1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import re
9

10
from lib.core.common import Backend
11
from lib.core.convert import getBytes
12
from lib.core.data import conf
13
from lib.core.enums import DBMS
14
from lib.core.exception import SqlmapUndefinedMethod
15

16
class Syntax(object):
17
    """
18
    This class defines generic syntax functionalities for plugins.
19
    """
20

21
    def __init__(self):
22
        pass
23

24
    @staticmethod
25
    def _escape(expression, quote=True, escaper=None):
26
        retVal = expression
27

28
        if quote:
29
            for item in re.findall(r"'[^']*'+", expression):
30
                original = item[1:-1]
31
                if original:
32
                    if Backend.isDbms(DBMS.SQLITE) and "X%s" % item in expression:
33
                        continue
34
                    if re.search(r"\[(SLEEPTIME|RAND)", original) is None:  # e.g. '[SLEEPTIME]' marker
35
                        replacement = escaper(original) if not conf.noEscape else original
36

37
                        if replacement != original:
38
                            retVal = retVal.replace(item, replacement)
39
                        elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL):
40
                            retVal = retVal.replace("'%s'" % original, "n'%s'" % original)
41
        else:
42
            retVal = escaper(expression)
43

44
        return retVal
45

46
    @staticmethod
47
    def escape(expression, quote=True):
48
        errMsg = "'escape' method must be defined "
49
        errMsg += "inside the specific DBMS plugin"
50
        raise SqlmapUndefinedMethod(errMsg)
51

52