sqlmap-checkEnvironment函数解读

注入 Sqlmap

创建时间:2019-04-17 09:24

阅读:

准备
基础知识
源码解读

准备

版本：sqlmap1.3.4#stable
位置：sqlmap.py line 96
作用：检查sqlmap的运行环境，导入全局变量

基础知识

检查modulePath()的返回值是否为文件夹：

1	os.path.isdir(modulePath())

这个函数就在checkEnvironment函数的上面：

def modulePath():
    """
    This will get us the program's directory, even if we are frozen
    using py2exe
    """

    try:
        _ = sys.executable if weAreFrozen() else __file__
    except NameError:
        _ = inspect.getsourcefile(modulePath)

    return getUnicode(os.path.dirname(os.path.realpath(_)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)

sys.executable返回了python.exe的绝对路径
如果报错，则_的值为modulePath所在的路径
最后返回路径

返回来看我们的checkEnvironment函数：

except UnicodeEncodeError:
    errMsg = "your system does not properly handle non-ASCII paths. "
    errMsg += "Please move the sqlmap's directory to the other location"
    logger.critical(errMsg)
    raise SystemExit

if distutils.version.LooseVersion(VERSION) < distutils.version.LooseVersion("1.0"):
    errMsg = "your runtime environment (e.g. PYTHONPATH) is "
    errMsg += "broken. Please make sure that you are not running "
    errMsg += "newer versions of sqlmap with runtime scripts for older "
    errMsg += "versions"
    logger.critical(errMsg)
    raise SystemExit

报错则输出报错信息

如果sqlmap.sqlmap在sys模块中，则会定义(“cmdLineOptions”, “conf”, “kb”)这三个全局变量，他们的名称和值，定义在sqlmap/lib/core/data.py下面，后面的for循环也是定义了(“SqlmapBaseException”, “SqlmapShellQuitException”, “SqlmapSilentQuitException”, “SqlmapUserQuitException”)变量的值。

    if "sqlmap.sqlmap" in sys.modules:
        for _ in ("cmdLineOptions", "conf", "kb"):
            globals()[_] = getattr(sys.modules["lib.core.data"], _)

        for _ in ("SqlmapBaseException", "SqlmapShellQuitException", "SqlmapSilentQuitException", "SqlmapUserQuitException"):
            globals()[_] = getattr(sys.modules["lib.core.exception"], _)
globals()返回的是全局变量的一个字典
globals()[_]=..... 定义全局变量_的值

源码解读

def checkEnvironment():
    try:
        os.path.isdir(modulePath())
    except UnicodeEncodeError:
        errMsg = "your system does not properly handle non-ASCII paths. "
        errMsg += "Please move the sqlmap's directory to the other location"
        logger.critical(errMsg)
        raise SystemExit

    if distutils.version.LooseVersion(VERSION) < distutils.version.LooseVersion("1.0"):
        errMsg = "your runtime environment (e.g. PYTHONPATH) is "
        errMsg += "broken. Please make sure that you are not running "
        errMsg += "newer versions of sqlmap with runtime scripts for older "
        errMsg += "versions"
        logger.critical(errMsg)
        raise SystemExit

    # Patch for pip (import) environment
    if "sqlmap.sqlmap" in sys.modules:
        for _ in ("cmdLineOptions", "conf", "kb"):
            globals()[_] = getattr(sys.modules["lib.core.data"], _)

        for _ in ("SqlmapBaseException", "SqlmapShellQuitException", "SqlmapSilentQuitException", "SqlmapUserQuitException"):
            globals()[_] = getattr(sys.modules["lib.core.exception"], _)

这里也就粗略的说了一下，要再细讲要讲很多了。

转载请注明来源，欢迎对文章中的引用来源进行考证，欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论，也可以邮件至 sher10cksec@foxmail.com