mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 21:13:51 +03:00
158 lines
4.2 KiB
Python
158 lines
4.2 KiB
Python
#!/usr/bin/env python
|
|
|
|
"""
|
|
$Id$
|
|
|
|
Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
|
|
See the file 'doc/COPYING' for copying permission
|
|
"""
|
|
|
|
try:
|
|
import hashlib
|
|
except:
|
|
import md5
|
|
import sha
|
|
|
|
import binascii
|
|
import pickle
|
|
import re
|
|
import sys
|
|
import string
|
|
import struct
|
|
import urllib
|
|
|
|
from extra.safe2bin.safe2bin import safecharencode
|
|
from extra.safe2bin.safe2bin import safechardecode
|
|
from lib.core.data import conf
|
|
from lib.core.data import kb
|
|
from lib.core.data import logger
|
|
from lib.core.enums import PLACE
|
|
from lib.core.settings import UNICODE_ENCODING
|
|
from lib.core.settings import URLENCODE_CHAR_LIMIT
|
|
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
|
|
|
|
def base64decode(value):
|
|
return value.decode("base64")
|
|
|
|
def base64encode(value):
|
|
return value.encode("base64")[:-1].replace("\n", "")
|
|
|
|
def base64pickle(value):
|
|
return base64encode(pickle.dumps(value))
|
|
|
|
def base64unpickle(value):
|
|
return pickle.loads(base64decode(value))
|
|
|
|
def hexdecode(value):
|
|
value = value.lower()
|
|
return (value[2:] if value.startswith("0x") else value).decode("hex")
|
|
|
|
def hexencode(value):
|
|
return value.encode("hex")
|
|
|
|
def md5hash(value):
|
|
if sys.modules.has_key('hashlib'):
|
|
return hashlib.md5(value).hexdigest()
|
|
else:
|
|
return md5.new(value).hexdigest()
|
|
|
|
def orddecode(value):
|
|
packedString = struct.pack("!"+"I" * len(value), *value)
|
|
return "".join(chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString))
|
|
|
|
def ordencode(value):
|
|
return tuple(ord(char) for char in value)
|
|
|
|
def sha1hash(value):
|
|
if sys.modules.has_key('hashlib'):
|
|
return hashlib.sha1(value).hexdigest()
|
|
else:
|
|
return sha.new(value).hexdigest()
|
|
|
|
def urldecode(value, encoding=None):
|
|
result = None
|
|
|
|
if value:
|
|
try:
|
|
# for cases like T%C3%BCrk%C3%A7e
|
|
value = str(value)
|
|
except ValueError:
|
|
pass
|
|
finally:
|
|
result = urllib.unquote_plus(value)
|
|
|
|
if isinstance(result, str):
|
|
result = unicode(result, encoding or UNICODE_ENCODING, errors="replace")
|
|
|
|
return result
|
|
|
|
def urlencode(value, safe="%&=", convall=False, limit=False):
|
|
if conf.direct or PLACE.SOAP in conf.paramDict:
|
|
return value
|
|
|
|
count = 0
|
|
result = None
|
|
|
|
if value is None:
|
|
return result
|
|
|
|
if convall or safe is None:
|
|
safe = ""
|
|
|
|
# corner case when character % really needs to be
|
|
# encoded (when not representing url encoded char)
|
|
# except in cases when tampering scripts are used
|
|
if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions:
|
|
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)
|
|
|
|
while True:
|
|
result = urllib.quote(utf8encode(value), safe)
|
|
|
|
if limit and len(result) > URLENCODE_CHAR_LIMIT:
|
|
if count >= len(URLENCODE_FAILSAFE_CHARS):
|
|
break
|
|
|
|
while count < len(URLENCODE_FAILSAFE_CHARS):
|
|
safe += URLENCODE_FAILSAFE_CHARS[count]
|
|
count += 1
|
|
if safe[-1] in value:
|
|
break
|
|
else:
|
|
break
|
|
|
|
return result
|
|
|
|
def unicodeencode(value, encoding=None):
|
|
"""
|
|
Return 8-bit string representation of the supplied unicode value:
|
|
|
|
>>> unicodeencode(u'test')
|
|
'test'
|
|
"""
|
|
|
|
retVal = value
|
|
if isinstance(value, unicode):
|
|
try:
|
|
retVal = value.encode(encoding or UNICODE_ENCODING)
|
|
except UnicodeEncodeError:
|
|
retVal = value.encode(UNICODE_ENCODING, "replace")
|
|
return retVal
|
|
|
|
def utf8encode(value):
|
|
return unicodeencode(value, "utf-8")
|
|
|
|
def utf8decode(value):
|
|
return value.decode("utf-8")
|
|
|
|
def htmlescape(value):
|
|
_ = (('&', '&'), ('<', '<'), ('>', '>'), ('"', '"'), ("'", '''), (' ', ' '))
|
|
return reduce(lambda x, y: x.replace(y[0], y[1]), _, value)
|
|
|
|
def htmlunescape(value):
|
|
retVal = value
|
|
if value and isinstance(value, basestring):
|
|
_ = (('&', '&'), ('<', '<'), ('>', '>'), ('"', '"'), (' ', ' '))
|
|
retVal = reduce(lambda x, y: x.replace(y[0], y[1]), _, retVal)
|
|
retVal = re.sub('&#(\d+);', lambda x: unichr(int(x.group(1))), retVal)
|
|
return retVal
|