1#!/usr/bin/env python 2 3""" 4Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) 5See the file 'LICENSE' for copying permission 6""" 7 8import re 9 10from lib.core.common import Backend 11from lib.core.convert import getBytes 12from lib.core.data import conf 13from lib.core.enums import DBMS 14from lib.core.exception import SqlmapUndefinedMethod 15 16class Syntax(object): 17 """ 18 This class defines generic syntax functionalities for plugins. 19 """ 20 21 def __init__(self): 22 pass 23 24 @staticmethod 25 def _escape(expression, quote=True, escaper=None): 26 retVal = expression 27 28 if quote: 29 for item in re.findall(r"'[^']*'+", expression): 30 original = item[1:-1] 31 if original and re.search(r"\[(SLEEPTIME|RAND)", original) is None: # e.g. '[SLEEPTIME]' marker 32 replacement = escaper(original) if not conf.noEscape else original 33 34 if replacement != original: 35 retVal = retVal.replace(item, replacement) 36 elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL): 37 retVal = retVal.replace("'%s'" % original, "n'%s'" % original) 38 else: 39 retVal = escaper(expression) 40 41 return retVal 42 43 @staticmethod 44 def escape(expression, quote=True): 45 errMsg = "'escape' method must be defined " 46 errMsg += "inside the specific DBMS plugin" 47 raise SqlmapUndefinedMethod(errMsg) 48