This PR introduces the --fix parameter, which updates the SHA-256 hashes of modified files in the DIGEST_FILE. This parameter must be provided after --smoke.

2025-04-06 10:14:16 +03:00 · 2025-02-19 23:34:51 +01:00 · 2025-02-19 23:34:51 +01:00 · 25079a59e4
commit 25079a59e4
parent fa9dc20c6e
4 changed files with 38 additions and 4 deletions
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@ -166,7 +166,7 @@ de2b0220db1c79d8720b636d267b11e117151f5f99740567096e9b4cbb7cc9d5  lib/controller
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/controller/__init__.py
 41c7fb7e486c4383a114c851f0c32c81c53c2b4f1d2a0fd99f70885072646387  lib/core/agent.py
 f848dcfdacb5143f803f4e9474cf3eef939039c26c522ca09777c425661300f0  lib/core/bigarray.py
-eaf9d2d47305764213ada74b7a83721fc5f49578f2d8afa78799855068acb416  lib/core/common.py
+441048d48b79f545d29ed0fb5549aca854145d84dabe2e50eb66749f728d95ab  lib/core/common.py
 88fbbe7c41511b17d7ef449d675a84eaa80cac6ebf457a18577eadd62f6f1330  lib/core/compat.py
 5ce8f2292f99d17d69bfc40ded206bfdfd06e2e3660ff9d1b3c56163793f8d1c  lib/core/convert.py
 f561310b3cea570cc13d9f0aff16cce8b097d51275f8b947e7fff4876ac65c32  lib/core/data.py
@ -199,7 +199,7 @@ b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625  lib/core/testi
 12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30  lib/core/wordlist.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/__init__.py
 a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2  lib/parse/banner.py
-9c7f95948cb6ee20b2b5bff7b36c23179c44303d3c8ad555247f65f12f30e0a9  lib/parse/cmdline.py
+09b772f0996553c3df8178ddc5dbdac11881d2914765c573da7073e9c7601945  lib/parse/cmdline.py
 3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac  lib/parse/configfile.py
 ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64  lib/parse/handler.py
 3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c  lib/parse/headers.py
@ -477,7 +477,7 @@ b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294  plugins/generi
 8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
 6da15963699aa8916118f92c8838013bc02c84e4d7b9f33d971324c2ff348728  sqlmap.conf
-3795c6d03bc341a0e3aef3d7990ea8c272d91a4c307e1498e850594375af39f7  sqlmap.py
+d219594eefcea68fd91735d505cb0449ce200b7e744053184e00e06949b4e6a0  sqlmap.py
 9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0  tamper/0eunion.py
 c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54  tamper/apostrophemask.py
 19023093ab22aec3bce9523f28e8111e8f6125973e6d9c82adb60da056bdf617  tamper/apostrophenullencode.py
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -58,7 +58,7 @@ from lib.core.convert import getText
 from lib.core.convert import getUnicode
 from lib.core.convert import htmlUnescape
 from lib.core.convert import stdoutEncode
-from lib.core.data import cmdLineOptions
+from lib.core.data import cmdLineOptions, paths
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -5614,3 +5614,31 @@ def checkSums():
                    break

    return retVal
+
+
+def updateSums():
+    """
+    Update the content of the digest file (i.e. sha256sums.txt) with current file hashes
+    """
+    if not paths.get("DIGEST_FILE"):
+        return
+
+    # Read existing entries to maintain file order
+    entries = []
+    for entry in getFileItems(paths.DIGEST_FILE):
+        match = re.search(r"([0-9a-f]+)\s+([^\s]+)", entry)
+        if match:
+            _, filename = match.groups()
+            filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename).replace('/', os.path.sep)
+            if not checkFile(filepath, False):
+                continue
+            with open(filepath, "rb") as f:
+                content = f.read()
+            # Ensure both parts are bytes and use CRLF line endings
+            newline = b"%s  %s\n" % (hashlib.sha256(content).hexdigest().encode('utf-8'), filename.encode('utf-8'))
+            entries.append(newline)
+
+    # Write updated hashes back to file
+    if entries:
+        with open(paths.DIGEST_FILE, "wb") as f:
+            f.write(b"".join(entries))
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -796,6 +796,9 @@ def cmdLineParser(argv=None):
        miscellaneous.add_argument("--wizard", dest="wizard", action="store_true",
            help="Simple wizard interface for beginner users")

+        miscellaneous.add_argument("--fix", dest="fixSums", action="store_true",
+            help="Update SHA256 sums in digest file must run with --smoke")
+
        # Hidden and/or experimental options
        parser.add_argument("--crack", dest="hashFile",
            help=SUPPRESS)  # "Load and crack hashes from a file (standalone)"
--- a/sqlmap.py
+++ b/sqlmap.py
@ -179,6 +179,9 @@ def main():
        if not conf.updateAll:
            # Postponed imports (faster start)
            if conf.smokeTest:
+                if conf.fixSums:
+                    from lib.core.common import updateSums
+                    updateSums()
                from lib.core.testing import smokeTest
                os._exitcode = 1 - (smokeTest() or 0)
            elif conf.vulnTest: