Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bc4d8d3

Browse files
stamparmstamparm
committed
Implementation for an Issue #332 
1 parent 5571d09 commit bc4d8d3

3 files changed

Lines changed: 47 additions & 13 deletions

File tree

lib/core/agent.py

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -376,7 +376,18 @@ def nullCastConcatFields(self, fields):
376376
nulledCastedConcatFields = fields
377377
else:
378378
fields = fields.replace(", ", ',')
379-
fieldsSplitted = fields.split(',')
379+
commas = [0, len(fields)]
380+
depth = 0
381+
for index in xrange(len(fields)):
382+
char = fields[index]
383+
if char == '(':
384+
depth += 1
385+
elif char == ')':
386+
depth -= 1
387+
elif depth == 0 and char == ',':
388+
commas.append(index)
389+
commas = sorted(commas)
390+
fieldsSplitted = [fields[x:y] for (x, y) in zip(commas, commas[1:])]
380391
dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query
381392
nulledCastedFields = []
382393

plugins/generic/databases.py

Lines changed: 33 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
from lib.core.common import isInferenceAvailable
1414
from lib.core.common import isListLike
1515
from lib.core.common import isNoneValue
16+
from lib.core.common import isNullValue
1617
from lib.core.common import isNumPosStrValue
1718
from lib.core.common import isTechniqueAvailable
1819
from lib.core.common import parseSqliteTableSchema
@@ -275,7 +276,7 @@ def getTables(self, bruteForce=None):
275276
values = filter(None, arrayizeValue(values))
276277

277278
if len(values) > 0 and not isListLike(values[0]):
278-
values = ((dbs[0], _) for _ in values)
279+
values = [(dbs[0], _) for _ in values]
279280

280281
for db, table in filterPairValues(values):
281282
db = safeSQLIdentificatorNaming(db)
@@ -524,6 +525,17 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
524525

525526
values = inject.getValue(query, blind=False, time=False)
526527

528+
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
529+
index, values = 1, []
530+
while True:
531+
query = rootQuery.inband.query2 % (conf.db, tbl, index)
532+
value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
533+
if isNoneValue(value) or value == " ":
534+
break
535+
else:
536+
values.append((value,))
537+
index += 1
538+
527539
if Backend.isDbms(DBMS.SQLITE):
528540
parseSqliteTableSchema(unArrayizeValue(values))
529541
elif not isNoneValue(values):
@@ -536,7 +548,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
536548

537549
if name:
538550
if len(columnData) == 1:
539-
columns[name] = ""
551+
columns[name] = None
540552
else:
541553
columns[name] = columnData[1]
542554

@@ -600,17 +612,28 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
600612

601613
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
602614

603-
if not isNumPosStrValue(count):
604-
errMsg = "unable to retrieve the number of columns "
605-
errMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
606-
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
607-
logger.error(errMsg)
608-
609-
continue
610-
611615
table = {}
612616
columns = {}
613617

618+
if not isNumPosStrValue(count):
619+
if Backend.isDbms(DBMS.MSSQL):
620+
count, index, values = 0, 1, []
621+
while True:
622+
query = rootQuery.blind.query3 % (conf.db, tbl, index)
623+
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
624+
if isNoneValue(value) or value == " ":
625+
break
626+
else:
627+
columns[safeSQLIdentificatorNaming(value)] = None
628+
index += 1
629+
630+
if not columns:
631+
errMsg = "unable to retrieve the %scolumns " % ("number of " if not Backend.isDbms(DBMS.MSSQL) else "")
632+
errMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
633+
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
634+
logger.error(errMsg)
635+
continue
636+
614637
for index in getLimitRange(count):
615638
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
616639
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))

xml/queries.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -194,8 +194,8 @@
194194
<blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT TOP 1 table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' AND table_schema+'.'+table_name NOT IN (SELECT TOP %d table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' ORDER BY table_schema+'.'+table_name) ORDER BY table_schema+'.'+table_name" count2="SELECT LTRIM(STR(COUNT(table_name))) FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype = 'U' AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype = 'U' ORDER BY name) ORDER BY name" count3="SELECT COUNT(name) FROM %s..sysobjects WHERE xtype = 'U'"/>
195195
</tables>
196196
<columns>
197-
<inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
198-
<blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
197+
<inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" condition="[DB]..syscolumns.name"/>
198+
<blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query3="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
199199
</columns>
200200
<dump_table>
201201
<inband query="SELECT %s FROM %s.%s"/>

0 commit comments

Comments
 (0)