MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _setRequestParams

Function _setRequestParams

lib/core/target.py:85–434  ·  view source on GitHub ↗

Check and set the parameters and perform checks on 'data' option for HTTP method POST.

()

Source from the content-addressed store, hash-verified

83from thirdparty.six.moves import urllib as _urllib
84
85def _setRequestParams():
86 """
87 Check and set the parameters and perform checks on 'data' option for
88 HTTP method POST.
89 """
90
91 if conf.direct:
92 conf.parameters[None] = "direct connection"
93 return
94
95 hintNames = []
96 testableParameters = False
97
98 # Perform checks on GET parameters
99 if conf.parameters.get(PLACE.GET):
100 parameters = conf.parameters[PLACE.GET]
101 paramDict = paramToDict(PLACE.GET, parameters)
102
103 if paramDict:
104 conf.paramDict[PLACE.GET] = paramDict
105 testableParameters = True
106
107 # Perform checks on POST parameters
108 if conf.method == HTTPMETHOD.POST and conf.data is None:
109 logger.warning("detected empty POST body")
110 conf.data = ""
111
112 if conf.data is not None:
113 conf.method = conf.method or HTTPMETHOD.POST
114
115 def process(match, repl):
116 retVal = match.group(0)
117
118 if not (conf.testParameter and match.group("name") not in (removePostHintPrefix(_) for _ in conf.testParameter)) and match.group("name") == match.group("name").strip('\\'):
119 retVal = repl
120 while True:
121 _ = re.search(r"\\g<([^>]+)>", retVal)
122 if _:
123 try:
124 retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
125 except IndexError:
126 break
127 else:
128 break
129 if kb.customInjectionMark in retVal:
130 hintNames.append((retVal.split(kb.customInjectionMark)[0], match.group("name").strip('"\'&#x27;) if kb.postHint == POST_HINT.JSON_LIKE else match.group("name")))
131
132 return retVal
133
134 if kb.processUserMarks is None and kb.customInjectionMark in conf.data:
135 message = "custom injection marker ('%s') found in %s " % (kb.customInjectionMark, conf.method)
136 message += "body. Do you want to process it? [Y/n/q] "
137 choice = readInput(message, default='Y').upper()
138
139 if choice == 'Q':
140 raise SqlmapUserQuitException
141 else:
142 kb.processUserMarks = choice == 'Y'

Callers 1

setupTargetEnvFunction · 0.85

Calls 14

paramToDictFunction · 0.90
readInputFunction · 0.90
OrderedDictClass · 0.90
urldecodeFunction · 0.90
intersectFunction · 0.90
getUnicodeFunction · 0.90
xrangeClass · 0.85
valuesMethod · 0.80
_Class · 0.70
getMethod · 0.45
searchMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…