From 35f35605df3b0423f7199b1d8ea8d02bffe81b66 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 26 Sep 2010 14:02:13 +0000 Subject: [PATCH] changes regarding Feature #160 --- lib/controller/action.py | 3 +- lib/controller/controller.py | 14 +------- lib/core/common.py | 12 ++++--- lib/core/option.py | 6 ++-- lib/core/testing.py | 68 +++++++++++++++++++++++++++++++++++- sqlmap.py | 10 ++++-- xml/livetests.xml | 14 ++++++-- 7 files changed, 100 insertions(+), 27 deletions(-) diff --git a/lib/controller/action.py b/lib/controller/action.py index 2cff46511..b90df8944 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA from lib.controller.handler import setHandler from lib.core.common import getHtmlErrorFp +from lib.core.common import dataToStdout from lib.core.data import conf from lib.core.data import kb from lib.core.exception import sqlmapUnsupportedDBMSException @@ -64,7 +65,7 @@ def action(): raise sqlmapUnsupportedDBMSException, errMsg - print "%s\n" % conf.dbmsHandler.getFingerprint() + dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) # Techniques options if conf.stackedTest: diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 5e321f6a3..ae23986af 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -42,8 +42,6 @@ from lib.core.exception import sqlmapNotVulnerableException from lib.core.session import setInjection from lib.core.target import initTargetEnv from lib.core.target import setupTargetEnv -from lib.core.testing import smokeTest -from lib.core.testing import liveTest from lib.utils.parenthesis import checkForParenthesis def __selectInjection(injData): @@ -99,16 +97,6 @@ def start(): if conf.optimize: conf.useCommonPrediction = conf.useNullConnection = conf.keepAlive = True - - if conf.smokeTest: - smokeTest() - - if conf.liveTest: - liveTest() - - if conf.smokeTest or conf.liveTest: - return - if conf.direct: initTargetEnv() setupTargetEnv() @@ -173,7 +161,7 @@ def start(): if conf.useNullConnection: checkNullConnection() - if not conf.dropSetCookie: + if not conf.dropSetCookie and conf.cj: for _, cookie in enumerate(conf.cj): cookie = getUnicode(cookie) index = cookie.index(" for ") diff --git a/lib/core/common.py b/lib/core/common.py index d976fdbfb..30d208b77 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -412,11 +412,12 @@ def filePathToString(filePath): return strRepl def dataToStdout(data): - try: - sys.stdout.write(data) - sys.stdout.flush() - except UnicodeEncodeError: - print data.encode(conf.dataEncoding) + if conf.verbose > 0: + try: + sys.stdout.write(data) + sys.stdout.flush() + except UnicodeEncodeError: + print data.encode(conf.dataEncoding) def dataToSessionFile(data): if not conf.sessionFile: @@ -659,6 +660,7 @@ def setPaths(): paths.FUZZ_VECTORS = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt") paths.DETECTION_RULES_XML = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml") paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml") + paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml") paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml") paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml") paths.MSSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mssql.xml") diff --git a/lib/core/option.py b/lib/core/option.py index 40f953ae8..8b8f10ee1 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1098,7 +1098,9 @@ def __setVerbosity(): conf.verbose = int(conf.verbose) - if conf.verbose == 1: + if conf.verbose == 0: + logger.setLevel(logging.CRITICAL) + elif conf.verbose == 1: logger.setLevel(logging.INFO) elif conf.verbose > 2 and conf.eta: conf.verbose = 2 @@ -1173,7 +1175,7 @@ def init(inputOptions=advancedDict()): parseTargetUrl() parseTargetDirect() - if conf.url or conf.list or conf.requestFile or conf.googleDork: + if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest: __setHTTPTimeout() __setHTTPExtraHeaders() __setHTTPCookies() diff --git a/lib/core/testing.py b/lib/core/testing.py index 25bdd9986..4e840ce05 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -21,15 +21,25 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ +import codecs +import logging import os +import re import sys +import tempfile import time +from xml.dom import minidom + +from lib.controller.controller import start from lib.core.common import dataToStdout +from lib.core.common import getCompiledRegex from lib.core.common import getConsoleWidth from lib.core.data import conf from lib.core.data import logger from lib.core.data import paths +from lib.core.option import init +from lib.parse.cmdline import cmdLineParser def smokeTest(): """ @@ -80,4 +90,60 @@ def liveTest(): """ This will run the test of a program against the live testing environment """ - pass + vars = {} + xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding) + livetests = minidom.parse(xfile).documentElement + xfile.close() + + global_ = livetests.getElementsByTagName("global") + if global_: + for item in global_: + for child in item.childNodes: + if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): + vars[child.tagName] = child.getAttribute("value") + + for case in livetests.getElementsByTagName("case"): + log = [] + session = [] + switches = {} + + if case.getElementsByTagName("switches"): + for child in case.getElementsByTagName("switches")[0].childNodes: + if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): + switches[child.tagName] = replaceVars(child.getAttribute("value"), vars) + + if case.getElementsByTagName("log"): + for item in case.getElementsByTagName("log")[0].getElementsByTagName("item"): + if item.hasAttribute("value"): + log.append(replaceVars(item.getAttribute("value"), vars)) + + if case.getElementsByTagName("session"): + for item in case.getElementsByTagName("session")[0].getElementsByTagName("item"): + if item.hasAttribute("value"): + session.append(replaceVars(item.getAttribute("value"), vars)) + + runCase(switches, log, session) + +def initCase(): + paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp() + paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") + paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") + cmdLineOptions = cmdLineParser() + cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False + init(cmdLineOptions) + conf.suppressOutput = True + logger.setLevel(logging.CRITICAL) + +def runCase(switches, log=None, session=None): + initCase() + for key, value in switches.items(): + conf[key] = value + start() + +def replaceVars(item, vars): + retVal = item + if item and vars: + for var in re.findall(getCompiledRegex("\$\{([^}]+)\}"), item): + if var in vars: + retVal = retVal.replace("${%s}" % var, vars[var]) + return retVal \ No newline at end of file diff --git a/sqlmap.py b/sqlmap.py index 6c33e2028..c8c1fce8f 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -54,6 +54,8 @@ from lib.core.exception import exceptionsTuple from lib.core.exception import unhandledException from lib.core.option import init from lib.core.profiling import profile +from lib.core.testing import smokeTest +from lib.core.testing import liveTest from lib.core.xmldump import closeDumper from lib.parse.cmdline import cmdLineParser @@ -84,7 +86,11 @@ def main(): try: init(cmdLineOptions) if conf.profile: - profile() + profile() + elif conf.smokeTest: + smokeTest() + elif conf.liveTest: + liveTest() else: start() except exceptionsTuple, e: @@ -107,7 +113,7 @@ def main(): except: print errMsg = unhandledException() - logger.error(errMsg) + logger.critical(errMsg) traceback.print_exc() closeDumper(False, errMsg) diff --git a/xml/livetests.xml b/xml/livetests.xml index 1861eaff1..f30aa7a00 100644 --- a/xml/livetests.xml +++ b/xml/livetests.xml @@ -2,12 +2,19 @@ - + - + - + + + + +