Update regarding the #5911

2025-07-08 05:43:17 +03:00 · 2025-06-16 12:14:24 +02:00 · 2025-06-16 12:14:24 +02:00 · 1de66fd7e1
commit 1de66fd7e1
parent d4f479e7a8
7 changed files with 28 additions and 36 deletions
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@ -161,18 +161,18 @@ eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df  extra/vulnserv
 96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c  lib/controller/action.py
 fad6640f60eac8ad1b65895cbccc39154864843a2a0b0f2ac596d3227edcd4f6  lib/controller/checks.py
 34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6  lib/controller/controller.py
-1947e6c69fbc2bdce91d2836e5c9c9535e397e9271ae4b4ef922f7a01857df5e  lib/controller/handler.py
+25e9781a4285f1161a39a17bb1746ddd0e28cdf9d4c6744235c619e7b8352afe  lib/controller/handler.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/controller/__init__.py
 216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00  lib/core/agent.py
 440cbab6161f466158c63f0ee97873254655f670ca990fa26bdd0a6e54c42c2a  lib/core/bigarray.py
-8920eb3115ecd25933084af986f453362aa55a4bd15bfb9e75673239bd206acc  lib/core/common.py
+e3b8f8cf9607d12f3de5e6bcd5031f21f50d4b331844b8e921493dfde2efe0f7  lib/core/common.py
 d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87  lib/core/compat.py
 ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a  lib/core/convert.py
 ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1  lib/core/data.py
 a051955f483b281344ae16ecc1d26f77ea915db0a77a7b62c1a5b80feb2d4d87  lib/core/datatype.py
 1e4e4cb64c0102a6ef07813c5a6b6c74d50f27d1a084f47067d01e382cf32190  lib/core/decorators.py
 d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900  lib/core/defaults.py
-1ad21a1e631f26b2ecc9c73f93218e9765de8d1a9dcc6d3c3ffe9f78ab8446d8  lib/core/dicts.py
+ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c  lib/core/dicts.py
 c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.py
 9187819a6fd55f4b9a64c6df1a9b4094718d453906fc6eeda541c8880b3b62c4  lib/core/enums.py
 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856  lib/core/exception.py
@ -187,7 +187,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-fc8dda2955bde84ad8634ccfa26b962b62d452bb60cf447038cee1e5773c5344  lib/core/settings.py
+7904240fb93be61e6fcf999a40d5ae60b8110a305b0f664580949b6987ec4744  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
@ -243,7 +243,7 @@ dca6a14d7e30f8d320cc972620402798b493528a0ad7bd98a7f38327cea04e20  lib/techniques
 e41d96b1520e30bd4ce13adfcf52e11d3a5ea75c0b2d7612958d0054be889763  lib/utils/api.py
 af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16  lib/utils/brute.py
 828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55  lib/utils/crawler.py
-bfb4ea118e881d60c42552d883940ca5cca4e2a406686a2836e0739ed863a6a4  lib/utils/deps.py
+56b93ba38f127929346f54aa75af0db5f46f9502b16acfe0d674a209de6cad2d  lib/utils/deps.py
 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437  lib/utils/getch.py
 e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636  lib/utils/har.py
 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d  lib/utils/hashdb.py
@ -402,7 +402,7 @@ b7aa7bf8b1f9ba38597bae7fc8bf436b111eeb5ee6a4ad0a977e56dca88a4afc  plugins/dbms/m
 88daad9cf2f62757949cb27128170f33268059e2f0a05d3bd9f75417b99149de  plugins/dbms/mysql/__init__.py
 20108fe32ae3025036aa02b4702c4eda81db01c04a2e0e2e4494d8f1b1717eca  plugins/dbms/mysql/syntax.py
 91f34b67fe3ad5bfa6eae5452a007f97f78b7af000457e9d1c75f4d0207f3d39  plugins/dbms/mysql/takeover.py
-125966162396ef4084d70fac1c03e25959a6ccebacd8274bda69b7bebf82b9d5  plugins/dbms/oracle/connector.py
+4b04646298dfe366c401001ab77893bcd342d34211aec1164c6c92757a66f5f4  plugins/dbms/oracle/connector.py
 8866391a951e577d2b38b58b970774d38fb09f930fa4f6d27f41af40c06987c1  plugins/dbms/oracle/enumeration.py
 5ca9f30cd44d63e2a06528da15643621350d44dc6be784bf134653a20b51efef  plugins/dbms/oracle/filesystem.py
 b1c939e3728fe4a739de474edb88583b7e16297713147ca2ea64cac8edf2bdf5  plugins/dbms/oracle/fingerprint.py
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@ -6,6 +6,8 @@ See the file 'LICENSE' for copying permission
 """

 from lib.core.common import Backend
+from lib.core.common import getSafeExString
+from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.dicts import DBMS_DICT
@ -173,7 +175,8 @@ def setHandler():
                    conf.dbmsConnector.connect()
                except Exception as ex:
                    if exception:
-                        raise exception
+                        singleTimeWarnMessage(getSafeExString(exception))
+                        raise
                    else:
                        if not isinstance(ex, NameError):
                            raise
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1683,11 +1683,7 @@ def parseTargetDirect():
                elif dbmsName == DBMS.PGSQL:
                    __import__("psycopg2")
                elif dbmsName == DBMS.ORACLE:
-                    __import__("cx_Oracle")
-
-                    # Reference: http://itsiti.com/ora-28009-connection-sys-sysdba-sysoper
-                    if (conf.dbmsUser or "").upper() == "SYS":
-                        conf.direct = "%s?mode=SYSDBA" % conf.direct
+                    __import__("oracledb")
                elif dbmsName == DBMS.SQLITE:
                    __import__("sqlite3")
                elif dbmsName == DBMS.ACCESS:
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@ -225,7 +225,7 @@ DBMS_DICT = {
    DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"),
    DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/PyMySQL/PyMySQL", "mysql"),
    DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"),
-    DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "https://oracle.github.io/python-cx_Oracle/", "oracle"),
+    DBMS.ORACLE: (ORACLE_ALIASES, "python-oracledb", "https://oracle.github.io/python-oracledb/", "oracle"),
    DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "https://docs.python.org/3/library/sqlite3.html", "sqlite"),
    DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"),
    DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.6.2"
+VERSION = "1.9.6.3"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/utils/deps.py
+++ b/lib/utils/deps.py
@ -32,7 +32,7 @@ def checkDependencies():
            elif dbmsName in (DBMS.PGSQL, DBMS.CRATEDB):
                __import__("psycopg2")
            elif dbmsName == DBMS.ORACLE:
-                __import__("cx_Oracle")
+                __import__("oracledb")
            elif dbmsName == DBMS.SQLITE:
                __import__("sqlite3")
            elif dbmsName == DBMS.ACCESS:
--- a/plugins/dbms/oracle/connector.py
+++ b/plugins/dbms/oracle/connector.py
@ -6,8 +6,8 @@ See the file 'LICENSE' for copying permission
 """

 try:
-    import cx_Oracle
-except:
+    import oracledb
+except ImportError:
    pass

 import logging
@ -25,32 +25,26 @@ os.environ["NLS_LANG"] = ".AL32UTF8"

 class Connector(GenericConnector):
    """
-    Homepage: https://oracle.github.io/python-cx_Oracle/
-    User https://cx-oracle.readthedocs.io/en/latest/
-    API: https://wiki.python.org/moin/DatabaseProgramming
-    License: https://cx-oracle.readthedocs.io/en/latest/license.html#license
+    Homepage: https://oracle.github.io/python-oracledb/
+    User: https://python-oracledb.readthedocs.io/en/latest/
+    License: https://github.com/oracle/python-oracledb/blob/main/LICENSE.txt
    """

    def connect(self):
        self.initConnection()
-        # Reference: https://cx-oracle.readthedocs.io/en/latest/user_guide/connection_handling.html
-        self.__dsn = "%s:%d/%s" % (self.hostname, self.port, self.db)
+
        self.user = getText(self.user)
        self.password = getText(self.password)

        try:
-            self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA)
+            dsn = oracledb.makedsn(self.hostname, self.port, service_name=self.db)
+            self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn, mode=oracledb.AUTH_MODE_SYSDBA)
            logger.info("successfully connected as SYSDBA")
-        except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex:
-            if "Oracle Client library" in getSafeExString(ex):
-                msg = re.sub(r"DPI-\d+:\s+", "", getSafeExString(ex))
-                msg = re.sub(r': ("[^"]+")', r" (\g<1>)", msg)
-                msg = re.sub(r". See (http[^ ]+)", r'. See "\g<1>"', msg)
-                raise SqlmapConnectionException(msg)
-
+        except oracledb.DatabaseError as ex:
+            # Try again without SYSDBA
            try:
-                self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
-            except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex:
+                self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn)
+            except oracledb.DatabaseError as ex:
                raise SqlmapConnectionException(ex)

        self.initCursor()
@ -59,7 +53,7 @@ class Connector(GenericConnector):
    def fetchall(self):
        try:
            return self.cursor.fetchall()
-        except cx_Oracle.InterfaceError as ex:
+        except oracledb.InterfaceError as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
            return None

@ -69,11 +63,10 @@ class Connector(GenericConnector):
        try:
            self.cursor.execute(getText(query))
            retVal = True
-        except cx_Oracle.DatabaseError as ex:
+        except oracledb.DatabaseError as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))

        self.connector.commit()
-
        return retVal

    def select(self, query):