#!/usr/bin/env python """ $Id$ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ try: import hashlib except: import md5 import sha import pickle import re import sys import string import struct import urllib from lib.core.data import conf from lib.core.data import logger from lib.core.settings import HEX_ENCODED_CHAR_REGEX from lib.core.settings import UNICODE_ENCODING from lib.core.settings import URLENCODE_CHAR_LIMIT from lib.core.settings import URLENCODE_FAILSAFE_CHARS def base64decode(value): return value.decode("base64") def base64encode(value): return value.encode("base64")[:-1].replace("\n", "") def base64pickle(value): return base64encode(pickle.dumps(value)) def base64unpickle(value): return pickle.loads(base64decode(value)) def hexdecode(value): value = value.lower() if value.startswith("0x"): value = value[2:] return value.decode("hex") def hexencode(value): return value.encode("hex") def md5hash(value): if sys.modules.has_key('hashlib'): return hashlib.md5(value).hexdigest() else: return md5.new(value).hexdigest() def orddecode(value): packedString = struct.pack("!"+"I" * len(value), *value) return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)]) def ordencode(value): return tuple([ord(char) for char in value]) def sha1hash(value): if sys.modules.has_key('hashlib'): return hashlib.sha1(value).hexdigest() else: return sha.new(value).hexdigest() def urldecode(value, encoding=None): result = None if value: try: # for cases like T%C3%BCrk%C3%A7e value = str(value) except ValueError: pass finally: result = urllib.unquote_plus(value) if isinstance(result, str): result = unicode(result, encoding or UNICODE_ENCODING, errors="replace") return result def urlencode(value, safe="%&=", convall=False, limit=False): if conf.direct or "POSTxml" in conf.paramDict: return value count = 0 result = None if value is None: return result if convall or safe is None: safe = "" # corner case when character % really needs to be # encoded (when not representing url encoded char) if all(map(lambda x: '%' in x, [safe, value])): value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE) while True: result = urllib.quote(utf8encode(value), safe) if limit and len(result) > URLENCODE_CHAR_LIMIT: if count >= len(URLENCODE_FAILSAFE_CHARS): dbgMsg = "failed to fully shorten urlencoding value" logger.debug(dbgMsg) break while count < len(URLENCODE_FAILSAFE_CHARS): safe += URLENCODE_FAILSAFE_CHARS[count] count += 1 if safe[-1] in value: break else: break return result def utf8encode(value): return value.encode("utf-8") def utf8decode(value): return value.decode("utf-8") def htmlescape(value): return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''').replace(' ', ' ') def htmlunescape(value): return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(''', "'").replace(' ', ' ') def safecharencode(value): """ Returns safe representation of a given basestring value >>> safecharencode(u'test123') u'test123' >>> safecharencode(u'test\x01\x02\xff') u'test\\01\\02\\03\\ff' """ retVal = value if isinstance(value, basestring): retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%02x' % ord(y)), value, unicode()) for char in "\t\n\r\x0b\x0c": retVal = retVal.replace(char, repr(char).strip('\'')) elif isinstance(value, list): for i in xrange(len(value)): retVal[i] = safecharencode(value[i]) return retVal def safechardecode(value): """ Reverse function to safecharencode """ retVal = value if isinstance(value, basestring): for char in "\t\n\r\x0b\x0c": retVal = retVal.replace(repr(char).strip('\''), char) regex = re.compile(HEX_ENCODED_CHAR_REGEX) while True: match = regex.search(retVal) if match: retVal = retVal.replace(match.group("result"), unhexlify(value.lstrip('\\'))) else: break elif isinstance(value, list): for i in xrange(len(value)): retVal[i] = safechardecode(value[i]) return retVal