1313from lib .core .common import getRange
1414from lib .core .common import isNumPosStrValue
1515from lib .core .common import isTechniqueAvailable
16+ from lib .core .common import safeSQLIdentificatorNaming
17+ from lib .core .common import unsafeSQLIdentificatorNaming
1618from lib .core .data import conf
1719from lib .core .data import kb
1820from lib .core .data import logger
@@ -78,7 +80,7 @@ def getTables(self):
7880
7981 if isTechniqueAvailable (PAYLOAD .TECHNIQUE .UNION ) or isTechniqueAvailable (PAYLOAD .TECHNIQUE .ERROR ) or conf .direct :
8082 for db in dbs :
81- db = self . __safeSQLIdentificatorNaming (db )
83+ db = safeSQLIdentificatorNaming (db )
8284
8385 if conf .excludeSysDbs and db in self .excludeDbsList :
8486 infoMsg = "skipping system database '%s'" % db
@@ -94,7 +96,7 @@ def getTables(self):
9496
9597 if not kb .data .cachedTables and not conf .direct :
9698 for db in dbs :
97- db = self . __safeSQLIdentificatorNaming (db )
99+ db = safeSQLIdentificatorNaming (db )
98100
99101 if conf .excludeSysDbs and db in self .excludeDbsList :
100102 infoMsg = "skipping system database '%s'" % db
@@ -154,23 +156,23 @@ def searchTable(self):
154156 if isinstance (db , list ):
155157 db = db [0 ]
156158
157- db = self . __safeSQLIdentificatorNaming (db )
159+ db = safeSQLIdentificatorNaming (db )
158160 foundTbls [db ] = []
159161
160162 for tbl in tblList :
161- tbl = self . __safeSQLIdentificatorNaming (tbl , True )
163+ tbl = safeSQLIdentificatorNaming (tbl , True )
162164
163165 infoMsg = "searching table"
164166 if tblConsider == "1" :
165167 infoMsg += "s like"
166- infoMsg += " '%s'" % self . __unsafeSQLIdentificatorNaming (tbl )
168+ infoMsg += " '%s'" % unsafeSQLIdentificatorNaming (tbl )
167169 logger .info (infoMsg )
168170
169171 tblQuery = "%s%s" % (tblCond , tblCondParam )
170- tblQuery = tblQuery % self . __unsafeSQLIdentificatorNaming (tbl )
172+ tblQuery = tblQuery % unsafeSQLIdentificatorNaming (tbl )
171173
172174 for db in foundTbls .keys ():
173- db = self . __safeSQLIdentificatorNaming (db )
175+ db = safeSQLIdentificatorNaming (db )
174176
175177 if conf .excludeSysDbs and db in self .excludeDbsList :
176178 infoMsg = "skipping system database '%s'" % db
@@ -196,7 +198,7 @@ def searchTable(self):
196198 infoMsg = "fetching number of table"
197199 if tblConsider == "1" :
198200 infoMsg += "s like"
199- infoMsg += " '%s' in database '%s'" % (self . __unsafeSQLIdentificatorNaming (tbl ), self . __unsafeSQLIdentificatorNaming (db ))
201+ infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming (tbl ), unsafeSQLIdentificatorNaming (db ))
200202 logger .info (infoMsg )
201203
202204 query = rootQuery .blind .count2
@@ -208,8 +210,8 @@ def searchTable(self):
208210 warnMsg = "no table"
209211 if tblConsider == "1" :
210212 warnMsg += "s like"
211- warnMsg += " '%s' " % self . __unsafeSQLIdentificatorNaming (tbl )
212- warnMsg += "in database '%s'" % self . __unsafeSQLIdentificatorNaming (db )
213+ warnMsg += " '%s' " % unsafeSQLIdentificatorNaming (tbl )
214+ warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming (db )
213215 logger .warn (warnMsg )
214216
215217 continue
@@ -245,25 +247,25 @@ def searchColumn(self):
245247 enumDbs = kb .data .cachedDbs
246248
247249 for db in enumDbs :
248- db = self . __safeSQLIdentificatorNaming (db )
250+ db = safeSQLIdentificatorNaming (db )
249251 dbs [db ] = {}
250252
251253 for column in colList :
252- column = self . __safeSQLIdentificatorNaming (column )
254+ column = safeSQLIdentificatorNaming (column )
253255
254256 infoMsg = "searching column"
255257 if colConsider == "1" :
256258 infoMsg += "s like"
257- infoMsg += " '%s'" % self . __unsafeSQLIdentificatorNaming (column )
259+ infoMsg += " '%s'" % unsafeSQLIdentificatorNaming (column )
258260 logger .info (infoMsg )
259261
260262 foundCols [column ] = {}
261263
262264 colQuery = "%s%s" % (colCond , colCondParam )
263- colQuery = colQuery % self . __unsafeSQLIdentificatorNaming (column )
265+ colQuery = colQuery % unsafeSQLIdentificatorNaming (column )
264266
265267 for db in dbs .keys ():
266- db = self . __safeSQLIdentificatorNaming (db )
268+ db = safeSQLIdentificatorNaming (db )
267269
268270 if conf .excludeSysDbs and db in self .excludeDbsList :
269271 infoMsg = "skipping system database '%s'" % db
@@ -281,7 +283,7 @@ def searchColumn(self):
281283 values = [ values ]
282284
283285 for foundTbl in values :
284- foundTbl = self . __safeSQLIdentificatorNaming (foundTbl , True )
286+ foundTbl = safeSQLIdentificatorNaming (foundTbl , True )
285287
286288 if foundTbl is None :
287289 continue
@@ -339,7 +341,7 @@ def searchColumn(self):
339341 tbl = inject .getValue (query , inband = False , error = False )
340342 kb .hintValue = tbl
341343
342- tbl = self . __safeSQLIdentificatorNaming (tbl , True )
344+ tbl = safeSQLIdentificatorNaming (tbl , True )
343345
344346 if tbl not in dbs [db ]:
345347 dbs [db ][tbl ] = {}
0 commit comments