Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e3ddbe7

Browse files
bdamelebdamele
committed
Minor code refactoring
1 parent 4cb161c commit e3ddbe7

4 files changed

Lines changed: 20 additions & 24 deletions

File tree

lib/core/agent.py

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -232,17 +232,20 @@ def getFields(self, query):
232232
fieldsNoSelect = query
233233

234234
if fieldsSelectTop:
235-
fieldsToCast = fieldsSelectTop.groups()[0]
235+
fieldsToCastStr = fieldsSelectTop.groups()[0]
236236
elif fieldsSelectDistinct:
237-
fieldsToCast = fieldsSelectDistinct.groups()[0]
237+
fieldsToCastStr = fieldsSelectDistinct.groups()[0]
238238
elif fieldsSelectFrom:
239-
fieldsToCast = fieldsSelectFrom.groups()[0]
239+
fieldsToCastStr = fieldsSelectFrom.groups()[0]
240240
elif fieldsSelect:
241-
fieldsToCast = fieldsSelect.groups()[0]
241+
fieldsToCastStr = fieldsSelect.groups()[0]
242242
elif fieldsNoSelect:
243-
fieldsToCast = fieldsNoSelect
243+
fieldsToCastStr = fieldsNoSelect
244244

245-
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast
245+
fieldsToCastList = fieldsToCastStr.replace(", ", ",")
246+
fieldsToCastList = fieldsToCastList.split(",")
247+
248+
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCastList, fieldsToCastStr
246249

247250

248251
def concatQuery(self, query):
@@ -274,9 +277,9 @@ def concatQuery(self, query):
274277
concatQuery = ""
275278
query = query.replace(", ", ",")
276279

277-
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast = self.getFields(query)
278-
castedFields = self.nullCastConcatFields(fieldsToCast)
279-
concatQuery = query.replace(fieldsToCast, castedFields, 1)
280+
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, _, fieldsToCastStr = self.getFields(query)
281+
castedFields = self.nullCastConcatFields(fieldsToCastStr)
282+
concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
280283

281284
if kb.dbms == "MySQL":
282285
if fieldsSelectFrom:

lib/request/inject.py

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -46,14 +46,6 @@
4646
from lib.utils.resume import resume
4747

4848

49-
def __getFieldsProxy(expression):
50-
_, _, _, expressionFields = agent.getFields(expression)
51-
expressionFieldsList = expressionFields.replace(", ", ",")
52-
expressionFieldsList = expressionFieldsList.split(",")
53-
54-
return expressionFields, expressionFieldsList
55-
56-
5749
def __goInference(payload, expression):
5850
start = time.time()
5951

@@ -123,7 +115,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None):
123115
return output
124116

125117
if kb.dbmsDetected:
126-
expressionFields, expressionFieldsList = __getFieldsProxy(expression)
118+
_, _, _, expressionFieldsList, expressionFields = agent.getFields(expression)
127119

128120
if len(expressionFieldsList) > 1:
129121
infoMsg = "the SQL query provided has more than a field. "

lib/techniques/blind/inference.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -47,12 +47,12 @@ def bisection(payload, expression, length=None):
4747
"""
4848

4949
if kb.dbmsDetected:
50-
_, _, _, fieldToCast = agent.getFields(expression)
51-
nulledCastedField = agent.nullAndCastField(fieldToCast)
52-
expressionReplaced = expression.replace(fieldToCast, nulledCastedField, 1)
53-
expressionUnescaped = unescaper.unescape(expressionReplaced)
50+
_, _, _, _, fieldToCastStr = agent.getFields(expression)
51+
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
52+
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
53+
expressionUnescaped = unescaper.unescape(expressionReplaced)
5454
else:
55-
expressionUnescaped = unescaper.unescape(expression)
55+
expressionUnescaped = unescaper.unescape(expression)
5656

5757
infoMsg = "query: %s" % expressionUnescaped
5858
logger.info(infoMsg)

lib/techniques/inband/union/use.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ def __unionPosition(count, expression, negative=False):
9494
warnMsg += "%s inband sql injection vulnerability" % negLogMsg
9595

9696
if negLogMsg == "partial":
97-
warnMsg += ", sqlmap will retrieve the expression output "
97+
warnMsg += ", sqlmap will retrieve the query output "
9898
warnMsg += "through blind sql injection technique"
9999

100100
logger.warn(warnMsg)
@@ -143,6 +143,7 @@ def unionUse(expression):
143143
# TODO: if conf.paramNegative == True and query can returns multiple
144144
# entries, get once per time in a for cycle, see lib/request/inject.py
145145
# like for --sql-query and --sql-shell
146+
_, _, _, expressionFieldsList, expressionFields = agent.getFields(origExpr)
146147

147148
# Forge the inband SQL injection request
148149
query = agent.forgeInbandQuery(expression)

0 commit comments

Comments
 (0)