1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import os
9
import re
10

11
from xml.etree import ElementTree as et
12

13
from lib.core.common import getSafeExString
14
from lib.core.compat import xrange
15
from lib.core.data import conf
16
from lib.core.data import paths
17
from lib.core.datatype import AttribDict
18
from lib.core.exception import SqlmapInstallationException
19
from lib.core.settings import PAYLOAD_XML_FILES
20

21
def cleanupVals(text, tag):
22
    if tag == "clause" and '-' in text:
23
        text = re.sub(r"(\d+)-(\d+)", lambda match: ','.join(str(_) for _ in xrange(int(match.group(1)), int(match.group(2)) + 1)), text)
24

25
    if tag in ("clause", "where"):
26
        text = text.split(',')
27

28
    if hasattr(text, "isdigit") and text.isdigit():
29
        text = int(text)
30

31
    elif isinstance(text, list):
32
        count = 0
33

34
        for _ in text:
35
            text[count] = int(_) if _.isdigit() else _
36
            count += 1
37

38
        if len(text) == 1 and tag not in ("clause", "where"):
39
            text = text[0]
40

41
    return text
42

43
def parseXmlNode(node):
44
    for element in node.findall("boundary"):
45
        boundary = AttribDict()
46

47
        for child in element.findall("*"):
48
            if child.text:
49
                values = cleanupVals(child.text, child.tag)
50
                boundary[child.tag] = values
51
            else:
52
                boundary[child.tag] = None
53

54
        conf.boundaries.append(boundary)
55

56
    for element in node.findall("test"):
57
        test = AttribDict()
58

59
        for child in element.findall("*"):
60
            if child.text and child.text.strip():
61
                values = cleanupVals(child.text, child.tag)
62
                test[child.tag] = values
63
            else:
64
                progeny = child.findall("*")
65
                if len(progeny) == 0:
66
                    test[child.tag] = None
67
                    continue
68
                else:
69
                    test[child.tag] = AttribDict()
70

71
                for gchild in progeny:
72
                    if gchild.tag in test[child.tag]:
73
                        prevtext = test[child.tag][gchild.tag]
74
                        test[child.tag][gchild.tag] = [prevtext, gchild.text]
75
                    else:
76
                        test[child.tag][gchild.tag] = gchild.text
77

78
        conf.tests.append(test)
79

80
def loadBoundaries():
81
    """
82
    Loads boundaries from XML
83

84
    >>> conf.boundaries = []
85
    >>> loadBoundaries()
86
    >>> len(conf.boundaries) > 0
87
    True
88
    """
89

90
    try:
91
        doc = et.parse(paths.BOUNDARIES_XML)
92
    except Exception as ex:
93
        errMsg = "something appears to be wrong with "
94
        errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, getSafeExString(ex))
95
        errMsg += "sure that you haven't made any changes to it"
96
        raise SqlmapInstallationException(errMsg)
97

98
    root = doc.getroot()
99
    parseXmlNode(root)
100

101
def loadPayloads():
102
    """
103
    Loads payloads/tests from XML
104

105
    >>> conf.tests = []
106
    >>> loadPayloads()
107
    >>> len(conf.tests) > 0
108
    True
109
    """
110

111
    for payloadFile in PAYLOAD_XML_FILES:
112
        payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
113

114
        try:
115
            doc = et.parse(payloadFilePath)
116
        except Exception as ex:
117
            errMsg = "something appears to be wrong with "
118
            errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, getSafeExString(ex))
119
            errMsg += "sure that you haven't made any changes to it"
120
            raise SqlmapInstallationException(errMsg)
121

122
        root = doc.getroot()
123
        parseXmlNode(root)
124

125