Adding missing Spanner directory (#6025)

stamparm · stamparm · commit eeb16d155c89 · 2026-03-15T13:09:51.000+01:00
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -188,7 +188,7 @@ d9b37177efcaba035c7fabe7d015a3b63d9cfe502bb4998ff71e47f825eeaaca  lib/core/patch
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-d524f3ebcb647f7d7018922d86d35103379e921a9b5d05cf762b7d5c6ad82c47  lib/core/settings.py
+76185a4a072f97b95162bb4e141b354436daa0f7a64e8740e833cfe5fa836e62  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
@@ -439,6 +439,13 @@ b76606fe4dee18467bc0d19af1e6ab38c0b5593c6c0f2068a8d4c664d4bd71d8  plugins/dbms/r
 1de7c93b445deb0766c314066cb122535e9982408614b0ff952a97cbae9b813a  plugins/dbms/snowflake/__init__.py
 859cc5b9be496fe35f2782743f8e573ff9d823de7e99b0d32dbc250c361c653e  plugins/dbms/snowflake/syntax.py
 da43fed8bfa4a94aaceb63e760c69e9927c1640e45e457b8f03189be6604693f  plugins/dbms/snowflake/takeover.py
+0163ce14bfa49b7485ab430be1fa33366c9f516573a89d89120f812ffdbc0c83  plugins/dbms/spanner/connector.py
+6392bd210e740df6c21befc1c4f74cc88ab8ee8d774fd41c0389d132c11c745a  plugins/dbms/spanner/enumeration.py
+672dc9b3d291aa4f5d6c4cbe364e92b92e19ee6de86f6d9b9a4dda7d5611b409  plugins/dbms/spanner/filesystem.py
+30f4caea09eb300a8b16ff2609960d165d8a7fa0f3034c345fea24002fea2670  plugins/dbms/spanner/fingerprint.py
+7c46a84ece581b5284ffd604b54bacb38acc87ea7fbac31aae38e20eb4ead31a  plugins/dbms/spanner/__init__.py
+54a184528a74d7e1ff3131cbca2efa86bbf63c2b2623fb9a395bdb5d2db6cf5a  plugins/dbms/spanner/syntax.py
+949add058f3774fbed41a6a724985ac902abe03b0617ec99698e3a29292efa43  plugins/dbms/spanner/takeover.py
 cae01d387617e3986b9cfb23519b7c6a444e2d116f2dc774163abec0217f6ed6  plugins/dbms/sqlite/connector.py
 fbcff0468fcccd9f86277d205b33f14578b7550b33d31716fd10003f16122752  plugins/dbms/sqlite/enumeration.py
 013f6cf4d04edce3ee0ede73b6415a2774e58452a5365ab5f7a49c77650ba355  plugins/dbms/sqlite/filesystem.py
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -20,7 +20,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.3.6"
+VERSION = "1.10.3.7"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/plugins/dbms/spanner/__init__.py b/plugins/dbms/spanner/__init__.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.enums import DBMS
+from lib.core.settings import SPANNER_SYSTEM_DBS
+from lib.core.unescaper import unescaper
+
+from plugins.dbms.spanner.enumeration import Enumeration
+from plugins.dbms.spanner.filesystem import Filesystem
+from plugins.dbms.spanner.fingerprint import Fingerprint
+from plugins.dbms.spanner.syntax import Syntax
+from plugins.dbms.spanner.takeover import Takeover
+from plugins.generic.misc import Miscellaneous
+
+class SpannerMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
+    """
+    This class defines Spanner methods
+    """
+
+    def __init__(self):
+        self.excludeDbsList = SPANNER_SYSTEM_DBS
+
+        for cls in self.__class__.__bases__:
+            cls.__init__(self)
+
+    unescaper[DBMS.SPANNER] = Syntax.escape
diff --git a/plugins/dbms/spanner/connector.py b/plugins/dbms/spanner/connector.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+from plugins.generic.connector import Connector as GenericConnector
+
+class Connector(GenericConnector):
+    pass
diff --git a/plugins/dbms/spanner/enumeration.py b/plugins/dbms/spanner/enumeration.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.data import logger
+from lib.core.settings import SPANNER_DEFAULT_SCHEMA
+from plugins.generic.enumeration import Enumeration as GenericEnumeration
+
+class Enumeration(GenericEnumeration):
+    def getCurrentDb(self):
+        return SPANNER_DEFAULT_SCHEMA
+
+    def getCurrentUser(self):
+        warnMsg = "on Spanner it is not possible to enumerate the current user"
+        logger.warning(warnMsg)
+
+    def isDba(self, user=None):
+        warnMsg = "on Spanner it is not possible to test if current user is DBA"
+        logger.warning(warnMsg)
+
+    def getUsers(self):
+        warnMsg = "on Spanner it is not possible to enumerate the users"
+        logger.warning(warnMsg)
+
+        return []
+
+    def getPasswordHashes(self):
+        warnMsg = "on Spanner it is not possible to enumerate the user password hashes"
+        logger.warning(warnMsg)
+
+        return {}
+
+    def getRoles(self, *args, **kwargs):
+        warnMsg = "on Spanner it is not possible to enumerate the user roles"
+        logger.warning(warnMsg)
+
+        return {}
+
+    def getPrivileges(self, *args, **kwargs):
+        warnMsg = "on Spanner it is not possible to enumerate the user privileges"
+        logger.warning(warnMsg)
+
+        return {}
diff --git a/plugins/dbms/spanner/filesystem.py b/plugins/dbms/spanner/filesystem.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+from plugins.generic.filesystem import Filesystem as GenericFilesystem
+
+class Filesystem(GenericFilesystem):
+    pass
diff --git a/plugins/dbms/spanner/fingerprint.py b/plugins/dbms/spanner/fingerprint.py
@@ -0,0 +1,93 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.common import Backend
+from lib.core.common import Format
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import DBMS
+from lib.core.session import setDbms
+from lib.core.settings import SPANNER_ALIASES
+from lib.request import inject
+from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
+
+class Fingerprint(GenericFingerprint):
+    def __init__(self):
+        GenericFingerprint.__init__(self, DBMS.SPANNER)
+
+    def getFingerprint(self):
+        value = ""
+        wsOsFp = Format.getOs("web server", kb.headersFp)
+
+        if wsOsFp:
+            value += "%s\n" % wsOsFp
+
+        if kb.data.banner:
+            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
+
+            if dbmsOsFp:
+                value += "%s\n" % dbmsOsFp
+
+        value += "back-end DBMS: "
+
+        if not conf.extensiveFp:
+            value += DBMS.SPANNER
+            return value
+
+        actVer = Format.getDbms()
+        blank = " " * 15
+        value += "active fingerprint: %s" % actVer
+
+        if kb.bannerFp:
+            banVer = kb.bannerFp.get("dbmsVersion")
+
+            if banVer:
+                banVer = Format.getDbms([banVer])
+                value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
+
+        htmlErrorFp = Format.getErrorParsedDBMSes()
+
+        if htmlErrorFp:
+            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
+
+        return value
+
+    def checkDbms(self):
+        if not conf.extensiveFp and Backend.isDbmsWithin(SPANNER_ALIASES):
+            setDbms(DBMS.SPANNER)
+
+            self.getBanner()
+
+            return True
+
+        infoMsg = "testing %s" % DBMS.SPANNER
+        logger.info(infoMsg)
+
+        result = inject.checkBooleanExpression("FARM_FINGERPRINT('sqlmap') IS NOT NULL")
+
+        if result:
+            infoMsg = "confirming %s" % DBMS.SPANNER
+            logger.info(infoMsg)
+
+            result = inject.checkBooleanExpression("SAFE_CAST(1 AS INT64)=1")
+            if not result:
+                warnMsg = "the back-end DBMS is not %s" % DBMS.SPANNER
+                logger.warning(warnMsg)
+
+                return False
+
+            setDbms(DBMS.SPANNER)
+
+            self.getBanner()
+
+            return True
+        else:
+            warnMsg = "the back-end DBMS is not %s" % DBMS.SPANNER
+            logger.warning(warnMsg)
+
+            return False
diff --git a/plugins/dbms/spanner/syntax.py b/plugins/dbms/spanner/syntax.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.convert import getOrds
+from plugins.generic.syntax import Syntax as GenericSyntax
+
+class Syntax(GenericSyntax):
+    @staticmethod
+    def escape(expression, quote=True):
+        """
+        Note: Google Standard SQL (Spanner) natively supports converting integer arrays
+              to strings via CODE_POINTS_TO_STRING(). This is much cleaner and shorter
+              than chaining multiple CHR() functions with the || operator.
+
+        >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CODE_POINTS_TO_STRING([97, 98, 99, 100, 101, 102, 103, 104]) FROM foobar"
+        True
+        """
+
+        def escaper(value):
+            return "CODE_POINTS_TO_STRING([%s])" % ", ".join(str(_) for _ in getOrds(value))
+
+        return Syntax._escape(expression, quote, escaper)
diff --git a/plugins/dbms/spanner/takeover.py b/plugins/dbms/spanner/takeover.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.exception import SqlmapUnsupportedFeatureException
+from plugins.generic.takeover import Takeover as GenericTakeover
+
+class Takeover(GenericTakeover):
+    def osCmd(self):
+        errMsg = "on Spanner it is not possible to execute commands"
+        raise SqlmapUnsupportedFeatureException(errMsg)
+
+    def osShell(self):
+        errMsg = "on Spanner it is not possible to execute commands"
+        raise SqlmapUnsupportedFeatureException(errMsg)
+
+    def osPwn(self):
+        errMsg = "on Spanner it is not possible to establish an "
+        errMsg += "out-of-band connection"
+        raise SqlmapUnsupportedFeatureException(errMsg)
+
+    def osSmb(self):
+        errMsg = "on Spanner it is not possible to establish an "
+        errMsg += "out-of-band connection"
+        raise SqlmapUnsupportedFeatureException(errMsg)
