MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / suffixQuery

Method suffixQuery

lib/core/agent.py:313–352  ·  view source on GitHub ↗

This method appends the DBMS comment to the SQL injection request

(self, expression, comment=None, suffix=None, where=None, trimEmpty=True)

Source from the content-addressed store, hash-verified

311 return query
312
313 def suffixQuery(self, expression, comment=None, suffix=None, where=None, trimEmpty=True):
314 """
315 This method appends the DBMS comment to the
316 SQL injection request
317 """
318
319 if conf.direct:
320 return self.payloadDirect(expression)
321
322 if expression is None:
323 return None
324
325 expression = self.cleanupPayload(expression)
326
327 # Take default values if None
328 suffix = kb.injection.suffix if kb.injection and suffix is None else suffix
329
330 if getTechnique() is not None and getTechnique() in kb.injection.data:
331 where = getTechniqueData().where if where is None else where
332 comment = getTechniqueData().comment if comment is None else comment
333
334 if any((comment or "").startswith(_) for _ in ("--", GENERIC_SQL_COMMENT_MARKER)):
335 if Backend.getIdentifiedDbms() and not GENERIC_SQL_COMMENT.startswith(queries[Backend.getIdentifiedDbms()].comment.query):
336 comment = queries[Backend.getIdentifiedDbms()].comment.query
337
338 if comment is not None:
339 expression += comment
340
341 # If we are replacing (<where>) the parameter original value with
342 # our payload do not append the suffix
343 if where == PAYLOAD.WHERE.REPLACE and not conf.suffix:
344 pass
345
346 elif suffix and not comment:
347 if re.search(r"\w\Z", expression) and re.search(r"\A\w", suffix):
348 expression += " "
349
350 expression += suffix.replace('\\', BOUNDARY_BACKSLASH_MARKER)
351
352 return re.sub(r";\W*;", ";", expression) if trimEmpty else expression
353
354 def cleanupPayload(self, payload, origValue=None):
355 if not isinstance(payload, six.string_types):

Callers 13

forgeUnionQueryMethod · 0.95
checkSqlInjectionFunction · 0.80
genCmpPayloadFunction · 0.80
_goInferenceProxyFunction · 0.80
_goBooleanProxyFunction · 0.80
goStackedFunction · 0.80
_orderByTestFunction · 0.80
_fuzzUnionColsFunction · 0.80
bisectionFunction · 0.80
_oneShotErrorUseFunction · 0.80
readFileMethod · 0.80
uncPathRequestMethod · 0.80

Calls 7

payloadDirectMethod · 0.95
cleanupPayloadMethod · 0.95
getTechniqueFunction · 0.90
getTechniqueDataFunction · 0.90
getIdentifiedDbmsMethod · 0.80
searchMethod · 0.45
replaceMethod · 0.45

Tested by 2

_orderByTestFunction · 0.64
_fuzzUnionColsFunction · 0.64