Minor update

2024-11-25 02:53:46 +03:00 · 2019-05-24 14:18:18 +02:00 · 2019-05-24 14:18:18 +02:00 · 130bcd4b9b
commit 130bcd4b9b
parent ad01aa7449
9 changed files with 33 additions and 36 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -7,13 +7,11 @@ See the file 'LICENSE' for copying permission

 import copy
 import logging
-import os
 import random
 import re
 import socket
 import subprocess
 import sys
-import tempfile
 import time

 from extra.beep.beep import beep
@ -33,7 +31,6 @@ from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import intersect
 from lib.core.common import listToStrValue
-from lib.core.common import openFile
 from lib.core.common import parseFilePaths
 from lib.core.common import popValue
 from lib.core.common import pushValue
@ -44,18 +41,15 @@ from lib.core.common import showStaticWords
 from lib.core.common import singleTimeLogMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
-from lib.core.common import urlencode
 from lib.core.common import wasLastResponseDBMSError
 from lib.core.common import wasLastResponseHTTPError
 from lib.core.compat import xrange
 from lib.core.convert import getUnicode
-from lib.core.defaults import defaults
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
-from lib.core.decorators import cachedmethod
 from lib.core.decorators import stackedmethod
 from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.enums import DBMS
@ -63,7 +57,6 @@ from lib.core.enums import HASHDB_KEYS
 from lib.core.enums import HEURISTIC_TEST
 from lib.core.enums import HTTP_HEADER
 from lib.core.enums import HTTPMETHOD
-from lib.core.enums import MKSTEMP_PREFIX
 from lib.core.enums import NOTE
 from lib.core.enums import NULLCONNECTION
 from lib.core.enums import PAYLOAD
@ -81,7 +74,6 @@ from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
 from lib.core.settings import CHECK_INTERNET_ADDRESS
 from lib.core.settings import CHECK_INTERNET_VALUE
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
-from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
 from lib.core.settings import FI_ERROR_REGEX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@ -1387,6 +1379,7 @@ def checkWaf():
    pushValue(kb.resendPostOnRedirect)
    pushValue(conf.timeout)

+    kb.identYwaf = True
    kb.redirectChoice = REDIRECTION.YES
    kb.resendPostOnRedirect = False
    conf.timeout = IDS_WAF_CHECK_TIMEOUT
@ -1396,12 +1389,15 @@ def checkWaf():
    except SqlmapConnectionException:
        retVal = True
    finally:
+        kb.identYwaf = False
        kb.matchRatio = None

        conf.timeout = popValue()
        kb.resendPostOnRedirect = popValue()
        kb.redirectChoice = popValue()

+    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
+
    if retVal:
        if not kb.identifiedWafs:
            warnMsg = "heuristics detected that the target "
@ -1409,17 +1405,15 @@ def checkWaf():
            logger.critical(warnMsg)

        message = "are you sure that you want to "
-        message += "continue with further target testing? [y/N] "
-        choice = readInput(message, default='N', boolean=True)
-
-        if not conf.tamper:
-            warnMsg = "please consider usage of tamper scripts (option '--tamper')"
-            singleTimeWarnMessage(warnMsg)
+        message += "continue with further target testing? [Y/n] "
+        choice = readInput(message, default='Y', boolean=True)

        if not choice:
            raise SqlmapUserQuitException
-
-    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
+        else:
+            if not conf.tamper:
+                warnMsg = "please consider usage of tamper scripts (option '--tamper')"
+                singleTimeWarnMessage(warnMsg)

    return retVal

--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -68,7 +68,7 @@ from lib.core.decorators import cachedmethod
 from lib.core.defaults import defaults
 from lib.core.dicts import DBMS_DICT
 from lib.core.dicts import DEFAULT_DOC_ROOTS
-from lib.core.dicts import DEPRECATED_OPTIONS
+from lib.core.dicts import OLD_OPTIONS
 from lib.core.dicts import SQL_STATEMENTS
 from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CONTENT_STATUS
@ -4457,17 +4457,19 @@ def getHostHeader(url):

    return retVal

-def checkDeprecatedOptions(args):
+def checkOldOptions(args):
    """
-    Checks for deprecated options
+    Checks for deprecated/obsolete options
    """

    for _ in args:
        _ = _.split('=')[0].strip()
-        if _ in DEPRECATED_OPTIONS:
-            errMsg = "switch/option '%s' is deprecated" % _
-            if DEPRECATED_OPTIONS[_]:
-                errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
+        if _ in OLD_OPTIONS:
+            if OLD_OPTIONS[_]:
+                errMsg = "switch/option '%s' is deprecated" % _
+                errMsg += " (hint: %s)" % OLD_OPTIONS[_]
+            else:
+                errMsg = "switch/option '%s' is obsolete" % _
            raise SqlmapSyntaxException(errMsg)

 def checkSystemEncoding():
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@ -280,7 +280,7 @@ POST_HINT_CONTENT_TYPES = {
    POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
 }

-DEPRECATED_OPTIONS = {
+OLD_OPTIONS = {
    "--replicate": "use '--dump-format=SQLITE' instead",
    "--no-unescape": "use '--no-escape' instead",
    "--binary": "use '--binary-fields' instead",
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1886,6 +1886,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.hintValue = None
    kb.htmlFp = []
    kb.httpErrorCodes = {}
+    kb.identYwaf = False
    kb.inferenceMode = False
    kb.ignoreCasted = None
    kb.ignoreNotFound = False
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.132"
+VERSION = "1.3.5.133"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@ -71,7 +71,7 @@ def vulnTest():
    thread.start()

    for options, checks in (
-        ("--flush-session --identify-waf", ("CloudFlare",)),
+        ("--flush-session", ("CloudFlare",)),
        ("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
        ("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
        ("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
--- a/lib/core/wordlist.py
+++ b/lib/core/wordlist.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-import os
 import zipfile

 from lib.core.common import getSafeExString
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -17,7 +17,7 @@ from optparse import OptionGroup
 from optparse import OptionParser
 from optparse import SUPPRESS_HELP

-from lib.core.common import checkDeprecatedOptions
+from lib.core.common import checkOldOptions
 from lib.core.common import checkSystemEncoding
 from lib.core.common import dataToStdout
 from lib.core.common import expandMnemonics
@ -789,7 +789,7 @@ def cmdLineParser(argv=None):
            _.append(getUnicode(arg, encoding=sys.stdin.encoding))

        argv = _
-        checkDeprecatedOptions(argv)
+        checkOldOptions(argv)

        prompt = "--sqlmap-shell" in argv

--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@ -387,13 +387,14 @@ def processResponse(page, responseHeaders, code=None, status=None):

    rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(responseHeaders.headers), page)

-    identYwaf.non_blind.clear()
-    if identYwaf.non_blind_check(rawResponse, silent=True):
-        for waf in identYwaf.non_blind:
-            if waf not in kb.identifiedWafs:
-                kb.identifiedWafs.add(waf)
-                errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
-                singleTimeLogMessage(errMsg, logging.CRITICAL)
+    if kb.identYwaf:
+        identYwaf.non_blind.clear()
+        if identYwaf.non_blind_check(rawResponse, silent=True):
+            for waf in identYwaf.non_blind:
+                if waf not in kb.identifiedWafs:
+                    kb.identifiedWafs.add(waf)
+                    errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
+                    singleTimeLogMessage(errMsg, logging.CRITICAL)

    if kb.originalPage is None:
        for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX):