Another update for #5295

This commit is contained in:
Miroslav Stampar 2023-01-24 12:00:23 +01:00
parent a7b59243e2
commit 6336389322
6 changed files with 31 additions and 4 deletions

View File

@ -1696,11 +1696,20 @@ def _cleanupOptions():
try: try:
conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)] conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)]
except ValueError: except ValueError:
errMsg = "options '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD errMsg = "option '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
else: else:
conf.ignoreCode = [] conf.ignoreCode = []
if conf.abortCode:
try:
conf.abortCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.abortCode)]
except ValueError:
errMsg = "option '--abort-code' should contain a list of integer values"
raise SqlmapSyntaxException(errMsg)
else:
conf.abortCode = []
if conf.paramFilter: if conf.paramFilter:
conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())] conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())]
else: else:

View File

@ -39,6 +39,7 @@ optDict = {
"authType": "string", "authType": "string",
"authCred": "string", "authCred": "string",
"authFile": "string", "authFile": "string",
"abortCode": "string",
"ignoreCode": "string", "ignoreCode": "string",
"ignoreProxy": "boolean", "ignoreProxy": "boolean",
"ignoreRedirects": "boolean", "ignoreRedirects": "boolean",

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.7.1.9" VERSION = "1.7.1.10"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -201,8 +201,11 @@ def cmdLineParser(argv=None):
request.add_argument("--auth-file", dest="authFile", request.add_argument("--auth-file", dest="authFile",
help="HTTP authentication PEM cert/private key file") help="HTTP authentication PEM cert/private key file")
request.add_argument("--abort-code", dest="abortCode",
help="Abort on (problematic) HTTP error code(s) (e.g. 401)")
request.add_argument("--ignore-code", dest="ignoreCode", request.add_argument("--ignore-code", dest="ignoreCode",
help="Ignore (problematic) HTTP error code (e.g. 401)") help="Ignore (problematic) HTTP error code(s) (e.g. 401)")
request.add_argument("--ignore-proxy", dest="ignoreProxy", action="store_true", request.add_argument("--ignore-proxy", dest="ignoreProxy", action="store_true",
help="Ignore system default proxy settings") help="Ignore system default proxy settings")

View File

@ -767,6 +767,11 @@ class Connect(object):
if not multipart: if not multipart:
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
if code in conf.abortCode:
errMsg = "aborting due to detected HTTP code '%d'" % code
singleTimeLogMessage(errMsg, logging.CRITICAL)
raise SystemExit
if ex.code not in (conf.ignoreCode or []): if ex.code not in (conf.ignoreCode or []):
if ex.code == _http_client.UNAUTHORIZED: if ex.code == _http_client.UNAUTHORIZED:
errMsg = "not authorized, try to provide right HTTP " errMsg = "not authorized, try to provide right HTTP "
@ -921,6 +926,11 @@ class Connect(object):
errMsg += "function '%s' ('%s')" % (function.__name__, getSafeExString(ex)) errMsg += "function '%s' ('%s')" % (function.__name__, getSafeExString(ex))
raise SqlmapGenericException(errMsg) raise SqlmapGenericException(errMsg)
if code in conf.abortCode:
errMsg = "aborting due to detected HTTP code '%d'" % code
singleTimeLogMessage(errMsg, logging.CRITICAL)
raise SystemExit
threadData.lastPage = page threadData.lastPage = page
threadData.lastCode = code threadData.lastCode = code

View File

@ -101,8 +101,12 @@ authCred =
# Syntax: key_file # Syntax: key_file
authFile = authFile =
# Abort on (problematic) HTTP error code (e.g. 401).
# Valid: string
abortCode =
# Ignore (problematic) HTTP error code (e.g. 401). # Ignore (problematic) HTTP error code (e.g. 401).
# Valid: integer # Valid: string
ignoreCode = ignoreCode =
# Ignore system default proxy settings. # Ignore system default proxy settings.