sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-28 20:43:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #3652

Browse Source
This commit is contained in:
Miroslav Stampar 2019-05-13 11:08:25 +02:00
parent c4f09a8e8a
commit 10be8a12bd
5 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/core/common.py
View File

@ -2151,14 +2151,20 @@ def shellExec(cmd):
""" """
Executes arbitrary shell command Executes arbitrary shell command
>>> shellExec('echo 1').strip() == b'1' >>> shellExec('echo 1').strip() == '1'
True True
""" """
retVal = ""
try: try:
return subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT).communicate()[0] or "" retVal = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT).communicate()[0] or ""
except Exception as ex: except Exception as ex:
return six.text_type(ex) retVal = getSafeExString(ex)
finally:
retVal = getText(retVal)
return retVal
def clearConsoleLine(forceOutput=False): def clearConsoleLine(forceOutput=False):
""" """

4
lib/core/revision.py
View File

@ -9,6 +9,8 @@ import os
import re import re
import subprocess import subprocess
from lib.core.common import getText
def getRevisionNumber(): def getRevisionNumber():
""" """
Returns abbreviated commit hash number as retrieved with "git rev-parse --short HEAD" Returns abbreviated commit hash number as retrieved with "git rev-parse --short HEAD"
@ -50,7 +52,7 @@ def getRevisionNumber():
try: try:
process = subprocess.Popen("git rev-parse --verify HEAD", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) process = subprocess.Popen("git rev-parse --verify HEAD", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, _ = process.communicate() stdout, _ = process.communicate()
match = re.search(r"(?i)[0-9a-f]{32}", stdout or "") match = re.search(r"(?i)[0-9a-f]{32}", getText(stdout or ""))
retVal = match.group(0) if match else None retVal = match.group(0) if match else None
except: except:
pass pass

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty import six from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.80" VERSION = "1.3.5.81"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

1
lib/core/testing.py
View File

@ -80,7 +80,6 @@ def vulnTest():
): ):
cmd = "%s %s -u http://%s:%d/?id=1 --batch %s" % (sys.executable, os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py"), address, port, options) cmd = "%s %s -u http://%s:%d/?id=1 --batch %s" % (sys.executable, os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py"), address, port, options)
output = shellExec(cmd) output = shellExec(cmd)
output = getUnicode(output)
if not all(check in output for check in checks): if not all(check in output for check in checks):
dataToStdout("---\n\n$ %s\n" % cmd) dataToStdout("---\n\n$ %s\n" % cmd)

15
lib/core/update.py
View File

@ -17,6 +17,7 @@ import zipfile
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
from lib.core.common import getLatestRevision from lib.core.common import getLatestRevision
from lib.core.common import getText
from lib.core.common import pollProcess from lib.core.common import pollProcess
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.data import conf from lib.core.data import conf
@ -106,23 +107,25 @@ def update():
dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X")) dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X"))
try: try:
process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
pollProcess(process, True) pollProcess(process, True)
stdout, stderr = process.communicate() output, _ = process.communicate()
success = not process.returncode success = not process.returncode
except (IOError, OSError) as ex: except (IOError, OSError) as ex:
success = False success = False
stderr = getSafeExString(ex) output = getSafeExString(ex)
finally:
output = getText(output)
if success: if success:
logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber())) logger.info("%s the latest revision '%s'" % ("already at" if "Already" in output else "updated to", getRevisionNumber()))
else: else:
if "Not a git repository" in stderr: if "Not a git repository" in output:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.error(errMsg) logger.error(errMsg)
else: else:
logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", output).strip())
if not success: if not success:
if IS_WIN: if IS_WIN: