MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / getValue

Function getValue

lib/request/inject.py:361–543  ·  view source on GitHub ↗

Called each time sqlmap inject a SQL query on the SQL injection affected parameter.

(expression, blind=True, union=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeCharEncode=True)

Source from the content-addressed store, hash-verified

359@lockedmethod
360@stackedmethod
361def getValue(expression, blind=True, union=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeCharEncode=True):
362 """
363 Called each time sqlmap inject a SQL query on the SQL injection
364 affected parameter.
365 """
366
367 if conf.hexConvert and expected != EXPECTED.BOOL and Backend.getIdentifiedDbms():
368 if not hasattr(queries[Backend.getIdentifiedDbms()], "hex"):
369 warnMsg = "switch '--hex' is currently not supported on DBMS %s" % Backend.getIdentifiedDbms()
370 singleTimeWarnMessage(warnMsg)
371 conf.hexConvert = False
372 else:
373 charsetType = CHARSET_TYPE.HEXADECIMAL
374
375 kb.safeCharEncode = safeCharEncode
376 kb.resumeValues = resumeValue
377
378 for keyword in GET_VALUE_UPPERCASE_KEYWORDS:
379 expression = re.sub(r"(?i)(\A|\(|\)|\s)%s(\Z|\(|\)|\s)" % keyword, r"\g<1>%s\g<2>" % keyword, expression)
380
381 if suppressOutput is not None:
382 pushValue(getCurrentThreadData().disableStdOut)
383 getCurrentThreadData().disableStdOut = suppressOutput
384
385 try:
386 pushValue(conf.db)
387 pushValue(conf.tbl)
388
389 if expected == EXPECTED.BOOL:
390 forgeCaseExpression = booleanExpression = expression
391
392 if expression.startswith("SELECT "):
393 booleanExpression = "(%s)=%s" % (booleanExpression, "'1'" if "'1'" in booleanExpression else "1")
394 else:
395 forgeCaseExpression = agent.forgeCaseStatement(expression)
396
397 if conf.direct:
398 value = direct(forgeCaseExpression if expected == EXPECTED.BOOL else expression)
399
400 elif any(isTechniqueAvailable(_) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True)):
401 query = cleanQuery(expression)
402 query = expandAsteriskForColumns(query)
403 value = None
404 found = False
405 count = 0
406
407 if query and not re.search(r"COUNT.*FROM.*\(.*DISTINCT", query, re.I):
408 query = query.replace("DISTINCT ", "")
409
410 if not conf.forceDns:
411 if union and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
412 setTechnique(PAYLOAD.TECHNIQUE.UNION)
413 kb.forcePartialUnion = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector[8]
414 fallback = not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL and not kb.forcePartialUnion
415
416 if expected == EXPECTED.BOOL:
417 # Note: some DBMSes (e.g. Altibase) don't support implicit conversion of boolean check result during concatenation with prefix and suffix (e.g. 'qjjvq'||(1=1)||'qbbbq')
418

Callers 1

checkBooleanExpressionFunction · 0.85

Calls 15

singleTimeWarnMessageFunction · 0.90
pushValueFunction · 0.90
getCurrentThreadDataFunction · 0.90
directFunction · 0.90
isTechniqueAvailableFunction · 0.90
getPublicTypeMembersFunction · 0.90
cleanQueryFunction · 0.90
expandAsteriskForColumnsFunction · 0.90
setTechniqueFunction · 0.90
popValueFunction · 0.90
errorUseFunction · 0.90
filterNoneFunction · 0.90

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…