Some cleaning up for sqlmapproject#3283

yashodhank · Oct 16, 2018 · 68f5597 · 68f5597
1 parent 411f56e
commit 68f5597
Show file tree

Hide file tree

Showing 10 changed files with 45 additions and 136 deletions.
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -624,7 +624,7 @@ def concatQuery(self, query, unpack=True):
             elif fieldsNoSelect:
                 concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
 
-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
                 concatenatedQuery += "||'%s'" % kb.chars.stop

diff --git a/lib/core/dump.py b/lib/core/dump.py
@@ -171,7 +171,7 @@ def currentUser(self, data):
     def currentDb(self, data):
         if Backend.isDbms(DBMS.MAXDB):
             self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
-        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB):
+        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2):
             self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
         else:
             self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB)

diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.10.21"
+VERSION = "1.2.10.22"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -265,7 +265,7 @@
 REFERER_ALIASES = ("ref", "referer", "referrer")
 HOST_ALIASES = ("host",)
 
-HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
+H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
 
 # Names that can't be used to name files on Windows OS
 WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")

diff --git a/plugins/dbms/h2/connector.py b/plugins/dbms/h2/connector.py
@@ -5,87 +5,14 @@
 See the file 'LICENSE' for copying permission
 """
 
-try:
-    import jaydebeapi
-    import jpype
-except:
-    pass
-
-import logging
-
-from lib.core.common import checkFile
-from lib.core.common import readInput
-from lib.core.data import conf
-from lib.core.data import logger
-from lib.core.exception import SqlmapConnectionException
+from lib.core.exception import SqlmapUnsupportedFeatureException
 from plugins.generic.connector import Connector as GenericConnector
 
 class Connector(GenericConnector):
-    """
-    Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/
-    User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html
-    API: -
-    Debian package: -
-    License: LGPL & Apache License 2.0
-    """
-
     def __init__(self):
         GenericConnector.__init__(self)
 
     def connect(self):
-        self.initConnection()
-        try:
-            msg = "what's the location of 'hsqldb.jar'? "
-            jar = readInput(msg)
-            checkFile(jar)
-            args = "-Djava.class.path=%s" % jar
-            jvm_path = jpype.getDefaultJVMPath()
-            jpype.startJVM(jvm_path, args)
-        except Exception, msg:
-            raise SqlmapConnectionException(msg[0])
-
-        try:
-            driver = 'org.hsqldb.jdbc.JDBCDriver'
-            connection_string = 'jdbc:hsqldb:mem:.'  # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db)
-            self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password))
-        except Exception, msg:
-            raise SqlmapConnectionException(msg[0])
-
-        self.initCursor()
-        self.printConnected()
-
-    def fetchall(self):
-        try:
-            return self.cursor.fetchall()
-        except Exception, msg:
-            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
-            return None
-
-    def execute(self, query):
-        retVal = False
-
-        try:
-            self.cursor.execute(query)
-            retVal = True
-        except Exception, msg:  # TODO: fix with specific error
-            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
-
-        self.connector.commit()
-
-        return retVal
-
-    def select(self, query):
-        retVal = None
-
-        upper_query = query.upper()
-
-        if query and not (upper_query.startswith("SELECT ") or upper_query.startswith("VALUES ")):
-            query = "VALUES %s" % query
-
-        if query and upper_query.startswith("SELECT ") and " FROM " not in upper_query:
-            query = "%s FROM (VALUES(0))" % query
-
-        self.cursor.execute(query)
-        retVal = self.cursor.fetchall()
-
-        return retVal
+        errMsg = "on H2 it is not (currently) possible to establish a "
+        errMsg += "direct connection"
+        raise SqlmapUnsupportedFeatureException(errMsg)
diff --git a/plugins/dbms/h2/enumeration.py b/plugins/dbms/h2/enumeration.py
@@ -12,6 +12,7 @@
 from lib.core.data import queries
 from lib.core.common import unArrayizeValue
 from lib.core.enums import DBMS
+from lib.core.settings import H2_DEFAULT_SCHEMA
 from lib.request import inject
 
 class Enumeration(GenericEnumeration):
@@ -40,3 +41,12 @@ def getPrivileges(self, *args):
     def getHostname(self):
         warnMsg = "on H2 it is not possible to enumerate the hostname"
         logger.warn(warnMsg)
+
+    def getCurrentDb(self):
+        return H2_DEFAULT_SCHEMA
+
+    def getPasswordHashes(self):
+        warnMsg = "on H2 it is not possible to list password hashes"
+        logger.warn(warnMsg)
+
+        return {}
diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py
@@ -27,32 +27,28 @@ def getFingerprint(self):
         value = ""
         wsOsFp = Format.getOs("web server", kb.headersFp)
 
-        if wsOsFp and not conf.api:
+        if wsOsFp:
             value += "%s\n" % wsOsFp
 
         if kb.data.banner:
             dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
 
-            if dbmsOsFp and not conf.api:
+            if dbmsOsFp:
                 value += "%s\n" % dbmsOsFp
 
         value += "back-end DBMS: "
-        actVer = Format.getDbms()
 
         if not conf.extensiveFp:
-            value += actVer
+            value += DBMS.H2
             return value
 
+        actVer = Format.getDbms()
         blank = " " * 15
         value += "active fingerprint: %s" % actVer
 
         if kb.bannerFp:
             banVer = kb.bannerFp.get("dbmsVersion")
-
-            if re.search(r"-log$", kb.data.banner):
-                banVer += ", logging enabled"
-
-            banVer = Format.getDbms([banVer] if banVer else None)
+            banVer = Format.getDbms([banVer])
             value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
 
         htmlErrorFp = Format.getErrorParsedDBMSes()
@@ -66,9 +62,6 @@ def checkDbms(self):
         if not conf.extensiveFp and Backend.isDbmsWithin(H2_ALIASES):
             setDbms("%s %s" % (DBMS.H2, Backend.getVersion()))
 
-            if Backend.isVersionGreaterOrEqualThan("1.7.2"):
-                kb.data.has_information_schema = True
-
             self.getBanner()
 
             return True
@@ -90,31 +83,15 @@ def checkDbms(self):
 
                 return False
             else:
-                kb.data.has_information_schema = True
-                Backend.setVersion(">= 1.7.2")
-                setDbms("%s 1.7.2" % DBMS.H2)
-
-                banner = self.getBanner()
-                if banner:
-                    Backend.setVersion("= %s" % banner)
-                else:
-                    if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"):
-                        Backend.setVersionList([">= 2.0.0", "< 2.3.0"])
-                    else:
-                        banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True))
-                        if banner:
-                            Backend.setVersion("= %s" % banner)
-                        else:
-                            Backend.setVersionList([">= 1.7.2", "< 1.8.0"])
+                setDbms(DBMS.H2)
 
-            return True
+                self.getBanner()
+
+                return True
         else:
             warnMsg = "the back-end DBMS is not %s" % DBMS.H2
             logger.warn(warnMsg)
 
-            dbgMsg = "...or version is < 1.7.2"
-            logger.debug(dbgMsg)
-
             return False
 
     def getHostname(self):

diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py
@@ -13,6 +13,6 @@ def __init__(self):
         GenericConnector.__init__(self)
 
     def connect(self):
-        errMsg = "on SAP MaxDB it is not possible to establish a "
+        errMsg = "on SAP MaxDB it is not (currently) possible to establish a "
         errMsg += "direct connection"
         raise SqlmapUnsupportedFeatureException(errMsg)
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
@@ -438,7 +438,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
                 raise SqlmapNoneDataException(errMsg)
 
         elif conf.db is not None:
-            if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
+            if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2):
                 conf.db = conf.db.upper()
 
             if ',' in conf.db:
@@ -465,7 +465,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
         colList = filter(None, colList)
 
         if conf.tbl:
-            if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
+            if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2):
                 conf.tbl = conf.tbl.upper()
 
             tblList = conf.tbl.split(',')

diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -27,7 +27,7 @@ c1bccc94522d3425a372dcd57f78418e  extra/wafdetectify/wafdetectify.py
 d6deacb76e1f479b3c690c215fad1c08  lib/controller/controller.py
 97a0f363bfc33a5ee4853cdf91515423  lib/controller/handler.py
 1e5532ede194ac9c083891c2f02bca93  lib/controller/__init__.py
-a866dd953fdc4b5273a9c28f6b2361f1  lib/core/agent.py
+cb865cf6eff60118bc97a0f106af5e4d  lib/core/agent.py
 c347f085bd561adfa26d3a9512e5f3b9  lib/core/bigarray.py
 ce7fb7270b104f05d1e2be088b69c976  lib/core/common.py
 0d082da16c388b3445e656e0760fb582  lib/core/convert.py
@@ -36,7 +36,7 @@ ce7fb7270b104f05d1e2be088b69c976  lib/core/common.py
 4086fb55f42e27de5330505605baad0f  lib/core/decorators.py
 fbb55cc6100318ff922957b6577dc58f  lib/core/defaults.py
 56b79ee7acd2da19c1678250edfdafab  lib/core/dicts.py
-d4b3d448bcfd9f15d089fc81d38f4825  lib/core/dump.py
+760de985e09f5d11aacd3a8f2d8e9ff2  lib/core/dump.py
 ee7da34f4947739778a07d6c9c05ab54  lib/core/enums.py
 cada93357a7321655927fc9625b3bfec  lib/core/exception.py
 1e5532ede194ac9c083891c2f02bca93  lib/core/__init__.py
@@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-1eb1c8d9bf5f38efc0625524d7dfa8ed  lib/core/settings.py
+5a5c0538e7464803ea3cd2b55b98f991  lib/core/settings.py
 dd68a9d02fccb4fa1428b20e15b0db5d  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 47ad325975ab21fc9f11d90b46d0d143  lib/core/target.py
@@ -140,10 +140,10 @@ bf98dbd666c162088f23ee697c065010  plugins/dbms/firebird/fingerprint.py
 d4ea3036492b8ae15340548b2936021f  plugins/dbms/firebird/__init__.py
 c56f2dabe88fd761a1a9a51e4d104088  plugins/dbms/firebird/syntax.py
 1522a29bd4b54ea78bb2855fc32b6c72  plugins/dbms/firebird/takeover.py
-271a7f16e781d56a0a31a3d5515a1945  plugins/dbms/h2/connector.py
-687005cf105ab50c62b6686866d6ef13  plugins/dbms/h2/enumeration.py
+79c44d8d0dffc140d38796a32e92a66a  plugins/dbms/h2/connector.py
+5b99e9a60409f54a140747ce1ca0342f  plugins/dbms/h2/enumeration.py
 b1ed542fff0aa53c54e8bc07658aeaf1  plugins/dbms/h2/filesystem.py
-443bc9ac09ce180360ff5a660ac3d6ba  plugins/dbms/h2/fingerprint.py
+4fe530d10b74210bd045205d9318b5d6  plugins/dbms/h2/fingerprint.py
 1de698e4cfddd754ffe31ea2640a481a  plugins/dbms/h2/__init__.py
 4673ebfdce9859718c19e8a7765da8d3  plugins/dbms/h2/syntax.py
 af746ef421cfefedc1aaa9dca1503de2  plugins/dbms/h2/takeover.py
@@ -162,7 +162,7 @@ b182f01c2ba82aa94fbe4948383ea98d  plugins/dbms/informix/fingerprint.py
 aa77fec4fe6b2d7ca4a91aebd9ff4e21  plugins/dbms/informix/syntax.py
 25f0fb28e9defcab48a2e946fbb7550a  plugins/dbms/informix/takeover.py
 1e5532ede194ac9c083891c2f02bca93  plugins/dbms/__init__.py
-6917f9b045f6188b89e816dea9b46a3f  plugins/dbms/maxdb/connector.py
+9c0307881fae556521bec393956664b0  plugins/dbms/maxdb/connector.py
 1f3f9d4c7ec62452ed2465cd9cf50aa1  plugins/dbms/maxdb/enumeration.py
 ffd26f64142226d0b1ed1d70f7f294c0  plugins/dbms/maxdb/filesystem.py
 9f9f1c4c4c3150545c4b61d1cffc76a8  plugins/dbms/maxdb/fingerprint.py
@@ -213,7 +213,7 @@ a3db8618eed5bb2807b6f77605cba9cc  plugins/dbms/sybase/__init__.py
 79f6c7017db4ded8f74a0117188836ff  plugins/dbms/sybase/takeover.py
 34d181a7086d6dfc7e72ae5f8a4cfe0f  plugins/generic/connector.py
 ce6a6ff713852b5eca7b78316cc941c4  plugins/generic/custom.py
-ca122ea307ed367a55b12a67a6079e74  plugins/generic/databases.py
+dd0875db408080c8192c5186d2d9c246  plugins/generic/databases.py
 35546acab0eea406c23b84363df4d534  plugins/generic/entries.py
 d82f2c78c1d4d7c6487e94fd3a68a908  plugins/generic/enumeration.py
 0a67b8b46f69df7cfacc286b47a0d9a5  plugins/generic/filesystem.py
@@ -484,4 +484,4 @@ a279656ea3fcb85c727249b02f828383  xml/livetests.xml
 82c65823a0af3fccbecf37f1c75f0b29  xml/payloads/stacked_queries.xml
 92c41925eba27afeed76bceba6b18be2  xml/payloads/time_blind.xml
 ac649aff0e7db413e4937e446e398736  xml/payloads/union_query.xml
-39173640d6807991a6b78e9bea973339  xml/queries.xml
+c83a948e23219f1d101d3b3aa7eb1391  xml/queries.xml
diff --git a/xml/queries.xml b/xml/queries.xml
@@ -676,7 +676,7 @@
         <hostname/>
         <table_comment/>
         <column_comment/>
-        <is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
+        <is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.USERS WHERE NAME=CURRENT_USER"/>
         <check_udf/>
         <users>
             <!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
@@ -739,23 +739,18 @@
         <hex query="RAWTOHEX(%s)"/>
         <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
         <banner query="H2VERSION()"/>
-        <current_user query="CURRENT_USER"/>
+        <current_user query="CURRENT_USER"/>mirek
         <current_db query="DATABASE()"/>
         <hostname/>
         <table_comment/>
         <column_comment/>
-        <is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
+        <is_dba query="SELECT CURRENT_USER='SA'"/>
         <check_udf/>
         <users>
-            <!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
-            <blind query="SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user" count="SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
-            <inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user"/>
+            <inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
+            <blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS OFFSET %d LIMIT 1" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
         </users>
-        <passwords>
-            <!-- Passwords only shown in later versions &gt;=2.0  -->
-            <blind query="SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s' ORDER BY password_digest" count="SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'"/>
-            <inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user_name" condition="user_name"/>
-        </passwords>
+        <passwords/>
         <privileges/>
         <roles/>
         <dbs>