From 38c341076df53dd626645b16d344c138b10fc39b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 11 Mar 2021 20:41:05 +0100
Subject: [PATCH] Update regarding #4142 (--auth-type bearer)

---
 lib/core/enums.py    | 1 +
 lib/core/option.py   | 9 ++++++---
 lib/core/settings.py | 2 +-
 lib/parse/cmdline.py | 4 +++-
 sqlmap.conf          | 6 +++---
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/lib/core/enums.py b/lib/core/enums.py
index e693b6e31..5a4af4fcc 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -402,6 +402,7 @@ class CONTENT_STATUS(object):
 class AUTH_TYPE(object):
     BASIC = "basic"
     DIGEST = "digest"
+    BEARER = "bearer"
     NTLM = "ntlm"
     PKI = "pki"
 
diff --git a/lib/core/option.py b/lib/core/option.py
index 364dd7717..00fe8cfbb 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1310,7 +1310,7 @@ def _setAuthCred():
 
 def _setHTTPAuthentication():
     """
-    Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or PKI),
+    Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI),
     username and password for first three methods, or PEM private key file for
     PKI authentication
     """
@@ -1333,9 +1333,9 @@ def _setHTTPAuthentication():
         errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")"
         raise SqlmapSyntaxException(errMsg)
 
-    elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
+    elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.BEARER, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
         errMsg = "HTTP authentication type value must be "
-        errMsg += "Basic, Digest, NTLM or PKI"
+        errMsg += "Basic, Digest, Bearer, NTLM or PKI"
         raise SqlmapSyntaxException(errMsg)
 
     if not conf.authFile:
@@ -1348,6 +1348,9 @@ def _setHTTPAuthentication():
             regExp = "^(.*?):(.*?)$"
             errMsg = "HTTP %s authentication credentials " % authType
             errMsg += "value must be in format 'username:password'"
+        elif authType == AUTH_TYPE.BEARER:
+            conf.httpHeaders.append((HTTP_HEADER.AUTHORIZATION, "Bearer %s" % conf.authCred.strip()))
+            return
         elif authType == AUTH_TYPE.NTLM:
             regExp = "^(.*\\\\.*):(.*?)$"
             errMsg = "HTTP NTLM authentication credentials value must "
diff --git a/lib/core/settings.py b/lib/core/settings.py
index ab28533ac..1441f451c 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.5.3.12"
+VERSION = "1.5.3.13"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 026cc8abe..020753de4 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -193,7 +193,7 @@ def cmdLineParser(argv=None):
             help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
 
         request.add_argument("--auth-type", dest="authType",
-            help="HTTP authentication type (Basic, Digest, NTLM or PKI)")
+            help="HTTP authentication type (Basic, Digest, Bearer, ...)")
 
         request.add_argument("--auth-cred", dest="authCred",
             help="HTTP authentication credentials (name:password)")
@@ -976,6 +976,8 @@ def cmdLineParser(argv=None):
                 argv[i] = ""
             elif argv[i].startswith("--data-raw"):
                 argv[i] = argv[i].replace("--data-raw", "--data", 1)
+            elif argv[i].startswith("--auth-creds"):
+                argv[i] = argv[i].replace("--auth-creds", "--auth-cred", 1)
             elif argv[i].startswith("--drop-cookie"):
                 argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1)
             elif any(argv[i].startswith(_) for _ in ("--tamper", "--ignore-code", "--skip")):
diff --git a/sqlmap.conf b/sqlmap.conf
index 7c28acb96..a771a4e79 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -87,12 +87,12 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
  Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
 
 # HTTP Authentication type. Useful only if the target URL requires
-# HTTP Basic, Digest or NTLM authentication and you have such data.
-# Valid: Basic, Digest, NTLM or PKI
+# HTTP Basic, Digest, Bearer or NTLM authentication and you have such data.
+# Valid: Basic, Digest, Bearer, NTLM or PKI
 authType = 
 
 # HTTP authentication credentials. Useful only if the target URL requires
-# HTTP Basic, Digest or NTLM authentication and you have such data.
+# HTTP Basic, Digest, Token or NTLM authentication and you have such data.
 # Syntax: username:password
 authCred =