#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
try:
import hashlib
except:
import md5
import sha
import pickle
import re
import sys
import struct
import urllib
from lib.core.data import conf
from lib.core.data import kb
from lib.core.enums import PLACE
from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URLENCODE_CHAR_LIMIT
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
def base64decode(value):
return value.decode("base64")
def base64encode(value):
return value.encode("base64")[:-1].replace("\n", "")
def base64pickle(value):
return base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL))
def base64unpickle(value):
return pickle.loads(base64decode(value))
def hexdecode(value):
value = value.lower()
return (value[2:] if value.startswith("0x") else value).decode("hex")
def hexencode(value):
return value.encode("hex")
def md5hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.md5(value).hexdigest()
else:
return md5.new(value).hexdigest()
def orddecode(value):
packedString = struct.pack("!"+"I" * len(value), *value)
return "".join(chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString))
def ordencode(value):
return tuple(ord(char) for char in value)
def sha1hash(value):
if sys.modules.has_key('hashlib'):
return hashlib.sha1(value).hexdigest()
else:
return sha.new(value).hexdigest()
def urldecode(value, encoding=None):
result = None
if value:
try:
# for cases like T%C3%BCrk%C3%A7e
value = str(value)
except ValueError:
pass
finally:
result = urllib.unquote_plus(value)
if isinstance(result, str):
result = unicode(result, encoding or UNICODE_ENCODING, errors="replace")
return result
def urlencode(value, safe="%&=", convall=False, limit=False):
if conf.direct or PLACE.SOAP in conf.paramDict:
return value
count = 0
result = None if value is None else ""
if value:
if convall or safe is None:
safe = ""
# corner case when character % really needs to be
# encoded (when not representing url encoded char)
# except in cases when tampering scripts are used
if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions:
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value)
while True:
result = urllib.quote(utf8encode(value), safe)
if limit and len(result) > URLENCODE_CHAR_LIMIT:
if count >= len(URLENCODE_FAILSAFE_CHARS):
break
while count < len(URLENCODE_FAILSAFE_CHARS):
safe += URLENCODE_FAILSAFE_CHARS[count]
count += 1
if safe[-1] in value:
break
else:
break
return result
def unicodeencode(value, encoding=None):
"""
Return 8-bit string representation of the supplied unicode value:
>>> unicodeencode(u'test')
'test'
"""
retVal = value
if isinstance(value, unicode):
try:
retVal = value.encode(encoding or UNICODE_ENCODING)
except UnicodeEncodeError:
retVal = value.encode(UNICODE_ENCODING, "replace")
return retVal
def utf8encode(value):
return unicodeencode(value, "utf-8")
def utf8decode(value):
return value.decode("utf-8")
def htmlescape(value):
_ = (('&', '&'), ('<', '<'), ('>', '>'), ('"', '"'), ("'", '''), (' ', ' '))
return reduce(lambda x, y: x.replace(y[0], y[1]), _, value)
def htmlunescape(value):
retVal = value
if value and isinstance(value, basestring):
_ = (('&', '&'), ('<', '<'), ('>', '>'), ('"', '"'), (' ', ' '))
retVal = reduce(lambda x, y: x.replace(y[0], y[1]), _, retVal)
retVal = re.sub('&#(\d+);', lambda x: unichr(int(x.group(1))), retVal)
return retVal