handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308

2025-12-06 12:41:30 +00:00 · 2012-12-19 10:50:15 +00:00
parent 155c1eddae
commit dee56b17c3
4 changed files with 42 additions and 33 deletions
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -254,18 +254,23 @@ def errorUse(expression, dump=False):
       and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) \
       and not re.search(SQL_SCALAR_REGEX, expression, re.I):

+        limitCond = True
        limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
+        limitRegExp2 = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query2, expression, re.I)
        topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)

-        if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
-            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+        if (limitRegExp or limitRegExp2) or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
                limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
                limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query

                if limitGroupStart.isdigit():
-                    startLimit = int(limitRegExp.group(int(limitGroupStart)))
-
-                stopLimit = limitRegExp.group(int(limitGroupStop))
+                    if limitRegExp2:
+                        startLimit = 0
+                        stopLimit = limitRegExp2.group(int(limitGroupStart))
+                    else:
+                        startLimit = int(limitRegExp.group(int(limitGroupStart)))
+                        stopLimit = limitRegExp.group(int(limitGroupStop))
                limitCond = int(stopLimit) > 1

            elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
@@ -285,19 +290,17 @@ def errorUse(expression, dump=False):

            elif Backend.isDbms(DBMS.ORACLE):
                limitCond = False
-        else:
-            limitCond = True

        # I assume that only queries NOT containing a "LIMIT #, 1"
-        # (or similar depending on the back-end DBMS) can return
+        # (or equivalent depending on the back-end DBMS) can return
        # multiple entries
        if limitCond:
-            if limitRegExp:
+            if (limitRegExp or limitRegExp2) and stopLimit is not None:
                stopLimit = int(stopLimit)

                # From now on we need only the expression until the " LIMIT "
-                # (or similar, depending on the back-end DBMS) word
-                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+                # (or equivalent, depending on the back-end DBMS) word
+                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
                    stopLimit += startLimit
                    untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
                    expression = expression[:untilLimitChar]