bulk of fixes

2025-12-23 07:59:04 +00:00 · 2011-07-02 22:48:56 +00:00
parent 861cdb1b14
commit 34d9a91af1
8 changed files with 145 additions and 151 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2767,3 +2767,18 @@ def expandMnemonics(mnemonics, parser, args):
            else:
                errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type)
                raise sqlmapSyntaxException, errMsg
+
+def safeCSValue(value):
+    """
+    Returns value safe for CSV dumping.
+    Reference: http://stackoverflow.com/questions/769621/dealing-with-commas-in-a-csv-file
+    """
+
+    retVal = value
+
+    if isinstance(retVal, basestring):
+        if not (retVal[0] == retVal[-1] == '"'):
+            if any(map(lambda x: x in retVal, ['"', ',', '\n'])):
+                retVal = '"%s"' % retVal.replace('"', '""')
+
+    return retVal
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -18,6 +18,7 @@ from lib.core.common import getUnicode
 from lib.core.common import normalizeUnicode
 from lib.core.common import openFile
 from lib.core.common import restoreDumpMarkedChars
+from lib.core.common import safeCSValue
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -392,9 +393,9 @@ class Dump:

                if not conf.replicate:
                    if not conf.multipleTargets and field == fields:
-                        dataToDumpFile(dumpFP, "%s" % column)
+                        dataToDumpFile(dumpFP, "%s" % safeCSValue(column))
                    elif not conf.multipleTargets:
-                        dataToDumpFile(dumpFP, "%s," % column)
+                        dataToDumpFile(dumpFP, "%s," % safeCSValue(column))

                field += 1

@@ -432,9 +433,9 @@ class Dump:

                    if not conf.replicate:
                        if not conf.multipleTargets and field == fields:
-                            dataToDumpFile(dumpFP, "\"%s\"" % value)
+                            dataToDumpFile(dumpFP, "%s" % safeCSValue(value))
                        elif not conf.multipleTargets:
-                            dataToDumpFile(dumpFP, "\"%s\"," % value)
+                            dataToDumpFile(dumpFP, "%s," % safeCSValue(value))

                    field += 1

--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@@ -11,11 +11,15 @@ import difflib
 import threading
 import time

+from thread import error as threadError
+
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.datatype import advancedDict
 from lib.core.enums import PAYLOAD
+from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapThreadException
+from lib.core.exception import sqlmapValueException
 from lib.core.settings import MAX_NUMBER_OF_THREADS
 from lib.core.settings import PYVERSION

@@ -68,7 +72,7 @@ def exceptionHandledFunction(threadFunction):
        print
        logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg))

-def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardException=True, threadChoice=False):
+def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardException=True, threadChoice=False, startThreadMsg=True):
    threads = []

    kb.multiThreadMode = True
@@ -92,8 +96,9 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
            logger.warn(warnMsg)

    if numThreads > 1:
-        infoMsg = "starting %d threads" % numThreads
-        logger.info(infoMsg)
+        if startThreadMsg:
+            infoMsg = "starting %d threads" % numThreads
+            logger.info(infoMsg)
    else:
        threadFunction()
        return
@@ -108,7 +113,13 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
        else:
            thread.setDaemon(True)

-        thread.start()
+        try:
+            thread.start()
+        except threadError, errMsg:
+            errMsg = "error occured while starting new thread ('%s')" % errMsg
+            logger.critical(errMsg)
+            break
+
        threads.append(thread)

    # And wait for them to all finish
@@ -122,11 +133,9 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                    time.sleep(1)

    except KeyboardInterrupt:
+        print
        kb.threadContinue = False
        kb.threadException = True
-
-        print '\r',
-
        logger.info("waiting for threads to finish (Ctrl+C was pressed)")

        try:
@@ -139,6 +148,20 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
        if forwardException:
            raise

+    except (sqlmapConnectionException, sqlmapValueException), errMsg:
+        print
+        kb.threadException = True
+        logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg))
+
+    except:
+        from lib.core.common import unhandledExceptionMessage
+
+        print
+        kb.threadException = True
+        errMsg = unhandledExceptionMessage()
+        logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg))
+        traceback.print_exc()
+
    finally:
        kb.multiThreadMode = False
        kb.bruteMode = False