sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2017-10-31 09:55:14 +01:00
parent 190cf4b14d
commit ff5bdbefe8
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/core/common.py
View File

@ -1475,15 +1475,16 @@ def expandAsteriskForColumns(expression):
the SQL query string (expression) the SQL query string (expression)
""" """
asterisk = re.search("^SELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+`?([^`\s()]+)", expression, re.I) asterisk = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+`?([^`\s()]+)", expression)
if asterisk: if asterisk:
infoMsg = "you did not provide the fields in your query. " infoMsg = "you did not provide the fields in your query. "
infoMsg += "sqlmap will retrieve the column names itself" infoMsg += "sqlmap will retrieve the column names itself"
logger.info(infoMsg) logger.info(infoMsg)
_ = asterisk.group(2).replace("..", ".").replace(".dbo.", ".") _ = asterisk.group(2).replace("..", '.').replace(".dbo.", '.')
db, conf.tbl = _.split(".", 1) if '.' in _ else (None, _) db, conf.tbl = _.split('.', 1) if '.' in _ else (None, _)
if db is None: if db is None:
if expression != conf.query: if expression != conf.query:
conf.db = db conf.db = db
@ -1491,6 +1492,7 @@ def expandAsteriskForColumns(expression):
expression = re.sub(r"([^\w])%s" % re.escape(conf.tbl), "\g<1>%s.%s" % (conf.db, conf.tbl), expression) expression = re.sub(r"([^\w])%s" % re.escape(conf.tbl), "\g<1>%s.%s" % (conf.db, conf.tbl), expression)
else: else:
conf.db = db conf.db = db
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True) conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)
@ -1500,7 +1502,7 @@ def expandAsteriskForColumns(expression):
columns = columnsDict[conf.db][conf.tbl].keys() columns = columnsDict[conf.db][conf.tbl].keys()
columns.sort() columns.sort()
columnsStr = ", ".join(column for column in columns) columnsStr = ", ".join(column for column in columns)
expression = expression.replace("*", columnsStr, 1) expression = expression.replace('*', columnsStr, 1)
infoMsg = "the query with expanded column name(s) is: " infoMsg = "the query with expanded column name(s) is: "
infoMsg += "%s" % expression infoMsg += "%s" % expression
@ -1548,7 +1550,7 @@ def parseUnionPage(page):
if page is None: if page is None:
return None return None
if re.search("(?si)\A%s.*%s\Z" % (kb.chars.start, kb.chars.stop), page): if re.search(r"(?si)\A%s.*%s\Z" % (kb.chars.start, kb.chars.stop), page):
if len(page) > LARGE_OUTPUT_THRESHOLD: if len(page) > LARGE_OUTPUT_THRESHOLD:
warnMsg = "large output detected. This might take a while" warnMsg = "large output detected. This might take a while"
logger.warn(warnMsg) logger.warn(warnMsg)