1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import re
9

10
from lib.core.common import readInput
11
from lib.core.data import kb
12
from lib.core.data import logger
13
from lib.core.datatype import OrderedSet
14
from lib.core.exception import SqlmapSyntaxException
15
from lib.request.connect import Connect as Request
16
from thirdparty.six.moves import http_client as _http_client
17

18
abortedFlag = None
19

20
def parseSitemap(url, retVal=None):
21
    global abortedFlag
22

23
    if retVal is not None:
24
        logger.debug("parsing sitemap '%s'" % url)
25

26
    try:
27
        if retVal is None:
28
            abortedFlag = False
29
            retVal = OrderedSet()
30

31
        try:
32
            content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else ""
33
        except _http_client.InvalidURL:
34
            errMsg = "invalid URL given for sitemap ('%s')" % url
35
            raise SqlmapSyntaxException(errMsg)
36

37
        for match in re.finditer(r"<loc>\s*([^<]+)", content or ""):
38
            if abortedFlag:
39
                break
40
            url = match.group(1).strip()
41
            if url.endswith(".xml") and "sitemap" in url.lower():
42
                if kb.followSitemapRecursion is None:
43
                    message = "sitemap recursion detected. Do you want to follow? [y/N] "
44
                    kb.followSitemapRecursion = readInput(message, default='N', boolean=True)
45
                if kb.followSitemapRecursion:
46
                    parseSitemap(url, retVal)
47
            else:
48
                retVal.add(url)
49

50
    except KeyboardInterrupt:
51
        abortedFlag = True
52
        warnMsg = "user aborted during sitemap parsing. sqlmap "
53
        warnMsg += "will use partial list"
54
        logger.warning(warnMsg)
55

56
    return retVal
57

58