Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e23340f

Browse files
bdamelebdamele
committed
added support for search for tables on Firebird (issue #365)
1 parent d2ff9bc commit e23340f

3 files changed

Lines changed: 21 additions & 20 deletions

File tree

plugins/dbms/firebird/enumeration.py

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -30,22 +30,12 @@ def searchDb(self):
3030

3131
return []
3232

33-
def searchTable(self):
34-
warnMsg = "on Firebird searching of tables is not implemented"
35-
logger.warn(warnMsg)
36-
37-
return []
38-
3933
def searchColumn(self):
4034
warnMsg = "on Firebird searching of columns is not implemented"
4135
logger.warn(warnMsg)
4236

4337
return []
4438

45-
def search(self):
46-
warnMsg = "on Firebird search option is not available"
47-
logger.warn(warnMsg)
48-
4939
def getHostname(self):
5040
warnMsg = "on Firebird it is not possible to enumerate the hostname"
5141
logger.warn(warnMsg)

plugins/generic/search.py

Lines changed: 16 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -194,13 +194,14 @@ def searchTable(self):
194194
query += whereDbsQuery
195195
values = inject.getValue(query, blind=False, time=False)
196196

197-
if Backend.isDbms(DBMS.SQLITE):
197+
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
198198
newValues = []
199199

200200
if isinstance(values, basestring):
201201
values = [values]
202202
for value in values:
203-
newValues.append(["SQLite%s" % METADB_SUFFIX, value])
203+
dbName = "SQLite" if Backend.isDbms(DBMS.SQLITE) else "Firebird"
204+
newValues.append(["%s%s" % (dbName, METADB_SUFFIX), value])
204205

205206
values = newValues
206207

@@ -216,7 +217,7 @@ def searchTable(self):
216217
else:
217218
foundTbls[foundDb] = [foundTbl]
218219
else:
219-
if not Backend.isDbms(DBMS.SQLITE):
220+
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
220221
infoMsg = "fetching number of databases with table"
221222
if tblConsider == "1":
222223
infoMsg += "s like"
@@ -259,7 +260,8 @@ def searchTable(self):
259260
if tblConsider == "2":
260261
continue
261262
else:
262-
foundTbls["SQLite%s" % METADB_SUFFIX] = []
263+
dbName = "SQLite" if Backend.isDbms(DBMS.SQLITE) else "Firebird"
264+
foundTbls["%s%s" % (dbName, METADB_SUFFIX)] = []
263265

264266
for db in foundTbls.keys():
265267
db = safeSQLIdentificatorNaming(db)
@@ -271,7 +273,7 @@ def searchTable(self):
271273
logger.info(infoMsg)
272274

273275
query = rootQuery.blind.count2
274-
if not Backend.isDbms(DBMS.SQLITE):
276+
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
275277
query = query % unsafeSQLIdentificatorNaming(db)
276278
query += " AND %s" % tblQuery
277279
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@@ -290,10 +292,17 @@ def searchTable(self):
290292

291293
for index in indexRange:
292294
query = rootQuery.blind.query2
293-
if not Backend.isDbms(DBMS.SQLITE):
295+
296+
if Backend.isDbms(DBMS.FIREBIRD):
297+
query = query % index
298+
299+
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
294300
query = query % unsafeSQLIdentificatorNaming(db)
301+
295302
query += " AND %s" % tblQuery
296-
query = agent.limitQuery(index, query)
303+
304+
if not Backend.isDbms(DBMS.FIREBIRD):
305+
query = agent.limitQuery(index, query)
297306

298307
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
299308
kb.hintValue = foundTbl

xml/queries.xml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -431,17 +431,19 @@
431431
<blind query="SELECT FIRST 1 SKIP %d %s FROM %s" count="SELECT COUNT(*) FROM %s"/>
432432
</dump_table>
433433
<search_db/>
434-
<search_table/>
434+
<search_table>
435+
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0) AND " condition="RDB$RELATION_NAME" condition2=""/>
436+
<blind query="" query2="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" count="" count2="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" condition="RDB$RELATION_NAME" condition2=""/>
437+
</search_table>
435438
<search_column/>
436439
</dbms>
437440

441+
<!-- SAP MaxDB -->
438442
<!-- http://dev.mysql.com/tech-resources/articles/maxdb-php-ready-for-web.html -->
439443
<!-- http://dev.mysql.com/doc/refman/5.0/es/maxdb-reserved-words.html -->
440444
<!-- http://maxdb.sap.com/doc/7_6/default.htm -->
441445
<!-- http://www.sapdb.org/7.4/htmhelp/35/f8823cb7e5d42be10000000a114027/content.htm -->
442446
<!-- http://www.ximido.de/research/PenTestingMaxDB.pdf -->
443-
444-
<!-- SAP MaxDB -->
445447
<dbms value="SAP MaxDB">
446448
<length query="LENGTH(%s)"/>
447449
<isnull query="VALUE(%s,' ')" query2="IFNULL(%s,' ')"/>

0 commit comments

Comments
 (0)