MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / cleanupPayload

Method cleanupPayload

lib/core/agent.py:354–405  ·  view source on GitHub ↗
(self, payload, origValue=None)

Source from the content-addressed store, hash-verified

352 return re.sub(r";\W*;", ";", expression) if trimEmpty else expression
353
354 def cleanupPayload(self, payload, origValue=None):
355 if not isinstance(payload, six.string_types):
356 return
357
358 replacements = {
359 "[DELIMITER_START]": kb.chars.start,
360 "[DELIMITER_STOP]": kb.chars.stop,
361 "[AT_REPLACE]": kb.chars.at,
362 "[SPACE_REPLACE]": kb.chars.space,
363 "[DOLLAR_REPLACE]": kb.chars.dollar,
364 "[HASH_REPLACE]": kb.chars.hash_,
365 "[GENERIC_SQL_COMMENT]": GENERIC_SQL_COMMENT
366 }
367
368 for value in re.findall(r"\[[A-Z_]+\]", payload):
369 if value in replacements:
370 payload = payload.replace(value, replacements[value])
371
372 for _ in set(re.findall(r"(?i)\[RANDNUM(?:\d+)?\]", payload)):
373 payload = payload.replace(_, str(randomInt()))
374
375 for _ in set(re.findall(r"(?i)\[RANDSTR(?:\d+)?\]", payload)):
376 payload = payload.replace(_, randomStr())
377
378 if origValue is not None:
379 origValue = getUnicode(origValue)
380
381 if "[ORIGVALUE]" in payload:
382 payload = getUnicode(payload).replace("[ORIGVALUE]", origValue if origValue.isdigit() else unescaper.escape("'%s'" % origValue))
383 if "[ORIGINAL]" in payload:
384 payload = getUnicode(payload).replace("[ORIGINAL]", origValue)
385
386 if INFERENCE_MARKER in payload:
387 if Backend.getIdentifiedDbms() is not None:
388 inference = queries[Backend.getIdentifiedDbms()].inference
389
390 if "dbms_version" in inference:
391 if isDBMSVersionAtLeast(inference.dbms_version):
392 inferenceQuery = inference.query
393 else:
394 inferenceQuery = inference.query2
395 else:
396 inferenceQuery = inference.query
397
398 payload = payload.replace(INFERENCE_MARKER, inferenceQuery)
399
400 elif not kb.testMode:
401 errMsg = "invalid usage of inference payload without "
402 errMsg += "knowledge of underlying DBMS"
403 raise SqlmapNoneDataException(errMsg)
404
405 return payload
406
407 def adjustLateValues(self, payload):
408 """

Callers 6

payloadDirectMethod · 0.95
payloadMethod · 0.95
prefixQueryMethod · 0.95
suffixQueryMethod · 0.95
checkSqlInjectionFunction · 0.80
genCmpPayloadFunction · 0.80

Calls 8

randomIntFunction · 0.90
randomStrFunction · 0.90
getUnicodeFunction · 0.90
isDBMSVersionAtLeastFunction · 0.90
getIdentifiedDbmsMethod · 0.80
replaceMethod · 0.45
escapeMethod · 0.45

Tested by

no test coverage detected