reverted

bdamele · bdamele · commit 6b1dd05e622d · 2012-12-18T14:51:04.000Z
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
@@ -388,6 +388,19 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
 
         conf.db = safeSQLIdentificatorNaming(conf.db)
 
+        if conf.col:
+            if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
+                conf.col = conf.col.upper()
+
+            colList = conf.col.split(",")
+        else:
+            colList = []
+
+        for col in colList:
+            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
+
+        colList = filter(None, colList)
+
         if conf.tbl:
             if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
                 conf.tbl = conf.tbl.upper()
@@ -427,19 +440,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
                 logger.error(errMsg)
                 bruteForce = True
 
-        if bruteForce:
-            if conf.col:
-                if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
-                    conf.col = conf.col.upper()
-
-                colList = conf.col.split(",")
-            else:
-                colList = []
-
-            for col in colList:
-                colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
-
-            colList = filter(None, colList)
+        if bruteForce or colList:
             resumeAvailable = False
 
             for tbl in tblList:
@@ -490,17 +491,37 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
 
                     return {conf.db: kb.data.cachedColumns[conf.db]}
 
-                infoMsg = "fetching columns for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
+                infoMsg = "fetching columns "
+
+                if len(colList) > 0:
+                    if colTuple is None:
+                        colConsider, colCondParam = self.likeOrExact("column")
+                    else:
+                        colConsider, colCondParam = colTuple
+                    condQueryStr = "%%s%s" % colCondParam
+                    condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
+
+                    if colConsider == "1":
+                        infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
+                    else:
+                        infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
+                else:
+                    condQuery = ""
+
+                infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
                 infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                 logger.info(infoMsg)
 
                 if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
                     query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
+                    query += condQuery
                 elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
                     query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
+                    query += condQuery
                 elif Backend.isDbms(DBMS.MSSQL):
                     query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,
                                                       conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
+                    query += condQuery.replace("[DB]", conf.db)
                 elif Backend.isDbms(DBMS.SQLITE):
                     query = rootQuery.inband.query % tbl
 
@@ -539,19 +560,44 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
 
                     return {conf.db: kb.data.cachedColumns[conf.db]}
 
-                infoMsg = "fetching columns for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
+                infoMsg = "fetching columns "
+
+                if len(colList) > 0:
+                    if colTuple is None:
+                        colConsider, colCondParam = self.likeOrExact("column")
+                    else:
+                        colConsider, colCondParam = colTuple
+                    condQueryStr = "%%s%s" % colCondParam
+                    condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
+
+                    if colConsider == "1":
+                        infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
+                    else:
+                        infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
+                else:
+                    condQuery = ""
+
+                infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
                 infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                 logger.info(infoMsg)
 
                 if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
                     query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
+                    query += condQuery
+
                 elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
                     query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl.upper())
+                    query += condQuery
+
                 elif Backend.isDbms(DBMS.MSSQL):
                     query = rootQuery.blind.count % (conf.db, conf.db, \
                         unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
+                    query += condQuery.replace("[DB]", conf.db)
+
                 elif Backend.isDbms(DBMS.FIREBIRD):
                     query = rootQuery.blind.count % (tbl)
+                    query += condQuery
+
                 elif Backend.isDbms(DBMS.SQLITE):
                     query = rootQuery.blind.query % tbl
                     value = inject.getValue(query, union=False, error=False)
@@ -574,15 +620,19 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
                 for index in getLimitRange(count):
                     if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
                         query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
+                        query += condQuery
                         field = None
                     elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
                         query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl.upper())
+                        query += condQuery
                         field = None
                     elif Backend.isDbms(DBMS.MSSQL):
                         query = rootQuery.blind.query.replace("'%s'", "'%s'" % unsafeSQLIdentificatorNaming(tbl).split(".")[-1]).replace("%s", conf.db).replace("%d", str(index))
+                        query += condQuery.replace("[DB]", conf.db)
                         field = condition.replace("[DB]", conf.db)
                     elif Backend.isDbms(DBMS.FIREBIRD):
                         query = rootQuery.blind.query % (tbl)
+                        query += condQuery
                         field = None
 
                     query = agent.limitQuery(index, query, field, field)
