Couple of drei patches

2024-11-22 17:46:37 +03:00 · 2019-05-07 23:00:15 +02:00 · 2019-05-07 23:00:15 +02:00 · 285482b396
commit 285482b396
parent 4d028c7230
14 changed files with 20 additions and 15 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty import six
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.41"
+VERSION = "1.3.5.42"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -803,7 +803,7 @@ class Connect(object):
                responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, code, status)
            if responseHeaders:
-                logHeaders = getUnicode("".join(responseHeaders.headers).strip() if six.PY2 else responseHeaders.__bytes__())
+                logHeaders = getUnicode("".join(responseHeaders.headers).strip())
            logHTTPTraffic(requestMsg, "%s%s\r\n\r\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]), start, time.time())
--- a/lib/utils/purge.py
+++ b/lib/utils/purge.py
@ -5,6 +5,7 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import functools
 import os
 import random
 import shutil
@ -14,6 +15,7 @@ import string
 from lib.core.common import getSafeExString
 from lib.core.compat import xrange
 from lib.core.data import logger
 from thirdparty import six
 def purge(directory):
    """
@ -66,7 +68,10 @@ def purge(directory):
        except:
            pass
    if six.PY2:
        dirpaths.sort(cmp=lambda x, y: y.count(os.path.sep) - x.count(os.path.sep))
    else:
        dirpaths.sort(key=functools.cmp_to_key(lambda x, y: y.count(os.path.sep) - x.count(os.path.sep)))
    logger.debug("renaming directory names to random values")
    for dirpath in dirpaths:
--- a/waf/chinacache.py
+++ b/waf/chinacache.py
@ -14,7 +14,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and headers.get("Powered-By-ChinaCache") is not None
+        retval |= (code or 0) >= 400 and headers.get("Powered-By-ChinaCache") is not None
        if retval:
            break
--- a/waf/cloudbric.py
+++ b/waf/cloudbric.py
@ -14,7 +14,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
+        retval |= (code or 0) >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
        if retval:
            break
--- a/waf/cloudflare.py
+++ b/waf/cloudflare.py
@ -18,7 +18,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        if code >= 400:
+        if (code or 0) >= 400:
            retval |= re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
            retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
            retval |= headers.get("cf-ray") is not None
--- a/waf/crawlprotect.py
+++ b/waf/crawlprotect.py
@ -14,7 +14,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, _, code = get_page(get=vector)
-        retval |= code >= 400 and "This site is protected by CrawlProtect" in (page or "")
+        retval |= (code or 0) >= 400 and "This site is protected by CrawlProtect" in (page or "")
        retval |= "<title>CrawlProtect" in (page or "")
        if retval:
            break
--- a/waf/generic.py
+++ b/waf/generic.py
@ -19,13 +19,13 @@ def detect(get_page):
    retval = False
    original, _, code = get_page()
-    if original is None or code >= 400:
+    if original is None or (code or 0) >= 400:
        return False
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        if code >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
+        if (code or 0) >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
            if code is not None:
                kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(getUnicode(_) for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), getUnicode(page or ""))
--- a/waf/kona.py
+++ b/waf/kona.py
@ -17,7 +17,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
        if retval:
            break
--- a/waf/secureentry.py
+++ b/waf/secureentry.py
@ -17,7 +17,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
        if retval:
            break
--- a/waf/urlmaster.py
+++ b/waf/urlmaster.py
@ -14,7 +14,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, _, code = get_page(get=vector)
-        retval |= code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
+        retval |= (code or 0) >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
        if retval:
            break
--- a/waf/varnish.py
+++ b/waf/varnish.py
@ -14,7 +14,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, _, code = get_page(get=vector)
-        retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
+        retval |= (code or 0) >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
        if retval:
            break
--- a/waf/watchguard.py
+++ b/waf/watchguard.py
@ -17,7 +17,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
        retval |= "Request denied by WatchGuard Firewall" in (page or "")
        if retval:
            break
--- a/waf/zenedge.py
+++ b/waf/zenedge.py
@ -17,7 +17,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
        retval |= all(_ in (page or "") for _ in ("Your request has been blocked", "Incident ID", "/__zenedge/assets/"))
        if retval:
            break