From 63073a18735cebd12135444bbe0c1c5c00a57c1e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 8 Jun 2021 21:48:43 +0200 Subject: [PATCH] 15% speedup in some cases (avoiding heuristic char detection) --- lib/core/settings.py | 6 +++++- lib/request/basic.py | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7d0b44374..74ccfa881 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -16,10 +16,11 @@ import time from lib.core.enums import DBMS from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS +from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.6.0" +VERSION = "1.5.6.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -906,6 +907,9 @@ KB_CHARS_BOUNDARY_CHAR = 'q' # Letters of lower frequency used in kb.chars KB_CHARS_LOW_FREQUENCY_ALPHABET = "zqxjkvbp" +# Printable bytes +PRINTABLE_BYTES = set(bytes(string.printable, "ascii") if six.PY3 else string.printable) + # SQL keywords used for splitting in HTTP chunked transfer encoded requests (switch --chunk) HTTP_CHUNKED_SPLIT_KEYWORDS = ("SELECT", "UPDATE", "INSERT", "FROM", "LOAD_FILE", "UNION", "information_schema", "sysdatabases", "msysaccessobjects", "msysqueries", "sysmodules") diff --git a/lib/request/basic.py b/lib/request/basic.py index 13a7db752..2ded16330 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -48,6 +48,7 @@ from lib.core.settings import IDENTYWAF_PARSE_LIMIT from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE from lib.core.settings import META_CHARSET_REGEX from lib.core.settings import PARSE_HEADERS_LIMIT +from lib.core.settings import PRINTABLE_BYTES from lib.core.settings import SELECT_FROM_TABLE_REGEX from lib.core.settings import UNICODE_ENCODING from lib.core.settings import VIEWSTATE_REGEX @@ -324,7 +325,7 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True): metaCharset = checkCharEncoding(extractRegexResult(META_CHARSET_REGEX, page)) - if (any((httpCharset, metaCharset)) and not all((httpCharset, metaCharset))) or (httpCharset == metaCharset and all((httpCharset, metaCharset))): + if (any((httpCharset, metaCharset)) and (not all((httpCharset, metaCharset)) or isinstance(page, six.binary_type) and all(_ in PRINTABLE_BYTES for _ in page))) or (httpCharset == metaCharset and all((httpCharset, metaCharset))): kb.pageEncoding = httpCharset or metaCharset # Reference: http://bytes.com/topic/html-css/answers/154758-http-equiv-vs-true-header-has-precedence debugMsg = "declared web page charset '%s'" % kb.pageEncoding singleTimeLogMessage(debugMsg, logging.DEBUG, debugMsg)