removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)

2025-12-07 21:21:33 +00:00 · 2010-10-21 13:13:12 +00:00
parent be443c6947
commit bc79eec702
16 changed files with 169 additions and 401 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -220,8 +220,8 @@ class Agent:
        if field.startswith("(CASE"):
            nulledCastedField = field
        else:
-            nulledCastedField = queries[kb.dbms].cast % field
-            nulledCastedField = queries[kb.dbms].isnull % nulledCastedField
+            nulledCastedField = queries[kb.dbms].cast.query % field
+            nulledCastedField = queries[kb.dbms].isnull.query % nulledCastedField

        return nulledCastedField

@@ -260,7 +260,7 @@ class Agent:

        fields             = fields.replace(", ", ",")
        fieldsSplitted     = fields.split(",")
-        dbmsDelimiter      = queries[kb.dbms].delimiter
+        dbmsDelimiter      = queries[kb.dbms].delimiter.query
        nulledCastedFields = []

        for field in fieldsSplitted:
@@ -516,18 +516,18 @@ class Agent:
        """

        limitedQuery = query
-        limitStr = queries[kb.dbms].limit
+        limitStr = queries[kb.dbms].limit.query
        fromIndex = limitedQuery.index(" FROM ")
        untilFrom = limitedQuery[:fromIndex]
        fromFrom = limitedQuery[fromIndex+1:]
        orderBy = False

        if kb.dbms in ( "MySQL", "PostgreSQL", "SQLite" ):
-            limitStr = queries[kb.dbms].limit % (num, 1)
+            limitStr = queries[kb.dbms].limit.query % (num, 1)
            limitedQuery += " %s" % limitStr
            
        elif kb.dbms == "Firebird":
-            limitStr = queries[kb.dbms].limit % (num+1, num+1)
+            limitStr = queries[kb.dbms].limit.query % (num+1, num+1)
            limitedQuery += " %s" % limitStr

        elif kb.dbms == "Oracle":
@@ -556,7 +556,7 @@ class Agent:
                limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)

            if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
-                topNums         = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I)
+                topNums         = re.search(queries[kb.dbms].limitregexp.query, limitedQuery, re.I)

                if topNums:
                    topNums = topNums.groups()
@@ -602,7 +602,7 @@ class Agent:
        @rtype: C{str}
        """

-        return queries[kb.dbms].case % expression
+        return queries[kb.dbms].case.query % expression

 # SQL agent
 agent = Agent()
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -909,14 +909,14 @@ def getDelayQuery(andCond=False):
        banVer = kb.bannerFp["dbmsVersion"]

        if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"):
-            query = queries[kb.dbms].timedelay % conf.timeSec
+            query = queries[kb.dbms].timedelay.query % conf.timeSec

        else:
-            query = queries[kb.dbms].timedelay2 % conf.timeSec
+            query = queries[kb.dbms].timedelay.query2 % conf.timeSec
    elif kb.dbms == "Firebird":
-        query = queries[kb.dbms].timedelay
+        query = queries[kb.dbms].timedelay.query
    else:
-        query = queries[kb.dbms].timedelay % conf.timeSec
+        query = queries[kb.dbms].timedelay.query % conf.timeSec

    if andCond:
        if kb.dbms in ( "MySQL", "SQLite" ):
@@ -1078,6 +1078,8 @@ def safeStringFormat(formatStr, params):
                if count < len(params):
                    retVal = retVal[:index] + getUnicode(params[count]) + retVal[index+2:]
                else:
+                    import pdb
+                    pdb.set_trace()
                    raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
                count += 1

--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -37,6 +37,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
+from lib.core.data import queries
 from lib.core.datatype import advancedDict
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
@@ -55,7 +56,6 @@ from lib.core.settings import SUPPORTED_OS
 from lib.core.settings import VERSION_STRING
 from lib.core.update import update
 from lib.parse.configfile import configFileParser
-from lib.parse.queriesfile import queriesParser
 from lib.request.proxy import ProxyHTTPSHandler
 from lib.request.certhandler import HTTPSCertAuthHandler
 from lib.request.redirecthandler import SmartRedirectHandler
@@ -195,6 +195,13 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
                kb.targetUrls.add((url, method, data, cookie))
                addedTargetUrls.add(url)

+def __loadQueries():
+    """
+    Loads queries from 'xml/queries.xml' file.
+    """
+    for node in xmlobject.XMLFile(path=paths.QUERIES_XML, textfilter=sanitizeStr).root.dbms:
+        queries[node.value] = node
+
 def __setMultipleTargets():
    """
    Define a configuration parameter if we are running in multiple target
@@ -1258,4 +1265,4 @@ def init(inputOptions=advancedDict()):
    __setMetasploit()

    update()
-    queriesParser()
+    __loadQueries()