Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0eeb48f

Browse files
stamparmstamparm
committed
some fixes
1 parent 7733e58 commit 0eeb48f

4 files changed

Lines changed: 27 additions & 27 deletions

File tree

lib/core/common.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2549,7 +2549,7 @@ def normalizeUnicode(value):
25492549

25502550
def safeSQLIdentificatorNaming(name, isTable=False):
25512551
"""
2552-
Returns a safe representation of SQL identificator name
2552+
Returns a safe representation of SQL identificator name (internal data format)
25532553
"""
25542554

25552555
retVal = name

plugins/dbms/maxdb/enumeration.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ def getColumns(self, onlyColNames=False):
123123
raise sqlmapNoneDataException, errMsg
124124

125125
for tbl in tblList:
126-
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)
126+
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
127127

128128
rootQuery = queries[Backend.getIdentifiedDbms()].columns
129129

@@ -151,7 +151,7 @@ def getColumns(self, onlyColNames=False):
151151
columns = {}
152152

153153
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
154-
columns[columnname] = "%s(%s)" % (datatype, length)
154+
columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
155155

156156
table[tbl] = columns
157157
kb.data.cachedColumns[conf.db] = table

plugins/dbms/sybase/enumeration.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -212,8 +212,8 @@ def getColumns(self, onlyColNames=False):
212212

213213
if colList:
214214
table = {}
215-
table[unsafeSQLIdentificatorNaming(tbl)] = dict(map(lambda x: (x, None), colList))
216-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
215+
table[safeSQLIdentificatorNaming(tbl)] = dict(map(lambda x: (x, None), colList))
216+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
217217
continue
218218

219219
infoMsg = "fetching columns "
@@ -233,8 +233,8 @@ def getColumns(self, onlyColNames=False):
233233
for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
234234
columns[name] = sybaseTypes.get(type_, type_)
235235

236-
table[unsafeSQLIdentificatorNaming(tbl)] = columns
237-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
236+
table[safeSQLIdentificatorNaming(tbl)] = columns
237+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
238238

239239
break
240240

plugins/generic/enumeration.py

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1005,9 +1005,9 @@ def getColumns(self, onlyColNames=False):
10051005
columns[colName] = colType
10061006

10071007
if conf.db in kb.data.cachedColumns:
1008-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns
1008+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
10091009
else:
1010-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = {unsafeSQLIdentificatorNaming(tbl): columns}
1010+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}
10111011

10121012
return kb.data.cachedColumns
10131013

@@ -1086,10 +1086,10 @@ def getColumns(self, onlyColNames=False):
10861086
columns[name] = columnData[1]
10871087

10881088
if conf.db in kb.data.cachedColumns:
1089-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns
1089+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
10901090
else:
1091-
table[unsafeSQLIdentificatorNaming(tbl)] = columns
1092-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
1091+
table[safeSQLIdentificatorNaming(tbl, True)] = columns
1092+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
10931093

10941094
if not kb.data.cachedColumns and not conf.direct:
10951095
for tbl in tblList:
@@ -1208,10 +1208,10 @@ def getColumns(self, onlyColNames=False):
12081208

12091209
if columns:
12101210
if conf.db in kb.data.cachedColumns:
1211-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns
1211+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
12121212
else:
1213-
table[unsafeSQLIdentificatorNaming(tbl)] = columns
1214-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
1213+
table[safeSQLIdentificatorNaming(tbl, True)] = columns
1214+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
12151215

12161216
if not kb.data.cachedColumns:
12171217
errMsg = "unable to retrieve the columns for any "
@@ -1261,13 +1261,13 @@ def __tableGetCount(self, db, table):
12611261
count = inject.getValue(query, expected=EXPECTED.INT, charsetType=2)
12621262

12631263
if count is not None and isinstance(count, basestring) and count.isdigit():
1264-
if unsafeSQLIdentificatorNaming(db) not in kb.data.cachedCounts:
1265-
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)] = {}
1264+
if safeSQLIdentificatorNaming(db) not in kb.data.cachedCounts:
1265+
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)] = {}
12661266

1267-
if int(count) in kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)]:
1268-
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)][int(count)].append(unsafeSQLIdentificatorNaming(table))
1267+
if int(count) in kb.data.cachedCounts[safeSQLIdentificatorNaming(db)]:
1268+
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)].append(safeSQLIdentificatorNaming(table, True))
12691269
else:
1270-
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)][int(count)] = [unsafeSQLIdentificatorNaming(table)]
1270+
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)] = [safeSQLIdentificatorNaming(table, True)]
12711271

12721272
def getCount(self):
12731273
if not conf.tbl:
@@ -1481,18 +1481,18 @@ def dumpTable(self):
14811481
self.getColumns(onlyColNames=True)
14821482

14831483
try:
1484-
if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
1485-
or unsafeSQLIdentificatorNaming(tbl) not in \
1486-
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] \
1487-
or not kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)]:
1484+
if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
1485+
or safeSQLIdentificatorNaming(tbl, True) not in \
1486+
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] \
1487+
or not kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]:
14881488
warnMsg = "unable to enumerate the columns for table "
14891489
warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl)
14901490
warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db)
14911491
logger.warn(warnMsg)
14921492

14931493
continue
14941494

1495-
colList = kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)].keys()
1495+
colList = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)].keys()
14961496
colString = ", ".join(column for column in colList)
14971497
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
14981498

@@ -1678,8 +1678,8 @@ def dumpTable(self):
16781678

16791679
if len(kb.data.dumpedTable) > 0:
16801680
kb.data.dumpedTable["__infos__"] = { "count": entriesCount,
1681-
"table": unsafeSQLIdentificatorNaming(tbl),
1682-
"db": unsafeSQLIdentificatorNaming(conf.db) }
1681+
"table": safeSQLIdentificatorNaming(tbl, True),
1682+
"db": safeSQLIdentificatorNaming(conf.db) }
16831683

16841684
attackDumpedTable()
16851685
conf.dumper.dbTableValues(kb.data.dumpedTable)

0 commit comments

Comments
 (0)