1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import os
9
import re
10

11
from xml.etree import ElementTree as et
12

13
from lib.core.common import getSafeExString
14
from lib.core.compat import xrange
15
from lib.core.data import conf
16
from lib.core.data import paths
17
from lib.core.datatype import AttribDict
18
from lib.core.exception import SqlmapInstallationException
19
from lib.core.settings import PAYLOAD_XML_FILES
20

21
def cleanupVals(text, tag):
22
    if tag == "clause" and '-' in text:
23
        text = re.sub(r"(\d+)-(\d+)", lambda match: ','.join(str(_) for _ in xrange(int(match.group(1)), int(match.group(2)) + 1)), text)
24

25
    if tag in ("clause", "where"):
26
        text = text.split(',')
27

28
    if hasattr(text, "isdigit") and text.isdigit():
29
        text = int(text)
30

31
    elif isinstance(text, list):
32
        count = 0
33

34
        for _ in text:
35
            text[count] = int(_) if _.isdigit() else _
36
            count += 1
37

38
        if len(text) == 1 and tag not in ("clause", "where"):
39
            text = text[0]
40

41
    return text
42

43
def parseXmlNode(node):
44
    for element in node.findall("boundary"):
45
        boundary = AttribDict()
46

47
        for child in element:
48
            if child.text:
49
                values = cleanupVals(child.text, child.tag)
50
                boundary[child.tag] = values
51
            else:
52
                boundary[child.tag] = None
53

54
        conf.boundaries.append(boundary)
55

56
    for element in node.findall("test"):
57
        test = AttribDict()
58

59
        for child in element:
60
            if child.text and child.text.strip():
61
                values = cleanupVals(child.text, child.tag)
62
                test[child.tag] = values
63
            else:
64
                if len(child.findall("*")) == 0:
65
                    test[child.tag] = None
66
                    continue
67
                else:
68
                    test[child.tag] = AttribDict()
69

70
                for gchild in child:
71
                    if gchild.tag in test[child.tag]:
72
                        prevtext = test[child.tag][gchild.tag]
73
                        test[child.tag][gchild.tag] = [prevtext, gchild.text]
74
                    else:
75
                        test[child.tag][gchild.tag] = gchild.text
76

77
        conf.tests.append(test)
78

79
def loadBoundaries():
80
    """
81
    Loads boundaries from XML
82

83
    >>> conf.boundaries = []
84
    >>> loadBoundaries()
85
    >>> len(conf.boundaries) > 0
86
    True
87
    """
88

89
    try:
90
        doc = et.parse(paths.BOUNDARIES_XML)
91
    except Exception as ex:
92
        errMsg = "something appears to be wrong with "
93
        errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, getSafeExString(ex))
94
        errMsg += "sure that you haven't made any changes to it"
95
        raise SqlmapInstallationException(errMsg)
96

97
    root = doc.getroot()
98
    parseXmlNode(root)
99

100
def loadPayloads():
101
    """
102
    Loads payloads/tests from XML
103

104
    >>> conf.tests = []
105
    >>> loadPayloads()
106
    >>> len(conf.tests) > 0
107
    True
108
    """
109

110
    for payloadFile in PAYLOAD_XML_FILES:
111
        payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
112

113
        try:
114
            doc = et.parse(payloadFilePath)
115
        except Exception as ex:
116
            errMsg = "something appears to be wrong with "
117
            errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, getSafeExString(ex))
118
            errMsg += "sure that you haven't made any changes to it"
119
            raise SqlmapInstallationException(errMsg)
120

121
        root = doc.getroot()
122
        parseXmlNode(root)
123

124