Minor refactoring

2024-11-21 17:16:35 +03:00 · 2018-02-08 16:49:16 +01:00 · 2018-02-08 16:49:16 +01:00 · 56a4e507e8
commit 56a4e507e8
parent 5b99180ffe
20 changed files with 53 additions and 40 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -24,7 +24,6 @@ Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md)
 In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:

 * Each patch should make one logical change.
-* Wrap code to 76 columns when possible.
 * Avoid tabbing, use four blank spaces instead.
 * Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org).
 * Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.2.5"
+VERSION = "1.2.2.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/tamper/appendnullbyte.py
+++ b/tamper/appendnullbyte.py
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.LOWEST

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ACCESS))

 def tamper(payload, **kwargs):
    """
--- a/tamper/base64encode.py
+++ b/tamper/base64encode.py
@ -10,7 +10,7 @@ import base64
 from lib.core.enums import PRIORITY
 from lib.core.settings import UNICODE_ENCODING

-__priority__ = PRIORITY.LOWEST
+__priority__ = PRIORITY.LOW

 def dependencies():
    pass
--- a/tamper/bluecoat.py
+++ b/tamper/bluecoat.py
@ -18,7 +18,7 @@ def dependencies():
 def tamper(payload, **kwargs):
    """
    Replaces space character after SQL statement with a valid random blank character.
-    Afterwards replace character = with LIKE operator
+    Afterwards replace character '=' with operator LIKE

    Requirement:
        * Blue Coat SGOS with WAF activated as documented in
--- a/tamper/charunicodeescape.py
+++ b/tamper/charunicodeescape.py
@ -9,7 +9,7 @@ import string

 from lib.core.enums import PRIORITY

-__priority__ = PRIORITY.LOWEST
+__priority__ = PRIORITY.NORMAL

 def tamper(payload, **kwargs):
    """
--- a/tamper/commalesslimit.py
+++ b/tamper/commalesslimit.py
@ -7,12 +7,14 @@ See the file 'LICENSE' for copying permission

 import re

+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGH

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))

 def tamper(payload, **kwargs):
    """
--- a/tamper/commalessmid.py
+++ b/tamper/commalessmid.py
@ -9,12 +9,13 @@ import os
 import re

 from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGH

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))

 def tamper(payload, **kwargs):
    """
--- a/tamper/commentbeforeparentheses.py
+++ b/tamper/commentbeforeparentheses.py
@ -9,7 +9,7 @@ import re

 from lib.core.enums import PRIORITY

-__priority__ = PRIORITY.LOW
+__priority__ = PRIORITY.NORMAL

 def dependencies():
    pass
--- a/tamper/concat2concatws.py
+++ b/tamper/concat2concatws.py
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGHEST

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))

 def tamper(payload, **kwargs):
    """
--- a/tamper/escapequotes.py
+++ b/tamper/escapequotes.py
@ -7,7 +7,7 @@ See the file 'LICENSE' for copying permission

 from lib.core.enums import PRIORITY

-__priority__ = PRIORITY.LOWEST
+__priority__ = PRIORITY.NORMAL

 def dependencies():
    pass
--- a/tamper/informationschemacomment.py
+++ b/tamper/informationschemacomment.py
@ -9,7 +9,7 @@ import re

 from lib.core.enums import PRIORITY

-__priority__ = PRIORITY.LOW
+__priority__ = PRIORITY.NORMAL

 def tamper(payload, **kwargs):
    """
--- a/tamper/lowercase.py
+++ b/tamper/lowercase.py
@ -28,7 +28,6 @@ def tamper(payload, **kwargs):
    Notes:
        * Useful to bypass very weak and bespoke web application firewalls
          that has poorly written permissive regular expressions
-        * This tamper script should work against all (?) databases

    >>> tamper('INSERT')
    'insert'
@ -37,7 +36,7 @@ def tamper(payload, **kwargs):
    retVal = payload

    if payload:
-        for match in re.finditer(r"[A-Za-z_]+", retVal):
+        for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
            word = match.group()

            if word.upper() in kb.keywords:
--- a/tamper/modsecurityversioned.py
+++ b/tamper/modsecurityversioned.py
@ -6,12 +6,14 @@ See the file 'LICENSE' for copying permission
 """

 from lib.core.common import randomInt
+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGHER

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))

 def tamper(payload, **kwargs):
    """
--- a/tamper/modsecurityzeroversioned.py
+++ b/tamper/modsecurityzeroversioned.py
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGHER

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))

 def tamper(payload, **kwargs):
    """
--- a/tamper/multiplespaces.py
+++ b/tamper/multiplespaces.py
@ -36,7 +36,7 @@ def tamper(payload, **kwargs):
    if payload:
        words = set()

-        for match in re.finditer(r"[A-Za-z_]+", payload):
+        for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
            word = match.group()

            if word.upper() in kb.keywords:
--- a/tamper/plus2concat.py
+++ b/tamper/plus2concat.py
@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission

 import re

+from lib.core.common import singleTimeWarnMessage
 from lib.core.common import zeroDepthSearch
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGHEST

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))

 def tamper(payload, **kwargs):
    """
@ -58,7 +60,7 @@ def tamper(payload, **kwargs):

                retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
            else:
-                match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
+                match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
                if match:
                    part = match.group(0)
                    indexes = set(zeroDepthSearch(match.group(1), '+'))
--- a/tamper/plus2fnconcat.py
+++ b/tamper/plus2fnconcat.py
@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission

 import re

+from lib.core.common import singleTimeWarnMessage
 from lib.core.common import zeroDepthSearch
+from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGHEST

 def dependencies():
-    pass
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))

 def tamper(payload, **kwargs):
    """
@ -64,7 +66,7 @@ def tamper(payload, **kwargs):

                retVal = "%s%s%s)}%s" % (retVal[:start], "{fn CONCAT(" * count, ''.join(chars)[start:end].replace('\x01', ")},"), retVal[end:])
            else:
-                match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
+                match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
                if match:
                    part = match.group(0)
                    indexes = set(zeroDepthSearch(match.group(1), '+'))
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@ -40,7 +40,7 @@ def tamper(payload, **kwargs):
    retVal = payload

    if payload:
-        for match in re.finditer(r"[A-Za-z_]+", retVal):
+        for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
            word = match.group()

            if word.upper() in kb.keywords:
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a  lib/core/readlineng.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-15c5a15fc1c24170aff99c32d2bae75d  lib/core/settings.py
+99f9e29606ab1c3f48c822c77d1dc18b  lib/core/settings.py
 d0adc28a38e43a787df4471f7f027413  lib/core/shell.py
 63491be462c515a1a3880c27c2acc4a2  lib/core/subprocessng.py
 505aaa61e1bba3c3d4567c3e667699e3  lib/core/target.py
@ -227,39 +227,39 @@ c3cc8b7727161e64ab59f312c33b541a  shell/stagers/stager.aspx_
 3e2e790c370442c3d98eaa88a3523b15  sqlmap.py
 4c3b8a7daa4bff52e01d4168be0eedbe  tamper/apostrophemask.py
 4115a55b8aba464723d645b7d3156b6e  tamper/apostrophenullencode.py
-4b1024cecb00f13a4e1be78391e9cedb  tamper/appendnullbyte.py
-84e6ad0010ed1d9a326d51b493116256  tamper/base64encode.py
+5be6e24825d34437512b9021f35ee026  tamper/appendnullbyte.py
+0298d81e9dfac7ff18a5236c0f1d84b6  tamper/base64encode.py
 55e9fbe57967e57a05a8ca77c312dc70  tamper/between.py
-f942ad818d3e26ec34f0d15ca8b84207  tamper/bluecoat.py
+e1d2329adc6ca89828a2eaec2951806c  tamper/bluecoat.py
 e3cdf13caedb4682bee3ff8fac103606  tamper/chardoubleencode.py
 3b2f68476fbcf8223199e8dd4ec14b64  tamper/charencode.py
 b502023ac6c48e49e652ba524b8e18cc  tamper/charunicodeencode.py
-8bc697b143bba852b459806fcfaa5422  tamper/charunicodeescape.py
-9e9719d822afab818d6a8a42351baa40  tamper/commalesslimit.py
-7f0110c706aca9cd090c0371e6d1a4cb  tamper/commalessmid.py
-8070799415795bd6f23d11d02b99fbe9  tamper/commentbeforeparentheses.py
-6498568524665729cb04a41c5f67f975  tamper/concat2concatws.py
+2c2b38974dc773568de7e7d771d7042c  tamper/charunicodeescape.py
+763aa317d43909a51dd4c2f36834718d  tamper/commalesslimit.py
+211bb8fa36a6ecb42b719c951c362851  tamper/commalessmid.py
+19acfde79c9a2d8458e15182f5b73d71  tamper/commentbeforeparentheses.py
+61f895acaaf3dea78e237bdf5fe30a81  tamper/concat2concatws.py
 dcdc433fe946f1b9005bcd427a951dd6  tamper/equaltolike.py
-0a61e7b57ad593202b8449601e757f16  tamper/escapequotes.py
+06df880df5d8749963f5562f60fd1637  tamper/escapequotes.py
 4393cc5220d2e39c5c9c5a9af4e2635d  tamper/greatest.py
 25ec62158d3e289bda8a04c8b65686ba  tamper/halfversionedmorekeywords.py
 9d8c350cbb90d4b21ec9c9db184a213a  tamper/htmlencode.py
 838212f289632526777b7224bf8aacf9  tamper/ifnull2casewhenisnull.py
 e2c2b6a67546b36983a72f129a817ec0  tamper/ifnull2ifisnull.py
-2416ff8e020fc2db29a580f55dcb6fb1  tamper/informationschemacomment.py
+91c92ee203e7e619cb547643883924ca  tamper/informationschemacomment.py
 1e5532ede194ac9c083891c2f02bca93  tamper/__init__.py
 2dc49bcd6c55f4e2322b07fa92685356  tamper/least.py
-22a740e6fbcb8cc3ada430e3fb1be05f  tamper/lowercase.py
-e44163d21e055805b5e55667e72f5978  tamper/modsecurityversioned.py
-f83a11d594fad3ed3291074c7b37b281  tamper/modsecurityzeroversioned.py
-abd6490408551a8c8226a32fbc2b5345  tamper/multiplespaces.py
+1834b5409c449d2ea1b70a5038fed9eb  tamper/lowercase.py
+b7e892fc185927c7eb4a604f87b8b6c1  tamper/modsecurityversioned.py
+a15ae5a795661fe992bb476346d54794  tamper/modsecurityzeroversioned.py
+b4cadf2ddcdc0598c9a3bf24521a2fa1  tamper/multiplespaces.py
 be757e4c9a6fb36af7b9a8c444fddb05  tamper/nonrecursivereplacement.py
 e298e486c06bb39d81f10d61a5c4ceec  tamper/overlongutf8more.py
 b9f698556f8333d9fa6eadaab44a77ab  tamper/overlongutf8.py
 bc0363e4fc04240c9f7b81e4ecce0714  tamper/percentage.py
-4fa8b6c0e7573e395330bb6a405abbaf  tamper/plus2concat.py
-5b947c6cd78eab22ee53f5f534c532d3  tamper/plus2fnconcat.py
-44fd1c13a7dd6ae792f11afb28976480  tamper/randomcase.py
+b30240804cce482b6ab77714508de89c  tamper/plus2concat.py
+a8f4a85be6e98b53060b066cd18eed15  tamper/plus2fnconcat.py
+e94a1c7e4dc7450ac224436269d823bb  tamper/randomcase.py
 6368a971a80b1acbbbc6b76616bd96b9  tamper/randomcomments.py
 48228322d40d97016b05e408c5234634  tamper/securesphere.py
 cac8a56f8cc6c14524ee392daa5ae2fd  tamper/space2comment.py