1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import re
9

10
from lib.core.common import Backend
11
from lib.core.common import Format
12
from lib.core.common import unArrayizeValue
13
from lib.core.data import conf
14
from lib.core.data import kb
15
from lib.core.data import logger
16
from lib.core.enums import DBMS
17
from lib.core.session import setDbms
18
from lib.core.settings import HSQLDB_ALIASES
19
from lib.request import inject
20
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
21

22
class Fingerprint(GenericFingerprint):
23
    def __init__(self):
24
        GenericFingerprint.__init__(self, DBMS.HSQLDB)
25

26
    def getFingerprint(self):
27
        value = ""
28
        wsOsFp = Format.getOs("web server", kb.headersFp)
29

30
        if wsOsFp and not conf.api:
31
            value += "%s\n" % wsOsFp
32

33
        if kb.data.banner:
34
            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
35

36
            if dbmsOsFp and not conf.api:
37
                value += "%s\n" % dbmsOsFp
38

39
        value += "back-end DBMS: "
40
        actVer = Format.getDbms()
41

42
        if not conf.extensiveFp:
43
            value += actVer
44
            return value
45

46
        blank = " " * 15
47
        value += "active fingerprint: %s" % actVer
48

49
        if kb.bannerFp:
50
            banVer = kb.bannerFp.get("dbmsVersion")
51

52
            if banVer:
53
                if re.search(r"-log$", kb.data.banner or ""):
54
                    banVer += ", logging enabled"
55

56
                banVer = Format.getDbms([banVer])
57
                value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
58

59
        htmlErrorFp = Format.getErrorParsedDBMSes()
60

61
        if htmlErrorFp:
62
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
63

64
        return value
65

66
    def checkDbms(self):
67
        """
68
        References for fingerprint:
69
        DATABASE_VERSION()
70
        version 2.2.6 added two-arg REPLACE functio REPLACE('a','a') compared to REPLACE('a','a','d')
71
        version 2.2.5 added SYSTIMESTAMP function
72
        version 2.2.3 added REGEXPR_SUBSTRING and REGEXPR_SUBSTRING_ARRAY functions
73
        version 2.2.0 added support for ROWNUM() function
74
        version 2.1.0 added MEDIAN aggregate function
75
        version < 2.0.1 added support for datetime ROUND and TRUNC functions
76
        version 2.0.0 added VALUES support
77
        version 1.8.0.4 Added org.hsqldbdb.Library function, getDatabaseFullProductVersion to return the
78
                        full version string, including the 4th digit (e.g 1.8.0.4).
79
        version 1.7.2 CASE statements added and INFORMATION_SCHEMA
80

81
        """
82

83
        if not conf.extensiveFp and Backend.isDbmsWithin(HSQLDB_ALIASES):
84
            setDbms("%s %s" % (DBMS.HSQLDB, Backend.getVersion()))
85

86
            if Backend.isVersionGreaterOrEqualThan("1.7.2"):
87
                kb.data.has_information_schema = True
88

89
            self.getBanner()
90

91
            return True
92

93
        infoMsg = "testing %s" % DBMS.HSQLDB
94
        logger.info(infoMsg)
95

96
        result = inject.checkBooleanExpression("CASEWHEN(1=1,1,0)=1")
97

98
        if result:
99
            infoMsg = "confirming %s" % DBMS.HSQLDB
100
            logger.info(infoMsg)
101

102
            result = inject.checkBooleanExpression("LEAST(ROUNDMAGIC(PI()),3)=3")
103

104
            if not result:
105
                warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB
106
                logger.warning(warnMsg)
107

108
                return False
109
            else:
110
                result = inject.checkBooleanExpression("ZERO() IS 0")   # Note: check for H2 DBMS (sharing majority of same functions)
111
                if result:
112
                    warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB
113
                    logger.warning(warnMsg)
114

115
                    return False
116

117
                kb.data.has_information_schema = True
118
                Backend.setVersion(">= 1.7.2")
119
                setDbms("%s 1.7.2" % DBMS.HSQLDB)
120

121
                banner = self.getBanner()
122
                if banner:
123
                    Backend.setVersion("= %s" % banner)
124
                else:
125
                    if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"):
126
                        Backend.setVersionList([">= 2.0.0", "< 2.3.0"])
127
                    else:
128
                        banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True))
129
                        if banner:
130
                            Backend.setVersion("= %s" % banner)
131
                        else:
132
                            Backend.setVersionList([">= 1.7.2", "< 1.8.0"])
133

134
            return True
135
        else:
136
            warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB
137
            logger.warning(warnMsg)
138

139
            dbgMsg = "...or version is < 1.7.2"
140
            logger.debug(dbgMsg)
141

142
            return False
143

144
    def getHostname(self):
145
        warnMsg = "on HSQLDB it is not possible to enumerate the hostname"
146
        logger.warning(warnMsg)
147

148
    def checkDbmsOs(self, detailed=False):
149
        if Backend.getOs():
150
            infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()
151
            logger.info(infoMsg)
152
        else:
153
            self.userChooseDbmsOs()
154

155