Blame: plugins/generic/syntax.py - sqlmapproject/sqlmap

Automatic SQL injection and database takeover tool

36977 0 0 Python

Last preparations for DREI 2019-05-08 12:47:52 +02:00			`#!/usr/bin/env python`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-22 22:57:57 +00:00
			`"""`
Year and version bump 2023-01-02 23:24:59 +01:00			`Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00			`See the file 'LICENSE' for copying permission`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-22 22:57:57 +00:00			`"""`

Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00			`import re`

Couple of important patches 2019-11-30 04:42:38 +01:00			`from lib.core.common import Backend`
Minor improvement for international strings in payloads 2019-05-31 00:17:50 +02:00			`from lib.core.convert import getBytes`
			`from lib.core.data import conf`
Couple of important patches 2019-11-30 04:42:38 +01:00			`from lib.core.enums import DBMS`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00			`from lib.core.exception import SqlmapUndefinedMethod`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-22 22:57:57 +00:00
Pleasing the pylint gods 2019-05-29 16:42:04 +02:00			`class Syntax(object):`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-22 22:57:57 +00:00			`"""`
			`This class defines generic syntax functionalities for plugins.`
			`"""`

			`def __init__(self):`
			`pass`

Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00			`@staticmethod`
			`def _escape(expression, quote=True, escaper=None):`
			`retVal = expression`

			`if quote:`
Minor patches (pydiatra) 2017-04-14 13:08:51 +02:00			`for item in re.findall(r"'[^']*'+", expression):`
Minor improvement for international strings in payloads 2019-05-31 00:17:50 +02:00			`original = item[1:-1]`
Minor bug fix 2019-12-12 14:10:02 +01:00			`if original:`
			`if Backend.isDbms(DBMS.SQLITE) and "X%s" % item in expression:`
			`continue`
			`if re.search(r"\[(SLEEPTIME\|RAND)", original) is None: # e.g. '[SLEEPTIME]' marker`
			`replacement = escaper(original) if not conf.noEscape else original`

			`if replacement != original:`
			`retVal = retVal.replace(item, replacement)`
			`elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL):`
			`retVal = retVal.replace("'%s'" % original, "n'%s'" % original)`
Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00			`else:`
			`retVal = escaper(expression)`

			`return retVal`

Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-22 22:57:57 +00:00			`@staticmethod`
minor fix to previous commit 2013-01-18 15:10:34 +00:00			`def escape(expression, quote=True):`
Minor code restyling 2011-04-30 13:20:05 +00:00			`errMsg = "'escape' method must be defined "`
Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00			`errMsg += "inside the specific DBMS plugin"`
Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00			`raise SqlmapUndefinedMethod(errMsg)`