minor refactoring

stamparm · stamparm · commit 81bd9a201b36 · 2011-12-21T11:50:49.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -101,8 +101,6 @@
 from lib.core.settings import DUMP_CR_MARKER
 from lib.core.settings import DUMP_DEL_MARKER
 from lib.core.settings import DUMP_TAB_MARKER
-from lib.core.settings import DUMP_START_MARKER
-from lib.core.settings import DUMP_STOP_MARKER
 from lib.core.settings import ML
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import PAYLOAD_DELIMITER
@@ -1047,7 +1045,6 @@ def restoreDumpMarkedChars(inpStr, onlyNewlineTab=False):
         replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_CR_MARKER, "\r").replace(DUMP_TAB_MARKER, "\t")
 
         if not onlyNewlineTab:
-            replacedString = replacedString.replace(DUMP_START_MARKER, "").replace(DUMP_STOP_MARKER, "")
             replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ")
 
     return replacedString
@@ -1351,14 +1348,8 @@ def parseUnionPage(output, expression, partial=False, sort=True):
 
     data = BigArray()
 
-    outCond1 = ( output.startswith(kb.chars.start) and output.endswith(kb.chars.stop) )
-    outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) )
-
-    if outCond1 or outCond2:
-        if outCond1:
-            regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop)
-        elif outCond2:
-            regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER)
+    if output.startswith(kb.chars.start) and output.endswith(kb.chars.stop):
+        regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop)
 
         output = re.findall(regExpr, output, re.DOTALL | re.IGNORECASE)
 
@@ -2536,11 +2527,12 @@ def setOptimize():
 
 def initTechnique(technique=None):
     """
-    Prepares proper page template and match ratio for technique specified
+    Prepares data for technique specified
     """
 
     try:
         data = getTechniqueData(technique)
+        resetCounter(technique)
 
         if data:
             kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
@@ -3172,3 +3164,11 @@ def unserializeObject(value):
     if value:
         retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode
     return retVal
+
+def resetCounter(counter):
+    kb.counters[counter] = 0
+
+def incrementCounter(counter):
+    if counter not in kb.counters:
+        resetCounter(counter)
+    kb.counters[counter] += 1
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1402,6 +1402,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     kb.cache.stdev = {}
 
     kb.commonOutputs = None
+    kb.counters = {}
     kb.data = AttribDict()
     kb.dataOutputFlag = False
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -52,8 +52,6 @@
 DUMP_CR_MARKER = "__CARRIAGE_RETURN__"
 DUMP_DEL_MARKER = "__DEL__"
 DUMP_TAB_MARKER = "__TAB__"
-DUMP_START_MARKER = "__START__"
-DUMP_STOP_MARKER = "__STOP__"
 
 URI_QUESTION_MARKER = "__QUESTION_MARK__"
 
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
@@ -19,6 +19,7 @@
 from lib.core.common import dataToStdout
 from lib.core.common import extractRegexResult
 from lib.core.common import getUnicode
+from lib.core.common import incrementCounter
 from lib.core.common import initTechnique
 from lib.core.common import isNumPosStrValue
 from lib.core.common import listToStrValue
@@ -46,11 +47,7 @@
 from lib.request.connect import Connect as Request
 from lib.utils.resume import resume
 
-reqCount = 0
-
 def __oneShotErrorUse(expression, field):
-    global reqCount
-
     retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None
 
     threadData = getCurrentThreadData()
@@ -85,7 +82,7 @@ def __oneShotErrorUse(expression, field):
             # Perform the request
             page, headers = Request.queryPage(payload, content=True)
 
-            reqCount += 1
+            incrementCounter(PAYLOAD.TECHNIQUE.ERROR)
 
             # Parse the returned page to get the exact error-based
             # sql injection output
@@ -204,16 +201,13 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
 
     initTechnique(PAYLOAD.TECHNIQUE.ERROR)
 
-    global reqCount
-
     count = None
     start = time.time()
     startLimit = 0
     stopLimit = None
     outputs = []
     untilLimitChar = None
     untilOrderChar = None
-    reqCount = 0
 
     if resumeValue:
         output = resume(expression, None)
@@ -392,7 +386,7 @@ def errorThread():
     duration = calculateDeltaSeconds(start)
 
     if not kb.bruteMode:
-        debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
+        debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.ERROR], duration)
         logger.debug(debugMsg)
 
     return outputs
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
@@ -20,6 +20,7 @@
 from lib.core.common import extractRegexResult
 from lib.core.common import getConsoleWidth
 from lib.core.common import getUnicode
+from lib.core.common import incrementCounter
 from lib.core.common import initTechnique
 from lib.core.common import isNumPosStrValue
 from lib.core.common import listToStrValue
@@ -44,11 +45,7 @@
 from lib.request.connect import Connect as Request
 from lib.utils.resume import resume
 
-reqCount = 0
-
 def __oneShotUnionUse(expression, unpack=True, limited=False):
-    global reqCount
-
     retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None
 
     threadData = getCurrentThreadData()
@@ -59,13 +56,9 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
         trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
 
         # Prepare expression with delimiters
-        injExpression = agent.concatQuery(expression, unpack)
-        injExpression = unescaper.unescape(injExpression)
+        injExpression = unescaper.unescape(agent.concatQuery(expression, unpack))
 
-        if conf.limitStart or conf.limitStop:
-            where = PAYLOAD.WHERE.NEGATIVE
-        else:
-            where = None
+        where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
 
         # Forge the inband SQL injection request
         vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
@@ -75,7 +68,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
         # Perform the request
         page, headers = Request.queryPage(payload, content=True, raise404=False)
 
-        reqCount += 1
+        incrementCounter(PAYLOAD.TECHNIQUE.UNION)
 
         # Parse the returned page to get the exact union-based
         # sql injection output
@@ -129,8 +122,7 @@ def __configUnionCols(columns):
         if not colsStart.isdigit() or not colsStop.isdigit():
             raise sqlmapSyntaxException, "--union-cols must be a range of integers"
 
-        conf.uColsStart = int(colsStart)
-        conf.uColsStop = int(colsStop)
+        conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
 
         if conf.uColsStart > conf.uColsStop:
             errMsg = "--union-cols range has to be from lower to "
@@ -149,15 +141,13 @@ def unionUse(expression, unpack=True, dump=False):
 
     initTechnique(PAYLOAD.TECHNIQUE.UNION)
 
-    global reqCount
-
     count = None
     origExpr = expression
     startLimit = 0
     stopLimit = None
     test = True
     value = ""
-    reqCount = 0
+
     width = getConsoleWidth()
     start = time.time()
 
@@ -362,7 +352,7 @@ def unionThread():
     duration = calculateDeltaSeconds(start)
 
     if not kb.bruteMode:
-        debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
+        debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], duration)
         logger.debug(debugMsg)
 
     return value
diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py
@@ -116,5 +116,9 @@ def beginTransaction(self):
     def endTransaction(self):
         threadData = getCurrentThreadData()
         if threadData.inTransaction:
-            self.cursor.execute('END TRANSACTION')
-            threadData.inTransaction = False
+            try:
+                self.cursor.execute('END TRANSACTION')
+            except sqlite3.OperationalError, ex:
+                pass
+            finally:
+                threadData.inTransaction = False
diff --git a/lib/utils/resume.py b/lib/utils/resume.py
@@ -27,8 +27,6 @@
 from lib.core.enums import PAYLOAD
 from lib.core.unescaper import unescaper
 from lib.techniques.blind.inference import bisection
-from lib.core.settings import DUMP_START_MARKER
-from lib.core.settings import DUMP_STOP_MARKER
 from lib.core.settings import DUMP_DEL_MARKER
 
 def queryOutputLength(expression, payload):
@@ -120,20 +118,11 @@ def resume(expression, payload):
             resumedValue = resumedValue[:-1]
 
             infoMsg = "read from file '%s': " % conf.sessionFile
-            logValue = getCompiledRegex("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), re.S).findall(resumedValue)
 
-            if logValue:
-                if kb.technique == PAYLOAD.TECHNIQUE.UNION:
-                    logValue = ", ".join(value.replace(DUMP_DEL_MARKER, ", ") for value in logValue)
-                else:
-                    return None
+            if "\n" in resumedValue:
+                infoMsg += "%s..." % resumedValue.split("\n")[0]
             else:
-                logValue = resumedValue
-
-            if "\n" in logValue:
-                infoMsg += "%s..." % logValue.split("\n")[0]
-            else:
-                infoMsg += logValue
+                infoMsg += resumedValue
 
             if not kb.suppressResumeInfo:
                 dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -1444,7 +1444,7 @@ def __pivotDumpTable(self, table, colList, count=None, blind=True):
 
         if not validPivotValue:
             warnMsg = "no proper pivot column provided (with unique values)." 
-            warnMsg += " all rows can't be retrieved."
+            warnMsg += " It's not possible to retrieve all rows."
             logger.warn(warnMsg)
 
         pivotValue = " "
