Implementation for an Issue #2891

2025-12-06 20:51:31 +00:00 · 2018-02-13 15:53:50 +01:00
parent 365fa5a52a
commit e2cc9569e5
12 changed files with 74 additions and 38 deletions
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -22,6 +22,7 @@ from lib.core.common import isTechniqueAvailable
 from lib.core.common import prioritySortColumns
 from lib.core.common import readInput
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import singleTimeLogMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
@@ -68,11 +69,16 @@ class Entries:
            if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
                conf.db = conf.db.upper()

-            if  ',' in conf.db:
+            if ',' in conf.db:
                errMsg = "only one database name is allowed when enumerating "
                errMsg += "the tables' columns"
                raise SqlmapMissingMandatoryOptionException(errMsg)

+            if conf.exclude and conf.db in conf.exclude.split(','):
+                infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
+                singleTimeLogMessage(infoMsg)
+                return
+
        conf.db = safeSQLIdentificatorNaming(conf.db)

        if conf.tbl:
@@ -99,6 +105,11 @@ class Entries:
            tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)

        for tbl in tblList:
+            if conf.exclude and tbl in conf.exclude.split(','):
+                infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
+                singleTimeLogMessage(infoMsg)
+                continue
+
            conf.tbl = tbl
            kb.data.dumpedTable = {}

@@ -129,8 +140,8 @@ class Entries:
                columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
                colList = sorted(filter(None, columns.keys()))

-                if conf.excludeCol:
-                    colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+                if conf.exclude:
+                    colList = [_ for _ in colList if _ not in conf.exclude.split(',')]

                if not colList:
                    warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
@@ -465,6 +476,11 @@ class Entries:
                conf.db = db

                for table in tables:
+                    if conf.exclude and table in conf.exclude.split(','):
+                        infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
+                        logger.info(infoMsg)
+                        continue
+
                    try:
                        conf.tbl = table
                        kb.data.cachedColumns = {}
@@ -530,8 +546,8 @@ class Entries:
                conf.tbl = table
                colList = filter(None, sorted(columns))

-                if conf.excludeCol:
-                    colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+                if conf.exclude:
+                    colList = [_ for _ in colList if _ not in conf.exclude.split(',')]

                conf.col = ','.join(colList)
                kb.data.cachedColumns = {}