Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f1ab887

Browse files
bdamelebdamele
committed
major enhancement, code refactoring for issue #297 
1 parent d07881b commit f1ab887

6 files changed

Lines changed: 281 additions & 168 deletions

File tree

_sqlmap.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,11 @@ def main():
5959
cmdLineOptions.update(cmdLineParser().__dict__)
6060
init(cmdLineOptions)
6161

62-
if hasattr(conf, "ipc_database"):
62+
if hasattr(conf, "api"):
6363
# Overwrite system standard output and standard error to write
64-
# to a temporary I/O database
65-
sys.stdout = StdDbOut(type_="stdout")
66-
sys.stderr = StdDbOut(type_="stderr")
64+
# to an IPC database
65+
sys.stdout = StdDbOut(conf.taskid, messagetype="stdout")
66+
sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
6767

6868
banner()
6969

@@ -122,10 +122,10 @@ def main():
122122
except KeyboardInterrupt:
123123
pass
124124

125-
if hasattr(conf, "ipc_database"):
125+
if hasattr(conf, "api"):
126126
try:
127-
conf.ipc_database_cursor.close()
128-
conf.ipc_database_connection.close()
127+
conf.database_cursor.close()
128+
conf.database_connection.close()
129129
except KeyboardInterrupt:
130130
pass
131131

lib/core/common.py

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -742,7 +742,7 @@ def setColor(message, bold=False):
742742

743743
return retVal
744744

745-
def dataToStdout(data, forceOutput=False, bold=False):
745+
def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=None):
746746
"""
747747
Writes text to the stdout (console) stream
748748
"""
@@ -754,8 +754,15 @@ def dataToStdout(data, forceOutput=False, bold=False):
754754
if kb.get("multiThreadMode"):
755755
logging._acquireLock()
756756

757-
message = stdoutencode(data)
758-
sys.stdout.write(setColor(message, bold))
757+
if isinstance(data, basestring):
758+
message = stdoutencode(data)
759+
else:
760+
message = data
761+
762+
if content_type is not None and status is not None:
763+
sys.stdout.write(message, status=status, content_type=content_type)
764+
else:
765+
sys.stdout.write(setColor(message, bold))
759766

760767
try:
761768
sys.stdout.flush()

lib/core/convert.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,3 +104,6 @@ def stdoutencode(data):
104104

105105
def jsonize(data):
106106
return json.dumps(data, sort_keys=False, indent=4)
107+
108+
def dejsonize(data):
109+
return json.loads(data)

lib/core/dump.py

Lines changed: 42 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@
2626
from lib.core.data import kb
2727
from lib.core.data import logger
2828
from lib.core.dicts import DUMP_REPLACEMENTS
29+
from lib.core.enums import API_CONTENT_STATUS
30+
from lib.core.enums import API_CONTENT_TYPE
2931
from lib.core.enums import DBMS
3032
from lib.core.enums import DUMP_FORMAT
3133
from lib.core.exception import SqlmapGenericException
@@ -52,8 +54,13 @@ def __init__(self):
5254
self._outputFP = None
5355
self._lock = threading.Lock()
5456

55-
def _write(self, data, newline=True, console=True):
57+
def _write(self, data, newline=True, console=True, content_type=None):
58+
if hasattr(conf, "api"):
59+
dataToStdout(data, content_type=content_type, status=API_CONTENT_STATUS.COMPLETE)
60+
return
61+
5662
text = "%s%s" % (data, "\n" if newline else " ")
63+
5764
if console:
5865
dataToStdout(text)
5966

@@ -81,7 +88,7 @@ def getOutputFile(self):
8188
def singleString(self, data):
8289
self._write(data)
8390

84-
def string(self, header, data, sort=True):
91+
def string(self, header, data, content_type=None, sort=True):
8592
kb.stickyLevel = None
8693

8794
if isListLike(data):
@@ -92,25 +99,33 @@ def string(self, header, data, sort=True):
9299
if _ and _[-1] == '\n':
93100
_ = _[:-1]
94101

95-
if "\n" in _:
102+
if hasattr(conf, "api"):
103+
self._write(data, content_type=content_type)
104+
elif "\n" in _:
96105
self._write("%s:\n---\n%s\n---" % (header, _))
97106
else:
98107
self._write("%s: %s" % (header, ("'%s'" % _) if isinstance(data, basestring) else _))
108+
elif hasattr(conf, "api"):
109+
self._write(data, content_type=content_type)
99110
else:
100111
self._write("%s:\tNone" % header)
101112

102-
def lister(self, header, elements, sort=True):
103-
if elements:
104-
self._write("%s [%d]:" % (header, len(elements)))
105-
106-
if sort:
113+
def lister(self, header, elements, content_type=None, sort=True):
114+
if elements and sort:
107115
try:
108116
elements = set(elements)
109117
elements = list(elements)
110118
elements.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
111119
except:
112120
pass
113121

122+
if hasattr(conf, "api"):
123+
self._write(elements, content_type=content_type)
124+
return
125+
126+
if elements:
127+
self._write("%s [%d]:" % (header, len(elements)))
128+
114129
for element in elements:
115130
if isinstance(element, basestring):
116131
self._write("[*] %s" % element)
@@ -121,29 +136,29 @@ def lister(self, header, elements, sort=True):
121136
self._write("")
122137

123138
def banner(self, data):
124-
self.string("banner", data)
139+
self.string("banner", data, content_type=API_CONTENT_TYPE.BANNER)
125140

126141
def currentUser(self, data):
127-
self.string("current user", data)
142+
self.string("current user", data, content_type=API_CONTENT_TYPE.CURRENT_USER)
128143

129144
def currentDb(self, data):
130145
if Backend.isDbms(DBMS.MAXDB):
131-
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data)
146+
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=API_CONTENT_TYPE.CURRENT_DB)
132147
elif Backend.isDbms(DBMS.ORACLE):
133-
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data)
148+
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=API_CONTENT_TYPE.CURRENT_DB)
134149
else:
135-
self.string("current database", data)
150+
self.string("current database", data, content_type=API_CONTENT_TYPE.CURRENT_DB)
136151

137152
def hostname(self, data):
138-
self.string("hostname", data)
153+
self.string("hostname", data, content_type=API_CONTENT_TYPE.HOSTNAME)
139154

140155
def dba(self, data):
141-
self.string("current user is DBA", data)
156+
self.string("current user is DBA", data, content_type=API_CONTENT_TYPE.IS_DBA)
142157

143158
def users(self, users):
144-
self.lister("database management system users", users)
159+
self.lister("database management system users", users, content_type=API_CONTENT_TYPE.USERS)
145160

146-
def userSettings(self, header, userSettings, subHeader):
161+
def userSettings(self, header, userSettings, subHeader, content_type=None):
147162
self._areAdmins = set()
148163

149164
if userSettings:
@@ -179,9 +194,9 @@ def userSettings(self, header, userSettings, subHeader):
179194
self.singleString("")
180195

181196
def dbs(self, dbs):
182-
self.lister("available databases", dbs)
197+
self.lister("available databases", dbs, content_type=API_CONTENT_TYPE.DBS)
183198

184-
def dbTables(self, dbTables):
199+
def dbTables(self, dbTables, content_type=API_CONTENT_TYPE.TABLES):
185200
if isinstance(dbTables, dict) and len(dbTables) > 0:
186201
maxlength = 0
187202

@@ -219,7 +234,7 @@ def dbTables(self, dbTables):
219234
else:
220235
self.string("tables", dbTables)
221236

222-
def dbTableColumns(self, tableColumns):
237+
def dbTableColumns(self, tableColumns, content_type=API_CONTENT_TYPE.COLUMNS):
223238
if isinstance(tableColumns, dict) and len(tableColumns) > 0:
224239
for db, tables in tableColumns.items():
225240
if not db:
@@ -286,7 +301,7 @@ def dbTableColumns(self, tableColumns):
286301
else:
287302
self._write("+%s+\n" % lines1)
288303

289-
def dbTablesCount(self, dbTables):
304+
def dbTablesCount(self, dbTables, content_type=API_CONTENT_TYPE.COUNT):
290305
if isinstance(dbTables, dict) and len(dbTables) > 0:
291306
maxlength1 = len("Table")
292307
maxlength2 = len("Entries")
@@ -328,7 +343,7 @@ def dbTablesCount(self, dbTables):
328343
else:
329344
logger.error("unable to retrieve the number of entries for any table")
330345

331-
def dbTableValues(self, tableValues):
346+
def dbTableValues(self, tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE):
332347
replication = None
333348
rtable = None
334349
dumpFP = None
@@ -534,7 +549,7 @@ def dbTableValues(self, tableValues):
534549
dumpFP.close()
535550
logger.info("table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName))
536551

537-
def dbColumns(self, dbColumnsDict, colConsider, dbs):
552+
def dbColumns(self, dbColumnsDict, colConsider, dbs, content_type=API_CONTENT_TYPE.COLUMNS):
538553
for column in dbColumnsDict.keys():
539554
if colConsider == "1":
540555
colConsiderStr = "s like '" + column + "' were"
@@ -565,13 +580,13 @@ def dbColumns(self, dbColumnsDict, colConsider, dbs):
565580
self.dbTableColumns(_)
566581

567582
def query(self, query, queryRes):
568-
self.string(query, queryRes)
583+
self.string(query, queryRes, content_type=API_CONTENT_TYPE.SQL_QUERY)
569584

570585
def rFile(self, fileData):
571-
self.lister("files saved to", fileData, sort=False)
586+
self.lister("files saved to", fileData, sort=False, content_type=API_CONTENT_TYPE.FILE_READ)
572587

573-
def registerValue(self, registerData):
574-
self.string("Registry key value data", registerData, sort=False)
588+
def registerValue(self):
589+
self.string("Registry key value data", registerData, registerData, content_type=API_CONTENT_TYPE.REG_READ, sort=False)
575590

576591
# object to manage how to print the retrieved queries output to
577592
# standard output and sessions file

lib/core/enums.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,3 +243,33 @@ class WEB_API:
243243
ASP = "asp"
244244
ASPX = "aspx"
245245
JSP = "jsp"
246+
247+
class API_CONTENT_TYPE:
248+
TECHNIQUES = 0
249+
BANNER = 1
250+
CURRENT_USER = 2
251+
CURRENT_DB = 3
252+
HOSTNAME = 4
253+
IS_DBA = 5
254+
USERS = 6
255+
PASSWORDS = 7
256+
PRIVILEGES = 8
257+
ROLES = 9
258+
DBS = 10
259+
TABLES = 11
260+
COLUMNS = 12
261+
SCHEMA = 13
262+
COUNT = 14
263+
DUMP_TABLE = 15
264+
SEARCH = 16
265+
SQL_QUERY = 17
266+
COMMON_TABLES = 18
267+
COMMON_COLUMNS = 19
268+
FILE_READ = 20
269+
FILE_WRITE = 21
270+
OS_CMD = 22
271+
REG_READ = 23
272+
273+
class API_CONTENT_STATUS:
274+
IN_PROGRESS = 0
275+
COMPLETE = 1

0 commit comments

Comments
 (0)