Minor update

2024-11-28 20:43:49 +03:00 · 2019-05-24 14:18:18 +02:00 · 2019-05-24 14:18:18 +02:00 · 130bcd4b9b
commit 130bcd4b9b
parent ad01aa7449
9 changed files with 33 additions and 36 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -7,13 +7,11 @@ See the file 'LICENSE' for copying permission
 import copy
 import logging
 import os
 import random
 import re
 import socket
 import subprocess
 import sys
 import tempfile
 import time
 from extra.beep.beep import beep
@ -33,7 +31,6 @@ from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import intersect
 from lib.core.common import listToStrValue
 from lib.core.common import openFile
 from lib.core.common import parseFilePaths
 from lib.core.common import popValue
 from lib.core.common import pushValue
@ -44,18 +41,15 @@ from lib.core.common import showStaticWords
 from lib.core.common import singleTimeLogMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import urlencode
 from lib.core.common import wasLastResponseDBMSError
 from lib.core.common import wasLastResponseHTTPError
 from lib.core.compat import xrange
 from lib.core.convert import getUnicode
 from lib.core.defaults import defaults
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
 from lib.core.decorators import cachedmethod
 from lib.core.decorators import stackedmethod
 from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.enums import DBMS
@ -63,7 +57,6 @@ from lib.core.enums import HASHDB_KEYS
 from lib.core.enums import HEURISTIC_TEST
 from lib.core.enums import HTTP_HEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import MKSTEMP_PREFIX
 from lib.core.enums import NOTE
 from lib.core.enums import NULLCONNECTION
 from lib.core.enums import PAYLOAD
@ -81,7 +74,6 @@ from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
 from lib.core.settings import CHECK_INTERNET_ADDRESS
 from lib.core.settings import CHECK_INTERNET_VALUE
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
 from lib.core.settings import FI_ERROR_REGEX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@ -1387,6 +1379,7 @@ def checkWaf():
    pushValue(kb.resendPostOnRedirect)
    pushValue(conf.timeout)
    kb.identYwaf = True
    kb.redirectChoice = REDIRECTION.YES
    kb.resendPostOnRedirect = False
    conf.timeout = IDS_WAF_CHECK_TIMEOUT
@ -1396,12 +1389,15 @@ def checkWaf():
    except SqlmapConnectionException:
        retVal = True
    finally:
        kb.identYwaf = False
        kb.matchRatio = None
        conf.timeout = popValue()
        kb.resendPostOnRedirect = popValue()
        kb.redirectChoice = popValue()
    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
    if retVal:
        if not kb.identifiedWafs:
            warnMsg = "heuristics detected that the target "
@ -1409,17 +1405,15 @@ def checkWaf():
            logger.critical(warnMsg)
        message = "are you sure that you want to "
-        message += "continue with further target testing? [y/N] "
+        message += "continue with further target testing? [Y/n] "
-        choice = readInput(message, default='N', boolean=True)
+        choice = readInput(message, default='Y', boolean=True)
        if not conf.tamper:
            warnMsg = "please consider usage of tamper scripts (option '--tamper')"
            singleTimeWarnMessage(warnMsg)
        if not choice:
            raise SqlmapUserQuitException
-
+        else:
-    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
+            if not conf.tamper:
                warnMsg = "please consider usage of tamper scripts (option '--tamper')"
                singleTimeWarnMessage(warnMsg)
    return retVal
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -68,7 +68,7 @@ from lib.core.decorators import cachedmethod
 from lib.core.defaults import defaults
 from lib.core.dicts import DBMS_DICT
 from lib.core.dicts import DEFAULT_DOC_ROOTS
-from lib.core.dicts import DEPRECATED_OPTIONS
+from lib.core.dicts import OLD_OPTIONS
 from lib.core.dicts import SQL_STATEMENTS
 from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CONTENT_STATUS
@ -4457,17 +4457,19 @@ def getHostHeader(url):
    return retVal
-def checkDeprecatedOptions(args):
+def checkOldOptions(args):
    """
-    Checks for deprecated options
+    Checks for deprecated/obsolete options
    """
    for _ in args:
        _ = _.split('=')[0].strip()
-        if _ in DEPRECATED_OPTIONS:
+        if _ in OLD_OPTIONS:
-            errMsg = "switch/option '%s' is deprecated" % _
+            if OLD_OPTIONS[_]:
-            if DEPRECATED_OPTIONS[_]:
+                errMsg = "switch/option '%s' is deprecated" % _
-                errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
+                errMsg += " (hint: %s)" % OLD_OPTIONS[_]
            else:
                errMsg = "switch/option '%s' is obsolete" % _
            raise SqlmapSyntaxException(errMsg)
 def checkSystemEncoding():
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@ -280,7 +280,7 @@ POST_HINT_CONTENT_TYPES = {
    POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
 }
-DEPRECATED_OPTIONS = {
+OLD_OPTIONS = {
    "--replicate": "use '--dump-format=SQLITE' instead",
    "--no-unescape": "use '--no-escape' instead",
    "--binary": "use '--binary-fields' instead",
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1886,6 +1886,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.hintValue = None
    kb.htmlFp = []
    kb.httpErrorCodes = {}
    kb.identYwaf = False
    kb.inferenceMode = False
    kb.ignoreCasted = None
    kb.ignoreNotFound = False
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.132"
+VERSION = "1.3.5.133"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@ -71,7 +71,7 @@ def vulnTest():
    thread.start()
    for options, checks in (
-        ("--flush-session --identify-waf", ("CloudFlare",)),
+        ("--flush-session", ("CloudFlare",)),
        ("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
        ("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
        ("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
--- a/lib/core/wordlist.py
+++ b/lib/core/wordlist.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import os
 import zipfile
 from lib.core.common import getSafeExString
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -17,7 +17,7 @@ from optparse import OptionGroup
 from optparse import OptionParser
 from optparse import SUPPRESS_HELP
-from lib.core.common import checkDeprecatedOptions
+from lib.core.common import checkOldOptions
 from lib.core.common import checkSystemEncoding
 from lib.core.common import dataToStdout
 from lib.core.common import expandMnemonics
@ -789,7 +789,7 @@ def cmdLineParser(argv=None):
            _.append(getUnicode(arg, encoding=sys.stdin.encoding))
        argv = _
-        checkDeprecatedOptions(argv)
+        checkOldOptions(argv)
        prompt = "--sqlmap-shell" in argv
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@ -387,13 +387,14 @@ def processResponse(page, responseHeaders, code=None, status=None):
    rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(responseHeaders.headers), page)
-    identYwaf.non_blind.clear()
+    if kb.identYwaf:
-    if identYwaf.non_blind_check(rawResponse, silent=True):
+        identYwaf.non_blind.clear()
-        for waf in identYwaf.non_blind:
+        if identYwaf.non_blind_check(rawResponse, silent=True):
-            if waf not in kb.identifiedWafs:
+            for waf in identYwaf.non_blind:
-                kb.identifiedWafs.add(waf)
+                if waf not in kb.identifiedWafs:
-                errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
+                    kb.identifiedWafs.add(waf)
-                singleTimeLogMessage(errMsg, logging.CRITICAL)
+                    errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
                    singleTimeLogMessage(errMsg, logging.CRITICAL)
    if kb.originalPage is None:
        for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX):