Replacing code integrity with code checksum mechanism

This commit is contained in:
Miroslav Stampar 2024-03-01 12:11:47 +01:00
parent 171ebf2ef6
commit 1f41f8588b
4 changed files with 17 additions and 43 deletions

View File

@ -3848,33 +3848,6 @@ def decodeIntToUnicode(value):
return retVal
def checkIntegrity():
"""
Checks integrity of code files during the unhandled exceptions
"""
if not paths:
return
logger.debug("running code integrity check")
retVal = True
baseTime = os.path.getmtime(paths.SQLMAP_SETTINGS_PATH) + 3600 # First hour free parking :)
for root, _, filenames in os.walk(paths.SQLMAP_ROOT_PATH):
for filename in filenames:
if re.search(r"(\.py|\.xml|_)\Z", filename):
filepath = os.path.join(root, filename)
if os.path.getmtime(filepath) > baseTime:
logger.error("wrong modification time of '%s'" % filepath)
retVal = False
suffix = extractRegexResult(r"#(?P<result>\w+)", VERSION_STRING)
if suffix and suffix not in {"dev", "stable"}:
retVal = False
return retVal
def getDaysFromLastUpdate():
"""
Get total number of days from last update
@ -5600,14 +5573,15 @@ def checkSums():
retVal = True
for entry in getFileItems(paths.DIGEST_FILE):
match = re.search(r"([0-9a-f]+)\s+([^\s]+)", entry)
if match:
expected, filename = match.groups()
filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename)
checkFile(filepath)
if not hashlib.sha256(open(filepath, "rb").read()).hexdigest() == expected:
retVal &= False
break
if paths.get("DIGEST_FILE"):
for entry in getFileItems(paths.DIGEST_FILE):
match = re.search(r"([0-9a-f]+)\s+([^\s]+)", entry)
if match:
expected, filename = match.groups()
filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename)
checkFile(filepath)
if not hashlib.sha256(open(filepath, "rb").read()).hexdigest() == expected:
retVal &= False
break
return retVal

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.8.3.3"
VERSION = "1.8.3.4"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -173,7 +173,7 @@ f9c96cd3fe99578bed9d49a8bdf8d76836d320a7c48c56eb0469f48b36775c35 lib/controller
99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/controller/__init__.py
826c33f1105be4c0985e1bbe1d75bdb009c17815ad6552fc8d9bf39090d3c40f lib/core/agent.py
b2d69c99632da5c2acd0c0934e70d55862f1380a3f602cbe7456d617fb9c1fc9 lib/core/bigarray.py
484c6a755451b20a45a2694b168fb279c000fec16ba53489614c90b726d42f98 lib/core/common.py
9cf9eaca62cce2e9018b85b0359c825131b86c090d083c7e8bd0711cb1f007cd lib/core/common.py
5c26b0f308266bc3a9679ef837439e38d1dc7a69eac6bd3422280f49aaf114d2 lib/core/compat.py
b60c96780cad4a257f91a0611b08cfcc52f242908c5d5ab2bf9034ef07869602 lib/core/convert.py
5e381515873e71c395c77df00bf1dd8c4592afc6210a2f75cbc20daf384e539f lib/core/data.py
@ -195,7 +195,7 @@ bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profi
4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py
bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py
eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py
dbf74242ba1b3bf6698e0e844dd1bf272d9786a6ca37cba6fa9ec5d5fbac700a lib/core/settings.py
425d77598dda67fbe52e7ab5077791dda0038173845cc2d28dddc3e9cef66a4f lib/core/settings.py
2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py
e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py
54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py
@ -485,7 +485,7 @@ e1745b85de63c04be89705f919830a0584464fd15d7dc61a0df0a7e9459d24c5 README.md
6cfaaf6534688cecda09433246d0a8518f98ce5cf6d6a8159f24d70502cfc14f sqlmapapi.py
168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml
5e172e315524845fe091aa0b7b29303c92ac8f67594c6d50f026d627e415b7ed sqlmap.conf
871cc04bf081b915b64e56934ddfdb0f3bd621d0fb0abe47460a7a5219db649e sqlmap.py
7800faa964d1fc06bbca856ca35bf21d68f5e044ae0bd5d7dea16d625d585adb sqlmap.py
adda508966db26c30b11390d6483c1fa25b092942a29730e739e1e50c403a21f tamper/0eunion.py
d38fe5ab97b401810612eae049325aa990c55143504b25cc9924810917511dee tamper/apostrophemask.py
8de713d1534d8cda171db4ceeb9f4324bcc030bbef21ffeaf60396c6bece31e4 tamper/apostrophenullencode.py

View File

@ -50,8 +50,8 @@ try:
from lib.core.data import logger
from lib.core.common import banner
from lib.core.common import checkIntegrity
from lib.core.common import checkPipedInput
from lib.core.common import checkSums
from lib.core.common import createGithubIssue
from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult
@ -268,7 +268,7 @@ def main():
print()
errMsg = unhandledExceptionMessage()
excMsg = traceback.format_exc()
valid = checkIntegrity()
valid = checkSums()
os._exitcode = 255
@ -448,7 +448,7 @@ def main():
raise SystemExit
elif valid is False:
errMsg = "code integrity check failed (turning off automatic issue creation). "
errMsg = "code checksum failed (turning off automatic issue creation). "
errMsg += "You should retrieve the latest development version from official GitHub "
errMsg += "repository at '%s'" % GIT_PAGE
logger.critical(errMsg)