sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

slightly faster and thread safer inference

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-16 10:52:42 +00:00
parent fb166e9445
commit 71391874eb
7 changed files with 27 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/controller/checks.py
View File

@ -51,6 +51,7 @@ from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setDynamicMarkings from lib.core.session import setDynamicMarkings
from lib.core.settings import CONSTANT_RATIO from lib.core.settings import CONSTANT_RATIO
from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.threads import getCurrentThreadData
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.templates import getPageTemplate from lib.request.templates import getPageTemplate
@ -595,11 +596,12 @@ def checkDynamicContent(firstPage, secondPage):
logger.debug(debugMsg) logger.debug(debugMsg)
return return
conf.seqMatcher.set_seq1(firstPage) seqMatcher = getCurrentThreadData().seqMatcher
conf.seqMatcher.set_seq2(secondPage) seqMatcher.set_seq1(firstPage)
seqMatcher.set_seq2(secondPage)
# In case of an intolerable difference turn on dynamicity removal engine # In case of an intolerable difference turn on dynamicity removal engine
if conf.seqMatcher.quick_ratio() <= UPPER_RATIO_BOUND: if seqMatcher.quick_ratio() <= UPPER_RATIO_BOUND:
findDynamicContent(firstPage, secondPage) findDynamicContent(firstPage, secondPage)
count = 0 count = 0

7
lib/core/common.py
View File

@ -2080,10 +2080,11 @@ def getComparePageRatio(firstPage, secondPage, filtered=False):
if filtered: if filtered:
(firstPage, secondPage) = map(getFilteredPageContent, (firstPage, secondPage)) (firstPage, secondPage) = map(getFilteredPageContent, (firstPage, secondPage))
conf.seqMatcher.set_seq1(firstPage) seqMatcher = getCurrentThreadData().seqMatcher
conf.seqMatcher.set_seq2(secondPage) seqMatcher.set_seq1(firstPage)
seqMatcher.set_seq2(secondPage)
return conf.seqMatcher.quick_ratio() return seqMatcher.quick_ratio()
def openFile(filename, mode='r'): def openFile(filename, mode='r'):
""" """

3
lib/core/option.py
View File

@ -1077,8 +1077,6 @@ def __setConfAttributes():
conf.port = None conf.port = None
conf.redirectHandled = False conf.redirectHandled = False
conf.scheme = None conf.scheme = None
#conf.seqMatcher = difflib.SequenceMatcher(lambda x: x in " \t")
conf.seqMatcher = difflib.SequenceMatcher(None)
conf.sessionFP = None conf.sessionFP = None
conf.start = True conf.start = True
conf.tests = [] conf.tests = []
@ -1135,7 +1133,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.locks = advancedDict() kb.locks = advancedDict()
kb.locks.cacheLock = threading.Lock() kb.locks.cacheLock = threading.Lock()
kb.locks.logLock = threading.Lock() kb.locks.logLock = threading.Lock()
kb.locks.seqLock = None
kb.matchRatio = None kb.matchRatio = None
kb.nullConnection = None kb.nullConnection = None

2
lib/core/threads.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import difflib
import threading import threading
from lib.core.data import kb from lib.core.data import kb
@ -22,6 +23,7 @@ class ThreadData():
self.lastHTTPError = None self.lastHTTPError = None
self.lastQueryDuration = 0 self.lastQueryDuration = 0
self.lastRequestUID = 0 self.lastRequestUID = 0
self.seqMatcher = difflib.SequenceMatcher(None)
self.valueStack = [] self.valueStack = []
def getCurrentThreadUID(): def getCurrentThreadUID():

21
lib/request/comparison.py
View File

@ -22,13 +22,16 @@ from lib.core.settings import CONSTANT_RATIO
from lib.core.settings import DIFF_TOLERANCE from lib.core.settings import DIFF_TOLERANCE
from lib.core.settings import LOWER_RATIO_BOUND from lib.core.settings import LOWER_RATIO_BOUND
from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.threads import getCurrentThreadData
def comparison(page, getSeqMatcher=False, pageLength=None): def comparison(page, getSeqMatcher=False, pageLength=None):
if page is None and pageLength is None: if page is None and pageLength is None:
return None return None
regExpResults = None regExpResults = None
conf.seqMatcher.set_seq1(kb.pageTemplate)
seqMatcher = getCurrentThreadData().seqMatcher
seqMatcher.set_seq1(kb.pageTemplate)
if page: if page:
# String to be excluded before calculating page hash # String to be excluded before calculating page hash
@ -66,28 +69,22 @@ def comparison(page, getSeqMatcher=False, pageLength=None):
# Dynamic content lines to be excluded before comparison # Dynamic content lines to be excluded before comparison
if not kb.nullConnection: if not kb.nullConnection:
page = removeDynamicContent(page) page = removeDynamicContent(page)
conf.seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate)) seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate))
if not pageLength: if not pageLength:
pageLength = len(page) pageLength = len(page)
if kb.locks.seqLock:
kb.locks.seqLock.acquire()
if conf.textOnly: if conf.textOnly:
(conf.seqMatcher.a, page) = map(getFilteredPageContent, (conf.seqMatcher.a, page)) (seqMatcher.a, page) = map(getFilteredPageContent, (seqMatcher.a, page))
if not conf.eRegexp and not conf.eString and kb.nullConnection and pageLength: if not conf.eRegexp and not conf.eString and kb.nullConnection and pageLength:
ratio = 1. * pageLength / len(conf.seqMatcher.a) ratio = 1. * pageLength / len(seqMatcher.a)
if ratio > 1.: if ratio > 1.:
ratio = 1. / ratio ratio = 1. / ratio
else: else:
conf.seqMatcher.set_seq2(page) seqMatcher.set_seq2(page)
ratio = round(conf.seqMatcher.quick_ratio(), 3) ratio = round(seqMatcher.quick_ratio(), 3)
if kb.locks.seqLock:
kb.locks.seqLock.release()
# If the url is stable and we did not set yet the match ratio and the # If the url is stable and we did not set yet the match ratio and the
# current injected value changes the url page content # current injected value changes the url page content

3
lib/techniques/blind/inference.py
View File

@ -257,7 +257,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
idxlock = threading.Lock() idxlock = threading.Lock()
iolock = threading.Lock() iolock = threading.Lock()
valuelock = threading.Lock() valuelock = threading.Lock()
kb.locks.seqLock = threading.Lock()
kb.threadContinue = True kb.threadContinue = True
def downloadThread(): def downloadThread():
@ -404,8 +403,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if conf.verbose in (1, 2) and not showEta and infoMsg: if conf.verbose in (1, 2) and not showEta and infoMsg:
dataToStdout(infoMsg) dataToStdout(infoMsg)
kb.locks.seqLock = None
# No multi-threading (--threads = 1) # No multi-threading (--threads = 1)
else: else:
index = firstChar index = firstChar

4
lib/techniques/brute/use.py
View File

@ -54,7 +54,6 @@ def tableExists(tableFile, regex=None):
threads = [] threads = []
tbllock = threading.Lock() tbllock = threading.Lock()
iolock = threading.Lock() iolock = threading.Lock()
kb.locks.seqLock = threading.Lock()
kb.threadContinue = True kb.threadContinue = True
kb.suppressSession = True kb.suppressSession = True
@ -130,7 +129,6 @@ def tableExists(tableFile, regex=None):
except KeyboardInterrupt: except KeyboardInterrupt:
raise sqlmapThreadException, "user aborted" raise sqlmapThreadException, "user aborted"
finally: finally:
kb.locks.seqLock = None
kb.threadContinue = True kb.threadContinue = True
kb.threadException = False kb.threadException = False
kb.suppressSession = False kb.suppressSession = False
@ -172,7 +170,6 @@ def columnExists(columnFile, regex=None):
threads = [] threads = []
collock = threading.Lock() collock = threading.Lock()
iolock = threading.Lock() iolock = threading.Lock()
kb.locks.seqLock = threading.Lock()
kb.threadContinue = True kb.threadContinue = True
kb.suppressSession = True kb.suppressSession = True
@ -239,7 +236,6 @@ def columnExists(columnFile, regex=None):
except KeyboardInterrupt: except KeyboardInterrupt:
raise sqlmapThreadException, "user aborted" raise sqlmapThreadException, "user aborted"
finally: finally:
kb.locks.seqLock = None
kb.threadContinue = True kb.threadContinue = True
kb.threadException = False kb.threadException = False
kb.suppressSession = False kb.suppressSession = False