added concept of tamper script priority

stamparm · stamparm · commit 18aea251b3e0 · 2010-11-04T10:29:40.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -110,7 +110,6 @@ def __init__(self, lineNumber, pageTotal, lineContentBefore, lineContentAfter):
         self.lineContentBefore = lineContentBefore
         self.lineContentAfter = lineContentAfter
 
-
 def paramToDict(place, parameters=None):
     """
     Split the parameters into names and values, check if these parameters
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -31,6 +31,7 @@
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
+from lib.core.common import readInput
 from lib.core.common import runningAsAdmin
 from lib.core.common import sanitizeStr
 from lib.core.common import UnicodeRawConfigParser
@@ -47,7 +48,9 @@
 from lib.core.exception import sqlmapMissingPrivileges
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.exception import sqlmapUnsupportedDBMSException
+from lib.core.exception import sqlmapUserQuitException
 from lib.core.optiondict import optDict
+from lib.core.priority import PRIORITY
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 from lib.core.settings import PYVERSION
@@ -521,6 +524,11 @@ def __setTamperingFunctions():
     """
 
     if conf.tamper:
+        last_priority = PRIORITY.LOWEST
+        check_priority = True
+        resolve_priorities = False
+        priorities = []
+
         for tfile in conf.tamper.split(','):
             found = False
 
@@ -556,16 +564,41 @@ def __setTamperingFunctions():
             except ImportError, msg:
                 raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg)
 
+            priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
+
             for name, function in inspect.getmembers(module, inspect.isfunction):
                 if name == "tamper" and function.func_code.co_argcount == 1:
                     kb.tamperFunctions.append(function)
                     found = True
 
+                    if check_priority and priority < last_priority:
+                        message  = "it seems that you've probably "
+                        message += "mixed order of tamper scripts.\n"
+                        message += "do you want to auto resolve this? [Y/n/q]"
+                        test = readInput(message, default="Y")
+
+                        if not test or test[0] in ("y", "Y"):
+                            resolve_priorities = True
+                        elif test[0] in ("n", "N"):
+                            resolve_priorities = False
+                        elif test[0] in ("q", "Q"):
+                            raise sqlmapUserQuitException
+
+                        check_priority = False
+
+                    priorities.append((priority, function))
+                    last_priority = priority
                     break
 
             if not found:
                 raise sqlmapGenericException, "missing function 'tamper(value)' in tamper script '%s'" % tfile
 
+        if resolve_priorities and priorities:
+            priorities.sort()
+            kb.tamperFunctions = []
+            for _, function in priorities:
+                kb.tamperFunctions.append(function)
+
 def __setThreads():
     if not isinstance(conf.threads, int) or conf.threads <= 0:
         conf.threads = 1
diff --git a/lib/core/priority.py b/lib/core/priority.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+class PRIORITY:
+    LOWEST  = -100
+    LOWER   = -50
+    LOW     = -10
+    NORMAL  = 0
+    HIGH    = 10
+    HIGHER  = 50
+    HIGHEST = 100
diff --git a/tamper/between.py b/tamper/between.py
@@ -7,6 +7,10 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.HIGHEST
+
 def tamper(value):
     """
     Replaces '>' with 'NOT BETWEEN 0 AND #'
diff --git a/tamper/charencode.py b/tamper/charencode.py
@@ -10,6 +10,9 @@
 import string
 
 from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.LOWEST
 
 def tamper(value):
     """
diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py
@@ -10,6 +10,9 @@
 import string
 
 from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.LOWEST
 
 def tamper(value):
     """
diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py
@@ -7,6 +7,10 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.HIGHEST
+
 def tamper(value):
     """
     Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
diff --git a/tamper/randomcase.py b/tamper/randomcase.py
@@ -11,6 +11,9 @@
 
 from lib.core.common import randomRange
 from lib.core.data import kb
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.NORMAL
 
 def tamper(value):
     """
diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py
@@ -11,6 +11,9 @@
 
 from lib.core.common import randomRange
 from lib.core.data import kb
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.LOW
 
 def tamper(value):
     """
diff --git a/tamper/space2comment.py b/tamper/space2comment.py
@@ -7,6 +7,10 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
 def tamper(value):
     """
     Replaces ' ' with '/**/'
diff --git a/tamper/space2plus.py b/tamper/space2plus.py
@@ -7,6 +7,10 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
 def tamper(value):
     """
     Replaces ' ' with '+'
diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py
@@ -9,6 +9,10 @@
 
 import random
 
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
 def tamper(value):
     """
     Replaces ' ' with a random blank char from a set ('\r', '\n', '\t')
diff --git a/tamper/urlencode.py b/tamper/urlencode.py
@@ -9,6 +9,9 @@
 
 from lib.core.convert import urlencode
 from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.priority import PRIORITY
+
+__priority__ = PRIORITY.LOWER
 
 def tamper(value):
     """
