Merge branch 'sqlmapproject:master' into add-doris-support

2025-09-20 11:02:27 +03:00 · 2025-08-22 10:49:46 +08:00 · 2025-08-22 10:49:46 +08:00 · 70ae4236de
commit 70ae4236de
parent e342e7f37d 8f75402c3c
7 changed files with 31 additions and 15 deletions
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@ -181,14 +181,14 @@ c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35  lib/core/log.py
 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3  lib/core/optiondict.py
-3ca1a6759c196aa104130af0ed47826cd01009beaa3fa836a25faabfec7dd18e  lib/core/option.py
+d33dbc25635e2ae42c70e5997f28097143966279adfbf98e95b0d09ad4976e88  lib/core/option.py
 fd449fe2c707ce06c929fc164cbabb3342f3e4e2b86c06f3efc1fc09ac98a25a  lib/core/patch.py
 85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d  lib/core/profiling.py
 c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readlineng.py
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-d427603d8f6127013c3731eb364dfb0cc3fad15b2811125f823df77dea868357  lib/core/settings.py
+4fab6746c97b59ad9eb881b7ddd4cead55975f9611261a2cb2965177389f4a82  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
@ -199,7 +199,7 @@ f7245b99c17ef88cd9a626ca09c0882a5e172bb10a38a5dec9d08da6c8e2d076  lib/core/updat
 cba481f8c79f4a75bd147b9eb5a1e6e61d70422fceadd12494b1dbaa4f1d27f4  lib/core/wordlist.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/__init__.py
 7d1d3e07a1f088428d155c0e1b28e67ecbf5f62775bdeeeb11b4388369dce0f7  lib/parse/banner.py
-d361e472853d18f5bf760efc8fb63285354971f77ce97518b8bb17be63e534f1  lib/parse/cmdline.py
+c6d1527a26014b58b8a78afb851485227b86798e36551e9ac347522ef89d7a99  lib/parse/cmdline.py
 f1ad73b6368730b8b8bc2e28b3305445d2b954041717619bede421ccc4381625  lib/parse/configfile.py
 a96b7093f30b3bf774f5cc7a622867472d64a2ae8b374b43786d155cf6203093  lib/parse/handler.py
 cfd4857ce17e0a2da312c18dcff28aefaa411f419b4e383b202601c42de40eec  lib/parse/headers.py
@ -214,7 +214,7 @@ c56a2c170507861403e0ddebd68a111bcf3a5f5fddc7334a9de4ecd572fdcc2f  lib/request/co
 cfa172dbc459a3250db7fbaadb62b282b62d56b4f290c585d3abec01597fcd40  lib/request/connect.py
 a890be5dee3fb4f5cb8b5f35984017a5c172d587722cf0c690bf50e338deebfa  lib/request/direct.py
 a53fa3513431330ce1725a90e7e3d20f223e14605d699e1f66b41625f04439c7  lib/request/dns.py
-685b3e9855c65af3f4516b4cac1d2591bd9d653246d02b08bffa94b706115fa9  lib/request/httpshandler.py
+1e76136b68743c5b25e2d8362a57c92f736d427a76b537fe07a71eeef69cdcae  lib/request/httpshandler.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/request/__init__.py
 fcab35db1da4ac11d8c5b8291f9c87b8d7bb073c460c438374bc5a71ce5c65a6  lib/request/inject.py
 03490bed87a54bf6c42a33ac1a66f7f8504c2398534a211e7e9306f408cd506a  lib/request/methodrequest.py
@ -246,7 +246,7 @@ af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16  lib/utils/brut
 828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55  lib/utils/crawler.py
 56b93ba38f127929346f54aa75af0db5f46f9502b16acfe0d674a209de6cad2d  lib/utils/deps.py
 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437  lib/utils/getch.py
-e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636  lib/utils/har.py
+4979120bbbc030eaef97147ee9d7d564d9683989059b59be317153cdaa23d85b  lib/utils/har.py
 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d  lib/utils/hashdb.py
 d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f  lib/utils/hash.py
 ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543  lib/utils/httpd.py
@ -476,7 +476,7 @@ ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e  plugins/generi
 f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697  README.md
 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
-c43cc0dd5b4026083ad420c04705a031504aa503cc99ab2236010c4cbd472d39  sqlmap.conf
+a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9  sqlmap.conf
 822b706e791eba9b994b08e7600a3adfc3843d360437edfa0bfd588a1f58a13c  sqlmap.py
 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a  tamper/0eunion.py
 bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460  tamper/apostrophemask.py
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1129,13 +1129,17 @@ def _setHTTPHandlers():
                errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, getSafeExString(ex))
                raise SqlmapSyntaxException(errMsg)

-            hostnamePort = _.netloc.rsplit(":", 1)
+            match = re.search(r"\A([^:]*):([^:]*)@([^@]+)\Z", _.netloc)
+            if match:
+                username, password = match.group(1), match.group(2)
+            else:
+                username, password = None, None
+
+            hostnamePort = _.netloc.rsplit('@', 1)[-1].rsplit(":", 1)

            scheme = _.scheme.upper()
            hostname = hostnamePort[0]
            port = None
-            username = None
-            password = None

            if len(hostnamePort) == 2:
                try:
@ -2517,7 +2521,7 @@ def _setTorSocksProxySettings():
    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port)
    socks.wrapmodule(_http_client)

-def _setHttpChunked():
+def _setHttpOptions():
    if conf.chunked and conf.data:
        if hasattr(_http_client.HTTPConnection, "_set_content_length"):
            _http_client.HTTPConnection._set_content_length = lambda self, *args, **kwargs: None
@ -2531,7 +2535,10 @@ def _setHttpChunked():

            _http_client.HTTPConnection.putheader = putheader

-def _checkWebSocket():
+    if conf.http10:
+        _http_client.HTTPConnection._http_vsn = 10
+        _http_client.HTTPConnection._http_vsn_str = 'HTTP/1.0'
+
    if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")):
        try:
            from websocket import ABNF
@ -2918,8 +2925,7 @@ def init():
    _setPostprocessFunctions()
    _setTrafficOutputFP()
    _setupHTTPCollector()
-    _setHttpChunked()
-    _checkWebSocket()
+    _setHttpOptions()

    parseTargetDirect()

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.8.4"
+VERSION = "1.9.8.8"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -177,6 +177,9 @@ def cmdLineParser(argv=None):
        request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true",
            help="Ignore Set-Cookie header from response")

+        request.add_argument("--http1.0", dest="http10", action="store_true",
+            help="Use HTTP version 1.0 (old)")
+
        request.add_argument("--http2", dest="http2", action="store_true",
            help="Use HTTP version 2 (experimental)")

--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@ -92,7 +92,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                        break
                    else:
                        sock.close()
-                except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:
+                except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex:
                    self._tunnel_host = None
                    logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))

--- a/lib/utils/har.py
+++ b/lib/utils/har.py
@ -162,6 +162,9 @@ class Response(object):
        response = _http_client.HTTPResponse(FakeSocket(altered))
        response.begin()

+        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5942
+        response.length = len(raw[raw.find(b"\r\n\r\n") + 4:])
+
        try:
            content = response.read()
        except _http_client.IncompleteRead:
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -61,6 +61,10 @@ loadCookies =
 # Valid: True or False
 dropSetCookie = False

+# Use HTTP version 1.0 (old).
+# Valid: True or False
+http10 = False
+
 # Use HTTP version 2 (experimental).
 # Valid: True or False
 http2 = False