PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)

Browse Source
This commit is contained in:
Miroslav Stampar
2012-12-06 14:14:19 +01:00
parent 003d21e962
commit 974407396e
102 changed files with 1115 additions and 1091 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/request/basic.py
View File

@@ -25,7 +25,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import HTTPHEADER
from lib.core.enums import PLACE
from lib.core.exception import sqlmapCompressionException
from lib.core.exception import SqlmapCompressionException
from lib.core.htmlentities import htmlEntities
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import EVENTVALIDATION_REGEX
@@ -211,7 +211,7 @@ def decodePage(page, contentEncoding, contentType):
singleTimeWarnMessage(warnMsg)
kb.pageCompress = False
raise sqlmapCompressionException
raise SqlmapCompressionException
if not conf.charset:
httpCharset, metaCharset = None, None

4
lib/request/comparison.py
View File

@@ -16,7 +16,7 @@ from lib.core.common import wasLastRequestHTTPError
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import DEFAULT_PAGE_ENCODING
from lib.core.settings import DIFF_TOLERANCE
from lib.core.settings import HTML_TITLE_REGEX
@@ -92,7 +92,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. Please rerun, "
errMsg += "and if the problem persists turn off any optimization switches"
raise sqlmapNoneDataException, errMsg
raise SqlmapNoneDataException, errMsg
ratio = 1. * pageLength / len(seqMatcher.a)

44
lib/request/connect.py
View File

@@ -50,10 +50,10 @@ from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE
from lib.core.enums import POST_HINT
from lib.core.enums import REDIRECTION
from lib.core.exception import sqlmapCompressionException
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import sqlmapSyntaxException
from lib.core.exception import sqlmapValueException
from lib.core.exception import SqlmapCompressionException
from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import SqlmapValueException
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DEFAULT_CONTENT_TYPE
from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
@@ -87,11 +87,11 @@ class Connect(object):
"""
@staticmethod
def __getPageProxy(**kwargs):
def _getPageProxy(**kwargs):
return Connect.getPage(**kwargs)
@staticmethod
def __retryProxy(**kwargs):
def _retryProxy(**kwargs):
threadData = getCurrentThreadData()
threadData.retriesCount += 1
@@ -129,10 +129,10 @@ class Connect(object):
time.sleep(1)
kwargs['retrying'] = True
return Connect.__getPageProxy(**kwargs)
return Connect._getPageProxy(**kwargs)
@staticmethod
def __connReadProxy(conn):
def _connReadProxy(conn):
retVal = ""
if not kb.dnsMode and conn:
@@ -249,7 +249,7 @@ class Connect(object):
multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler)
conn = multipartOpener.open(unicodeencode(url), multipart)
page = Connect.__connReadProxy(conn)
page = Connect._connReadProxy(conn)
responseHeaders = conn.info()
responseHeaders[URI_HTTP_HEADER] = conn.geturl()
page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE))
@@ -360,11 +360,11 @@ class Connect(object):
# Get HTTP response
if hasattr(conn, 'redurl'):
page = threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\
else Connect.__connReadProxy(conn)
else Connect._connReadProxy(conn)
skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
code = conn.redcode
else:
page = Connect.__connReadProxy(conn)
page = Connect._connReadProxy(conn)
code = code or conn.code
responseHeaders = conn.info()
@@ -399,8 +399,8 @@ class Connect(object):
kwargs['post'] = None
try:
return Connect.__getPageProxy(**kwargs)
except sqlmapSyntaxException:
return Connect._getPageProxy(**kwargs)
except SqlmapSyntaxException:
pass
# Explicit closing of connection object
@@ -459,11 +459,11 @@ class Connect(object):
if e.code == httplib.UNAUTHORIZED:
errMsg = "not authorized, try to provide right HTTP "
errMsg += "authentication type and valid credentials (%d)" % code
raise sqlmapConnectionException, errMsg
raise SqlmapConnectionException, errMsg
elif e.code == httplib.NOT_FOUND:
if raise404:
errMsg = "page not found (%d)" % code
raise sqlmapConnectionException, errMsg
raise SqlmapConnectionException, errMsg
else:
debugMsg = "page not found (%d)" % code
logger.debug(debugMsg)
@@ -476,22 +476,22 @@ class Connect(object):
if threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs)
return Connect._retryProxy(**kwargs)
elif kb.testMode:
logger.critical(warnMsg)
return None, None, None
else:
raise sqlmapConnectionException, warnMsg
raise SqlmapConnectionException, warnMsg
else:
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
logger.debug(debugMsg)
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, ProxyError, sqlmapCompressionException), e:
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, ProxyError, SqlmapCompressionException), e:
tbMsg = traceback.format_exc()
if "no host given" in tbMsg:
warnMsg = "invalid url address used (%s)" % repr(url)
raise sqlmapSyntaxException, warnMsg
raise SqlmapSyntaxException, warnMsg
elif "forcibly closed" in tbMsg:
warnMsg = "connection was forcibly closed by the target url"
elif "timed out" in tbMsg:
@@ -519,12 +519,12 @@ class Connect(object):
elif threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs)
return Connect._retryProxy(**kwargs)
elif kb.testMode:
logger.critical(warnMsg)
return None, None, None
else:
raise sqlmapConnectionException, warnMsg
raise SqlmapConnectionException, warnMsg
finally:
page = page if isinstance(page, unicode) else getUnicode(page)
@@ -593,7 +593,7 @@ class Connect(object):
if not isinstance(payload, basestring):
errMsg = "tamper function '%s' returns " % function.func_name
errMsg += "invalid payload type ('%s')" % type(payload)
raise sqlmapValueException, errMsg
raise SqlmapValueException, errMsg
value = agent.replacePayload(value, payload)

4
lib/request/httpshandler.py
View File

@@ -10,7 +10,7 @@ import socket
import urllib2
from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import SqlmapConnectionException
ssl = None
try:
@@ -57,7 +57,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
logger.debug("SSL connection error occured ('%s')" % errMsg)
if not success:
raise sqlmapConnectionException, "can't establish SSL connection"
raise SqlmapConnectionException, "can't establish SSL connection"
class HTTPSHandler(urllib2.HTTPSHandler):
def https_open(self, req):

42
lib/request/inject.py
View File

@@ -36,8 +36,8 @@ from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNotVulnerableException
from lib.core.exception import sqlmapUserQuitException
from lib.core.exception import SqlmapNotVulnerableException
from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
from lib.core.settings import SQL_SCALAR_REGEX
from lib.core.threads import getCurrentThreadData
@@ -50,7 +50,7 @@ from lib.techniques.dns.use import dnsUse
from lib.techniques.error.use import errorUse
from lib.techniques.union.use import unionUse
def __goDns(payload, expression):
def _goDns(payload, expression):
value = None
if conf.dnsName and kb.dnsTest is not False:
@@ -62,12 +62,12 @@ def __goDns(payload, expression):
return value
def __goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None):
def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None):
start = time.time()
value = None
count = 0
value = __goDns(payload, expression)
value = _goDns(payload, expression)
if value:
return value
@@ -95,7 +95,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
return value
def __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
def _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
outputs = []
origExpr = None
@@ -114,7 +114,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
else:
expressionReplaced = expression.replace(expressionFields, field, 1)
output = __goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump, field)
output = _goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump, field)
if isinstance(num, int):
expression = origExpr
@@ -123,7 +123,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
return outputs
def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False):
def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False):
"""
Retrieve the output of a SQL query characted by character taking
advantage of an blind SQL injection vulnerability on the affected
@@ -143,7 +143,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
untilOrderChar = None
if not unpack:
return __goInference(payload, expression, charsetType, firstChar, lastChar, dump)
return _goInference(payload, expression, charsetType, firstChar, lastChar, dump)
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
@@ -233,7 +233,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
countedExpression = countedExpression[:untilOrderChar]
if not stopLimit:
count = __goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar)
count = _goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar)
if isNumPosStrValue(count):
count = int(count)
@@ -252,7 +252,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
stopLimit = count
elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException
raise SqlmapUserQuitException
elif test.isdigit() and int(test) > 0 and int(test) <= count:
stopLimit = int(test)
@@ -302,7 +302,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
try:
for num in xrange(startLimit, stopLimit):
output = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
output = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
outputs.append(output)
except KeyboardInterrupt:
@@ -315,11 +315,11 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
elif Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
outputs = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
return ", ".join(output for output in outputs) if not isNoneValue(outputs) else None
def __goBooleanProxy(expression):
def _goBooleanProxy(expression):
"""
Retrieve the output of a boolean based SQL query
"""
@@ -343,7 +343,7 @@ def __goBooleanProxy(expression):
return output
def __goUnion(expression, unpack=True, dump=False):
def _goUnion(expression, unpack=True, dump=False):
"""
Retrieve the output of a SQL query taking advantage of an union SQL
injection vulnerability on the affected parameter.
@@ -399,7 +399,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
if not conf.forceDns:
if union and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
kb.technique = PAYLOAD.TECHNIQUE.UNION
value = __goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)
value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)
count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
@@ -420,9 +420,9 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
if expected == EXPECTED.BOOL:
value = __goBooleanProxy(booleanExpression)
value = _goBooleanProxy(booleanExpression)
else:
value = __goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
@@ -434,16 +434,16 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
kb.technique = PAYLOAD.TECHNIQUE.STACKED
if expected == EXPECTED.BOOL:
value = __goBooleanProxy(booleanExpression)
value = _goBooleanProxy(booleanExpression)
else:
value = __goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
if value and isinstance(value, basestring):
value = value.strip() if value.strip() else value[:1]
else:
errMsg = "none of the injection types identified can be "
errMsg += "leveraged to retrieve queries output"
raise sqlmapNotVulnerableException, errMsg
raise SqlmapNotVulnerableException, errMsg
finally:
kb.resumeValues = True

4
lib/request/proxy.py
View File

@@ -10,7 +10,7 @@ import socket
import urllib
import urllib2
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.settings import PYVERSION
if PYVERSION >= "2.6":
@@ -117,4 +117,4 @@ else:
class ProxyHTTPSHandler:
def __init__(self, *args, **kwargs):
errMsg = "unsupported feature on versions of Python before 2.6"
raise sqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException, errMsg

4
lib/request/rangehandler.py
View File

@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
import urllib
import urllib2
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import SqlmapConnectionException
class HTTPRangeHandler(urllib2.BaseHandler):
"""
@@ -47,4 +47,4 @@ class HTTPRangeHandler(urllib2.BaseHandler):
def http_error_416(self, req, fp, code, msg, hdrs):
# HTTP's Range Not Satisfiable error
errMsg = "Invalid range"
raise sqlmapConnectionException, errMsg
raise SqlmapConnectionException, errMsg

4
lib/request/redirecthandler.py
View File

@@ -16,7 +16,7 @@ from lib.core.common import logHTTPTraffic
from lib.core.common import readInput
from lib.core.enums import HTTPHEADER
from lib.core.enums import REDIRECTION
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import SqlmapConnectionException
from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS
from lib.core.settings import MAX_TOTAL_REDIRECTIONS
from lib.core.threads import getCurrentThreadData
@@ -102,4 +102,4 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
errMsg += "please check all provided parameters and/or provide missing ones."
raise sqlmapConnectionException, errMsg
raise SqlmapConnectionException, errMsg