Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0f62e67

Browse files
stamparmstamparm
committed
Minor just in case commit (plural/singular unArrayize())
1 parent b94a5d4 commit 0f62e67

3 files changed

Lines changed: 34 additions & 31 deletions

File tree

plugins/generic/databases.py

Lines changed: 20 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -103,10 +103,10 @@ def getDbs(self):
103103
query = rootQuery.inband.query2
104104
else:
105105
query = rootQuery.inband.query
106-
value = inject.getValue(query, blind=False, time=False)
106+
values = inject.getValue(query, blind=False, time=False)
107107

108-
if not isNoneValue(value):
109-
kb.data.cachedDbs = arrayizeValue(value)
108+
if not isNoneValue(values):
109+
kb.data.cachedDbs = arrayizeValue(values)
110110

111111
if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct:
112112
infoMsg = "fetching number of databases"
@@ -132,7 +132,7 @@ def getDbs(self):
132132
query = rootQuery.blind.query2 % index
133133
else:
134134
query = rootQuery.blind.query % index
135-
db = inject.getValue(query, union=False, error=False)
135+
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
136136

137137
if db:
138138
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
@@ -269,15 +269,15 @@ def getTables(self, bruteForce=None):
269269
if len(dbs) < 2 and ("%s," % condition) in query:
270270
query = query.replace("%s," % condition, "", 1)
271271

272-
value = inject.getValue(query, blind=False, time=False)
272+
values = inject.getValue(query, blind=False, time=False)
273273

274-
if not isNoneValue(value):
275-
value = filter(None, arrayizeValue(value))
274+
if not isNoneValue(values):
275+
values = filter(None, arrayizeValue(values))
276276

277-
if len(value) > 0 and not isListLike(value[0]):
278-
value = map(lambda x: (dbs[0], x), value)
277+
if len(values) > 0 and not isListLike(values[0]):
278+
values = map(lambda x: (dbs[0], x), values)
279279

280-
for db, table in filterPairValues(value):
280+
for db, table in filterPairValues(values):
281281
db = safeSQLIdentificatorNaming(db)
282282
table = safeSQLIdentificatorNaming(table, True)
283283

@@ -332,7 +332,7 @@ def getTables(self, bruteForce=None):
332332
else:
333333
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
334334

335-
table = inject.getValue(query, union=False, error=False)
335+
table = unArrayizeValue(inject.getValue(query, union=False, error=False))
336336
if not isNoneValue(table):
337337
kb.hintValue = table
338338
table = safeSQLIdentificatorNaming(table, True)
@@ -522,15 +522,15 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
522522
elif Backend.isDbms(DBMS.SQLITE):
523523
query = rootQuery.inband.query % tbl
524524

525-
value = inject.getValue(query, blind=False, time=False)
525+
values = inject.getValue(query, blind=False, time=False)
526526

527527
if Backend.isDbms(DBMS.SQLITE):
528-
parseSqliteTableSchema(unArrayizeValue(value))
529-
elif not isNoneValue(value):
528+
parseSqliteTableSchema(unArrayizeValue(values))
529+
elif not isNoneValue(values):
530530
table = {}
531531
columns = {}
532532

533-
for columnData in value:
533+
for columnData in values:
534534
if not isNoneValue(columnData):
535535
name = safeSQLIdentificatorNaming(columnData[0])
536536

@@ -584,6 +584,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
584584
query += condQuery
585585

586586
elif Backend.isDbms(DBMS.MSSQL):
587+
import pdb
588+
pdb.set_trace()
587589
query = rootQuery.blind.count % (conf.db, conf.db, \
588590
unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
589591
query += condQuery.replace("[DB]", conf.db)
@@ -594,7 +596,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
594596

595597
elif Backend.isDbms(DBMS.SQLITE):
596598
query = rootQuery.blind.query % tbl
597-
value = inject.getValue(query, union=False, error=False)
599+
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
598600
parseSqliteTableSchema(value)
599601
return kb.data.cachedColumns
600602

@@ -630,7 +632,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
630632
field = None
631633

632634
query = agent.limitQuery(index, query, field, field)
633-
column = inject.getValue(query, union=False, error=False)
635+
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
634636

635637
if not isNoneValue(column):
636638
if not onlyColNames:
@@ -644,7 +646,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
644646
elif Backend.isDbms(DBMS.FIREBIRD):
645647
query = rootQuery.blind.query2 % (tbl, column)
646648

647-
colType = inject.getValue(query, union=False, error=False)
649+
colType = unArrayizeValue(inject.getValue(query, union=False, error=False))
648650

649651
if Backend.isDbms(DBMS.FIREBIRD):
650652
colType = FIREBIRD_TYPES.get(colType, colType)

plugins/generic/search.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
from lib.core.common import isTechniqueAvailable
1616
from lib.core.common import readInput
1717
from lib.core.common import safeSQLIdentificatorNaming
18+
from lib.core.common import unArrayizeValue
1819
from lib.core.common import unsafeSQLIdentificatorNaming
1920
from lib.core.data import conf
2021
from lib.core.data import kb
@@ -127,7 +128,7 @@ def searchDb(self):
127128
query += ") AS foobar"
128129
query = agent.limitQuery(index, query, dbCond)
129130

130-
value = inject.getValue(query, union=False, error=False)
131+
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
131132
value = safeSQLIdentificatorNaming(value)
132133
foundDbs.append(value)
133134

@@ -234,7 +235,7 @@ def searchTable(self):
234235
query += ") AS foobar"
235236
query = agent.limitQuery(index, query)
236237

237-
foundDb = inject.getValue(query, union=False, error=False)
238+
foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False))
238239
foundDb = safeSQLIdentificatorNaming(foundDb)
239240

240241
if foundDb not in foundTbls:
@@ -278,7 +279,7 @@ def searchTable(self):
278279
query += " AND %s" % tblQuery
279280
query = agent.limitQuery(index, query)
280281

281-
foundTbl = inject.getValue(query, union=False, error=False)
282+
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
282283
kb.hintValue = foundTbl
283284
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
284285
foundTbls[db].append(foundTbl)
@@ -452,7 +453,7 @@ def searchColumn(self):
452453
if Backend.isDbms(DBMS.DB2):
453454
query += ") AS foobar"
454455
query = agent.limitQuery(index, query)
455-
db = inject.getValue(query, union=False, error=False)
456+
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
456457
db = safeSQLIdentificatorNaming(db)
457458

458459
if db not in dbs:
@@ -507,7 +508,7 @@ def searchColumn(self):
507508
query += " AND %s" % colQuery
508509
query += whereTblsQuery
509510
query = agent.limitQuery(index, query)
510-
tbl = inject.getValue(query, union=False, error=False)
511+
tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
511512
kb.hintValue = tbl
512513

513514
tbl = safeSQLIdentificatorNaming(tbl, True)

plugins/generic/users.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -98,10 +98,10 @@ def getUsers(self):
9898
query = rootQuery.inband.query2
9999
else:
100100
query = rootQuery.inband.query
101-
value = inject.getValue(query, blind=False, time=False)
101+
values = inject.getValue(query, blind=False, time=False)
102102

103-
if not isNoneValue(value):
104-
kb.data.cachedUsers = arrayizeValue(value)
103+
if not isNoneValue(values):
104+
kb.data.cachedUsers = arrayizeValue(values)
105105

106106
if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:
107107
infoMsg = "fetching number of database users"
@@ -128,7 +128,7 @@ def getUsers(self):
128128
query = rootQuery.blind.query2 % index
129129
else:
130130
query = rootQuery.blind.query % index
131-
user = inject.getValue(query, union=False, error=False)
131+
user = unArrayizeValue(inject.getValue(query, union=False, error=False))
132132

133133
if user:
134134
kb.data.cachedUsers.append(user)
@@ -195,9 +195,9 @@ def getPasswordHashes(self):
195195

196196
getCurrentThreadData().disableStdOut = False
197197
else:
198-
value = inject.getValue(query, blind=False, time=False)
198+
values = inject.getValue(query, blind=False, time=False)
199199

200-
for user, password in filterPairValues(value):
200+
for user, password in filterPairValues(values):
201201
if not user or user == " ":
202202
continue
203203

@@ -278,7 +278,7 @@ def getPasswordHashes(self):
278278
else:
279279
query = rootQuery.blind.query % (user, index)
280280

281-
password = inject.getValue(query, union=False, error=False)
281+
password = unArrayizeValue(inject.getValue(query, union=False, error=False))
282282
password = parsePasswordHash(password)
283283
passwords.append(password)
284284

@@ -504,7 +504,7 @@ def getPrivileges(self, query2=False):
504504
query = rootQuery.blind.query % (index, user)
505505
else:
506506
query = rootQuery.blind.query % (user, index)
507-
privilege = inject.getValue(query, union=False, error=False)
507+
privilege = unArrayizeValue(inject.getValue(query, union=False, error=False))
508508

509509
# In PostgreSQL we get 1 if the privilege is True,
510510
# 0 otherwise

0 commit comments

Comments
 (0)