MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _goInference

Function _goInference

lib/request/inject.py:83–133  ·  view source on GitHub ↗
(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None)

Source from the content-addressed store, hash-verified

81 return value
82
83def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None):
84 start = time.time()
85 value = None
86 count = 0
87
88 value = _goDns(payload, expression)
89
90 if payload is None:
91 return None
92
93 if value is not None:
94 return value
95
96 timeBasedCompare = (getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
97
98 if timeBasedCompare and conf.threads > 1 and kb.forceThreads is None:
99 msg = "multi-threading is considered unsafe in "
100 msg += "time-based data retrieval. Are you sure "
101 msg += "of your choice (breaking warranty) [y/N] "
102
103 kb.forceThreads = readInput(msg, default='N', boolean=True)
104
105 if not (timeBasedCompare and kb.dnsTest):
106 if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not kb.forceThreads):
107
108 if field and re.search(r"\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I):
109 if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CUBRID):
110 alias = randomStr(lowercase=True, seed=hash(expression))
111 expression = "SELECT %s FROM (%s)" % (field if '.' not in field else re.sub(r".+\.", "%s." % alias, field), expression) # Note: MonetDB as a prime example
112 expression += " AS %s" % alias
113 else:
114 expression = "SELECT %s FROM (%s)" % (field, expression)
115
116 if field and conf.hexConvert or conf.binaryFields and field in conf.binaryFields or Backend.getIdentifiedDbms() in (DBMS.RAIMA,):
117 nulledCastedField = agent.nullAndCastField(field)
118 injExpression = expression.replace(field, nulledCastedField, 1)
119 else:
120 injExpression = expression
121 length = queryOutputLength(injExpression, payload)
122 else:
123 length = None
124
125 kb.inferenceMode = True
126 count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)
127 kb.inferenceMode = False
128
129 if not kb.bruteMode:
130 debugMsg = "performed %d quer%s in %.2f seconds" % (count, 'y' if count == 1 else "ies", calculateDeltaSeconds(start))
131 logger.debug(debugMsg)
132
133 return value
134
135def _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
136 outputs = []

Callers 2

_goInferenceFieldsFunction · 0.85
_goInferenceProxyFunction · 0.85

Calls 12

getTechniqueFunction · 0.90
readInputFunction · 0.90
randomStrFunction · 0.90
queryOutputLengthFunction · 0.90
bisectionFunction · 0.90
calculateDeltaSecondsFunction · 0.90
_goDnsFunction · 0.85
getIdentifiedDbmsMethod · 0.80
nullAndCastFieldMethod · 0.80
debugMethod · 0.80
searchMethod · 0.45
replaceMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…