diff --git a/extra/beautifulsoup/beautifulsoup.py b/extra/beautifulsoup/beautifulsoup.py index 4b17b853d..cde92ee11 100644 --- a/extra/beautifulsoup/beautifulsoup.py +++ b/extra/beautifulsoup/beautifulsoup.py @@ -621,7 +621,7 @@ class Tag(PageElement): self._getAttrMap() self.attrMap[key] = value found = False - for i in range(0, len(self.attrs)): + for i in xrange(0, len(self.attrs)): if self.attrs[i][0] == key: self.attrs[i] = (key, value) found = True @@ -664,7 +664,7 @@ class Tag(PageElement): return True if not hasattr(other, 'name') or not hasattr(other, 'attrs') or not hasattr(other, 'contents') or self.name != other.name or self.attrs != other.attrs or len(self) != len(other): return False - for i in range(0, len(self.contents)): + for i in xrange(0, len(self.contents)): if self.contents[i] != other.contents[i]: return False return True @@ -1267,14 +1267,14 @@ class BeautifulStoneSoup(Tag, SGMLParser): numPops = 0 mostRecentTag = None - for i in range(len(self.tagStack)-1, 0, -1): + for i in xrange(len(self.tagStack)-1, 0, -1): if name == self.tagStack[i].name: numPops = len(self.tagStack)-i break if not inclusivePop: numPops = numPops - 1 - for i in range(0, numPops): + for i in xrange(0, numPops): mostRecentTag = self.popTag() return mostRecentTag @@ -1301,7 +1301,7 @@ class BeautifulStoneSoup(Tag, SGMLParser): isResetNesting = self.RESET_NESTING_TAGS.has_key(name) popTo = None inclusive = True - for i in range(len(self.tagStack)-1, 0, -1): + for i in xrange(len(self.tagStack)-1, 0, -1): p = self.tagStack[i] if (not p or p.name == name) and not isNestable: #Non-nestable tags get popped to the top or to their @@ -1579,7 +1579,7 @@ class BeautifulSoup(BeautifulStoneSoup): contentTypeIndex = None tagNeedsEncodingSubstitution = False - for i in range(0, len(attrs)): + for i in xrange(0, len(attrs)): key, value = attrs[i] key = key.lower() if key == 'http-equiv': @@ -1968,7 +1968,7 @@ class UnicodeDammit: 250,251,252,253,254,255) import string c.EBCDIC_TO_ASCII_MAP = string.maketrans( \ - ''.join(map(chr, range(256))), ''.join(map(chr, emap))) + ''.join(map(chr, xrange(256))), ''.join(map(chr, emap))) return s.translate(c.EBCDIC_TO_ASCII_MAP) MS_CHARS = { '\x80' : ('euro', '20AC'), diff --git a/extra/chardet/eucjpprober.py b/extra/chardet/eucjpprober.py index 1c20e8034..faa5cb58d 100755 --- a/extra/chardet/eucjpprober.py +++ b/extra/chardet/eucjpprober.py @@ -50,7 +50,7 @@ class EUCJPProber(MultiByteCharSetProber): def feed(self, aBuf): aLen = len(aBuf) - for i in range(0, aLen): + for i in xrange(0, aLen): codingState = self._mCodingSM.next_state(aBuf[i]) if codingState == eError: if constants._debug: diff --git a/extra/chardet/mbcharsetprober.py b/extra/chardet/mbcharsetprober.py index 4c0f928a4..09b035e02 100755 --- a/extra/chardet/mbcharsetprober.py +++ b/extra/chardet/mbcharsetprober.py @@ -51,7 +51,7 @@ class MultiByteCharSetProber(CharSetProber): def feed(self, aBuf): aLen = len(aBuf) - for i in range(0, aLen): + for i in xrange(0, aLen): codingState = self._mCodingSM.next_state(aBuf[i]) if codingState == eError: if constants._debug: diff --git a/extra/chardet/sjisprober.py b/extra/chardet/sjisprober.py index 75d970525..8f69f60be 100755 --- a/extra/chardet/sjisprober.py +++ b/extra/chardet/sjisprober.py @@ -50,7 +50,7 @@ class SJISProber(MultiByteCharSetProber): def feed(self, aBuf): aLen = len(aBuf) - for i in range(0, aLen): + for i in xrange(0, aLen): codingState = self._mCodingSM.next_state(aBuf[i]) if codingState == eError: if constants._debug: diff --git a/extra/chardet/utf8prober.py b/extra/chardet/utf8prober.py index c1792bb37..fec8548c8 100755 --- a/extra/chardet/utf8prober.py +++ b/extra/chardet/utf8prober.py @@ -69,7 +69,7 @@ class UTF8Prober(CharSetProber): def get_confidence(self): unlike = 0.99 if self._mNumOfMBChar < 6: - for i in range(0, self._mNumOfMBChar): + for i in xrange(0, self._mNumOfMBChar): unlike = unlike * ONE_CHAR_PROB return 1.0 - unlike else: diff --git a/extra/clientform/clientform.py b/extra/clientform/clientform.py index d2e68ca7e..80abc514a 100644 --- a/extra/clientform/clientform.py +++ b/extra/clientform/clientform.py @@ -384,7 +384,7 @@ class MimeWriter: # 2.2 urllib2 doesn't normalize header case self._http_hdrs.append((key.capitalize(), value)) else: - for i in range(1, len(lines)): + for i in xrange(1, len(lines)): lines[i] = " " + lines[i].strip() value = "\r\n".join(lines) + "\r\n" line = key.title() + ": " + value @@ -1129,7 +1129,7 @@ def _ParseFileEx(file, base_uri, forms, labels, id_to_labels, backwards_compat) form._urlparse = _urlparse form._urlunparse = _urlunparse - for ii in range(len(controls)): + for ii in xrange(len(controls)): type, name, attrs = controls[ii] # index=ii*10 allows ImageControl to return multiple ordered pairs form.new_control( @@ -2020,7 +2020,7 @@ class ListControl(Control): # always count nameless elements as separate controls Control.add_to_form(self, form) else: - for ii in range(len(form.controls)-1, -1, -1): + for ii in xrange(len(form.controls)-1, -1, -1): control = form.controls[ii] if control.name == self.name and control.type == self.type: if control._closed: @@ -2151,7 +2151,7 @@ class ListControl(Control): names[nn] = 1 for name, count in names.items(): on, off = self._get_items(name, count) - for i in range(count): + for i in xrange(count): if on: item = on[0] del on[0] @@ -2850,7 +2850,7 @@ class HTMLForm: control = klass(type, name, a, index) if type == "select" and len(attrs) == 1: - for ii in range(len(self.controls)-1, -1, -1): + for ii in xrange(len(self.controls)-1, -1, -1): ctl = self.controls[ii] if ctl.type == "select": ctl.close_control() @@ -3333,7 +3333,7 @@ class HTMLForm: control_index is the index of the control in self.controls """ pairs = [] - for control_index in range(len(self.controls)): + for control_index in xrange(len(self.controls)): control = self.controls[control_index] for ii, key, val in control._totally_ordered_pairs(): pairs.append((ii, key, val, control_index)) diff --git a/extra/fcrypt/fcrypt.py b/extra/fcrypt/fcrypt.py index d4f775c91..bd6c970ba 100644 --- a/extra/fcrypt/fcrypt.py +++ b/extra/fcrypt/fcrypt.py @@ -475,7 +475,7 @@ def _set_key(password): k = [0] * (_ITERATIONS * 2) - for i in range(_ITERATIONS): + for i in xrange(_ITERATIONS): # Only operates on top 28 bits. if shifts2[i]: c = (c >> 2) | (c << 26) @@ -513,9 +513,9 @@ def _body(ks, E0, E1): # Copy global variable into locals for loop. SP0, SP1, SP2, SP3, SP4, SP5, SP6, SP7 = _SPtrans - inner = range(0, _ITERATIONS*2, 2) + inner = xrange(0, _ITERATIONS*2, 2) l = r = 0 - for j in range(25): + for j in xrange(25): l,r = r,l for i in inner: t = r ^ ((r >> 16) & 0xffff) @@ -602,7 +602,7 @@ crypt supported by the OpenBSD C library. t2 >> 18 & 0x3f, t2 >> 12 & 0x3f, t2 >> 6 & 0x3f, t2 & 0x3f, t3 >> 18 & 0x3f, t3 >> 12 & 0x3f, t3 >> 6 & 0x3f ] # Convert to characters. - for i in range(len(r)): + for i in xrange(len(r)): r[i] = _cov_2char[r[i]] return salt[:2] + string.join(r, '') diff --git a/extra/mssqlsig/update.py b/extra/mssqlsig/update.py index 9908f7ae4..8715c6050 100644 --- a/extra/mssqlsig/update.py +++ b/extra/mssqlsig/update.py @@ -57,7 +57,7 @@ def updateMSSQLXML(): root = doc.createElement("root") doc.appendChild(root) - for index in range(0, releasesCount): + for index in xrange(0, releasesCount): release = releases[index] # Skip Microsoft SQL Server 6.5 because the HTML diff --git a/extra/pagerank/pagerank.py b/extra/pagerank/pagerank.py index 3dab36159..9b562b67d 100644 --- a/extra/pagerank/pagerank.py +++ b/extra/pagerank/pagerank.py @@ -23,16 +23,16 @@ def get_pagerank(url): rank = '0' return rank -def int_str(string, integer, factor): - for i in range(len(string)) : +def int_str(string_, integer, factor): + for i in xrange(len(string_)) : integer *= factor integer &= 0xFFFFFFFF - integer += ord(string[i]) + integer += ord(string_[i]) return integer -def hash_url(string): - c1 = int_str(string, 0x1505, 0x21) - c2 = int_str(string, 0, 0x1003F) +def hash_url(string_): + c1 = int_str(string_, 0x1505, 0x21) + c2 = int_str(string_, 0, 0x1003F) c1 >>= 2 c1 = ((c1 >> 4) & 0x3FFFFC0) | (c1 & 0x3F) diff --git a/extra/safe2bin/safe2bin.py b/extra/safe2bin/safe2bin.py index ff2ee07c0..8298255f8 100755 --- a/extra/safe2bin/safe2bin.py +++ b/extra/safe2bin/safe2bin.py @@ -40,7 +40,6 @@ def safecharencode(value): retVal = value if isinstance(value, basestring): - retVal = retVal.replace('\\', SLASH_MARKER) for char in SAFE_ENCODE_SLASH_REPLACEMENTS: diff --git a/lib/core/convert.py b/lib/core/convert.py index c396744cd..7f7711f16 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -152,6 +152,9 @@ def htmlescape(value): return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''').replace(' ', ' ') def htmlunescape(value): - retVal = value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(''', "'").replace(' ', ' ') - retVal = re.sub('&#(\d+);', lambda x: unichr(int(x.group(1))), retVal) + retVal = value + if value and isinstance(value, basestring): + if '&' in retVal: + retVal = retVal.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(' ', ' ') + retVal = re.sub('&#(\d+);', lambda x: unichr(int(x.group(1))), retVal) return retVal diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index ff6b05a66..dd426af06 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -1389,10 +1389,7 @@ class Enumeration: if not count: query = dumpNode.count % table - if blind: - count = inject.getValue(query, inband=False, error=False) - else: - count = inject.getValue(query, blind=False) + count = inject.getValue(query, inband=False, error=False) if blind else count = inject.getValue(query, blind=False) if count == "0": infoMsg = "table '%s' appears to be empty" % table @@ -1403,6 +1400,7 @@ class Enumeration: entries[column] = [] return entries, lengths + elif isNoneValue(count): return None diff --git a/tamper/space2dash.py b/tamper/space2dash.py index 5464a1eca..62b065d3c 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -43,7 +43,7 @@ def tamper(payload): if payload: for i in xrange(len(payload)): if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for x in range(random.randint(6, 12))) + randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) retVal += "--%s%%0A" % randomStr elif payload[i] == '#' or payload[i:i+3] == '-- ': retVal += payload[i:] diff --git a/tamper/space2hash.py b/tamper/space2hash.py index b717b2e58..f2f3b6f8a 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -46,7 +46,7 @@ def tamper(payload): if payload: for i in xrange(len(payload)): if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for x in range(random.randint(6, 12))) + randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) retVal += "%%23%s%%0A" % randomStr elif payload[i] == '#' or payload[i:i+3] == '-- ': retVal += payload[i:] diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index a94d80ab6..10f092a34 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -46,7 +46,7 @@ def tamper(payload): def process(match): word = match.group('word') - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for x in range(random.randint(6, 12))) + randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS: return match.group().replace(word, "%s%%23%s%%0A" % (word, randomStr)) @@ -60,7 +60,7 @@ def tamper(payload): for i in xrange(len(payload)): if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for x in range(random.randint(6, 12))) + randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) retVal += "%%23%s%%0A" % randomStr elif payload[i] == '#' or payload[i:i+3] == '-- ': retVal += payload[i:]