Adding support for InterSystems Cache (and IRIS)

plugins/dbms/cache/__init__.py

@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.enums import DBMS
+from lib.core.settings import CACHE_SYSTEM_DBS
+from lib.core.unescaper import unescaper
+
+from plugins.dbms.cache.enumeration import Enumeration
+from plugins.dbms.cache.filesystem import Filesystem
+from plugins.dbms.cache.fingerprint import Fingerprint
+from plugins.dbms.cache.syntax import Syntax
+from plugins.dbms.cache.takeover import Takeover
+from plugins.generic.misc import Miscellaneous
+
+class CacheMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
+    """
+    This class defines Cache methods
+    """
+
+    def __init__(self):
+        self.excludeDbsList = CACHE_SYSTEM_DBS
+
+        for cls in self.__class__.__bases__:
+            cls.__init__(self)
+
+    unescaper[DBMS.CACHE] = Syntax.escape

plugins/dbms/cache/connector.py

@@ -0,0 +1,77 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+try:
+    import jaydebeapi
+    import jpype
+except:
+    pass
+
+import logging
+
+from lib.core.common import checkFile
+from lib.core.common import getSafeExString
+from lib.core.common import readInput
+from lib.core.data import conf
+from lib.core.data import logger
+from lib.core.exception import SqlmapConnectionException
+from plugins.generic.connector import Connector as GenericConnector
+
+class Connector(GenericConnector):
+    """
+    Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/
+    User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html
+    API: -
+    Debian package: -
+    License: LGPL & Apache License 2.0
+    """
+
+    def connect(self):
+        self.initConnection()
+        try:
+            msg = "please enter the location of 'cachejdbc.jar'? "
+            jar = readInput(msg)
+            checkFile(jar)
+            args = "-Djava.class.path=%s" % jar
+            jvm_path = jpype.getDefaultJVMPath()
+            jpype.startJVM(jvm_path, args)
+        except Exception as ex:
+            raise SqlmapConnectionException(getSafeExString(ex))
+
+        try:
+            driver = 'com.intersys.jdbc.CacheDriver'
+            connection_string = 'jdbc:Cache://%s:%d/%s' % (self.hostname, self.port, self.db)
+            self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password))
+        except Exception as ex:
+            raise SqlmapConnectionException(getSafeExString(ex))
+
+        self.initCursor()
+        self.printConnected()
+
+    def fetchall(self):
+        try:
+            return self.cursor.fetchall()
+        except Exception as ex:
+            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
+            return None
+
+    def execute(self, query):
+        retVal = False
+
+        try:
+            self.cursor.execute(query)
+            retVal = True
+        except Exception as ex:
+            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
+
+        self.connector.commit()
+
+        return retVal
+
+    def select(self, query):
+        self.execute(query)
+        return self.fetchall()

plugins/dbms/cache/enumeration.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.data import logger
+from lib.core.settings import CACHE_DEFAULT_SCHEMA
+from plugins.generic.enumeration import Enumeration as GenericEnumeration
+
+class Enumeration(GenericEnumeration):
+    def getCurrentDb(self):
+        return CACHE_DEFAULT_SCHEMA
+
+    def getUsers(self):
+        warnMsg = "on Cache it is not possible to enumerate the users"
+        logger.warn(warnMsg)
+
+        return []
+
+    def getPasswordHashes(self):
+        warnMsg = "on Cache it is not possible to enumerate password hashes"
+        logger.warn(warnMsg)
+
+        return {}
+
+    def getPrivileges(self, *args, **kwargs):
+        warnMsg = "on Cache it is not possible to enumerate the user privileges"
+        logger.warn(warnMsg)
+
+        return {}
+
+    def getStatements(self):
+        warnMsg = "on Cache it is not possible to enumerate the SQL statements"
+        logger.warn(warnMsg)
+
+        return []
+
+    def getRoles(self, *args, **kwargs):
+        warnMsg = "on Cache it is not possible to enumerate the user roles"
+        logger.warn(warnMsg)
+
+        return {}
+
+    def getHostname(self):
+        warnMsg = "on Cache it is not possible to enumerate the hostname"
+        logger.warn(warnMsg)

plugins/dbms/cache/filesystem.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from plugins.generic.filesystem import Filesystem as GenericFilesystem
+
+class Filesystem(GenericFilesystem):
+    pass

plugins/dbms/cache/fingerprint.py

@@ -0,0 +1,113 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.common import Backend
+from lib.core.common import Format
+from lib.core.common import hashDBRetrieve
+from lib.core.common import hashDBWrite
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import DBMS
+from lib.core.enums import FORK
+from lib.core.enums import HASHDB_KEYS
+from lib.core.session import setDbms
+from lib.core.settings import CACHE_ALIASES
+from lib.request import inject
+from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
+
+class Fingerprint(GenericFingerprint):
+    def __init__(self):
+        GenericFingerprint.__init__(self, DBMS.CACHE)
+
+    def getFingerprint(self):
+        fork = hashDBRetrieve(HASHDB_KEYS.DBMS_FORK)
+
+        if fork is None:
+            if inject.checkBooleanExpression("$ZVERSION LIKE '%IRIS%'"):
+                fork = FORK.IRIS
+            else:
+                fork = ""
+
+            hashDBWrite(HASHDB_KEYS.DBMS_FORK, fork)
+
+        value = ""
+        wsOsFp = Format.getOs("web server", kb.headersFp)
+
+        if wsOsFp:
+            value += "%s\n" % wsOsFp
+
+        if kb.data.banner:
+            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
+
+            if dbmsOsFp:
+                value += "%s\n" % dbmsOsFp
+
+        value += "back-end DBMS: "
+
+        if not conf.extensiveFp:
+            value += DBMS.CACHE
+            if fork:
+                value += " (%s fork)" % fork
+            return value
+
+        actVer = Format.getDbms()
+        blank = " " * 15
+        value += "active fingerprint: %s" % actVer
+
+        if kb.bannerFp:
+            banVer = kb.bannerFp.get("dbmsVersion")
+
+            if banVer:
+                banVer = Format.getDbms([banVer])
+                value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
+
+        htmlErrorFp = Format.getErrorParsedDBMSes()
+
+        if htmlErrorFp:
+            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
+
+        if fork:
+            value += "\n%sfork fingerprint: %s" % (blank, fork)
+
+        return value
+
+    def checkDbms(self):
+        if not conf.extensiveFp and Backend.isDbmsWithin(CACHE_ALIASES):
+            setDbms(DBMS.CACHE)
+
+            self.getBanner()
+
+            return True
+
+        infoMsg = "testing %s" % DBMS.CACHE
+        logger.info(infoMsg)
+
+        result = inject.checkBooleanExpression("$LISTLENGTH(NULL) IS NULL")
+
+        if result:
+            infoMsg = "confirming %s" % DBMS.CACHE
+            logger.info(infoMsg)
+
+            result = inject.checkBooleanExpression("%EXTERNAL %INTERNAL NULL IS NULL")
+
+            if not result:
+                warnMsg = "the back-end DBMS is not %s" % DBMS.CACHE
+                logger.warn(warnMsg)
+
+                return False
+
+            setDbms(DBMS.CACHE)
+
+            self.getBanner()
+
+            return True
+        else:
+            warnMsg = "the back-end DBMS is not %s" % DBMS.CACHE
+            logger.warn(warnMsg)
+
+            return False

plugins/dbms/cache/syntax.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.convert import getOrds
+from plugins.generic.syntax import Syntax as GenericSyntax
+
+class Syntax(GenericSyntax):
+    @staticmethod
+    def escape(expression, quote=True):
+        """
+        >>> from lib.core.common import Backend
+        >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar"
+        True
+        """
+
+        def escaper(value):
+            return "||".join("CHAR(%d)" % _ for _ in getOrds(value))
+
+        return Syntax._escape(expression, quote, escaper)

plugins/dbms/cache/takeover.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.exception import SqlmapUnsupportedFeatureException
+from plugins.generic.takeover import Takeover as GenericTakeover
+
+class Takeover(GenericTakeover):
+    def osCmd(self):
+        errMsg = "on Cache it is not possible to execute commands"
+        raise SqlmapUnsupportedFeatureException(errMsg)
+
+    def osShell(self):
+        errMsg = "on Cache it is not possible to execute commands"
+        raise SqlmapUnsupportedFeatureException(errMsg)
+
+    def osPwn(self):
+        errMsg = "on Cache it is not possible to establish an "
+        errMsg += "out-of-band connection"
+        raise SqlmapUnsupportedFeatureException(errMsg)
+
+    def osSmb(self):
+        errMsg = "on Cache it is not possible to establish an "
+        errMsg += "out-of-band connection"
+        raise SqlmapUnsupportedFeatureException(errMsg)