Merge branch 'sqlmapproject:master' into master

data/txt/sha256sums.txt

@@ -153,7 +153,7 @@ dc35b51f5c9347eda8130106ee46bb051474fc0c5ed101f84abf3e546f729ceb  extra/shutils/
 fa1a42d189188770e82d536821d694626ca854438dadb9e08e143d3ece8c7e27  extra/shutils/pydiatra.sh
 5da7d1c86ca93313477d1deb0d6d4490798a2b63a2dd8729094184625b971e11  extra/shutils/pyflakes.sh
 c941be05376ba0a99d329e6de60e3b06b3fb261175070da6b1fc073d3afd5281  extra/shutils/pylint.sh
-bc2ceff560d11d696329bd976b14fbd8cddf428ad9f95eeb0a8f53e1afdc998b  extra/shutils/pypi.sh
+47b75c19b8c3dc6bca9e81918a838bd9261dac9c57366e75c4300c247dec2263  extra/shutils/pypi.sh
 df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/recloak.sh
 1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f  extra/shutils/strip.sh
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  extra/vulnserver/__init__.py
@@ -165,7 +165,7 @@ f9c96cd3fe99578bed9d49a8bdf8d76836d320a7c48c56eb0469f48b36775c35  lib/controller
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/controller/__init__.py
 826c33f1105be4c0985e1bbe1d75bdb009c17815ad6552fc8d9bf39090d3c40f  lib/core/agent.py
 b2d69c99632da5c2acd0c0934e70d55862f1380a3f602cbe7456d617fb9c1fc9  lib/core/bigarray.py
-ba3f0002aa93f8f21f06dbea343573c590b9e6ec160fc6668c15e68a970cfb12  lib/core/common.py
+a4863238aba3a2d203c26127a4a7a6df873bd0c6f1cd798d4a7abcdc71a07cb6  lib/core/common.py
 5c26b0f308266bc3a9679ef837439e38d1dc7a69eac6bd3422280f49aaf114d2  lib/core/compat.py
 b60c96780cad4a257f91a0611b08cfcc52f242908c5d5ab2bf9034ef07869602  lib/core/convert.py
 5e381515873e71c395c77df00bf1dd8c4592afc6210a2f75cbc20daf384e539f  lib/core/data.py
@@ -180,18 +180,18 @@ e8f6f1df8814b7b03c3eba22901837555083f66c99ee93b943911de785736bfa  lib/core/dicts
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/core/__init__.py
 fce3fd4b161ec1c6e9d5bf1dca5bc4083e07d616ed2c14b798e96b60ec67c2b2  lib/core/log.py
 4caebf27d203673b8ad32394937397319f606c4e1f1e1a2a221402d39c644b40  lib/core/optiondict.py
-4411e7f6e48618cdfee8daa096ee3f8f090e9930d6d64761ba69aeb2733c42f6  lib/core/option.py
+33e0ec9ed38ae1ac74f1e2e3a1a246dee44c167723c9df69635793bfdbd971df  lib/core/option.py
 fdce95c552a097bf0dd44e5d6be2204c4c458d490e62c4d9d68fca5e2dc37c48  lib/core/patch.py
 bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353  lib/core/profiling.py
 4ccce0d53f467166d4084c9ef53a07f54cc352e75f785454a31c8a820511a84e  lib/core/readlineng.py
 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355  lib/core/replication.py
 bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726  lib/core/revision.py
 eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96  lib/core/session.py
-0308b7517a512a96a28d39ecbcc14e825cec4f237d4db6f85cc9002ee3020530  lib/core/settings.py
+4cc89d1791e21b3bb4739039cb7eb57659370ab7008902eb80871c85a52c263f  lib/core/settings.py
 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4  lib/core/shell.py
 e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8  lib/core/subprocessng.py
 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd  lib/core/target.py
-5941a7a641ea58b1d9e59ab3c9f4e9e40566ba08842e1cadb51ea8df9faf763f  lib/core/testing.py
+970b1c3e59481f11dd185bdde52f697f7d8dfc3152d24e3d336ec3fab59a857c  lib/core/testing.py
 8cb7424aa9d42d028a6780250effe4e719d9bb35558057f8ebe9e32408a6b80f  lib/core/threads.py
 ff39235aee7e33498c66132d17e6e86e7b8a29754e3fdecd880ca8356b17f791  lib/core/unescaper.py
 2984e4973868f586aa932f00da684bf31718c0331817c9f8721acd71fd661f89  lib/core/update.py
@@ -199,7 +199,7 @@ ce65f9e8e1c726de3cec6abf31a2ffdbc16c251f772adcc14f67dee32d0f6b57  lib/core/wordl
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/__init__.py
 ba16fdd71fba31990dc92ff5a7388fb0ebac21ca905c314be6c8c2b868f94ab7  lib/parse/banner.py
 d757343f241b14e23aefb2177b6c2598f1bc06253fd93b0d8a28d4a55c267100  lib/parse/cmdline.py
-bcf0b32a730f1cdf097b00acf220eb216bc8eb4cb5d217a4a0d6ebe9f8086129  lib/parse/configfile.py
+d1fa3b9457f0e934600519309cbd3d84f9e6158a620866e7b352078c7c136f01  lib/parse/configfile.py
 9af4c86e41e50bd6055573a7b76e380a6658b355320c72dd6d2d5ddab14dc082  lib/parse/handler.py
 13b3ab678a2c422ce1dea9558668c05e562c0ec226f36053259a0be7280ebf92  lib/parse/headers.py
 b48edf3f30db127b18419f607894d5de46fc949d14c65fdc85ece524207d6dfd  lib/parse/html.py
@@ -210,7 +210,7 @@ b48edf3f30db127b18419f607894d5de46fc949d14c65fdc85ece524207d6dfd  lib/parse/html
 c8446d4a50f06a50d7db18adc04c321e12cd2d0fa8b04bd58306511c89823316  lib/request/basic.py
 ead55e936dfc8941e512c8e8a4f644689387f331f4eed97854c558be3e227a91  lib/request/chunkedhandler.py
 06128c4e3e0e1fe34618de9d1fd5ee21292953dce4a3416567e200d2dfda79f2  lib/request/comparison.py
-952c2c17b3a11ef282aef8910cb2d2b2ae52070880f35c24de6189585ca6554a  lib/request/connect.py
+00b23e22a65889829f4ffe65eea5e2bd5cf6ceab4f9b0f32b05047335b0b4a3e  lib/request/connect.py
 470e96857a7037a2d74b2c4b1c8c5d8379b76ea8cbdb1d8dd4367a7a852fa93c  lib/request/direct.py
 e802cc9099282764da0280172623600b6b9bb9fe1c87f352ade8be7a3f622585  lib/request/dns.py
 226226c2b8c906e0d0612ea68404c7f266e7a6685e0bf233e5456e10625b012d  lib/request/httpshandler.py
@@ -224,7 +224,7 @@ c6b222c0d34313cdea82fb39c8ead5d658400bf41e56aabd9640bdcf9bedc3a1  lib/request/ra
 f07a4e40819dc2e7920f9291424761971a9769e4acfd34da223f24717563193c  lib/takeover/abstraction.py
 e775a0abe52c1a204c484ef212ff135c857cc8b7e2c94da23b5624c561ec4b9e  lib/takeover/icmpsh.py
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/takeover/__init__.py
-d7ef25256e5f69b5a54569ad8b87ffa2045b5ed678e5bfbcea75136c0201b034  lib/takeover/metasploit.py
+c3d8c98a6d44d392f7b8572d3b35804f85838ddbc8e2a2f57af58f8e598af2f4  lib/takeover/metasploit.py
 a31b1bf60fcf58b7b735a64d73335212d5089e84051ff7883c14f6c73e055643  lib/takeover/registry.py
 90655344c9968e841eb809845e30da8cc60160390911345ac873be39d270467f  lib/takeover/udf.py
 145a9a8b7afb6504700faa1c61ca18eabab3253951788f29e7ee63c3ebff0e48  lib/takeover/web.py
@@ -240,7 +240,7 @@ f948fefb0fa67da8cf037f7abbcdbb740148babda9ad8a58fab1693456834817  lib/techniques
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/techniques/union/__init__.py
 700cc5e8cae85bd86674d0cb6c97093fde2c52a480cc1e40ae0010fffd649395  lib/techniques/union/test.py
 4252a1829e60bb9a69e3927bf68a320976b8ef637804b7032d7497699f2e89e7  lib/techniques/union/use.py
-a642cacecff4b2e39983ea0704f5f4b19a7c43bd263b24de16354115ec6ad6b5  lib/utils/api.py
+6b3f83a85c576830783a64e943a58e90b1f25e9e24cd51ae12b1d706796124e9  lib/utils/api.py
 1d4d1e49a0897746d4ad64316d4d777f4804c4c11e349e9eb3844130183d4887  lib/utils/brute.py
 c0a4765aa80c5d9b7ef1abe93401a78dd45b2766a1f4ff6286287dc6188294de  lib/utils/crawler.py
 3f97e327c548d8b5d74fda96a2a0d1b2933b289b9ec2351b06c91cefdd38629d  lib/utils/deps.py
@@ -398,7 +398,7 @@ fdc3effe9320197795137dedb58e46c0409f19649889177443a2cbf58787c0dd  plugins/dbms/m
 7f0165c085b0cb7d168d86acb790741c7ba12ad01ca9edf7972cfb184adb3ee9  plugins/dbms/mysql/connector.py
 05c4624b2729f13af2dd19286fc9276fc97c0f1ff19a31255785b7581fc232ae  plugins/dbms/mysql/enumeration.py
 9915fd436ea1783724b4fe12ea1d68fc3b838c37684a2c6dd01d53c739a1633f  plugins/dbms/mysql/filesystem.py
-ada995d6633ea737e8f12ba4a569ecb1bae9ffe7928c47ed0235f9de2d96f263  plugins/dbms/mysql/fingerprint.py
+bb5e22e286408100bcc0bd2d5f9d894ea0927c9300fa1635f4f6253590305b54  plugins/dbms/mysql/fingerprint.py
 ae824d447c1a59d055367aa9180acb42f7bb10df0006d4f99eeb12e43af563ae  plugins/dbms/mysql/__init__.py
 60fc1c647e31df191af2edfd26f99bf739fec53d3a8e1beb3bffdcf335c781fe  plugins/dbms/mysql/syntax.py
 784c31c2c0e19feb88bf5d21bfc7ae4bf04291922e40830da677577c5d5b4598  plugins/dbms/mysql/takeover.py
@@ -473,7 +473,7 @@ fff84edc86b7d22dc01148fb10bb43d51cb9638dff21436fb94555db2a664766  plugins/generi
 0bc5c150e8cf4f892aba1ff15fc8938c387fb2a173b77329a0dc4cdb8b4bb4e2  plugins/generic/users.py
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  plugins/__init__.py
 d5b3243c2b048aa8074d2d828f74fbf8237286c3d00fd868f1b4090c267b78ef  README.md
-6cfaaf6534688cecda09433246d0a8518f98ce5cf6d6a8159f24d70502cfc14f  sqlmapapi.py
+78aafd53980096364f0c995c6283931bff505aed88fed1e7906fb06ee60e9c5b  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
 5e172e315524845fe091aa0b7b29303c92ac8f67594c6d50f026d627e415b7ed  sqlmap.conf
 7800faa964d1fc06bbca856ca35bf21d68f5e044ae0bd5d7dea16d625d585adb  sqlmap.py
@@ -549,8 +549,8 @@ b4b03668061ba1a1dfc2e3a3db8ba500481da23f22b2bb1ebcbddada7479c3b0  tamper/upperca
 bd0fd06e24c3e05aecaccf5ba4c17d181e6cd35eee82c0efd6df5414fb0cb6f6  tamper/xforwardedfor.py
 55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a  thirdparty/ansistrm/ansistrm.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/ansistrm/__init__.py
-82b6daf563d8c1933a8de655e04d6c8466d3db5c583c952e450d47ccc5c7c662  thirdparty/beautifulsoup/beautifulsoup.py
-bc92179cb2785712951fef05333290abf22e5b595e0a93d0168cc05132bc5f37  thirdparty/beautifulsoup/__init__.py
+e8f0ea4d982ef93c8c59c7165a1f39ccccddcb24b9fec1c2d2aa5bdb2373fdd5  thirdparty/beautifulsoup/beautifulsoup.py
+7d62c59f787f987cbce0de5375f604da8de0ba01742842fb2b3d12fcb92fcb63  thirdparty/beautifulsoup/__init__.py
 1b0f89e4713cc8cec4e4d824368a4eb9d3bdce7ddfc712326caac4feda1d7f69  thirdparty/bottle/bottle.py
 9f56e761d79bfdb34304a012586cb04d16b435ef6130091a97702e559260a2f2  thirdparty/bottle/__init__.py
 0ffccae46cb3a15b117acd0790b2738a5b45417d1b2822ceac57bdff10ef3bff  thirdparty/chardet/big5freq.py

extra/shutils/pypi.sh

@@ -176,5 +176,7 @@ EOF
 sed -i "s/^VERSION =.*/VERSION = \"$VERSION\"/g" sqlmap/lib/core/settings.py
 sed -i "s/^TYPE =.*/TYPE = \"$TYPE\"/g" sqlmap/lib/core/settings.py
 for file in $(find sqlmap -type f | grep -v -E "\.(git|yml)"); do echo include $file >> MANIFEST.in; done
-python setup.py sdist upload
+python setup.py sdist bdist_wheel
+twine check dist/*
+twine upload --config-file=~/.pypirc dist/*
 rm -rf $TMP_DIR

lib/core/common.py

@@ -1333,7 +1333,10 @@ def isZipFile(filename):
 
     checkFile(filename)
 
-    return openFile(filename, "rb", encoding=None).read(len(ZIP_HEADER)) == ZIP_HEADER
+    with openFile(filename, "rb", encoding=None) as f:
+        header = f.read(len(ZIP_HEADER))
+
+    return header == ZIP_HEADER
 
 def isDigit(value):
     """
@@ -2533,21 +2536,22 @@ def initCommonOutputs():
     kb.commonOutputs = {}
     key = None
 
-    for line in openFile(paths.COMMON_OUTPUTS, 'r'):
-        if line.find('#') != -1:
-            line = line[:line.find('#')]
+    with openFile(paths.COMMON_OUTPUTS, 'r') as f:
+        for line in f:
+            if line.find('#') != -1:
+                line = line[:line.find('#')]
 
-        line = line.strip()
+            line = line.strip()
 
-        if len(line) > 1:
-            if line.startswith('[') and line.endswith(']'):
-                key = line[1:-1]
-            elif key:
-                if key not in kb.commonOutputs:
-                    kb.commonOutputs[key] = set()
+            if len(line) > 1:
+                if line.startswith('[') and line.endswith(']'):
+                    key = line[1:-1]
+                elif key:
+                    if key not in kb.commonOutputs:
+                        kb.commonOutputs[key] = set()
 
-                if line not in kb.commonOutputs[key]:
-                    kb.commonOutputs[key].add(line)
+                    if line not in kb.commonOutputs[key]:
+                        kb.commonOutputs[key].add(line)
 
 def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False):
     """
@@ -5594,7 +5598,9 @@ def checkSums():
                 expected, filename = match.groups()
                 filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename).replace('/', os.path.sep)
                 checkFile(filepath)
-                if not hashlib.sha256(open(filepath, "rb").read()).hexdigest() == expected:
+                with open(filepath, "rb") as f:
+                    content = f.read()
+                if not hashlib.sha256(content).hexdigest() == expected:
                     retVal &= False
                     break
 

lib/core/option.py

@@ -128,7 +128,6 @@ from lib.core.settings import SQLMAP_ENVIRONMENT_PREFIX
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import SUPPORTED_OS
 from lib.core.settings import TIME_DELAY_CANDIDATES
-from lib.core.settings import UNION_CHAR_REGEX
 from lib.core.settings import UNKNOWN_DBMS_VERSION
 from lib.core.settings import URI_INJECTABLE_REGEX
 from lib.core.threads import getCurrentThreadData

lib/core/settings.py

@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.8.3.15"
+VERSION = "1.8.4.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -683,9 +683,6 @@ MAX_REVALIDATION_STEPS = 5
 # Characters that can be used to split parameter values in provided command line (e.g. in --tamper)
 PARAMETER_SPLITTING_REGEX = r"[,|;]"
 
-# Regular expression describing possible union char value (e.g. used in --union-char)
-UNION_CHAR_REGEX = r"\A\w+\Z"
-
 # Attribute used for storing original parameter value in special cases (e.g. POST)
 UNENCODED_ORIGINAL_VALUE = "original"
 

lib/core/testing.py

@@ -162,7 +162,9 @@ def vulnTest():
     direct = "sqlite3://%s" % database
     tmpdir = tempfile.mkdtemp()
 
-    content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))).read().replace("url =", "url = %s" % url)
+    with open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))) as f:
+        content = f.read().replace("url =", "url = %s" % url)
+
     with open(config, "w+") as f:
         f.write(content)
         f.flush()
@@ -214,7 +216,9 @@ def smokeTest():
 
     unisonRandom()
 
-    content = open(paths.ERRORS_XML, "r").read()
+    with open(paths.ERRORS_XML, "r") as f:
+        content = f.read()
+
     for regex in re.findall(r'<error regexp="(.+?)"/>', content):
         try:
             re.compile(regex)

lib/parse/configfile.py

@@ -68,7 +68,10 @@ def configFileParser(configFile):
 
     try:
         config = UnicodeRawConfigParser()
-        config.readfp(configFP)
+        if hasattr(config, "read_file"):
+            config.read_file(configFP)
+        else:
+            config.readfp(configFP)
     except Exception as ex:
         errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % getSafeExString(ex)
         raise SqlmapSyntaxException(errMsg)

lib/request/connect.py

@@ -281,7 +281,6 @@ class Connect(object):
         cookie = kwargs.get("cookie", None)
         ua = kwargs.get("ua", None) or conf.agent
         referer = kwargs.get("referer", None) or conf.referer
-        host = kwargs.get("host", None) or conf.host
         direct_ = kwargs.get("direct", False)
         multipart = kwargs.get("multipart", None)
         silent = kwargs.get("silent", False)

lib/takeover/metasploit.py

@@ -196,7 +196,7 @@ class Metasploit(object):
 
             if Backend.isDbms(DBMS.MYSQL):
                 debugMsg = "by default MySQL on Windows runs as SYSTEM "
-                debugMsg += "user, it is likely that the the VNC "
+                debugMsg += "user, it is likely that the VNC "
                 debugMsg += "injection will be successful"
                 logger.debug(debugMsg)
 

plugins/dbms/mysql/fingerprint.py

@@ -45,10 +45,11 @@ class Fingerprint(GenericFingerprint):
         # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
 
         versions = (
+            (80200, 80202),  # MySQL 8.2
             (80100, 80102),  # MySQL 8.1
-            (80000, 80035),  # MySQL 8.0
+            (80000, 80036),  # MySQL 8.0
             (60000, 60014),  # MySQL 6.0
-            (50700, 50744),  # MySQL 5.7
+            (50700, 50745),  # MySQL 5.7
             (50600, 50652),  # MySQL 5.6
             (50500, 50563),  # MySQL 5.5
             (50400, 50404),  # MySQL 5.4

sqlmapapi.py

@@ -98,7 +98,7 @@ def main():
     apiparser.add_argument("-s", "--server", help="Run as a REST-JSON API server", action="store_true")
     apiparser.add_argument("-c", "--client", help="Run as a REST-JSON API client", action="store_true")
     apiparser.add_argument("-H", "--host", help="Host of the REST-JSON API server (default \"%s\")" % RESTAPI_DEFAULT_ADDRESS, default=RESTAPI_DEFAULT_ADDRESS)
-    apiparser.add_argument("-p", "--port", help="Port of the the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type=int)
+    apiparser.add_argument("-p", "--port", help="Port of the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type=int)
     apiparser.add_argument("--adapter", help="Server (bottle) adapter to use (default \"%s\")" % RESTAPI_DEFAULT_ADAPTER, default=RESTAPI_DEFAULT_ADAPTER)
     apiparser.add_argument("--database", help="Set IPC database filepath (optional)")
     apiparser.add_argument("--username", help="Basic authentication username (optional)")

thirdparty/beautifulsoup/__init__.py

@@ -16,7 +16,7 @@
 #     disclaimer in the documentation and/or other materials provided
 #     with the distribution.
 # 
-#   * Neither the name of the the Beautiful Soup Consortium and All
+#   * Neither the name of the Beautiful Soup Consortium and All
 #     Night Kosher Bakery nor the names of its contributors may be
 #     used to endorse or promote products derived from this software
 #     without specific prior written permission.

thirdparty/beautifulsoup/beautifulsoup.py

@@ -58,7 +58,7 @@ met:
     disclaimer in the documentation and/or other materials provided
     with the distribution.
 
-  * Neither the name of the the Beautiful Soup Consortium and All
+  * Neither the name of the Beautiful Soup Consortium and All
     Night Kosher Bakery nor the names of its contributors may be
     used to endorse or promote products derived from this software
     without specific prior written permission.