From fa9039fd5e9cb7fe46f91954fd6c291d20ca6e36 Mon Sep 17 00:00:00 2001 From: wang <3202024218@qq.com> Date: Mon, 16 Dec 2024 21:10:34 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9handler.py=202?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/sqlmap-master/lib/controller/handler.py | 155 ++++++++++++++++---- 1 file changed, 124 insertions(+), 31 deletions(-) diff --git a/src/sqlmap-master/lib/controller/handler.py b/src/sqlmap-master/lib/controller/handler.py index b76ea0d..978c7b9 100644 --- a/src/sqlmap-master/lib/controller/handler.py +++ b/src/sqlmap-master/lib/controller/handler.py @@ -1,97 +1,190 @@ -# 导入sqlmap核心模块和数据库相关的插件 +#!/usr/bin/env python +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +# Import necessary modules and classes from the sqlmap project from lib.core.common import Backend from lib.core.data import conf from lib.core.data import kb from lib.core.dicts import DBMS_DICT from lib.core.enums import DBMS from lib.core.exception import SqlmapConnectionException -# 导入各种数据库的别名设置 -from lib.core.settings import ACCESS_ALIASES, ALTIBASE_ALIASES, ..., VIRTUOSO_ALIASES -# 导入sqlalchemy工具,用于直接连接数据库 +from lib.core.settings import * # Import all database aliases settings from lib.utils.sqlalchemy import SQLAlchemy -# 导入各种数据库的插件模块 +# Import connectors and maps for various DBMS from plugins.dbms.access.connector import Connector as AccessConn from plugins.dbms.access import AccessMap -# ... 其他数据库的插件模块 +from plugins.dbms.altibase.connector import Connector as AltibaseConn +from plugins.dbms.altibase import AltibaseMap +from plugins.dbms.cache.connector import Connector as CacheConn +from plugins.dbms.cache import CacheMap +from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn +from plugins.dbms.clickhouse import ClickHouseMap +from plugins.dbms.cratedb.connector import Connector as CrateDBConn +from plugins.dbms.cratedb import CrateDBMap +from plugins.dbms.cubrid.connector import Connector as CubridConn +from plugins.dbms.cubrid import CubridMap +from plugins.dbms.db2.connector import Connector as DB2Conn +from plugins.dbms.db2 import DB2Map +from plugins.dbms.derby.connector import Connector as DerbyConn +from plugins.dbms.derby import DerbyMap +from plugins.dbms.extremedb.connector import Connector as ExtremeDBConn +from plugins.dbms.extremedb import ExtremeDBMap +from plugins.dbms.firebird.connector import Connector as FirebirdConn +from plugins.dbms.firebird import FirebirdMap +from plugins.dbms.frontbase.connector import Connector as FrontBaseConn +from plugins.dbms.frontbase import FrontBaseMap +from plugins.dbms.h2.connector import Connector as H2Conn +from plugins.dbms.h2 import H2Map +from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn +from plugins.dbms.hsqldb import HSQLDBMap +from plugins.dbms.informix.connector import Connector as InformixConn +from plugins.dbms.informix import InformixMap +from plugins.dbms.maxdb.connector import Connector as MaxDBConn +from plugins.dbms.maxdb import MaxDBMap +from plugins.dbms.mckoi.connector import Connector as MckoiConn +from plugins.dbms.mckoi import MckoiMap +from plugins.dbms.mimersql.connector import Connector as MimerSQLConn +from plugins.dbms.mimersql import MimerSQLMap +from plugins.dbms.monetdb.connector import Connector as MonetDBConn +from plugins.dbms.monetdb import MonetDBMap +from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn +from plugins.dbms.mssqlserver import MSSQLServerMap +from plugins.dbms.mysql.connector import Connector as MySQLConn +from plugins.dbms.mysql import MySQLMap +from plugins.dbms.oracle.connector import Connector as OracleConn +from plugins.dbms.oracle import OracleMap +from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn +from plugins.dbms.postgresql import PostgreSQLMap +from plugins.dbms.presto.connector import Connector as PrestoConn +from plugins.dbms.presto import PrestoMap +from plugins.dbms.raima.connector import Connector as RaimaConn +from plugins.dbms.raima import RaimaMap +from plugins.dbms.sqlite.connector import Connector as SQLiteConn +from plugins.dbms.sqlite import SQLiteMap +from plugins.dbms.sybase.connector import Connector as SybaseConn +from plugins.dbms.sybase import SybaseMap +from plugins.dbms.vertica.connector import Connector as VerticaConn +from plugins.dbms.vertica import VerticaMap from plugins.dbms.virtuoso.connector import Connector as VirtuosoConn from plugins.dbms.virtuoso import VirtuosoMap def setHandler(): """ - 检测目标网站后端数据库管理系统(DBMS)类型。 + Detect which is the target web application back-end database + management system. This function will handle the identification + of the database management system (DBMS) to work with the sqlmap tool. """ - # 包含所有支持的数据库类型及其别名、处理器和连接器的列表 + + # List of tuples containing DBMS information (DBMS type, aliases, map class, connector class) items = [ (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn), - # ... 其他数据库类型 + (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn), + (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn), + (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn), + (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn), + (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn), + (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn), + (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn), + (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn), + (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn), + (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn), + (DBMS.H2, H2_ALIASES, H2Map, H2Conn), + (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn), + (DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn), + (DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn), + (DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, VerticaConn), + (DBMS.MCKOI, MCKOI_ALIASES, MckoiMap, MckoiConn), + (DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn), + (DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn), + (DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn), + (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn), + (DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn), + (DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn), + (DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn), + (DBMS.EXTREMEDB, EXTREMEDB_ALIASES, ExtremeDBMap, ExtremeDBConn), + (DBMS.FRONTBASE, FRONTBASE_ALIASES, FrontBaseMap, FrontBaseConn), + (DBMS.RAIMA, RAIMA_ALIASES, RaimaMap, RaimaConn), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, VirtuosoConn), ] - # 如果配置、后端已识别的DBMS或启发式检测到的DBMS存在于别名中,则将其置于列表首位 + # Identify the current DBMS by evaluating conditions _ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items) + + # If a DBMS is detected, remove it from the list and place it at the start if _: items.remove(_) items.insert(0, _) - # 遍历所有数据库类型 + # Iterate through the list of DBMS to find the suitable one for dbms, aliases, Handler, Connector in items: - # 如果用户强制指定了DBMS,且当前类型不在别名中,则跳过 + + # If a specific DBMS is forced via configuration if conf.forceDbms: if conf.forceDbms.lower() not in aliases: - continue + continue # Skip if aliases do not match else: - kb.dbms = conf.dbms = conf.forceDbms = dbms + kb.dbms = conf.dbms = conf.forceDbms = dbms # Set the forced DBMS - # 如果有DBMS过滤器,且当前DBMS不在过滤器中,则跳过 + # Check if the current DBMS is filtered out if kb.dbmsFilter: if dbms not in kb.dbmsFilter: - continue - - # 创建处理器实例和连接器实例 + continue # Skip if DBMS is in the filter list + + # Instantiate the handler and connector classes for the DBMS handler = Handler() conf.dbmsConnector = Connector() - # 如果用户选择直接连接数据库 + # Direct connection logic if applicable if conf.direct: exception = None - dialect = DBMS_DICT[dbms][3] - # 尝试使用sqlalchemy或直接连接 + dialect = DBMS_DICT[dbms][3] # Get the dialect from the dictionary + + # Attempt to connect using SQLAlchemy with the provided dialect if dialect: try: sqlalchemy = SQLAlchemy(dialect=dialect) - sqlalchemy.connect() - if sqlalchemy.connector: + sqlalchemy.connect() # Establish SQLAlchemy connection + + if sqlalchemy.connector: # If connected successfully conf.dbmsConnector = sqlalchemy except Exception as ex: - exception = ex + exception = ex # Capture any exception that occurs + # If no valid dialect or an exception occurred, try direct connection with the DBMS connector if not dialect or exception: try: conf.dbmsConnector.connect() except Exception as ex: if exception: - raise exception + raise exception # Raise the previously caught exception else: if not isinstance(ex, NameError): - raise + raise # Raise unexpected exceptions else: + # Raise an exception for unsupported direct connection msg = "support for direct connection to '%s' is not available. " % dbms msg += "Please rerun with '--dependencies'" raise SqlmapConnectionException(msg) - # 如果用户强制指定了DBMS或处理器检查确认了DBMS,则设置处理器和连接器 + # Determine if the current handler should proceed based on DBMS check if conf.forceDbms == dbms or handler.checkDbms(): + # If a specific DBMS resolution is set, assign the corresponding handler if kb.resolutionDbms: - conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]() + conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]() conf.dbmsHandler._dbms = kb.resolutionDbms else: + # Assign the detected handler and set the DBMS type conf.dbmsHandler = handler conf.dbmsHandler._dbms = dbms - break + break # Exit loop after successful DBMS identification else: - conf.dbmsConnector = None + # Set the DBMS connector to None if the check fails + conf.dbmsConnector = None - # DBMS指纹识别完成后,无需再强制执行 + # At this point, back-end DBMS is correctly fingerprinted, no need to enforce it anymore Backend.flushForcedDbms() \ No newline at end of file