MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / searchDb

Method searchDb

plugins/generic/search.py:51–141  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

49 pass
50
51 def searchDb(self):
52 foundDbs = []
53 rootQuery = queries[Backend.getIdentifiedDbms()].search_db
54 dbList = conf.db.split(',')
55
56 if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
57 dbCond = rootQuery.inband.condition2
58 else:
59 dbCond = rootQuery.inband.condition
60
61 dbConsider, dbCondParam = self.likeOrExact("database")
62
63 for db in dbList:
64 values = []
65 db = safeSQLIdentificatorNaming(db)
66
67 if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:
68 db = db.upper()
69
70 infoMsg = "searching database"
71 if dbConsider == "1":
72 infoMsg += "s LIKE"
73 infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
74 logger.info(infoMsg)
75
76 if conf.excludeSysDbs:
77 exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
78 infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
79 logger.info(infoMsg)
80 else:
81 exclDbsQuery = ""
82
83 dbQuery = "%s%s" % (dbCond, dbCondParam)
84 dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db)
85
86 if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
87 if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
88 query = rootQuery.inband.query2
89 else:
90 query = rootQuery.inband.query
91
92 query = query % (dbQuery + exclDbsQuery)
93 values = inject.getValue(query, blind=False, time=False)
94
95 if not isNoneValue(values):
96 values = arrayizeValue(values)
97
98 for value in values:
99 value = safeSQLIdentificatorNaming(value)
100 foundDbs.append(value)
101
102 if not values and isInferenceAvailable() and not conf.direct:
103 infoMsg = "fetching number of database"
104 if dbConsider == "1":
105 infoMsg += "s LIKE"
106 infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
107 logger.info(infoMsg)
108

Callers 1

searchMethod · 0.95

Calls 15

isTechniqueAvailableFunction · 0.90
isNoneValueFunction · 0.90
arrayizeValueFunction · 0.90
isInferenceAvailableFunction · 0.90
isNumPosStrValueFunction · 0.90
getLimitRangeFunction · 0.90
unArrayizeValueFunction · 0.90
getIdentifiedDbmsMethod · 0.80
isDbmsMethod · 0.80
likeOrExactMethod · 0.80

Tested by

no test coverage detected