refactoring regarding injection place (more left)

stamparm · stamparm · commit 8e44aa605a2b · 2010-11-08T08:02:36.000Z
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -21,6 +21,7 @@
 from lib.core.data import queries
 from lib.core.datatype import advancedDict
 from lib.core.exception import sqlmapNoneDataException
+from lib.core.place import PLACE
 from lib.core.settings import DBMS
 from lib.core.settings import PAYLOAD_DELIMITER
 
@@ -69,38 +70,38 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, negativ
             falseValue = " AND %d=%d" % (randInt, randInt + 1)
 
         # After identifing the injectable parameter
-        if kb.injPlace == "User-Agent":
+        if kb.injPlace == PLACE.UA:
             retValue = kb.injParameter.replace(kb.injParameter,
                                                self.addPayloadDelimiters("%s%s" % (negValue, kb.injParameter + falseValue + newValue)))
         elif kb.injParameter:
             paramString = conf.parameters[kb.injPlace]
             paramDict = conf.paramDict[kb.injPlace]
             value = paramDict[kb.injParameter]
 
-            if "POSTxml" in conf.paramDict and kb.injPlace == "POST":
+            if "POSTxml" in conf.paramDict and kb.injPlace == PLACE.POST:
                 root = ET.XML(paramString)
                 iterator = root.getiterator(kb.injParameter)
 
                 for child in iterator:
                     child.text = self.addPayloadDelimiters(negValue + value + falseValue + newValue)
 
                 retValue = ET.tostring(root)
-            elif kb.injPlace == "URI":
+            elif kb.injPlace == PLACE.URI:
                 retValue = paramString.replace("*",
                                                self.addPayloadDelimiters("%s%s" % (negValue, falseValue + newValue)))
             else:
                 retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
                                                "%s=%s" % (kb.injParameter, self.addPayloadDelimiters(negValue + value + falseValue + newValue)))
 
         # Before identifing the injectable parameter
-        elif parameter == "User-Agent":
+        elif parameter == PLACE.UA:
             retValue = value.replace(value, self.addPayloadDelimiters(newValue))
-        elif place == "URI":
+        elif place == PLACE.URI:
             retValue = value.replace("*", self.addPayloadDelimiters("%s" % newValue.replace(value, str())))
         else:
             paramString = conf.parameters[place]
 
-            if "POSTxml" in conf.paramDict and place == "POST":
+            if "POSTxml" in conf.paramDict and place == PLACE.POST:
                 root = ET.XML(paramString)
                 iterator = root.getiterator(parameter)
 
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -49,6 +49,7 @@
 from lib.core.exception import sqlmapMissingDependence
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.optiondict import optDict
+from lib.core.place import PLACE
 from lib.core.settings import DBMS
 from lib.core.settings import DESCRIPTION
 from lib.core.settings import IS_WIN
@@ -135,7 +136,7 @@ def paramToDict(place, parameters=None):
     if place is not "POSTxml":
         parameters = parameters.replace(", ", ",")
 
-        if place == "Cookie":
+        if place == PLACE.COOKIE:
             splitParams = parameters.split(";")
         else:
             splitParams = parameters.split("&")
@@ -797,7 +798,7 @@ def parseTargetUrl():
         conf.port = 80
 
     if __urlSplit[3]:
-        conf.parameters["GET"] = __urlSplit[3]
+        conf.parameters[PLACE.GET] = __urlSplit[3]
 
     conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
 
diff --git a/lib/core/place.py b/lib/core/place.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+class PLACE:
+    GET  = "GET"
+    POST   = "POST"
+    URI     = "URI"
+    COOKIE  = "Cookie"
+    UA    = "User-Agent"
diff --git a/lib/core/session.py b/lib/core/session.py
@@ -15,6 +15,7 @@
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.place import PLACE
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
 from lib.core.settings import PGSQL_ALIASES
@@ -74,7 +75,7 @@ def setInjection():
     session file.
     """
 
-    if kb.injPlace == "User-Agent":
+    if kb.injPlace == PLACE.UA:
         kb.injParameter = conf.agent
 
     condition = (
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -27,6 +27,7 @@
 from lib.core.data import logger
 from lib.core.common import sanitizeAsciiString
 from lib.core.exception import sqlmapConnectionException
+from lib.core.place import PLACE
 from lib.request.basic import decodePage
 from lib.request.basic import forgeHeaders
 from lib.request.basic import parseResponse
@@ -106,16 +107,16 @@ def getPage(**kwargs):
                 return page
 
             else:
-                if conf.parameters.has_key("GET") and not get:
-                    get = conf.parameters["GET"]
+                if conf.parameters.has_key(PLACE.GET) and not get:
+                    get = conf.parameters[PLACE.GET]
 
                 if get:
                     url = "%s?%s" % (url, get)
                     requestMsg += "?%s" % get
 
                 if conf.method == "POST":
-                    if conf.parameters.has_key("POST") and not post:
-                        post = conf.parameters["POST"]
+                    if conf.parameters.has_key(PLACE.POST) and not post:
+                        post = conf.parameters[PLACE.POST]
 
             requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
 
@@ -303,8 +304,8 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
         page        = None
         pageLength  = None
         uri         = None
-        raise404    = place != "URI" if raise404 is None else raise404
-        toUrlencode = { "GET": True, "POST": True, "Cookie": conf.cookieUrlencode, "User-Agent": True, "URI": False }
+        raise404    = place != PLACE.URI if raise404 is None else raise404
+        toUrlencode = { PLACE.GET: True, PLACE.POST: True, PLACE.COOKIE: conf.cookieUrlencode, PLACE.UA: True, PLACE.URI: False }
 
         if not place:
             place = kb.injPlace
@@ -320,7 +321,7 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
 
             logger.log(9, payload)
 
-        if place == "Cookie" and conf.cookieUrlencode:
+        if place == PLACE.COOKIE and conf.cookieUrlencode:
             value = agent.removePayloadDelimiters(value, False)
             value = urlEncodeCookieValues(value)
         elif place:
@@ -329,20 +330,20 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
         if conf.checkPayload:
             checkPayload(value)
 
-        if "GET" in conf.parameters:
-            get = conf.parameters["GET"] if place != "GET" or not value else value
+        if PLACE.GET in conf.parameters:
+            get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value
 
-        if "POST" in conf.parameters:
-            post = conf.parameters["POST"] if place != "POST" or not value else value
+        if PLACE.POST in conf.parameters:
+            post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value
 
-        if "Cookie" in conf.parameters:
-            cookie = conf.parameters["Cookie"] if place != "Cookie" or not value else value
+        if PLACE.COOKIE in conf.parameters:
+            cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
 
-        if "User-Agent" in conf.parameters:
-            ua = conf.parameters["User-Agent"] if place != "User-Agent" or not value else value
+        if PLACE.UA in conf.parameters:
+            ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
 
-        if "URI" in conf.parameters:
-            uri = conf.url if place != "URI" or not value else value
+        if PLACE.URI in conf.parameters:
+            uri = conf.url if place != PLACE.URI or not value else value
         else:
             uri = conf.url
 
diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py
@@ -12,6 +12,7 @@
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapNoneDataException
+from lib.core.place import PLACE
 from lib.request import inject
 from lib.techniques.inband.union.test import unionTest
 from lib.techniques.inband.union.use import unionUse
@@ -78,7 +79,7 @@ def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
         fcEncodedStr    = fcEncodedList[0]
         fcEncodedStrLen = len(fcEncodedStr)
 
-        if kb.injPlace == "GET" and fcEncodedStrLen > 8000:
+        if kb.injPlace == PLACE.GET and fcEncodedStrLen > 8000:
             warnMsg  = "the injection is on a GET parameter and the file "
             warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
             warnMsg += "bytes, this might cause errors in the file "
