Take in input a query string and return its processed nulled, casted and concatenated query string. Examples: MySQL input: SELECT user, password FROM mysql.user MySQL output: CONCAT('mMvPxc',IFNULL(CAST(user AS CHAR(10000)), ' '),'nXlgnR',IFNULL(CAST(passw
(self, query, unpack=True)
| 674 | return retVal |
| 675 | |
| 676 | def concatQuery(self, query, unpack=True): |
| 677 | """ |
| 678 | Take in input a query string and return its processed nulled, |
| 679 | casted and concatenated query string. |
| 680 | |
| 681 | Examples: |
| 682 | |
| 683 | MySQL input: SELECT user, password FROM mysql.user |
| 684 | MySQL output: CONCAT('mMvPxc',IFNULL(CAST(user AS CHAR(10000)), ' '),'nXlgnR',IFNULL(CAST(password AS CHAR(10000)), ' '),'YnCzLl') FROM mysql.user |
| 685 | |
| 686 | PostgreSQL input: SELECT usename, passwd FROM pg_shadow |
| 687 | PostgreSQL output: 'HsYIBS'||COALESCE(CAST(usename AS CHARACTER(10000)), ' ')||'KTBfZp'||COALESCE(CAST(passwd AS CHARACTER(10000)), ' ')||'LkhmuP' FROM pg_shadow |
| 688 | |
| 689 | Oracle input: SELECT COLUMN_NAME, DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='USERS' |
| 690 | Oracle output: 'GdBRAo'||NVL(CAST(COLUMN_NAME AS VARCHAR(4000)), ' ')||'czEHOf'||NVL(CAST(DATA_TYPE AS VARCHAR(4000)), ' ')||'JVlYgS' FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='USERS' |
| 691 | |
| 692 | Microsoft SQL Server input: SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins |
| 693 | Microsoft SQL Server output: 'QQMQJO'+ISNULL(CAST(name AS VARCHAR(8000)), ' ')+'kAtlqH'+ISNULL(CAST(master.dbo.fn_varbintohexstr(password) AS VARCHAR(8000)), ' ')+'lpEqoi' FROM master..sysxlogins |
| 694 | |
| 695 | @param query: query string to be processed |
| 696 | @type query: C{str} |
| 697 | |
| 698 | @return: query string nulled, casted and concatenated |
| 699 | @rtype: C{str} |
| 700 | """ |
| 701 | |
| 702 | if unpack: |
| 703 | concatenatedQuery = "" |
| 704 | query = query.replace(", ", ',') |
| 705 | fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query) |
| 706 | castedFields = self.nullCastConcatFields(fieldsToCastStr) |
| 707 | concatenatedQuery = query.replace(fieldsToCastStr, castedFields, 1) |
| 708 | else: |
| 709 | return query |
| 710 | |
| 711 | if Backend.isDbms(DBMS.MYSQL): |
| 712 | if fieldsExists: |
| 713 | concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1) |
| 714 | concatenatedQuery += ",'%s')" % kb.chars.stop |
| 715 | elif fieldsSelectCase: |
| 716 | concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1) |
| 717 | concatenatedQuery += ",'%s')" % kb.chars.stop |
| 718 | elif fieldsSelectFrom: |
| 719 | _ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, " FROM ")) |
| 720 | concatenatedQuery = "%s,'%s')%s" % (concatenatedQuery[:_].replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1), kb.chars.stop, concatenatedQuery[_:]) |
| 721 | elif fieldsSelect: |
| 722 | concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1) |
| 723 | concatenatedQuery += ",'%s')" % kb.chars.stop |
| 724 | elif fieldsNoSelect: |
| 725 | concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop) |
| 726 | |
| 727 | elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO): |
| 728 | if fieldsExists: |
| 729 | concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1) |
| 730 | concatenatedQuery += "||'%s'" % kb.chars.stop |
| 731 | elif fieldsSelectCase: |
| 732 | concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||(SELECT " % kb.chars.start, 1) |
| 733 | concatenatedQuery += ")||'%s'" % kb.chars.stop |