MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _setHTTPAuthentication

Function _setHTTPAuthentication

lib/core/option.py:1321–1407  ·  view source on GitHub ↗

Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI), username and password for first three methods, or PEM private key file for PKI authentication

()

Source from the content-addressed store, hash-verified

1319 kb.passwordMgr.add_password(None, "%s://%s:%d" % (conf.scheme, conf.hostname, conf.port), conf.authUsername, conf.authPassword)
1320
1321def _setHTTPAuthentication():
1322 """
1323 Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI),
1324 username and password for first three methods, or PEM private key file for
1325 PKI authentication
1326 """
1327
1328 global authHandler
1329
1330 if not conf.authType and not conf.authCred and not conf.authFile:
1331 return
1332
1333 if conf.authFile and not conf.authType:
1334 conf.authType = AUTH_TYPE.PKI
1335
1336 elif conf.authType and not conf.authCred and not conf.authFile:
1337 errMsg = "you specified the HTTP authentication type, but "
1338 errMsg += "did not provide the credentials"
1339 raise SqlmapSyntaxException(errMsg)
1340
1341 elif not conf.authType and conf.authCred:
1342 errMsg = "you specified the HTTP authentication credentials, "
1343 errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")"
1344 raise SqlmapSyntaxException(errMsg)
1345
1346 elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.BEARER, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
1347 errMsg = "HTTP authentication type value must be "
1348 errMsg += "Basic, Digest, Bearer, NTLM or PKI"
1349 raise SqlmapSyntaxException(errMsg)
1350
1351 if not conf.authFile:
1352 debugMsg = "setting the HTTP authentication type and credentials"
1353 logger.debug(debugMsg)
1354
1355 authType = conf.authType.lower()
1356
1357 if authType in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST):
1358 regExp = "^(.*?):(.*?)$"
1359 errMsg = "HTTP %s authentication credentials " % authType
1360 errMsg += "value must be in format 'username:password'"
1361 elif authType == AUTH_TYPE.BEARER:
1362 conf.httpHeaders.append((HTTP_HEADER.AUTHORIZATION, "Bearer %s" % conf.authCred.strip()))
1363 return
1364 elif authType == AUTH_TYPE.NTLM:
1365 regExp = "^(.*\\\\.*):(.*?)$"
1366 errMsg = "HTTP NTLM authentication credentials value must "
1367 errMsg += "be in format 'DOMAIN\\username:password'"
1368 elif authType == AUTH_TYPE.PKI:
1369 errMsg = "HTTP PKI authentication require "
1370 errMsg += "usage of option `--auth-file`"
1371 raise SqlmapSyntaxException(errMsg)
1372
1373 aCredRegExp = re.search(regExp, conf.authCred)
1374
1375 if not aCredRegExp:
1376 raise SqlmapSyntaxException(errMsg)
1377
1378 conf.authUsername = aCredRegExp.group(1)

Callers 1

initFunction · 0.85

Calls 10

safeExpandUserFunction · 0.90
checkFileFunction · 0.90
HTTPSPKIAuthHandlerClass · 0.90
_setAuthCredFunction · 0.85
debugMethod · 0.80
appendMethod · 0.45
searchMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…