Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/lib/request/direct.py
2989 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import re

9
import time

10


11
from lib.core.agent import agent

12
from lib.core.common import Backend

13
from lib.core.common import calculateDeltaSeconds

14
from lib.core.common import extractExpectedValue

15
from lib.core.common import getCurrentThreadData

16
from lib.core.common import hashDBRetrieve

17
from lib.core.common import hashDBWrite

18
from lib.core.common import isListLike

19
from lib.core.convert import getUnicode

20
from lib.core.data import conf

21
from lib.core.data import kb

22
from lib.core.data import logger

23
from lib.core.dicts import SQL_STATEMENTS

24
from lib.core.enums import CUSTOM_LOGGING

25
from lib.core.enums import DBMS

26
from lib.core.enums import EXPECTED

27
from lib.core.enums import TIMEOUT_STATE

28
from lib.core.settings import UNICODE_ENCODING

29
from lib.utils.safe2bin import safecharencode

30
from lib.utils.timeout import timeout

31


32
def direct(query, content=True):

33
    select = True

34
    query = agent.payloadDirect(query)

35
    query = agent.adjustLateValues(query)

36
    threadData = getCurrentThreadData()

37


38
    if Backend.isDbms(DBMS.ORACLE) and query.upper().startswith("SELECT ") and " FROM " not in query.upper():

39
        query = "%s FROM DUAL" % query

40


41
    for sqlTitle, sqlStatements in SQL_STATEMENTS.items():

42
        for sqlStatement in sqlStatements:

43
            if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement":

44
                select = False

45
                break

46


47
    if select:

48
        if re.search(r"(?i)\ASELECT ", query) is None:

49
            query = "SELECT %s" % query

50


51
        if conf.binaryFields:

52
            for field in conf.binaryFields:

53
                field = field.strip()

54
                if re.search(r"\b%s\b" % re.escape(field), query):

55
                    query = re.sub(r"\b%s\b" % re.escape(field), agent.hexConvertField(field), query)

56


57
    logger.log(CUSTOM_LOGGING.PAYLOAD, query)

58


59
    output = hashDBRetrieve(query, True, True)

60
    start = time.time()

61


62
    if not select and re.search(r"(?i)\bEXEC ", query) is None:

63
        timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)

64
    elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):

65
        output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)

66
        if state == TIMEOUT_STATE.NORMAL:

67
            hashDBWrite(query, output, True)

68
        elif state == TIMEOUT_STATE.TIMEOUT:

69
            conf.dbmsConnector.close()

70
            conf.dbmsConnector.connect()

71
    elif output:

72
        infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20]

73
        logger.info(infoMsg)

74


75
    threadData.lastQueryDuration = calculateDeltaSeconds(start)

76


77
    if not output:

78
        return output

79
    elif content:

80
        if output and isListLike(output):

81
            if len(output[0]) == 1:

82
                output = [_[0] for _ in output]

83


84
        retVal = getUnicode(output, noneToNull=True)

85
        return safecharencode(retVal) if kb.safeCharEncode else retVal

86
    else:

87
        return extractExpectedValue(output, EXPECTED.BOOL)

88


89