tutorial0
diff --git a/‎lib/controller/action.py‎
Lines changed: 4 additions & 3 deletions b/‎lib/controller/action.py‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎lib/controller/checks.py‎
Lines changed: 19 additions & 19 deletions b/‎lib/controller/checks.py‎
Lines changed: 19 additions & 19 deletions
diff --git a/‎lib/controller/handler.py‎
Lines changed: 6 additions & 6 deletions b/‎lib/controller/handler.py‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎lib/core/agent.py‎
Lines changed: 33 additions & 34 deletions b/‎lib/core/agent.py‎
Lines changed: 33 additions & 34 deletions
@@ -8,7 +8,8 @@
 """
 
 from lib.controller.handler import setHandler
-from lib.core.common import getErrorParsedDBMSesFormatted
+from lib.core.common import backend
+from lib.core.common import format
 from lib.core.common import dataToStdout
 from lib.core.data import conf
 from lib.core.data import kb
@@ -30,8 +31,8 @@ def action():
     # system to be able to go ahead with the injection
     setHandler()
 
-    if not kb.dbmsDetected or not conf.dbmsHandler:
-        htmlParsed = getErrorParsedDBMSesFormatted()
+    if not backend.getDbms() or not conf.dbmsHandler:
+        htmlParsed = format.getErrorParsedDBMSes()
 
         errMsg  = "sqlmap was not able to fingerprint the "
         errMsg += "back-end database management system"
 
@@ -13,15 +13,14 @@
 
 from lib.core.agent import agent
 from lib.core.common import aliasToDbmsEnum
+from lib.core.common import backend
 from lib.core.common import beep
 from lib.core.common import extractRegexResult
 from lib.core.common import findDynamicContent
+from lib.core.common import format
 from lib.core.common import getComparePageRatio
 from lib.core.common import getCompiledRegex
-from lib.core.common import getErrorParsedDBMSes
-from lib.core.common import getErrorParsedDBMSesFormatted
-from lib.core.common import getIdentifiedDBMS
-from lib.core.common import getInjectionTests
+from lib.core.common import getSortedInjectionTests
 from lib.core.common import getUnicode
 from lib.core.common import popValue
 from lib.core.common import pushValue
@@ -50,6 +49,7 @@
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setDynamicMarkings
 from lib.core.settings import CONSTANT_RATIO
+from lib.core.settings import UNKNOWN_DBMS_VERSION
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.threads import getCurrentThreadData
 from lib.core.unescaper import unescaper
@@ -78,8 +78,8 @@ def unescapeDbms(payload, injection, dbms):
         payload = unescape(payload, dbms=dbms)
     elif conf.dbms is not None:
         payload = unescape(payload, dbms=conf.dbms)
-    elif getIdentifiedDBMS() is not None:
-        payload = unescape(payload, dbms=getIdentifiedDBMS())
+    elif backend.getIdentifiedDbms() is not None:
+        payload = unescape(payload, dbms=backend.getIdentifiedDbms())
 
     return payload
 
@@ -91,7 +91,7 @@ def checkSqlInjection(place, parameter, value):
     # Set the flag for sql injection test mode
     kb.testMode = True
 
-    for test in getInjectionTests():
+    for test in getSortedInjectionTests():
         try:
             if kb.endDetection:
                 break
@@ -164,19 +164,19 @@ def checkSqlInjection(place, parameter, value):
 
                     continue
 
-                if len(getErrorParsedDBMSes()) > 0 and dbms not in getErrorParsedDBMSes() and kb.skipOthersDbms is None:
+                if len(backend.getErrorParsedDBMSes()) > 0 and dbms not in backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None:
                     msg = "parsed error message(s) showed that the "
-                    msg += "back-end DBMS could be '%s'. " % getErrorParsedDBMSesFormatted()
+                    msg += "back-end DBMS could be %s. " % format.getErrorParsedDBMSes()
                     msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
 
                     if conf.realTest or readInput(msg, default="Y") in ("y", "Y"):
-                        kb.skipOthersDbms = getErrorParsedDBMSes()
+                        kb.skipOthersDbms = backend.getErrorParsedDBMSes()
 
                 if kb.skipOthersDbms and dbms not in kb.skipOthersDbms:
                     debugMsg = "skipping test '%s' because " % title
                     debugMsg += "the parsed error message(s) showed "
                     debugMsg += "that the back-end DBMS could be "
-                    debugMsg += "%s" % getErrorParsedDBMSesFormatted()
+                    debugMsg += "%s" % format.getErrorParsedDBMSes()
                     logger.debug(debugMsg)
 
                     continue
@@ -395,7 +395,7 @@ def checkSqlInjection(place, parameter, value):
 
                             # Force back-end DBMS according to the current
                             # test value for proper payload unescaping
-                            kb.misc.forcedDbms = dbms
+                            backend.forceDbms(dbms)
 
                             # Skip test if the user provided custom column
                             # range and this is not a custom UNION test
@@ -407,7 +407,7 @@ def checkSqlInjection(place, parameter, value):
 
                             configUnion(test.request.char, test.request.columns)
 
-                            if not getIdentifiedDBMS():
+                            if not backend.getIdentifiedDbms():
                                 warnMsg = "using unescaped version of the test "
                                 warnMsg += "because of zero knowledge of the "
                                 warnMsg += "back-end DBMS"
@@ -426,8 +426,8 @@ def checkSqlInjection(place, parameter, value):
                                 # by unionTest() directly
                                 where = vector[6]
 
-                            # Reset back-end DBMS value
-                            kb.misc.forcedDbms = None
+                            # Reset forced back-end DBMS value
+                            backend.flushForcedDbms()
 
                     # If the injection test was successful feed the injection
                     # object with the test's details
@@ -481,18 +481,18 @@ def checkSqlInjection(place, parameter, value):
                                         if inp == injection.dbms:
                                             break
                                         elif inp == dValue:
-                                            kb.dbms = aliasToDbmsEnum(inp)
+                                            backend.setDbms(inp)
                                             injection.dbms = aliasToDbmsEnum(inp)
                                             injection.dbms_version = None
                                             break
                                         else:
                                             warnMsg = "invalid value"
                                             logger.warn(warnMsg)
                                 elif dKey == "dbms" and injection.dbms is None:
-                                    kb.dbms = aliasToDbmsEnum(dValue)
+                                    backend.setDbms(dValue)
                                     injection.dbms = aliasToDbmsEnum(dValue)
                                 elif dKey == "dbms_version" and injection.dbms_version is None:
-                                    kb.dbmsVersion = [ dValue ]
+                                    backend.setVersion(dValue)
                                     injection.dbms_version = dValue
                                 elif dKey == "os" and injection.os is None:
                                     injection.os = dValue
@@ -558,7 +558,7 @@ def heuristicCheckSqlInjection(place, parameter):
     infoMsg += "parameter '%s' might " % parameter
 
     if result:
-        infoMsg += "be injectable (possible DBMS: %s)" % (getErrorParsedDBMSesFormatted() or 'Unknown')
+        infoMsg += "be injectable (possible DBMS: %s)" % (format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
         logger.info(infoMsg)
     else:
         infoMsg += "not be injectable"
 
@@ -7,7 +7,7 @@
 See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.common import getIdentifiedDBMS
+from lib.core.common import backend
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.data import conf
@@ -63,11 +63,11 @@ def setHandler():
                   ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
                 ]
 
-    if getIdentifiedDBMS() is not None:
+    if backend.getIdentifiedDbms() is not None:
         for i in xrange(len(dbmsObj)):
             dbmsAliases, _, _ = dbmsObj[i]
 
-            if getIdentifiedDBMS().lower() in dbmsAliases:
+            if backend.getIdentifiedDbms().lower() in dbmsAliases:
                 if i > 0:
                     pushValue(dbmsObj[i])
                     dbmsObj.remove(dbmsObj[i])
@@ -94,12 +94,12 @@ def setHandler():
             conf.dbmsConnector.connect()
 
         if handler.checkDbms():
-            kb.dbmsDetected = True
             conf.dbmsHandler = handler
 
             break
         else:
             conf.dbmsConnector = None
 
-    # At this point proper back-end DBMS is fingerprinted (kb.dbms)
-    kb.misc.forcedDbms = None
+    # At this point back-end DBMS is correctly fingerprinted, no need
+    # to enforce it anymore
+    backend.flushForcedDbms()
@@ -11,9 +11,8 @@
 
 from xml.etree import ElementTree as ET
 
+from lib.core.common import backend
 from lib.core.common import getCompiledRegex
-from lib.core.common import getErrorParsedDBMSes
-from lib.core.common import getIdentifiedDBMS
 from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomInt
@@ -206,8 +205,8 @@ def cleanupPayload(self, payload, origvalue=None, query=None):
             payload = payload.replace("[ORIGVALUE]", origvalue)
 
         if "[INFERENCE]" in payload:
-            if getIdentifiedDBMS() is not None:
-                inference = queries[getIdentifiedDBMS()].inference
+            if backend.getIdentifiedDbms() is not None:
+                inference = queries[backend.getIdentifiedDbms()].inference
 
                 if "dbms_version" in inference:
                     if isDBMSVersionAtLeast(inference.dbms_version):
@@ -265,17 +264,17 @@ def nullAndCastField(self, field):
 
         # SQLite version 2 does not support neither CAST() nor IFNULL(),
         # introduced only in SQLite version 3
-        if getIdentifiedDBMS() == DBMS.SQLITE:
+        if backend.getIdentifiedDbms() == DBMS.SQLITE:
             return field
 
         if field.startswith("(CASE"):
             nulledCastedField = field
         else:
-            nulledCastedField = queries[getIdentifiedDBMS()].cast.query % field
-            if getIdentifiedDBMS() == DBMS.ACCESS:
-                nulledCastedField = queries[getIdentifiedDBMS()].isnull.query % (nulledCastedField, nulledCastedField)
+            nulledCastedField = queries[backend.getIdentifiedDbms()].cast.query % field
+            if backend.getIdentifiedDbms() == DBMS.ACCESS:
+                nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
             else:
-                nulledCastedField = queries[getIdentifiedDBMS()].isnull.query % nulledCastedField
+                nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % nulledCastedField
 
         return nulledCastedField
 
@@ -309,12 +308,12 @@ def nullCastConcatFields(self, fields):
         @rtype: C{str}
         """
 
-        if not kb.dbmsDetected:
+        if not backend.getDbms():
             return fields
 
         fields = fields.replace(", ", ",")
         fieldsSplitted = fields.split(",")
-        dbmsDelimiter = queries[getIdentifiedDBMS()].delimiter.query
+        dbmsDelimiter = queries[backend.getIdentifiedDbms()].delimiter.query
         nulledCastedFields = []
 
         for field in fieldsSplitted:
@@ -377,13 +376,13 @@ def getFields(self, query):
     def simpleConcatQuery(self, query1, query2):
         concatenatedQuery = ""
 
-        if getIdentifiedDBMS() == DBMS.MYSQL:
+        if backend.getIdentifiedDbms() == DBMS.MYSQL:
             concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
 
-        elif getIdentifiedDBMS() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
+        elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
             concatenatedQuery = "%s||%s" % (query1, query2)
 
-        elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+        elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
             concatenatedQuery = "%s+%s" % (query1, query2)
 
         return concatenatedQuery
@@ -425,7 +424,7 @@ def concatQuery(self, query, unpack=True):
             concatenatedQuery = query
             fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query)
 
-        if getIdentifiedDBMS() == DBMS.MYSQL:
+        if backend.getIdentifiedDbms() == DBMS.MYSQL:
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
                 concatenatedQuery += ",'%s')" % kb.misc.stop
@@ -438,7 +437,7 @@ def concatQuery(self, query, unpack=True):
             elif fieldsNoSelect:
                 concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
 
-        elif getIdentifiedDBMS() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
+        elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
                 concatenatedQuery += "||'%s'" % kb.misc.stop
@@ -451,10 +450,10 @@ def concatQuery(self, query, unpack=True):
             elif fieldsNoSelect:
                 concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
 
-            if getIdentifiedDBMS() == DBMS.ORACLE and " FROM " not in concatenatedQuery and (fieldsSelect or fieldsNoSelect):
+            if backend.getIdentifiedDbms() == DBMS.ORACLE and " FROM " not in concatenatedQuery and (fieldsSelect or fieldsNoSelect):
                 concatenatedQuery += " FROM DUAL"
 
-        elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+        elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
                 concatenatedQuery += "+'%s'" % kb.misc.stop
@@ -520,8 +519,8 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
             intoRegExp = intoRegExp.group(1)
             query = query[:query.index(intoRegExp)]
 
-        if getIdentifiedDBMS() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[getIdentifiedDBMS()]):
-            inbandQuery = inbandQuery[:-len(FROM_TABLE[getIdentifiedDBMS()])]
+        if backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
+            inbandQuery = inbandQuery[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]
 
         for element in range(count):
             if element > 0:
@@ -540,9 +539,9 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
             conditionIndex = query.index(" FROM ")
             inbandQuery += query[conditionIndex:]
 
-        if getIdentifiedDBMS() in FROM_TABLE:
+        if backend.getIdentifiedDbms() in FROM_TABLE:
             if " FROM " not in inbandQuery:
-                inbandQuery += FROM_TABLE[getIdentifiedDBMS()]
+                inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
 
         if intoRegExp:
             inbandQuery += intoRegExp
@@ -559,8 +558,8 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
                 else:
                     inbandQuery += char
 
-            if getIdentifiedDBMS() in FROM_TABLE:
-                inbandQuery += FROM_TABLE[getIdentifiedDBMS()]
+            if backend.getIdentifiedDbms() in FROM_TABLE:
+                inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
 
         inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
 
@@ -589,21 +588,21 @@ def limitQuery(self, num, query, field=None):
         """
 
         limitedQuery = query
-        limitStr = queries[getIdentifiedDBMS()].limit.query
+        limitStr = queries[backend.getIdentifiedDbms()].limit.query
         fromIndex = limitedQuery.index(" FROM ")
         untilFrom = limitedQuery[:fromIndex]
         fromFrom = limitedQuery[fromIndex+1:]
         orderBy = False
 
-        if getIdentifiedDBMS() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
-            limitStr = queries[getIdentifiedDBMS()].limit.query % (num, 1)
+        if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
+            limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num, 1)
             limitedQuery += " %s" % limitStr
 
-        elif getIdentifiedDBMS() == DBMS.FIREBIRD:
-            limitStr = queries[getIdentifiedDBMS()].limit.query % (num+1, num+1)
+        elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+            limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
             limitedQuery += " %s" % limitStr
 
-        elif getIdentifiedDBMS() == DBMS.ORACLE:
+        elif backend.getIdentifiedDbms() == DBMS.ORACLE:
             if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
                 orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
                 limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
@@ -615,7 +614,7 @@ def limitQuery(self, num, query, field=None):
             limitedQuery = limitedQuery % fromFrom
             limitedQuery += "=%d" % (num + 1)
 
-        elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+        elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
             forgeNotIn = True
 
             if " ORDER BY " in limitedQuery:
@@ -629,7 +628,7 @@ def limitQuery(self, num, query, field=None):
                 limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
 
             if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
-                topNums = re.search(queries[getIdentifiedDBMS()].limitregexp.query, limitedQuery, re.I)
+                topNums = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)
 
                 if topNums:
                     topNums = topNums.groups()
@@ -675,8 +674,8 @@ def forgeCaseStatement(self, expression):
         @rtype: C{str}
         """
 
-        if getIdentifiedDBMS() is not None and hasattr(queries[getIdentifiedDBMS()], "case"):
-            return queries[getIdentifiedDBMS()].case.query % expression
+        if backend.getIdentifiedDbms() is not None and hasattr(queries[backend.getIdentifiedDbms()], "case"):
+            return queries[backend.getIdentifiedDbms()].case.query % expression
         else:
             return expression