sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

added maskSensitiveData function

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-02 14:25:16 +00:00
parent 5f0114a2a8
commit 6c87bd1c63
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/core/common.py
View File

@ -83,6 +83,7 @@ from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import TIME_DEFAULT_DELAY
from lib.core.settings import TIME_STDEV_COEFF
from lib.core.settings import DYNAMICITY_MARK_LENGTH
from lib.core.settings import SENSITIVE_DATA_REGEX
from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.core.threads import getCurrentThreadData
@ -2297,10 +2298,26 @@ def unhandledExceptionMessage():
errMsg += "sqlmap version: %s%s\n" % (VERSION, " (r%d)" % REVISION if REVISION else "")
errMsg += "Python version: %s\n" % PYVERSION
errMsg += "Operating system: %s\n" % PLATFORM
errMsg += "Command line: %s\n" % " ".join(arg.replace(conf.hostname, "*"*len(conf.hostname)) for arg in sys.argv)
errMsg += "Command line: %s\n" % " ".join(sys.argv)
errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.technique else None)
errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
return errMsg
return maskSensitiveData(errMsg)
def maskSensitiveData(msg):
"""
Masks sensitive data in the supplied message
"""
retVal = msg
if retVal:
for item in filter(lambda x: x, [conf.hostname, conf.googleDork]):
regex = SENSITIVE_DATA_REGEX % item
while extractRegexResult(regex, retVal):
value = extractRegexResult(regex, retVal)
retVal = retVal.replace(value, '*'*len(value))
return retVal
def listToStrValue(value):
"""

3
lib/core/settings.py
View File

@ -227,5 +227,8 @@ URI_HTTP_HEADER = "URI"
# Uri format which could be injectable (e.g. www.site.com/id82)
URI_INJECTABLE_REGEX = r".*/([^\.*?]+)\Z"
# Regex used for masking sensitive data
SENSITIVE_DATA_REGEX = "\s(?P<result>[^\s]*%s[^\s]*)\s"
# Maximum number of threads (avoiding connection issues and/or DoS)
MAX_NUMBER_OF_THREADS = 10