Minor patches

lib/core/common.py

@@ -1676,32 +1676,32 @@ def getCharset(charsetType=None):
 
     # Binary
     elif charsetType == CHARSET_TYPE.BINARY:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
         asciiTbl.extend(xrange(47, 50))
 
     # Digits
     elif charsetType == CHARSET_TYPE.DIGITS:
-        asciiTbl.extend([0, 9])
+        asciiTbl.extend((0, 9))
         asciiTbl.extend(xrange(47, 58))
 
     # Hexadecimal
     elif charsetType == CHARSET_TYPE.HEXADECIMAL:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
         asciiTbl.extend(xrange(47, 58))
         asciiTbl.extend(xrange(64, 71))
-        asciiTbl.extend([87, 88])  # X
+        asciiTbl.extend((87, 88))  # X
         asciiTbl.extend(xrange(96, 103))
-        asciiTbl.extend([119, 120])  # x
+        asciiTbl.extend((119, 120))  # x
 
     # Characters
     elif charsetType == CHARSET_TYPE.ALPHA:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
         asciiTbl.extend(xrange(64, 91))
         asciiTbl.extend(xrange(96, 123))
 
     # Characters and digits
     elif charsetType == CHARSET_TYPE.ALPHANUM:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
         asciiTbl.extend(xrange(47, 58))
         asciiTbl.extend(xrange(64, 91))
         asciiTbl.extend(xrange(96, 123))
@@ -3455,7 +3455,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
     retVal = content
 
     try:
-        if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
+        if all((content, payload)) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
             def _(value):
                 while 2 * REFLECTED_REPLACEMENT_REGEX in value:
                     value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
@@ -3880,6 +3880,8 @@ def isAdminFromPrivileges(privileges):
     Inspects privileges to see if those are coming from an admin user
     """
 
+    privileges = privileges or []
+
     # In PostgreSQL the usesuper privilege means that the
     # user is DBA
     retVal = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges)
@@ -3930,10 +3932,12 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
     except (UnicodeError, ValueError):
         pass
     except ParseError:
-        if "<html" in (content or ""):
+        if re.search(r"(?i)<!DOCTYPE html|<html", content or ""):
             warnMsg = "badly formed HTML at the given URL ('%s'). Going to filter it" % url
             logger.warning(warnMsg)
             filtered = _("".join(re.findall(FORM_SEARCH_REGEX, content)), url)
+
+            if filtered and filtered != content:
                 try:
                     forms = ParseResponse(filtered, backwards_compat=False)
                 except ParseError:
@@ -4337,7 +4341,7 @@ def getRequestHeader(request, name):
 
     if request and name:
         _ = name.upper()
-        retVal = max([value if _ == key.upper() else None for key, value in request.header_items()])
+        retVal = max(value if _ == key.upper() else None for key, value in request.header_items())
 
     return retVal
 

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.12.0"
+VERSION = "1.1.12.1"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -85,7 +85,7 @@ TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|jso
 PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied"
 
 # Regular expression used for recognition of generic maximum connection messages
-MAX_CONNECTIONS_REGEX = r"max.+connections"
+MAX_CONNECTIONS_REGEX = r"\bmax.+?\bconnection"
 
 # Maximum consecutive connection errors before asking the user if he wants to continue
 MAX_CONSECUTIVE_CONNECTION_ERRORS = 15

lib/techniques/union/test.py

@@ -115,7 +115,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
 
         if not isNullValue(kb.uChar):
             for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar):
-                contains = [(count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items()]
+                contains = ((count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items())
                 if len(filter(lambda _: _[1], contains)) == 1:
                     retVal = filter(lambda _: _[1], contains)[0][0]
                     break
@@ -178,7 +178,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
         for position in positions:
             # Prepare expression with delimiters
             randQuery = randomStr(charCount)
-            phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
+            phrase = ("%s%s%s" % (kb.chars.start, randQuery, kb.chars.stop)).lower()
             randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
             randQueryUnescaped = unescaper.escape(randQueryProcessed)
 
@@ -188,9 +188,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
 
             # Perform the request
             page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-            content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
+            content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()
-                removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
-                payload, True) or "")
 
             if content and phrase in content:
                 validPayload = payload
@@ -200,7 +198,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
                 if where == PAYLOAD.WHERE.ORIGINAL:
                     # Prepare expression with delimiters
                     randQuery2 = randomStr(charCount)
-                    phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
+                    phrase2 = ("%s%s%s" % (kb.chars.start, randQuery2, kb.chars.stop)).lower()
                     randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
                     randQueryUnescaped2 = unescaper.escape(randQueryProcessed2)
 
@@ -210,7 +208,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
 
                     # Perform the request
                     page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-                    content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
+                    content = ("%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")).lower()
 
                     if not all(_ in content for _ in (phrase, phrase2)):
                         vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True)
@@ -223,9 +221,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
 
                         # Perform the request
                         page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-                        content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
+                        content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()
-                            removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
-                            payload, True) or "")
                         if content.count(phrase) > 0 and content.count(phrase) < LIMITED_ROWS_TEST_NUMBER:
                             warnMsg = "output with limited number of rows detected. Switching to partial mode"
                             logger.warn(warnMsg)
@@ -277,7 +273,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
     if count:
         validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)
 
-        if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
+        if not all((validPayload, vector)) and not all((conf.uChar, conf.dbms)):
             warnMsg = "if UNION based SQL injection is not detected, "
             warnMsg += "please consider "
 
@@ -298,7 +294,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
                     warnMsg += "forcing the "
                 warnMsg += "back-end DBMS (e.g. '--dbms=mysql') "
 
-            if not all([validPayload, vector]) and not warnMsg.endswith("consider "):
+            if not all((validPayload, vector)) and not warnMsg.endswith("consider "):
                 singleTimeWarnMessage(warnMsg)
 
     return validPayload, vector

lib/utils/purge.py

@@ -31,8 +31,8 @@ def purge(directory):
     dirpaths = []
 
     for rootpath, directories, filenames in os.walk(directory):
-        dirpaths.extend([os.path.abspath(os.path.join(rootpath, _)) for _ in directories])
+        dirpaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in directories)
-        filepaths.extend([os.path.abspath(os.path.join(rootpath, _)) for _ in filenames])
+        filepaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in filenames)
 
     logger.debug("changing file attributes")
     for filepath in filepaths:

txt/checksum.md5

@@ -27,7 +27,7 @@ d2cdb9e832e18a81e936ca3348144b16  lib/controller/handler.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/controller/__init__.py
 fd69e56ce20a5a49ce10a7a745022378  lib/core/agent.py
 8d9d771f7e67582c56a96a8d0ccbe4fc  lib/core/bigarray.py
-27d55009305e6409dc17f9c58cb87065  lib/core/common.py
+d5559313c496c8358640c9646f485a3c  lib/core/common.py
 54326d3a690f8b26fe5a5da1a589b369  lib/core/convert.py
 90b1b08368ac8a859300e6fa6a8c796e  lib/core/data.py
 1c14bdbf47b8dba31f73da9ad731a54a  lib/core/datatype.py
@@ -46,7 +46,7 @@ e1c000db9be27f973569b1a430629037  lib/core/option.py
 760d9df2a27ded29109b390ab202e72d  lib/core/replication.py
 a2466b62e67f8b31736bac4dac590e51  lib/core/revision.py
 02d4762140a72fd44668d3dab5eabda9  lib/core/session.py
-3f8a858155092e17d146cd6021057338  lib/core/settings.py
+0b215c469175a858a36a8858b22c475e  lib/core/settings.py
 35bffbad762eb9e03db9e93b1c991103  lib/core/shell.py
 a59ec28371ae067a6fdd8f810edbee3d  lib/core/subprocessng.py
 d5a04d672a18f78deb2839c3745ff83c  lib/core/target.py
@@ -96,7 +96,7 @@ ca47f20b11f58ce60a0ddfcfca242d3f  lib/techniques/blind/inference.py
 5953b814b91e6a03d26f319203b48d01  lib/techniques/error/use.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/techniques/__init__.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/techniques/union/__init__.py
-fcc3a6ac3b5f7aad86686e5f9adc7a43  lib/techniques/union/test.py
+882bed15db948bd0487d24ff072a1593  lib/techniques/union/test.py
 505682f95cb23573dd60bf6d0063a632  lib/techniques/union/use.py
 452cb280aa51a4ddf38d94534a6e8d5f  lib/utils/api.py
 48c3f8216b64825c50f5304cb4dadd95  lib/utils/brute.py
@@ -110,7 +110,7 @@ f20ae1aa6a8d1d5373ace1f7ed3476a7  lib/utils/htmlentities.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/utils/__init__.py
 06cd61b634ca6142281da699a504cc85  lib/utils/pivotdumptable.py
 56c922696bd3d05d7be96e73b0650c4e  lib/utils/progress.py
-a861c303293e2e6665b02a57f67fc050  lib/utils/purge.py
+77ae65dba6d0fc69dfb96f800537308d  lib/utils/purge.py
 760290393e35e5f53f15ba46e09d59dd  lib/utils/search.py
 b6898e77038842c853932a6662c011be  lib/utils/sqlalchemy.py
 36b95bc7fa2cf4f005a86e516a8cba68  lib/utils/timeout.py