Added support to directly connect also to Microsoft SQL Server database.

Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2025-12-06 12:41:30 +00:00 · 2010-03-31 10:50:47 +00:00
parent d583cc07e7
commit 5fdebb5d5b
22 changed files with 205 additions and 223 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -42,6 +42,7 @@ from lib.core.settings import SQL_STATEMENTS
 from lib.request.basic import decodePage
 from lib.request.basic import forgeHeaders
 from lib.request.basic import parseResponse
+from lib.request.direct import direct
 from lib.request.comparison import comparison


@@ -265,39 +266,7 @@ class Connect:
        """

        if conf.direct:
-            values = None
-            select = False
-
-            if kb.dbms == "Oracle" and value.startswith("SELECT ") and " FROM " not in value:
-                value = "%s FROM DUAL" % value
-
-            for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
-                for sqlStatement in sqlStatements:
-                    if value.lower().startswith(sqlStatement) and sqlTitle == "SQL SELECT statement":
-                        select = True
-                        break
-
-            if select:
-                values = conf.dbmsConnector.select(value)
-            else:
-                values = conf.dbmsConnector.execute(value)
-
-            if values is None or len(values) == 0:
-                return None
-            elif content:
-                if len(values) == 1:
-                    if len(values[0]) == 1:
-                        return str(list(values)[0][0]), None
-                    else:
-                        return list(values), None
-                else:
-                    return values, None
-            else:
-                for value in values:
-                    if value[0] in (1, -1):
-                        return True
-                    else:
-                        return False
+            return direct(value, content)

        get    = None
        post   = None