refactoring for issue #51

2025-12-09 14:11:29 +00:00 · 2012-07-10 00:19:32 +01:00
parent 25eca9d671
commit d3da3f5c52
17 changed files with 23 additions and 21 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -11,7 +11,7 @@ from xml.etree import ElementTree as ET

 from lib.core.common import Backend
 from lib.core.common import extractRegexResult
-from lib.core.common import getSPQLSnippet
+from lib.core.common import getSQLSnippet
 from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomInt
@@ -820,7 +820,7 @@ class Agent:

    def runAsDBMSUser(self, query):
        if conf.dCred and "Ad Hoc Distributed Queries" not in query:
-            query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
+            query = getSQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))

        return query

--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1543,15 +1543,15 @@ def parseXmlFile(xmlFile, handler):
    with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
        parse(stream, handler)

-def getSPQLSnippet(dbms, name, **variables):
+def getSQLSnippet(dbms, sfile, **variables):
    """
-    Returns content of SP(Q)L snippet located inside "procs" directory
+    Returns content of SQL snippet located inside 'procs/' directory
    """

-    filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], "%s.txt" % name)
+    filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
    checkFile(filename)
-    retVal = readCachedFileContent(filename)

+    retVal = readCachedFileContent(filename)
    retVal = re.sub(r"#.+", "", retVal)
    retVal = re.sub(r"(?s);\s+", "; ", retVal).strip()

@@ -1565,8 +1565,9 @@ def getSPQLSnippet(dbms, name, **variables):
        retVal = retVal.replace(_, randomInt())

    _ = re.search(r"%(\w+)%", retVal, re.I)
+
    if _:
-        errMsg = "unresolved variable '%s' in SPL snippet '%s'" % (_.group(1), name)
+        errMsg = "unresolved variable '%s' in SQL file '%s'" % (_.group(1), sfile)
        raise sqlmapGenericException, errMsg

    return retVal