Minor patches

2025-01-23 15:54:24 +03:00 · 2017-12-04 13:24:51 +01:00 · 2017-12-04 13:24:51 +01:00 · 7244e8e4e2
commit 7244e8e4e2
parent e7268ffb4d
5 changed files with 38 additions and 38 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1676,32 +1676,32 @@ def getCharset(charsetType=None):

    # Binary
    elif charsetType == CHARSET_TYPE.BINARY:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
        asciiTbl.extend(xrange(47, 50))

    # Digits
    elif charsetType == CHARSET_TYPE.DIGITS:
-        asciiTbl.extend([0, 9])
+        asciiTbl.extend((0, 9))
        asciiTbl.extend(xrange(47, 58))

    # Hexadecimal
    elif charsetType == CHARSET_TYPE.HEXADECIMAL:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
        asciiTbl.extend(xrange(47, 58))
        asciiTbl.extend(xrange(64, 71))
-        asciiTbl.extend([87, 88])  # X
+        asciiTbl.extend((87, 88))  # X
        asciiTbl.extend(xrange(96, 103))
-        asciiTbl.extend([119, 120])  # x
+        asciiTbl.extend((119, 120))  # x

    # Characters
    elif charsetType == CHARSET_TYPE.ALPHA:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
        asciiTbl.extend(xrange(64, 91))
        asciiTbl.extend(xrange(96, 123))

    # Characters and digits
    elif charsetType == CHARSET_TYPE.ALPHANUM:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend((0, 1))
        asciiTbl.extend(xrange(47, 58))
        asciiTbl.extend(xrange(64, 91))
        asciiTbl.extend(xrange(96, 123))
@ -3455,7 +3455,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
    retVal = content

    try:
-        if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
+        if all((content, payload)) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
            def _(value):
                while 2 * REFLECTED_REPLACEMENT_REGEX in value:
                    value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
@ -3880,6 +3880,8 @@ def isAdminFromPrivileges(privileges):
    Inspects privileges to see if those are coming from an admin user
    """

+    privileges = privileges or []
+
    # In PostgreSQL the usesuper privilege means that the
    # user is DBA
    retVal = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges)
@ -3930,18 +3932,20 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
    except (UnicodeError, ValueError):
        pass
    except ParseError:
-        if "<html" in (content or ""):
+        if re.search(r"(?i)<!DOCTYPE html|<html", content or ""):
            warnMsg = "badly formed HTML at the given URL ('%s'). Going to filter it" % url
            logger.warning(warnMsg)
            filtered = _("".join(re.findall(FORM_SEARCH_REGEX, content)), url)
-            try:
-                forms = ParseResponse(filtered, backwards_compat=False)
-            except ParseError:
-                errMsg = "no success"
-                if raise_:
-                    raise SqlmapGenericException(errMsg)
-                else:
-                    logger.debug(errMsg)
+
+            if filtered and filtered != content:
+                try:
+                    forms = ParseResponse(filtered, backwards_compat=False)
+                except ParseError:
+                    errMsg = "no success"
+                    if raise_:
+                        raise SqlmapGenericException(errMsg)
+                    else:
+                        logger.debug(errMsg)

    if forms:
        for form in forms:
@ -4337,7 +4341,7 @@ def getRequestHeader(request, name):

    if request and name:
        _ = name.upper()
-        retVal = max([value if _ == key.upper() else None for key, value in request.header_items()])
+        retVal = max(value if _ == key.upper() else None for key, value in request.header_items())

    return retVal

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.12.0"
+VERSION = "1.1.12.1"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -85,7 +85,7 @@ TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|jso
 PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied"

 # Regular expression used for recognition of generic maximum connection messages
-MAX_CONNECTIONS_REGEX = r"max.+connections"
+MAX_CONNECTIONS_REGEX = r"\bmax.+?\bconnection"

 # Maximum consecutive connection errors before asking the user if he wants to continue
 MAX_CONSECUTIVE_CONNECTION_ERRORS = 15
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@ -115,7 +115,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=

        if not isNullValue(kb.uChar):
            for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar):
-                contains = [(count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items()]
+                contains = ((count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items())
                if len(filter(lambda _: _[1], contains)) == 1:
                    retVal = filter(lambda _: _[1], contains)[0][0]
                    break
@ -178,7 +178,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
        for position in positions:
            # Prepare expression with delimiters
            randQuery = randomStr(charCount)
-            phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
+            phrase = ("%s%s%s" % (kb.chars.start, randQuery, kb.chars.stop)).lower()
            randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
            randQueryUnescaped = unescaper.escape(randQueryProcessed)

@ -188,9 +188,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO

            # Perform the request
            page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-            content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
-                removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
-                payload, True) or "")
+            content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()

            if content and phrase in content:
                validPayload = payload
@ -200,7 +198,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
                if where == PAYLOAD.WHERE.ORIGINAL:
                    # Prepare expression with delimiters
                    randQuery2 = randomStr(charCount)
-                    phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
+                    phrase2 = ("%s%s%s" % (kb.chars.start, randQuery2, kb.chars.stop)).lower()
                    randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
                    randQueryUnescaped2 = unescaper.escape(randQueryProcessed2)

@ -210,7 +208,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO

                    # Perform the request
                    page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-                    content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
+                    content = ("%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")).lower()

                    if not all(_ in content for _ in (phrase, phrase2)):
                        vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True)
@ -223,9 +221,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO

                        # Perform the request
                        page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-                        content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
-                            removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
-                            payload, True) or "")
+                        content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()
                        if content.count(phrase) > 0 and content.count(phrase) < LIMITED_ROWS_TEST_NUMBER:
                            warnMsg = "output with limited number of rows detected. Switching to partial mode"
                            logger.warn(warnMsg)
@ -277,7 +273,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
    if count:
        validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)

-        if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
+        if not all((validPayload, vector)) and not all((conf.uChar, conf.dbms)):
            warnMsg = "if UNION based SQL injection is not detected, "
            warnMsg += "please consider "

@ -298,7 +294,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
                    warnMsg += "forcing the "
                warnMsg += "back-end DBMS (e.g. '--dbms=mysql') "

-            if not all([validPayload, vector]) and not warnMsg.endswith("consider "):
+            if not all((validPayload, vector)) and not warnMsg.endswith("consider "):
                singleTimeWarnMessage(warnMsg)

    return validPayload, vector
--- a/lib/utils/purge.py
+++ b/lib/utils/purge.py
@ -31,8 +31,8 @@ def purge(directory):
    dirpaths = []

    for rootpath, directories, filenames in os.walk(directory):
-        dirpaths.extend([os.path.abspath(os.path.join(rootpath, _)) for _ in directories])
-        filepaths.extend([os.path.abspath(os.path.join(rootpath, _)) for _ in filenames])
+        dirpaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in directories)
+        filepaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in filenames)

    logger.debug("changing file attributes")
    for filepath in filepaths:
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -27,7 +27,7 @@ d2cdb9e832e18a81e936ca3348144b16  lib/controller/handler.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/controller/__init__.py
 fd69e56ce20a5a49ce10a7a745022378  lib/core/agent.py
 8d9d771f7e67582c56a96a8d0ccbe4fc  lib/core/bigarray.py
-27d55009305e6409dc17f9c58cb87065  lib/core/common.py
+d5559313c496c8358640c9646f485a3c  lib/core/common.py
 54326d3a690f8b26fe5a5da1a589b369  lib/core/convert.py
 90b1b08368ac8a859300e6fa6a8c796e  lib/core/data.py
 1c14bdbf47b8dba31f73da9ad731a54a  lib/core/datatype.py
@ -46,7 +46,7 @@ e1c000db9be27f973569b1a430629037  lib/core/option.py
 760d9df2a27ded29109b390ab202e72d  lib/core/replication.py
 a2466b62e67f8b31736bac4dac590e51  lib/core/revision.py
 02d4762140a72fd44668d3dab5eabda9  lib/core/session.py
-3f8a858155092e17d146cd6021057338  lib/core/settings.py
+0b215c469175a858a36a8858b22c475e  lib/core/settings.py
 35bffbad762eb9e03db9e93b1c991103  lib/core/shell.py
 a59ec28371ae067a6fdd8f810edbee3d  lib/core/subprocessng.py
 d5a04d672a18f78deb2839c3745ff83c  lib/core/target.py
@ -96,7 +96,7 @@ ca47f20b11f58ce60a0ddfcfca242d3f  lib/techniques/blind/inference.py
 5953b814b91e6a03d26f319203b48d01  lib/techniques/error/use.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/techniques/__init__.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/techniques/union/__init__.py
-fcc3a6ac3b5f7aad86686e5f9adc7a43  lib/techniques/union/test.py
+882bed15db948bd0487d24ff072a1593  lib/techniques/union/test.py
 505682f95cb23573dd60bf6d0063a632  lib/techniques/union/use.py
 452cb280aa51a4ddf38d94534a6e8d5f  lib/utils/api.py
 48c3f8216b64825c50f5304cb4dadd95  lib/utils/brute.py
@ -110,7 +110,7 @@ f20ae1aa6a8d1d5373ace1f7ed3476a7  lib/utils/htmlentities.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/utils/__init__.py
 06cd61b634ca6142281da699a504cc85  lib/utils/pivotdumptable.py
 56c922696bd3d05d7be96e73b0650c4e  lib/utils/progress.py
-a861c303293e2e6665b02a57f67fc050  lib/utils/purge.py
+77ae65dba6d0fc69dfb96f800537308d  lib/utils/purge.py
 760290393e35e5f53f15ba46e09d59dd  lib/utils/search.py
 b6898e77038842c853932a6662c011be  lib/utils/sqlalchemy.py
 36b95bc7fa2cf4f005a86e516a8cba68  lib/utils/timeout.py