MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / readFile

Method readFile

plugins/generic/filesystem.py:216–287  ·  view source on GitHub ↗
(self, remoteFile)

Source from the content-addressed store, hash-verified

214 raise SqlmapUndefinedMethod(errMsg)
215
216 def readFile(self, remoteFile):
217 localFilePaths = []
218
219 self.checkDbmsOs()
220
221 for remoteFile in remoteFile.split(','):
222 fileContent = None
223 kb.fileReadMode = True
224
225 if conf.direct or isStackingAvailable():
226 if isStackingAvailable():
227 debugMsg = "going to try to read the file with stacked query SQL "
228 debugMsg += "injection technique"
229 logger.debug(debugMsg)
230
231 fileContent = self.stackedReadFile(remoteFile)
232 elif Backend.isDbms(DBMS.MYSQL):
233 debugMsg = "going to try to read the file with non-stacked query "
234 debugMsg += "SQL injection technique"
235 logger.debug(debugMsg)
236
237 fileContent = self.nonStackedReadFile(remoteFile)
238 else:
239 errMsg = "none of the SQL injection techniques detected can "
240 errMsg += "be used to read files from the underlying file "
241 errMsg += "system of the back-end %s server" % Backend.getDbms()
242 logger.error(errMsg)
243
244 fileContent = None
245
246 kb.fileReadMode = False
247
248 if (isNoneValue(fileContent) or isNullValue(fileContent)) and not Backend.isDbms(DBMS.PGSQL):
249 self.cleanup(onlyFileTbl=True)
250 fileContent = None
251 elif isListLike(fileContent):
252 newFileContent = ""
253
254 for chunk in fileContent:
255 if isListLike(chunk):
256 if len(chunk) > 0:
257 chunk = chunk[0]
258 else:
259 chunk = ""
260
261 if chunk:
262 newFileContent += chunk
263
264 fileContent = newFileContent
265
266 if fileContent is not None:
267 fileContent = decodeDbmsHexValue(fileContent, True)
268
269 if fileContent.strip():
270 localFilePath = dataToOutFile(remoteFile, fileContent)
271
272 if not Backend.isDbms(DBMS.PGSQL):
273 self.cleanup(onlyFileTbl=True)

Callers 3

fileExistsFunction · 0.45
fileExistsThreadFunction · 0.45
actionFunction · 0.45

Calls 15

stackedReadFileMethod · 0.95
nonStackedReadFileMethod · 0.95
askCheckReadFileMethod · 0.95
isStackingAvailableFunction · 0.90
isNoneValueFunction · 0.90
isNullValueFunction · 0.90
isListLikeFunction · 0.90
decodeDbmsHexValueFunction · 0.90
dataToOutFileFunction · 0.90
debugMethod · 0.80
isDbmsMethod · 0.80
cleanupMethod · 0.80

Tested by

no test coverage detected