refactoring of hard coded dbms names

lib/takeover/abstraction.py

@@ -13,11 +13,13 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.settings import DBMS
 from lib.core.shell import autoCompletion
 from lib.takeover.udf import UDF
 from lib.takeover.web import Web
 from lib.takeover.xp_cmdshell import xp_cmdshell
 
+
 class Abstraction(Web, UDF, xp_cmdshell):
     """
     This class defines an abstraction layer for OS takeover functionalities
@@ -36,10 +38,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
         if self.webBackdoorUrl and not kb.stackedTest:
             self.webBackdoorRunCmd(cmd)
 
-        elif kb.dbms in ( "MySQL", "PostgreSQL" ):
+        elif kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
             self.udfExecCmd(cmd, silent=silent)
 
-        elif kb.dbms == "Microsoft SQL Server":
+        elif kb.dbms == DBMS.MSSQL:
             self.xpCmdshellExecCmd(cmd, silent=silent)
 
         else:
@@ -50,10 +52,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
         if self.webBackdoorUrl and not kb.stackedTest:
             return self.webBackdoorRunCmd(cmd)
 
-        elif kb.dbms in ( "MySQL", "PostgreSQL" ):
+        elif kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
             return self.udfEvalCmd(cmd, first, last)
 
-        elif kb.dbms == "Microsoft SQL Server":
+        elif kb.dbms == DBMS.MSSQL:
             return self.xpCmdshellEvalCmd(cmd, first, last)
 
         else:
@@ -88,13 +90,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
             logger.info(infoMsg)
 
         else:
-            if kb.dbms in ( "MySQL", "PostgreSQL" ):
+            if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
                 infoMsg  = "going to use injected sys_eval and sys_exec "
                 infoMsg += "user-defined functions for operating system "
                 infoMsg += "command execution"
                 logger.info(infoMsg)
 
-            elif kb.dbms == "Microsoft SQL Server":
+            elif kb.dbms == DBMS.MSSQL:
                 infoMsg  = "going to use xp_cmdshell extended procedure for "
                 infoMsg += "operating system command execution"
                 logger.info(infoMsg)
@@ -146,9 +148,9 @@ class Abstraction(Web, UDF, xp_cmdshell):
                 warnMsg += "the session user is not a database administrator"
                 logger.warn(warnMsg)
 
-            if kb.dbms in ( "MySQL", "PostgreSQL" ):
+            if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
                 self.udfInjectSys()
-            elif kb.dbms == "Microsoft SQL Server":
+            elif kb.dbms == DBMS.MSSQL:
                 if mandatory:
                     self.xpCmdshellInit()
             else:

lib/takeover/metasploit.py

@@ -32,6 +32,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapDataException
 from lib.core.exception import sqlmapFilePathException
+from lib.core.settings import DBMS
 from lib.core.subprocessng import blockingReadFromFD
 from lib.core.subprocessng import blockingWriteToFD
 from lib.core.subprocessng import pollProcess
@@ -185,13 +186,13 @@ class Metasploit:
         if __payloadStr == "windows/vncinject":
             choose = False
 
-            if kb.dbms == "MySQL":
+            if kb.dbms == DBMS.MYSQL:
                 debugMsg  = "by default MySQL on Windows runs as SYSTEM "
                 debugMsg += "user, it is likely that the the VNC "
                 debugMsg += "injection will be successful"
                 logger.debug(debugMsg)
 
-            elif kb.dbms == "PostgreSQL":
+            elif kb.dbms == DBMS.POSTGRESQL:
                 choose = True
 
                 warnMsg  = "by default PostgreSQL on Windows runs as "
@@ -199,7 +200,7 @@ class Metasploit:
                 warnMsg += "injection will be successful"
                 logger.warn(warnMsg)
 
-            elif kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
+            elif kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
                 choose = True
 
                 warnMsg  = "it is unlikely that the VNC injection will be "
@@ -228,12 +229,12 @@ class Metasploit:
                         break
 
                     elif choice == "1":
-                        if kb.dbms == "PostgreSQL":
+                        if kb.dbms == DBMS.POSTGRESQL:
                             logger.warn("beware that the VNC injection might not work")
 
                             break
 
-                        elif kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
+                        elif kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
                             break
 
                     elif not choice.isdigit():
@@ -553,7 +554,7 @@ class Metasploit:
             # This is useful for sqlmap because on PostgreSQL it is not
             # possible to write files bigger than 8192 bytes abusing the
             # lo_export() feature implemented in sqlmap.
-            if kb.dbms == "PostgreSQL":
+            if kb.dbms == DBMS.POSTGRESQL:
                 self.__fileFormat = "exe-small"
             else:
                 self.__fileFormat = "exe"
@@ -655,7 +656,7 @@ class Metasploit:
         self.__forgeMsfConsoleResource()
         self.__forgeMsfConsoleCmd()
 
-        if kb.dbms in ( "MySQL", "PostgreSQL" ):
+        if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
             self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile)
         else:
             self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)

lib/takeover/udf.py

@@ -20,6 +20,7 @@ from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapUnsupportedFeatureException
 from lib.core.exception import sqlmapUserQuitException
+from lib.core.settings import DBMS
 from lib.core.unescaper import unescaper
 from lib.request import inject
 from lib.techniques.outband.stacked import stackedTest
@@ -102,7 +103,7 @@ class UDF:
         return output
 
     def udfCheckNeeded(self):
-        if ( not conf.rFile or ( conf.rFile and kb.dbms != "PostgreSQL" ) ) and "sys_fileread" in self.sysUdfs:
+        if ( not conf.rFile or ( conf.rFile and kb.dbms != DBMS.POSTGRESQL ) ) and "sys_fileread" in self.sysUdfs:
             self.sysUdfs.pop("sys_fileread")
 
         if not conf.osPwn:
@@ -141,9 +142,9 @@ class UDF:
             if udf in self.udfToCreate and udf not in self.createdUdf:
                 self.udfCreateFromSharedLib(udf, inpRet)
 
-        if kb.dbms == "MySQL":
+        if kb.dbms == DBMS.MYSQL:
             supportTblType = "longtext"
-        elif kb.dbms == "PostgreSQL":
+        elif kb.dbms == DBMS.POSTGRESQL:
             supportTblType = "text"
 
         self.udfCreateSupportTbl(supportTblType)
@@ -154,7 +155,7 @@ class UDF:
         self.udfInjectCore(self.sysUdfs)
 
     def udfInjectCustom(self):
-        if kb.dbms not in ( "MySQL", "PostgreSQL" ):
+        if kb.dbms not in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
             errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
             raise sqlmapUnsupportedFeatureException(errMsg)
 
@@ -236,9 +237,9 @@ class UDF:
                 else:
                     logger.warn("you need to specify the name of the UDF")
 
-            if kb.dbms == "MySQL":
+            if kb.dbms == DBMS.MYSQL:
                 defaultType = "string"
-            elif kb.dbms == "PostgreSQL":
+            elif kb.dbms == DBMS.POSTGRESQL:
                 defaultType = "text"
 
             self.udfs[udfName]["input"] = []