def htmlParser(page):
"""
This function calls a class that parses the input HTML page to
fingerprint the back-end database management system
"""
xmlfile = paths.ERRORS_XML
checkFile(xmlfile)
page = sanitizeStr(page)
handler = htmlHandler(page)
parse(xmlfile, handler)
if handler.dbms and handler.dbms not in kb.htmlFp:
kb.htmlFp.append(handler.dbms)
return handler.dbms
python类parse()的实例源码
def main():
xmlString = "<note>\n<to>Tove</to>\n<from>Jani</from>\n<heading>Reminder</heading>\n<body>Don't forget me this weekend!</body>\n</note>"
# bad
xml.sax.parseString(xmlString, ExampleContentHandler())
xml.sax.parse('notaxmlfilethatexists.xml', ExampleContentHandler())
sax.parseString(xmlString, ExampleContentHandler())
sax.parse('notaxmlfilethatexists.xml', ExampleContentHandler)
# good
defusedxml.sax.parseString(xmlString, ExampleContentHandler())
# bad
xml.sax.make_parser()
sax.make_parser()
print('nothing')
# good
defusedxml.sax.make_parser()
def getAutoDirectories():
retVal = set()
if kb.absFilePaths:
infoMsg = "retrieved web server absolute paths: "
infoMsg += "'%s'" % ", ".join(ntToPosixSlashes(path) for path in kb.absFilePaths)
logger.info(infoMsg)
for absFilePath in kb.absFilePaths:
if absFilePath:
directory = directoryPath(absFilePath)
directory = ntToPosixSlashes(directory)
retVal.add(directory)
else:
warnMsg = "unable to automatically parse any web server path"
logger.warn(warnMsg)
_ = extractRegexResult(r"//[^/]+?(?P<result>/.*)/", conf.url) # web directory
if _:
retVal.add(_)
return list(retVal)
def extractErrorMessage(page):
"""
Returns reported error message from page if it founds one
>>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>')
u'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
"""
retVal = None
if isinstance(page, basestring):
for regex in ERROR_PARSING_REGEXES:
match = re.search(regex, page, re.DOTALL | re.IGNORECASE)
if match:
retVal = htmlunescape(match.group("result")).replace("<br>", "\n").strip()
break
return retVal
def getAutoDirectories():
retVal = set()
if kb.absFilePaths:
infoMsg = "retrieved web server absolute paths: "
infoMsg += "'%s'" % ", ".join(ntToPosixSlashes(path) for path in kb.absFilePaths)
logger.info(infoMsg)
for absFilePath in kb.absFilePaths:
if absFilePath:
directory = directoryPath(absFilePath)
directory = ntToPosixSlashes(directory)
retVal.add(directory)
else:
warnMsg = "unable to automatically parse any web server path"
logger.warn(warnMsg)
return list(retVal)
def extractErrorMessage(page):
"""
Returns reported error message from page if it founds one
>>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>')
u'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
"""
retVal = None
if isinstance(page, basestring):
for regex in ERROR_PARSING_REGEXES:
match = re.search(regex, page, re.DOTALL | re.IGNORECASE)
if match:
retVal = htmlunescape(match.group("result")).replace("<br>", "\n").strip()
break
return retVal
def extractErrorMessage(page):
"""
Returns reported error message from page if it founds one
>>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>')
u'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
"""
retVal = None
if isinstance(page, basestring):
for regex in ERROR_PARSING_REGEXES:
match = re.search(regex, page, re.DOTALL | re.IGNORECASE)
if match:
retVal = htmlunescape(match.group("result")).replace("<br>", "\n").strip()
break
return retVal
def __init__(self, filename_or_stream_or_string):
'Initialize the Stream object.'
self.__stream = []
if isinstance(filename_or_stream_or_string, str):
if _os.path.exists(filename_or_stream_or_string):
_xml_sax.parse(filename_or_stream_or_string, self)
else:
_xml_sax.parseString(filename_or_stream_or_string, self)
else:
_xml_sax.parse(filename_or_stream_or_string, self)
self.__maximized = self.__minimized = False
def parse(self, handler):
'Simulate events on a handler.'
for event in self:
event(handler)
def bannerParser(banner):
"""
This function calls a class to extract information from the given
DBMS banner based upon the data in XML file
"""
if kb.dbms == "Microsoft SQL Server":
xmlfile = paths.MSSQL_XML
elif kb.dbms == "MySQL":
xmlfile = paths.MYSQL_XML
elif kb.dbms == "Oracle":
xmlfile = paths.ORACLE_XML
elif kb.dbms == "PostgreSQL":
xmlfile = paths.PGSQL_XML
checkFile(xmlfile)
if kb.dbms == "Microsoft SQL Server":
handler = MSSQLBannerHandler(banner)
parse(xmlfile, handler)
handler = FingerprintHandler(banner, kb.bannerFp)
parse(paths.GENERIC_XML, handler)
else:
handler = FingerprintHandler(banner, kb.bannerFp)
parse(xmlfile, handler)
parse(paths.GENERIC_XML, handler)
def headersParser(headers):
"""
This function calls a class that parses the input HTTP headers to
fingerprint the back-end database management system operating system
and the web application technology
"""
# It is enough to parse the headers on first four HTTP responses
if kb.headersCount > 3:
return
kb.headersCount += 1
topHeaders = {
"cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
"microsoftsharepointteamservices": "%s/sharepoint.xml" % paths.SQLMAP_XML_BANNER_PATH,
"server": "%s/server.xml" % paths.SQLMAP_XML_BANNER_PATH,
"servlet-engine": "%s/servlet.xml" % paths.SQLMAP_XML_BANNER_PATH,
"set-cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
"x-aspnet-version": "%s/x-aspnet-version.xml" % paths.SQLMAP_XML_BANNER_PATH,
"x-powered-by": "%s/x-powered-by.xml" % paths.SQLMAP_XML_BANNER_PATH,
}
for header in headers:
if header in topHeaders.keys():
value = headers[header]
xmlfile = topHeaders[header]
checkFile(xmlfile)
handler = FingerprintHandler(value, kb.headersFp)
parse(xmlfile, handler)
parse(paths.GENERIC_XML, handler)
def queriesParser():
"""
This function calls a class to parse the default DBMS queries
from an XML file
"""
debugMsg = "parsing XML queries file"
logger.debug(debugMsg)
xmlfile = paths.QUERIES_XML
checkFile(xmlfile)
handler = queriesHandler()
parse(xmlfile, handler)
def getAutoDirectories():
retVal = set()
if kb.absFilePaths:
infoMsg = "retrieved web server absolute paths: "
infoMsg += "'%s'" % ", ".join(ntToPosixSlashes(path) for path in kb.absFilePaths)
logger.info(infoMsg)
for absFilePath in kb.absFilePaths:
if absFilePath:
directory = directoryPath(absFilePath)
directory = ntToPosixSlashes(directory)
retVal.add(directory)
else:
warnMsg = "unable to automatically parse any web server path"
logger.warn(warnMsg)
return list(retVal)
def parseXmlFile(xmlFile, handler):
"""
Parses XML file by a given handler
"""
try:
with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
parse(stream, handler)
except (SAXParseException, UnicodeError), ex:
errMsg = "something appears to be wrong with "
errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, getSafeExString(ex))
errMsg += "sure that you haven't made any changes to it"
raise SqlmapInstallationException, errMsg
def readXmlFile(xmlFile):
"""
Reads XML file content and returns its DOM representation
"""
checkFile(xmlFile)
retVal = minidom.parse(xmlFile).documentElement
return retVal
def extractErrorMessage(page):
"""
Returns reported error message from page if it founds one
>>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>')
u'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
"""
retVal = None
if isinstance(page, basestring):
for regex in ERROR_PARSING_REGEXES:
match = re.search(regex, page, re.DOTALL | re.IGNORECASE)
if match:
retVal = htmlunescape(match.group("result")).replace("<br>", "\n").strip()
break
return retVal
def parseXmlFile(xmlFile, handler):
"""
Parses XML file by a given handler
"""
try:
with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
parse(stream, handler)
except (SAXParseException, UnicodeError), ex:
errMsg = "something seems to be wrong with "
errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, ex)
errMsg += "sure that you haven't made any changes to it"
raise SqlmapInstallationException, errMsg
def readXmlFile(xmlFile):
"""
Reads XML file content and returns its DOM representation
"""
checkFile(xmlFile)
retVal = minidom.parse(xmlFile).documentElement
return retVal
def parseXmlFile(xmlFile, handler):
"""
Parses XML file by a given handler
"""
try:
with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
parse(stream, handler)
except (SAXParseException, UnicodeError), ex:
errMsg = "something appears to be wrong with "
errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, getSafeExString(ex))
errMsg += "sure that you haven't made any changes to it"
raise SqlmapInstallationException, errMsg
def readXmlFile(xmlFile):
"""
Reads XML file content and returns its DOM representation
"""
checkFile(xmlFile)
retVal = minidom.parse(xmlFile).documentElement
return retVal
def parseXmlFile(xmlFile, handler):
"""
Parses XML file by a given handler
"""
with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
parse(stream, handler)
def readXmlFile(xmlFile):
"""
Reads XML file content and returns its DOM representation
"""
checkFile(xmlFile)
retVal = minidom.parse(xmlFile).documentElement
return retVal
def create_month_form(year=None, month=None):
# region V2
if z_cgi.dictionary['select'] == 'Load':
load = True
filename = os.path.join('C:\\Documents and Settings\\%s\\Desktop' % getpass.getuser(), z_cgi.dictionary['filename'])
s = Stream(filename)
s.minimize()
parser = MonthParser()
s.parse(parser)
year = parser.year
month = parser.month
else:
load = False
# endregion
m_a_y = '%s %s' % (z_html.calendar.month_name[month], year)
h_month = z_html.HTML_Month(month, year, 0, ' ')
h_month.set_month(height='100%', width='100%', border=1)
h_month.set_week(valign='top')
h_month.set_day(width='14%')
for x in range(z_html.calendar.monthrange(year, month)[1]):
# region V2
if load:
try:
h_month.mutate(x + 1, '<textarea name="ta%s">%s</textarea>' % (x, parser.days[x]))
h_month.special(x + 1, True)
except:
h_month.mutate(x + 1, '<textarea name="ta%s"></textarea>' % x)
else:
h_month.mutate(x + 1, '<textarea name="ta%s"></textarea>' % x)
# endregion
h_table = z_html.HTML_Table(1, 1, 3, ' ')
if load:
h_table.special(0, 0, True)
h_table.mutate(0, 0, '<b>%s</b>\n%s' % (m_a_y, h_month.html()))
h_table.set_table(width='100%', height='100%')
# region V2
controls = z_html.HTML_Table(2, 3, 3, ' ')
controls.mutate(0, 0, 'HTML:')
controls.mutate(0, 1, '<input type="text" name="filename" value="%s.htm">' % m_a_y)
controls.mutate(0, 2, '<input type="submit" value="Create" name="action">')
controls.mutate(1, 0, 'XML:')
controls.mutate(1, 1, '<input type="text" name="xml", value="%s.xml">' % m_a_y)
controls.mutate(1, 2, '<input type="submit" value="Save" name="action">')
# endregion
data = SECOND_FORM % (m_a_y,
os.path.basename(sys.argv[0]),
month,
year,
h_table.html(),
controls.html())
z_cgi.print_html(data)
def create_print(month, year):
# region V2
if z_cgi.dictionary['action'] == 'Save':
save = True
stream = [startDocument(),
startElement('Calendar', xml.sax.xmlreader.AttributesImpl({})),
startElement('Date', xml.sax.xmlreader.AttributesImpl({})),
startElement('Month', xml.sax.xmlreader.AttributesImpl({})),
characters(str(month)),
endElement('Month'),
startElement('Year', xml.sax.xmlreader.AttributesImpl({})),
characters(str(year)),
endElement('Year'),
endElement('Date'),
startElement('Days', xml.sax.xmlreader.AttributesImpl({}))]
else:
save = False
# endregion
m_a_y = '%s %s' % (z_html.calendar.month_name[month], year)
h_month = z_html.HTML_Month(month, year, 0, ' ')
h_month.set_month(height='100%', width='100%', border=1)
h_month.set_week(valign='top')
h_month.set_day(width='14%')
for x in range(z_html.calendar.monthrange(year, month)[1]):
h_month.mutate(x + 1, '<br>'.join(z_cgi.dictionary['ta%s' % x].splitlines()))
# region V2
if save and z_cgi.dictionary['ta%s' % x]:
stream.extend([startElement('TextArea', xml.sax.xmlreader.AttributesImpl({'day': str(x)})),
characters(z_cgi.dictionary['ta%s' % x]),
endElement('TextArea')])
# endregion
h_table = z_html.HTML_Table(1, 1, 2, ' ')
h_table.mutate(0, 0, '<b>%s</b>\n%s' % (m_a_y, h_month.html()))
h_table.set_table(width='100%', height='100%')
# region V2
name = 'C:\\Documents and Settings\\%s\\Desktop' % getpass.getuser()
if save:
stream.extend([endElement('Days'),
endElement('Calendar'),
endDocument()])
data = StringIO.StringIO()
xml_gen = xml.sax.saxutils.XMLGenerator(data)
for event in stream:
event(xml_gen)
stream = Stream(data.getvalue())
stream.maximize(' ')
stream.parse(xml.sax.saxutils.XMLGenerator(file(os.path.join(name, z_cgi.dictionary['xml']), 'w')))
# endregion
data = THIRD_FORM % (m_a_y, h_table.html())
# region V2
if z_cgi.dictionary['action'] == 'Create':
file(os.path.join(name, z_cgi.dictionary['filename']), 'w').write(data)
# endregion
z_cgi.print_html(data)
