2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2018-06-13 00:02:38 +03:00
|
|
|
|
|
|
|
"""
|
2020-01-01 15:25:15 +03:00
|
|
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
2018-06-13 00:02:38 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
|
|
|
"""
|
|
|
|
|
|
|
|
import codecs
|
2020-08-23 21:56:22 +03:00
|
|
|
import os
|
2020-02-07 00:15:31 +03:00
|
|
|
import random
|
2018-06-13 00:02:38 +03:00
|
|
|
|
2019-05-06 01:54:21 +03:00
|
|
|
import lib.controller.checks
|
|
|
|
import lib.core.common
|
|
|
|
import lib.core.convert
|
2019-05-06 16:39:11 +03:00
|
|
|
import lib.core.option
|
2019-06-04 15:48:51 +03:00
|
|
|
import lib.core.threads
|
2019-05-06 01:54:21 +03:00
|
|
|
import lib.request.connect
|
|
|
|
import lib.utils.search
|
2019-05-19 08:52:38 +03:00
|
|
|
import lib.utils.sqlalchemy
|
2019-05-06 01:54:21 +03:00
|
|
|
import thirdparty.ansistrm.ansistrm
|
2019-06-01 01:31:26 +03:00
|
|
|
import thirdparty.chardet.universaldetector
|
2019-05-06 01:54:21 +03:00
|
|
|
|
|
|
|
from lib.core.common import filterNone
|
2019-05-19 08:52:38 +03:00
|
|
|
from lib.core.common import getSafeExString
|
2019-10-07 15:20:18 +03:00
|
|
|
from lib.core.common import isDigit
|
2019-05-06 01:54:21 +03:00
|
|
|
from lib.core.common import isListLike
|
|
|
|
from lib.core.common import readInput
|
2019-05-21 15:18:14 +03:00
|
|
|
from lib.core.common import shellExec
|
2019-06-04 15:44:06 +03:00
|
|
|
from lib.core.common import singleTimeWarnMessage
|
2020-02-07 00:15:31 +03:00
|
|
|
from lib.core.compat import xrange
|
2019-05-20 12:21:31 +03:00
|
|
|
from lib.core.convert import stdoutEncode
|
2020-01-27 13:32:05 +03:00
|
|
|
from lib.core.data import conf
|
2019-05-06 01:54:21 +03:00
|
|
|
from lib.core.option import _setHTTPHandlers
|
|
|
|
from lib.core.option import setVerbosity
|
2018-06-13 00:02:38 +03:00
|
|
|
from lib.core.settings import IS_WIN
|
2019-06-04 15:44:06 +03:00
|
|
|
from lib.request.templates import getPageTemplate
|
2020-01-27 13:32:05 +03:00
|
|
|
from thirdparty import six
|
2019-03-27 15:33:46 +03:00
|
|
|
from thirdparty.six.moves import http_client as _http_client
|
2018-06-13 00:02:38 +03:00
|
|
|
|
2020-02-07 00:52:45 +03:00
|
|
|
_rand = 0
|
|
|
|
|
2018-06-13 00:02:38 +03:00
|
|
|
def dirtyPatches():
|
|
|
|
"""
|
|
|
|
Place for "dirty" Python related patches
|
|
|
|
"""
|
|
|
|
|
|
|
|
# accept overly long result lines (e.g. SQLi results in HTTP header responses)
|
2019-03-27 15:33:46 +03:00
|
|
|
_http_client._MAXLINE = 1 * 1024 * 1024
|
2018-06-13 00:02:38 +03:00
|
|
|
|
2020-01-27 13:32:05 +03:00
|
|
|
# prevent double chunked encoding in case of sqlmap chunking (Note: Python3 does it automatically if 'Content-length' is missing)
|
|
|
|
if six.PY3:
|
|
|
|
if not hasattr(_http_client.HTTPConnection, "__send_output"):
|
|
|
|
_http_client.HTTPConnection.__send_output = _http_client.HTTPConnection._send_output
|
2020-02-07 00:15:31 +03:00
|
|
|
|
2020-01-27 13:32:05 +03:00
|
|
|
def _send_output(self, *args, **kwargs):
|
2020-03-17 13:10:52 +03:00
|
|
|
if conf.get("chunked") and "encode_chunked" in kwargs:
|
2020-01-27 13:32:05 +03:00
|
|
|
kwargs["encode_chunked"] = False
|
|
|
|
self.__send_output(*args, **kwargs)
|
|
|
|
|
|
|
|
_http_client.HTTPConnection._send_output = _send_output
|
|
|
|
|
2018-06-13 00:02:38 +03:00
|
|
|
# add support for inet_pton() on Windows OS
|
|
|
|
if IS_WIN:
|
|
|
|
from thirdparty.wininetpton import win_inet_pton
|
|
|
|
|
|
|
|
# Reference: https://github.com/nodejs/node/issues/12786#issuecomment-298652440
|
|
|
|
codecs.register(lambda name: codecs.lookup("utf-8") if name == "cp65001" else None)
|
2019-03-27 18:36:32 +03:00
|
|
|
|
|
|
|
# Reference: http://bugs.python.org/issue17849
|
|
|
|
if hasattr(_http_client, "LineAndFileWrapper"):
|
|
|
|
def _(self, *args):
|
|
|
|
return self._readline()
|
|
|
|
|
|
|
|
_http_client.LineAndFileWrapper._readline = _http_client.LineAndFileWrapper.readline
|
|
|
|
_http_client.LineAndFileWrapper.readline = _
|
2019-05-06 01:54:21 +03:00
|
|
|
|
2019-06-01 01:31:26 +03:00
|
|
|
# to prevent too much "guessing" in case of binary data retrieval
|
|
|
|
thirdparty.chardet.universaldetector.MINIMUM_THRESHOLD = 0.90
|
|
|
|
|
2020-08-23 21:56:22 +03:00
|
|
|
# https://github.com/sqlmapproject/sqlmap/issues/4314
|
|
|
|
try:
|
|
|
|
os.urandom(1)
|
|
|
|
except NotImplemented:
|
|
|
|
if six.PY3:
|
|
|
|
os.urandom = lambda size: bytes(random.randint(0, 255) for _ in range(size))
|
|
|
|
else:
|
|
|
|
os.urandom = lambda size: "".join(chr(random.randint(0, 255)) for _ in xrange(size))
|
|
|
|
|
2019-05-06 01:54:21 +03:00
|
|
|
def resolveCrossReferences():
|
|
|
|
"""
|
|
|
|
Place for cross-reference resolution
|
|
|
|
"""
|
|
|
|
|
2019-10-07 15:20:18 +03:00
|
|
|
lib.core.threads.isDigit = isDigit
|
2019-05-06 01:54:21 +03:00
|
|
|
lib.core.threads.readInput = readInput
|
|
|
|
lib.core.common.getPageTemplate = getPageTemplate
|
|
|
|
lib.core.convert.filterNone = filterNone
|
|
|
|
lib.core.convert.isListLike = isListLike
|
2019-05-21 15:18:14 +03:00
|
|
|
lib.core.convert.shellExec = shellExec
|
2019-05-06 01:54:21 +03:00
|
|
|
lib.core.convert.singleTimeWarnMessage = singleTimeWarnMessage
|
2019-05-06 16:39:11 +03:00
|
|
|
lib.core.option._pympTempLeakPatch = pympTempLeakPatch
|
2019-05-06 01:54:21 +03:00
|
|
|
lib.request.connect.setHTTPHandlers = _setHTTPHandlers
|
|
|
|
lib.utils.search.setHTTPHandlers = _setHTTPHandlers
|
|
|
|
lib.controller.checks.setVerbosity = setVerbosity
|
2019-05-19 08:52:38 +03:00
|
|
|
lib.utils.sqlalchemy.getSafeExString = getSafeExString
|
2019-05-20 12:21:31 +03:00
|
|
|
thirdparty.ansistrm.ansistrm.stdoutEncode = stdoutEncode
|
2019-05-06 16:39:11 +03:00
|
|
|
|
|
|
|
def pympTempLeakPatch(tempDir):
|
|
|
|
"""
|
|
|
|
Patch for "pymp" leaking directories inside Python3
|
|
|
|
"""
|
|
|
|
|
|
|
|
try:
|
|
|
|
import multiprocessing.util
|
|
|
|
multiprocessing.util.get_temp_dir = lambda: tempDir
|
|
|
|
except:
|
2019-05-09 16:47:23 +03:00
|
|
|
pass
|
2020-02-07 00:15:31 +03:00
|
|
|
|
|
|
|
def unisonRandom():
|
|
|
|
"""
|
|
|
|
Unifying random generated data across different Python versions
|
|
|
|
"""
|
|
|
|
|
|
|
|
def _lcg():
|
|
|
|
global _rand
|
|
|
|
a = 1140671485
|
|
|
|
c = 128201163
|
|
|
|
m = 2 ** 24
|
|
|
|
_rand = (a * _rand + c) % m
|
|
|
|
return _rand
|
|
|
|
|
|
|
|
def _randint(a, b):
|
|
|
|
_ = a + (_lcg() % (b - a + 1))
|
|
|
|
return _
|
|
|
|
|
|
|
|
def _choice(seq):
|
|
|
|
return seq[_randint(0, len(seq) - 1)]
|
|
|
|
|
|
|
|
def _sample(population, k):
|
|
|
|
return [_choice(population) for _ in xrange(k)]
|
|
|
|
|
|
|
|
def _seed(seed):
|
|
|
|
global _rand
|
|
|
|
_rand = seed
|
|
|
|
|
|
|
|
random.choice = _choice
|
|
|
|
random.randint = _randint
|
|
|
|
random.sample = _sample
|
|
|
|
random.seed = _seed
|