sqlmap/lib/utils/resume.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import re
import time

from lib.core.common import calculateDeltaSeconds
from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import Backend
from lib.core.common import safeStringFormat
from lib.core.common import randomStr
from lib.core.common import replaceNewlineTabs
from lib.core.common import restoreDumpMarkedChars
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.unescaper import unescaper
from lib.techniques.blind.inference import bisection
from lib.core.settings import DUMP_START_MARKER
from lib.core.settings import DUMP_STOP_MARKER
from lib.core.settings import DUMP_DEL_MARKER

def queryOutputLength(expression, payload):
    """
    Returns the query output length.
    """

    lengthQuery         = queries[Backend.getIdentifiedDbms()].length.query
    select              = re.search("\ASELECT\s+", expression, re.I)
    selectTopExpr       = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)
    selectDistinctExpr  = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I)
    selectFromExpr      = re.search("\ASELECT\s+(.+?)\s+FROM", expression, re.I)
    selectExpr          = re.search("\ASELECT\s+(.+)$", expression, re.I)
    miscExpr            = re.search("\A(.+)", expression, re.I)

    if selectTopExpr or selectDistinctExpr or selectFromExpr or selectExpr:
        if selectTopExpr:
            regExpr = selectTopExpr.groups()[0]
        elif selectDistinctExpr:
            regExpr = selectDistinctExpr.groups()[0]
        elif selectFromExpr:
            regExpr = selectFromExpr.groups()[0]
        elif selectExpr:
            regExpr = selectExpr.groups()[0]
    elif miscExpr:
        regExpr = miscExpr.groups()[0]

    if ( select and re.search("\A(COUNT|LTRIM)\(", regExpr, re.I) ) or len(regExpr) <= 1:
        return None, None, None

    if selectDistinctExpr:
        lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression)

        if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
            lengthExpr += " AS %s" % randomStr(lowercase=True)
    elif select:
        lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1)
    else:
        lengthExpr = lengthQuery % expression

    infoMsg = "retrieving the length of query output"
    logger.info(infoMsg)

    output = resume(lengthExpr, payload)

    if output:
        return 0, output, regExpr

    dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], lengthExpr))

    start = time.time()
    lengthExprUnescaped = unescaper.unescape(lengthExpr)
    count, length = bisection(payload, lengthExprUnescaped, charsetType=2)

    debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
    logger.debug(debugMsg)

    if length == " ":
        length = 0

    return count, length, regExpr

def resume(expression, payload):
    """
    This function can be called to resume part or entire output of a
    SQL injection query output.
    """

    try:
        if "sqlmapfile" in expression or "sqlmapoutput" in expression or conf.freshQueries:
            return None

        condition = (
                      kb.resumedQueries and conf.url in kb.resumedQueries.keys()
                      and expression in kb.resumedQueries[conf.url].keys()
                    )

        if not condition:
            return None

        resumedValue = kb.resumedQueries[conf.url][expression]

        if not resumedValue:
            return None

        resumedValue = restoreDumpMarkedChars(resumedValue, True)

        if resumedValue[-1] == "]":
            resumedValue = resumedValue[:-1]

            infoMsg  = "read from file '%s': " % conf.sessionFile
            logValue = re.findall("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), resumedValue, re.S)

            if logValue:
                if kb.technique == PAYLOAD.TECHNIQUE.UNION:
                    logValue = ", ".join([value.replace(DUMP_DEL_MARKER, ", ") for value in logValue])
                else:
                    return None
            else:
                logValue = resumedValue

            if "\n" in logValue:
                infoMsg += "%s..." % logValue.split("\n")[0]
            else:
                infoMsg += logValue

            dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))

            return resumedValue

        # If we called this function without providing a payload it means
        # that we have called it from lib/request/inject __goInband() or
        # from __goError() function so we return to the calling function
        # so that the query output will be retrieved taking advantage
        # of either error-based or inband SQL injection vulnerability.
        if not payload:
            return None

        if not Backend.getIdentifiedDbms():
            return None

        substringQuery = queries[Backend.getIdentifiedDbms()].substring.query
        select = re.search("\ASELECT ", expression, re.I)

        _, length, regExpr = queryOutputLength(expression, payload)

        if not length:
            return None

        if len(resumedValue) == int(length):
            infoMsg  = "read from file '%s': " % conf.sessionFile
            infoMsg += "%s" % resumedValue.split("\n")[0]
            logger.info(infoMsg)

            dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(resumedValue)))

            return resumedValue
        elif len(resumedValue) < int(length):
            infoMsg  = "resumed from file '%s': " % conf.sessionFile
            infoMsg += "%s..." % resumedValue.split("\n")[0]
            logger.info(infoMsg)

            dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(resumedValue)))

            if select:
                newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)
            else:
                newExpr = safeStringFormat(substringQuery, (expression, len(resumedValue) + 1, int(length)))

            missingCharsLength = int(length) - len(resumedValue)

            infoMsg  = "retrieving pending %d query " % missingCharsLength
            infoMsg += "output characters"
            logger.info(infoMsg)

            start = time.time()
            count, finalValue = bisection(payload, newExpr, length=missingCharsLength)

            debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
            logger.debug(debugMsg)

            if len(finalValue) != ( int(length) - len(resumedValue) ):
                warnMsg  = "the total length of the query is not "
                warnMsg += "right, sqlmap is going to retrieve the "
                warnMsg += "query value from the beginning now"
                logger.warn(warnMsg)

                return None

            return "%s%s" % (resumedValue, finalValue)

        return None
    except ValueError:
        errMsg = "invalid resume value for expression: '%s'" % expression
        logger.error(errMsg)
        return None
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`#!/usr/bin/env python`

			`"""`
propsets.. 2008-10-15 19:56:32 +04:00			$Id$
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
update of copyright string (until year) 2011-04-15 16:33:18 +04:00			`Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

			`import re`
Proper displaying of debug messages (-v >= 2) 2010-05-11 17:58:53 +04:00			`import time`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 15:05:35 +04:00			`from lib.core.common import calculateDeltaSeconds`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.core.common import dataToSessionFile`
some fixes 2011-01-07 19:39:47 +03:00			`from lib.core.common import dataToStdout`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
introduced safe string formatting 2010-01-15 19:06:59 +03:00			`from lib.core.common import safeStringFormat`
fix for that SELECT DISTINCT(LENGTH(...)) "misbehavior" 2010-03-09 16:14:43 +03:00			`from lib.core.common import randomStr`
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 17:13:12 +04:00			`from lib.core.common import replaceNewlineTabs`
refactoring regarding __START__,... 2010-10-21 13:51:07 +04:00			`from lib.core.common import restoreDumpMarkedChars`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
			`from lib.core.data import queries`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`from lib.core.enums import DBMS`
major bug fix 2011-01-28 17:09:28 +03:00			`from lib.core.enums import PAYLOAD`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.core.unescaper import unescaper`
Properly moved and improved inject.goStacked() function and newly implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file. 2008-11-13 02:44:09 +03:00			`from lib.techniques.blind.inference import bisection`
refactoring regarding __START__,... 2010-10-21 13:51:07 +04:00			`from lib.core.settings import DUMP_START_MARKER`
			`from lib.core.settings import DUMP_STOP_MARKER`
			`from lib.core.settings import DUMP_DEL_MARKER`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`def queryOutputLength(expression, payload):`
			`"""`
			`Returns the query output length.`
			`"""`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`lengthQuery = queries[Backend.getIdentifiedDbms()].length.query`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`select = re.search("\ASELECT\s+", expression, re.I)`
			`selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)`
			`selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I)`
Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. 2010-01-02 04:35:13 +03:00			`selectFromExpr = re.search("\ASELECT\s+(.+?)\s+FROM", expression, re.I)`
			`selectExpr = re.search("\ASELECT\s+(.+)$", expression, re.I)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`miscExpr = re.search("\A(.+)", expression, re.I)`

Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. 2010-01-02 04:35:13 +03:00			`if selectTopExpr or selectDistinctExpr or selectFromExpr or selectExpr:`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`if selectTopExpr:`
			`regExpr = selectTopExpr.groups()[0]`
			`elif selectDistinctExpr:`
			`regExpr = selectDistinctExpr.groups()[0]`
Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. 2010-01-02 04:35:13 +03:00			`elif selectFromExpr:`
			`regExpr = selectFromExpr.groups()[0]`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`elif selectExpr:`
			`regExpr = selectExpr.groups()[0]`
			`elif miscExpr:`
			`regExpr = miscExpr.groups()[0]`

			`if ( select and re.search("\A(COUNT\|LTRIM)\(", regExpr, re.I) ) or len(regExpr) <= 1:`
			`return None, None, None`

fix for that SELECT DISTINCT(LENGTH(...)) "misbehavior" 2010-03-09 16:14:43 +03:00			`if selectDistinctExpr:`
Minor adjustment and bug fix 2010-03-11 01:08:11 +03:00			`lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression)`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):`
Minor adjustment and bug fix 2010-03-11 01:08:11 +03:00			`lengthExpr += " AS %s" % randomStr(lowercase=True)`
fix for that SELECT DISTINCT(LENGTH(...)) "misbehavior" 2010-03-09 16:14:43 +03:00			`elif select:`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1)`
			`else:`
			`lengthExpr = lengthQuery % expression`

			`infoMsg = "retrieving the length of query output"`
			`logger.info(infoMsg)`

			`output = resume(lengthExpr, payload)`

			`if output:`
			`return 0, output, regExpr`

Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], lengthExpr))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Proper displaying of debug messages (-v >= 2) 2010-05-11 17:58:53 +04:00			`start = time.time()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`lengthExprUnescaped = unescaper.unescape(lengthExpr)`
Proper displaying of debug messages (-v >= 2) 2010-05-11 17:58:53 +04:00			`count, length = bisection(payload, lengthExprUnescaped, charsetType=2)`

added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 15:05:35 +04:00			`debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))`
Proper displaying of debug messages (-v >= 2) 2010-05-11 17:58:53 +04:00			`logger.debug(debugMsg)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if length == " ":`
			`length = 0`
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 17:13:12 +04:00
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`return count, length, regExpr`

			`def resume(expression, payload):`
			`"""`
			`This function can be called to resume part or entire output of a`
			`SQL injection query output.`
			`"""`
Proper comment 2010-12-03 13:39:36 +03:00
some bug fixes 2010-10-14 00:54:18 +04:00			`try:`
introduction of --fresh-queries 2011-03-24 13:08:47 +03:00			`if "sqlmapfile" in expression or "sqlmapoutput" in expression or conf.freshQueries:`
some bug fixes 2010-10-14 00:54:18 +04:00			`return None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`condition = (`
			`kb.resumedQueries and conf.url in kb.resumedQueries.keys()`
			`and expression in kb.resumedQueries[conf.url].keys()`
			`)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if not condition:`
			`return None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`resumedValue = kb.resumedQueries[conf.url][expression]`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if not resumedValue:`
			`return None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
refactoring regarding __START__,... 2010-10-21 13:51:07 +04:00			`resumedValue = restoreDumpMarkedChars(resumedValue, True)`
Minor bug fix and layout adjustment regarding --threading and standard output 2010-03-22 20:38:19 +03:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if resumedValue[-1] == "]":`
			`resumedValue = resumedValue[:-1]`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`infoMsg = "read from file '%s': " % conf.sessionFile`
refactoring regarding __START__,... 2010-10-21 13:51:07 +04:00			`logValue = re.findall("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), resumedValue, re.S)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if logValue:`
major bug fix 2011-01-28 17:09:28 +03:00			`if kb.technique == PAYLOAD.TECHNIQUE.UNION:`
			`logValue = ", ".join([value.replace(DUMP_DEL_MARKER, ", ") for value in logValue])`
			`else:`
			`return None`
some bug fixes 2010-10-14 00:54:18 +04:00			`else:`
			`logValue = resumedValue`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if "\n" in logValue:`
			`infoMsg += "%s..." % logValue.split("\n")[0]`
			`else:`
			`infoMsg += logValue`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some fixes 2011-01-07 19:39:47 +03:00			`dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`return resumedValue`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Proper comment 2010-12-03 13:39:36 +03:00			`# If we called this function without providing a payload it means`
			`# that we have called it from lib/request/inject __goInband() or`
			`# from __goError() function so we return to the calling function`
			`# so that the query output will be retrieved taking advantage`
			`# of either error-based or inband SQL injection vulnerability.`
some bug fixes 2010-10-14 00:54:18 +04:00			`if not payload:`
			`return None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`if not Backend.getIdentifiedDbms():`
some bug fixes 2010-10-14 00:54:18 +04:00			`return None`
fix for a resume bug reported by Augusto Urbieta 2010-07-20 12:13:02 +04:00
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`substringQuery = queries[Backend.getIdentifiedDbms()].substring.query`
some bug fixes 2010-10-14 00:54:18 +04:00			`select = re.search("\ASELECT ", expression, re.I)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`_, length, regExpr = queryOutputLength(expression, payload)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if not length:`
			`return None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if len(resumedValue) == int(length):`
			`infoMsg = "read from file '%s': " % conf.sessionFile`
			`infoMsg += "%s" % resumedValue.split("\n")[0]`
			`logger.info(infoMsg)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(resumedValue)))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`return resumedValue`
			`elif len(resumedValue) < int(length):`
			`infoMsg = "resumed from file '%s': " % conf.sessionFile`
			`infoMsg += "%s..." % resumedValue.split("\n")[0]`
			`logger.info(infoMsg)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(resumedValue)))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if select:`
			`newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)`
			`else:`
			`newExpr = safeStringFormat(substringQuery, (expression, len(resumedValue) + 1, int(length)))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`missingCharsLength = int(length) - len(resumedValue)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`infoMsg = "retrieving pending %d query " % missingCharsLength`
			`infoMsg += "output characters"`
			`logger.info(infoMsg)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`start = time.time()`
			`count, finalValue = bisection(payload, newExpr, length=missingCharsLength)`
Proper displaying of debug messages (-v >= 2) 2010-05-11 17:58:53 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))`
			`logger.debug(debugMsg)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`if len(finalValue) != ( int(length) - len(resumedValue) ):`
			`warnMsg = "the total length of the query is not "`
			`warnMsg += "right, sqlmap is going to retrieve the "`
			`warnMsg += "query value from the beginning now"`
			`logger.warn(warnMsg)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`return None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`return "%s%s" % (resumedValue, finalValue)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
some bug fixes 2010-10-14 00:54:18 +04:00			`return None`
bug fix for Ctrl+C 2010-10-14 19:23:42 +04:00			`except ValueError:`
some bug fixes 2010-10-14 00:54:18 +04:00			`errMsg = "invalid resume value for expression: '%s'" % expression`
			`logger.error(errMsg)`
			`return None`