added missing files for Sybase

2025-12-06 12:41:30 +00:00 · 2010-10-13 18:55:17 +00:00
parent 4b641afc46
commit f700692c74
8 changed files with 489 additions and 3 deletions
--- a/plugins/dbms/sybase/syntax.py
+++ b/plugins/dbms/sybase/syntax.py
@@ -0,0 +1,86 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+from lib.core.exception import sqlmapSyntaxException
+
+from plugins.generic.syntax import Syntax as GenericSyntax
+
+class Syntax(GenericSyntax):
+    def __init__(self):
+        GenericSyntax.__init__(self)
+
+    @staticmethod
+    def unescape(expression, quote=True):
+        if quote:
+            while True:
+                index = expression.find("'")
+                if index == -1:
+                    break
+
+                firstIndex = index + 1
+                index = expression[firstIndex:].find("'")
+
+                if index == -1:
+                    raise sqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
+
+                lastIndex = firstIndex + index
+                old = "'%s'" % expression[firstIndex:lastIndex]
+                #unescaped = "("
+                unescaped = ""
+
+                for i in range(firstIndex, lastIndex):
+                    unescaped += "CHAR(%d)" % (ord(expression[i]))
+                    if i < lastIndex - 1:
+                        unescaped += "+"
+
+                #unescaped += ")"
+                expression = expression.replace(old, unescaped)
+        else:
+            expression = "+".join("CHAR(%d)" % ord(c) for c in expression)
+
+        return expression
+
+    @staticmethod
+    def escape(expression):
+        while True:
+            index = expression.find("CHAR(")
+            if index == -1:
+                break
+
+            firstIndex = index
+            index = expression[firstIndex:].find("))")
+
+            if index == -1:
+                raise sqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
+
+            lastIndex = firstIndex + index + 1
+            old = expression[firstIndex:lastIndex]
+            oldUpper = old.upper()
+            oldUpper = oldUpper.replace("CHAR(", "").replace(")", "")
+            oldUpper = oldUpper.split("+")
+
+            escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
+            expression = expression.replace(old, escaped)
+
+        return expression