From 0e206da7c0fdb2a870d4b0ea6e5a63a2c4259ace Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Apr 2017 13:08:51 +0200 Subject: [PATCH] Minor patches (pydiatra) --- extra/mssqlsig/update.py | 4 ++-- extra/shutils/regressiontest.py | 2 +- lib/controller/controller.py | 2 +- lib/core/agent.py | 2 +- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- lib/core/target.py | 3 ++- lib/utils/api.py | 6 ++++-- lib/utils/crawler.py | 2 +- plugins/generic/syntax.py | 2 +- txt/checksum.md5 | 24 ++++++++++++------------ waf/bigip.py | 2 +- waf/kona.py | 2 +- 13 files changed, 29 insertions(+), 26 deletions(-) diff --git a/extra/mssqlsig/update.py b/extra/mssqlsig/update.py index 91593105e..5bcda5013 100644 --- a/extra/mssqlsig/update.py +++ b/extra/mssqlsig/update.py @@ -43,7 +43,7 @@ def updateMSSQLXML(): return - releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I | re.M) + releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I) releasesCount = len(releases) # Create the minidom document @@ -74,7 +74,7 @@ def updateMSSQLXML(): stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1]) mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx] - servicepackVersion = re.findall("[7\.0|2000|2005|2008|2008 R2]*(.*?)[\r]*\n", mssqlVersionsReleaseString, re.I | re.M) + servicepackVersion = re.findall("[7\.0|2000|2005|2008|2008 R2]*(.*?)[\r]*\n", mssqlVersionsReleaseString, re.I) for servicePack, version in servicepackVersion: if servicePack.startswith(" "): diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py index 975edab42..c0ce84dee 100644 --- a/extra/shutils/regressiontest.py +++ b/extra/shutils/regressiontest.py @@ -83,7 +83,7 @@ def main(): if stderr: failure_email("Execution of regression test failed with error:\n\n%s" % stderr) - failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout, re.M) + failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout) for failed_test in failed_tests: title = failed_test[0] diff --git a/lib/controller/controller.py b/lib/controller/controller.py index cf5dd8974..91ce1cda1 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -140,7 +140,7 @@ def _formatInjection(inj): if inj.place == PLACE.CUSTOM_HEADER: payload = payload.split(',', 1)[1] if stype == PAYLOAD.TECHNIQUE.UNION: - count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1 + count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1 title = re.sub(r"\d+ to \d+", str(count), title) vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6]) if count == 1: diff --git a/lib/core/agent.py b/lib/core/agent.py index 9df2ee149..d7faac722 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -296,7 +296,7 @@ class Agent(object): elif suffix and not comment: expression += suffix.replace('\\', BOUNDARY_BACKSLASH_MARKER) - return re.sub(r"(?s);\W*;", ";", expression) + return re.sub(r";\W*;", ";", expression) def cleanupPayload(self, payload, origValue=None): if payload is None: diff --git a/lib/core/common.py b/lib/core/common.py index 2feb1f533..919c496c6 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1961,7 +1961,7 @@ def getSQLSnippet(dbms, sfile, **variables): retVal = readCachedFileContent(filename) retVal = re.sub(r"#.+", "", retVal) - retVal = re.sub(r"(?s);\s+", "; ", retVal).strip("\r\n") + retVal = re.sub(r";\s+", "; ", retVal).strip("\r\n") for _ in variables.keys(): retVal = re.sub(r"%%%s%%" % _, variables[_], retVal) diff --git a/lib/core/settings.py b/lib/core/settings.py index 68e63fbb7..1edf648e0 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.4.23" +VERSION = "1.1.4.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index dd974d9b2..790687597 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -532,7 +532,8 @@ def _setResultsFile(): except (OSError, IOError), ex: try: warnMsg = "unable to create results file '%s' ('%s'). " % (conf.resultsFilename, getUnicode(ex)) - conf.resultsFilename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv")[1] + handle, conf.resultsFilename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv") + os.close(handle) conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0) warnMsg += "Using temporary file '%s' instead" % conf.resultsFilename logger.warn(warnMsg) diff --git a/lib/utils/api.py b/lib/utils/api.py index 1ccbfd10a..74f157c64 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -163,7 +163,8 @@ class Task(object): self.options = AttribDict(self._original_options) def engine_start(self): - configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)[1] + handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True) + os.close(handle) saveConfig(self.options, configFile) if os.path.exists("sqlmap.py"): @@ -651,7 +652,8 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST REST-JSON API server """ DataStore.admin_id = hexencode(os.urandom(16)) - Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)[1] + handle, Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False) + os.close(handle) if port == 0: # random with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s: diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index 1e0b3df7d..edeb946fe 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -87,7 +87,7 @@ def crawl(target): tags = soup('a') if not tags: - tags = re.finditer(r'(?si)]+href="(?P[^>"]+)"', content) + tags = re.finditer(r'(?i)]+href="(?P[^>"]+)"', content) for tag in tags: href = tag.get("href") if hasattr(tag, "get") else tag.group("href") diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py index 9f52de28e..cb24360b6 100644 --- a/plugins/generic/syntax.py +++ b/plugins/generic/syntax.py @@ -22,7 +22,7 @@ class Syntax: retVal = expression if quote: - for item in re.findall(r"'[^']*'+", expression, re.S): + for item in re.findall(r"'[^']*'+", expression): _ = item[1:-1] if _: retVal = retVal.replace(item, escaper(_)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b5296c25a..38bac4b1c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -8,7 +8,7 @@ acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_ 2176d964f2d5ba2d871383d6a1868b8f extra/icmpsh/icmpsh_m.py 2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py 310efc965c862cfbd7b0da5150a5ad36 extra/__init__.py -c7973dc651586ba26d9553ad1ecfee74 extra/mssqlsig/update.py +20dd956898077268ce1acc017ecdbfd7 extra/mssqlsig/update.py 310efc965c862cfbd7b0da5150a5ad36 extra/safe2bin/__init__.py d3e99da5b5c2209e97836af9098124ee extra/safe2bin/safe2bin.py d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ @@ -16,17 +16,17 @@ d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ 3c07d5ecd7208748892c0459f6ca084a extra/shutils/duplicates.py 8cd064eea3506e5dd913e03171bc418f extra/shutils/pylint.py -02b87ce441efb4e9e6249237a6ce9655 extra/shutils/regressiontest.py +07afd64e65926bba66cee5ca092ac7d9 extra/shutils/regressiontest.py 310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py 7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py 5df358defc488bee9b40084892e3d1cb lib/controller/action.py 9cb94acd4c59822a5e1a258c4d1a4860 lib/controller/checks.py -20fbacfdcef41214dc2e9ad31fbc28ad lib/controller/controller.py +8bf4fde39867b94600f61dc7fddcf3b0 lib/controller/controller.py d79481ab99acd739615e747d4a79d9d0 lib/controller/handler.py 310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py -19905ecb4437b94512cf21d5f1720091 lib/core/agent.py +5c4cddb0016d02a57bd1b05b3fc60c54 lib/core/agent.py 6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py -8f827c514751b85890da09581c21285c lib/core/common.py +1fa78f8104a2b39e87c19cb20e8eab72 lib/core/common.py 5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py 7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py @@ -45,10 +45,10 @@ dd19b4d930d418f8aef498941346ab2d lib/core/option.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py -4682e416a9eb8d2c5d0f8c6d433760b3 lib/core/settings.py +c6ecd382fa5a3e8de450e55aa92c8b84 lib/core/settings.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py -afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py +2571146b71f487a3d11867746c033e40 lib/core/target.py 8970b88627902239d695280b1160e16c lib/core/testing.py 5521241c750855a4e44747fbac7771c6 lib/core/threads.py ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py @@ -99,8 +99,8 @@ be752c8075641bc390368c9955f34c91 lib/techniques/error/use.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py 19fd73af7a278fd72b46a5a60f5bdd09 lib/techniques/union/test.py c2bf28aab749b0de30bfdeea6d09449f lib/techniques/union/use.py -981318873e2df1cc55173e8b8a4a7637 lib/utils/api.py -29e32d59fcdd63c5a13498af1f367c8c lib/utils/crawler.py +67f0ad96ec2207d7e59c788b858afd6d lib/utils/api.py +c42203069fef3b326b42b464f3aa60d3 lib/utils/crawler.py ba12c69a90061aa14d848b8396e79191 lib/utils/deps.py 3b9fd519164e0bf275d5fd361c3f11ff lib/utils/getch.py ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py @@ -210,7 +210,7 @@ feca57a968c528a2fe3ccafbc83a17f8 plugins/generic/fingerprint.py 310efc965c862cfbd7b0da5150a5ad36 plugins/generic/__init__.py 8fd5913823e97e21a8eea717cd12fc96 plugins/generic/misc.py 64b052d1df6d7fe34d73b51196f68ae3 plugins/generic/search.py -dca509ef83bf7d74ad26ebe4a03e4c6a plugins/generic/syntax.py +562cfa80a15d5f7f1d52e10c5736d7e2 plugins/generic/syntax.py 25cc2788cc3da6f8a0bcff0e41ff586e plugins/generic/takeover.py 02c8da99874f1cfd869d9e3bbb7c84e6 plugins/generic/users.py 310efc965c862cfbd7b0da5150a5ad36 plugins/__init__.py @@ -389,7 +389,7 @@ a0200fc79bae0ec597b98c82894562a5 waf/armor.py d764bf3b9456a02a7f8a0149a93ff950 waf/aws.py dbc89fc642074c6d17a04532e623f976 waf/baidu.py e4e713cc4e5504eed0311fa62b05a6f9 waf/barracuda.py -8a6f2edc3ff9c031e2b58733ee76cfa0 waf/bigip.py +81af1707c0783d205075d887c9868043 waf/bigip.py 2adee01cbf513944cd3d281af1c05a86 waf/binarysec.py db312318ee5309577917faca1cd2c077 waf/blockdos.py 520ef7b59340b96b4a43e7fdba760967 waf/ciscoacexml.py @@ -409,7 +409,7 @@ d50e17ed49e1a3cb846e652ed98e3b3c waf/hyperguard.py 5a364b68519a5872c4d60be11d2a23c1 waf/isaserver.py 8bfbae2b692538da0fb1a812330b2649 waf/jiasule.py 0b50798c12802bf98a850dd716b0d96d waf/knownsec.py -6d47157944211d758483ff8f97b810e8 waf/kona.py +bb4177a5a1b4a8d590bf556b409625ac waf/kona.py 4fed33de1ffb2214bc1baa9f925c3eb9 waf/modsecurity.py fe690dfc4b2825c3682ceecef7ee9e6e waf/netcontinuum.py bd55ed30291b31db63b761db472f41ea waf/netscaler.py diff --git a/waf/bigip.py b/waf/bigip.py index dde3931bb..d022172ca 100644 --- a/waf/bigip.py +++ b/waf/bigip.py @@ -18,7 +18,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) retval = headers.get("X-Cnection", "").lower() == "close" - retval |= re.search(r"\ATS[a-zA-Z0-9]{4,}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\ATS\w{4,}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\AF5\Z", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None diff --git a/waf/kona.py b/waf/kona.py index bddd9154d..9db6a8ad6 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code in (400, 403, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is not None + retval = code in (400, 403, 501) and re.search(r"Reference #[0-9a-f.]+", page or "", re.I) is not None retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break