-            return (ratio - conf.matchRatio) > DIFF_TOLERANCE
+            return (ratio - kb.matchRatio) > DIFF_TOLERANCE
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -17,6 +17,7 @@ from lib.core.common import dataToSessionFile
 from lib.core.common import dataToStdout
 from lib.core.common import expandAsteriskForColumns
 from lib.core.common import getPublicTypeMembers
+from lib.core.common import initTechnique
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import parseUnionPage
 from lib.core.common import popValue
@ -37,7 +38,6 @@ from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 from lib.request.direct import direct
-from lib.request.templates import getPageTemplate
 from lib.techniques.inband.union.use import unionUse
 from lib.techniques.blind.inference import bisection
 from lib.techniques.error.use import errorUse
@ -99,7 +99,11 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
    return outputs

 def __goBooleanProxy(expression, resumeValue=True):
-    kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place)
+    """
+    Retrieve the output of a boolean based SQL query
+    """
+
+    initTechnique(kb.technique)

    vector = kb.injection.data[kb.technique].vector
    vector = vector.replace("[INFERENCE]", expression)
@ -125,7 +129,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
    parameter through a bisection algorithm.
    """

-    kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place)
+    initTechnique(kb.technique)
+
    vector = agent.cleanupPayload(kb.injection.data[kb.technique].vector)
    query = agent.prefixQuery(vector)
    query = agent.suffixQuery(query)
--- a/lib/request/templates.py
+++ b/lib/request/templates.py
@ -7,6 +7,8 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """

+import lib.core.common
+
 from lib.core.data import kb
 from lib.request.connect import Connect as Request

@ -20,3 +22,5 @@ def getPageTemplate(payload, place):
        retVal = kb.pageTemplates[(payload, place)]

    return retVal
+
+lib.core.common.getPageTemplate = getPageTemplate
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -13,6 +13,7 @@ import time
 from lib.core.agent import agent
 from lib.core.common import extractRegexResult
 from lib.core.common import getUnicode
+from lib.core.common import initTechnique
 from lib.core.common import randomInt
 from lib.core.common import replaceNewlineTabs
 from lib.core.common import safeStringFormat
@ -31,6 +32,8 @@ def errorUse(expression):
    injection vulnerability on the affected parameter.
    """

+    initTechnique(PAYLOAD.TECHNIQUE.ERROR)
+
    output = None
    vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector)
    query = unescaper.unescape(vector)