refactoring of hard coded dbms names

2025-12-07 05:01:30 +00:00 · 2010-11-02 11:59:24 +00:00
parent 9d2c81baa9
commit 685a8e7d2c
35 changed files with 251 additions and 206 deletions
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -20,6 +20,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.session import setError
+from lib.core.settings import DBMS
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 from lib.utils.resume import resume
@@ -49,7 +50,7 @@ def errorUse(expression, returnPayload=False):
        _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
        nulledCastedField                = agent.nullAndCastField(fieldToCastStr)

-        if kb.dbms == "MySQL":
+        if kb.dbms == DBMS.MYSQL:
            nulledCastedField            = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))") # fix for that 'Subquery returns more than 1 row'

        expressionReplaced               = expression.replace(fieldToCastStr, nulledCastedField, 1)
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -124,13 +124,13 @@ def __unionTestByNULLBruteforce(comment):
    query   = agent.prefixQuery("UNION ALL SELECT NULL")

    for count in range(0, 50):
-        if kb.dbms == "Oracle" and query.endswith(" FROM DUAL"):
+        if kb.dbms == DBMS.ORACLE and query.endswith(" FROM DUAL"):
            query = query[:-len(" FROM DUAL")]

        if count:
            query += ", NULL"

-        if kb.dbms == "Oracle":
+        if kb.dbms == DBMS.ORACLE:
            query += " FROM DUAL"

        commentedQuery = agent.postfixQuery(query, comment)
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -18,6 +18,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
+from lib.core.settings import DBMS
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 from lib.techniques.inband.union.test import unionTest
@@ -68,7 +69,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
            limitRegExp = re.search(queries[kb.dbms].limitregexp.query, expression, re.I)

            if limitRegExp:
-                if kb.dbms in ( "MySQL", "PostgreSQL" ):
+                if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
                    limitGroupStart = queries[kb.dbms].limitgroupstart.query
                    limitGroupStop  = queries[kb.dbms].limitgroupstop.query

@@ -78,7 +79,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
                    stopLimit = limitRegExp.group(int(limitGroupStop))
                    limitCond = int(stopLimit) > 1

-                elif kb.dbms == "Microsoft SQL Server":
+                elif kb.dbms == DBMS.MSSQL:
                    limitGroupStart = queries[kb.dbms].limitgroupstart.query
                    limitGroupStop  = queries[kb.dbms].limitgroupstop.query

@@ -88,7 +89,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
                    stopLimit = limitRegExp.group(int(limitGroupStop))
                    limitCond = int(stopLimit) > 1

-                elif kb.dbms == "Oracle":
+                elif kb.dbms == DBMS.ORACLE:
                    limitCond = False
            else:
                limitCond = True
@@ -102,12 +103,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh

                    # From now on we need only the expression until the " LIMIT "
                    # (or similar, depending on the back-end DBMS) word
-                    if kb.dbms in ( "MySQL", "PostgreSQL" ):
+                    if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
                        stopLimit += startLimit
                        untilLimitChar = expression.index(queries[kb.dbms].limitstring.query)
                        expression = expression[:untilLimitChar]

-                    elif kb.dbms == "Microsoft SQL Server":
+                    elif kb.dbms == DBMS.MSSQL:
                        stopLimit += startLimit
                elif dump:
                    if conf.limitStart:
@@ -116,7 +117,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
                        stopLimit = conf.limitStop

                if not stopLimit or stopLimit <= 1:
-                    if kb.dbms == "Oracle" and expression.endswith("FROM DUAL"):
+                    if kb.dbms == DBMS.ORACLE and expression.endswith("FROM DUAL"):
                        test = False
                    else:
                        test = True
@@ -170,9 +171,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
                        return

                    for num in xrange(startLimit, stopLimit):
-                        if kb.dbms == "Microsoft SQL Server":
+                        if kb.dbms == DBMS.MSSQL:
                            field = expressionFieldsList[0]
-                        elif kb.dbms == "Oracle":
+                        elif kb.dbms == DBMS.ORACLE:
                            field = expressionFieldsList
                        else:
                            field = None