implementation of switch --hex for 4 major DBMSes

2025-12-10 09:49:06 +00:00 · 2012-02-21 11:44:48 +00:00
parent 77723a7aee
commit bcf3255fe1
7 changed files with 108 additions and 53 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -17,6 +17,7 @@ from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.common import singleTimeWarnMessage
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@@ -286,11 +287,22 @@ class Agent:
        if field.startswith("(CASE") or field.startswith("(IIF"):
            nulledCastedField = field
        else:
-            nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
+            _ = queries[Backend.getIdentifiedDbms()]
+            nulledCastedField = _.cast.query % field
            if Backend.isDbms(DBMS.ACCESS):
-                nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
+                nulledCastedField = _.isnull.query % (nulledCastedField, nulledCastedField)
            else:
-                nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField
+                nulledCastedField = _.isnull.query % nulledCastedField
+
+            if conf.hexConvert:
+                if 'hex' in _:
+                    nulledCastedField = _.hex.query % nulledCastedField
+                else:
+                    warnMsg = "switch '--hex' is currently not supported on DBMS '%s'. " % Backend.getIdentifiedDbms()
+                    warnMsg += "Going to switch it off"
+                    singleTimeWarnMessage(warnMsg)
+
+                    conf.hexConvert = False

        return nulledCastedField

--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1234,6 +1234,7 @@ def parseUnionPage(output, unique=True):

        for entry in output:
            entry = entry.group(1)
+            entry = decodeHexValue(entry) if conf.hexConvert else entry

            if unique:
                key = entry.lower()
@@ -3098,35 +3099,63 @@ def getCounter(technique):

    return kb.counters.get(technique, 0)

+def applyFunctionRecursively(value, function):
+    """
+    Applies function recursively through list-like structures
+    """
+
+    if isinstance(value, (list, tuple, set, BigArray)):
+        retVal = [applyFunctionRecursively(_, function) for _ in value]
+    else:
+        retVal = function(value)
+
+    return retVal
+
+def decodeHexValue(value):
+    """
+    Returns value decoded from DBMS specific hexadecimal representation
+    """
+
+    def _(value):
+        if isinstance(value, basestring) and len(value) % 2 == 0:
+            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ORACLE, DBMS.PGSQL):
+                value = value.decode("hex")
+            elif Backend.isDbms(DBMS.MSSQL):
+                value = value[2:].decode("hex")
+                if value[1] == '\x00':
+                    value = value.decode("utf16")
+        return value
+
+    return applyFunctionRecursively(value, _)
+
 def extractExpectedValue(value, expected):
    """
    Extracts and returns expected value by a given type
    """

-    if not expected:
-        return value
+    if expected:
+        value = unArrayizeValue(value)

-    value = unArrayizeValue(value)
+        if isNoneValue(value):
+            value = None
+        elif expected == EXPECTED.BOOL:
+            if isinstance(value, int):
+                value = bool(value)
+            elif isinstance(value, basestring):
+                value = value.strip().lower()
+                if value in ("true", "false"):
+                    value = value == "true"
+                elif value in ("1", "-1"):
+                    value = True
+                elif value == "0":
+                    value = False
+                else:
+                    value = None
+        elif expected == EXPECTED.INT:
+            if isinstance(value, basestring):
+                if value.isdigit():
+                    value = int(value)
+                else:
+                    value = None

-    if isNoneValue(value):
-        value = None
-    elif expected == EXPECTED.BOOL:
-        if isinstance(value, int):
-            value = bool(value)
-        elif isinstance(value, basestring):
-            value = value.strip().lower()
-            if value in ("true", "false"):
-                value = value == "true"
-            elif value in ("1", "-1"):
-                value = True
-            elif value == "0":
-                value = False
-            else:
-                value = None
-    elif expected == EXPECTED.INT:
-        if isinstance(value, basestring):
-            if value.isdigit():
-                value = int(value)
-            else:
-                value = None
    return value
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -170,6 +170,7 @@ optDict = {
                               "flushSession":      "boolean",
                               "forms":             "boolean",
                               "freshQueries":      "boolean",
+                               "hexConvert":        "boolean",
                               "parseErrors":       "boolean",
                               "replicate":         "boolean",
                               "updateAll":         "boolean",