From 9ddf85ce5a0396637a7ab6a12099ad974e8e7b7a Mon Sep 17 00:00:00 2001 From: G3G4X5X6 <87740076+G3G4X5X6@users.noreply.github.com> Date: Mon, 8 Apr 2024 16:05:05 +0800 Subject: [PATCH 1/7] fixed: sqlite3.OperationalError: table logs already exists (#5677) CREATE TABLE IF NOT EXISTS --- lib/utils/api.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/utils/api.py b/lib/utils/api.py index ef1dafdc6..b3d4f38fa 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -122,9 +122,9 @@ class Database(object): return self.cursor.fetchall() def init(self): - self.execute("CREATE TABLE logs(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, time TEXT, level TEXT, message TEXT)") - self.execute("CREATE TABLE data(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, status INTEGER, content_type INTEGER, value TEXT)") - self.execute("CREATE TABLE errors(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, error TEXT)") + self.execute("CREATE TABLE IF NOT EXISTS logs(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, time TEXT, level TEXT, message TEXT)") + self.execute("CREATE TABLE IF NOT EXISTS data(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, status INTEGER, content_type INTEGER, value TEXT)") + self.execute("CREATE TABLE IF NOT EXISTS errors(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, error TEXT)") class Task(object): def __init__(self, taskid, remote_addr): From 5c9a5943e7753c01bb5376397d4091f0d535393a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 8 Apr 2024 10:11:36 +0200 Subject: [PATCH 2/7] Removing some obsolete code --- data/txt/sha256sums.txt | 8 ++++---- lib/core/option.py | 1 - lib/core/settings.py | 5 +---- lib/request/connect.py | 1 - 4 files changed, 5 insertions(+), 10 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 9e1854577..b8141c18f 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -180,14 +180,14 @@ e8f6f1df8814b7b03c3eba22901837555083f66c99ee93b943911de785736bfa lib/core/dicts 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/core/__init__.py fce3fd4b161ec1c6e9d5bf1dca5bc4083e07d616ed2c14b798e96b60ec67c2b2 lib/core/log.py 4caebf27d203673b8ad32394937397319f606c4e1f1e1a2a221402d39c644b40 lib/core/optiondict.py -4411e7f6e48618cdfee8daa096ee3f8f090e9930d6d64761ba69aeb2733c42f6 lib/core/option.py +33e0ec9ed38ae1ac74f1e2e3a1a246dee44c167723c9df69635793bfdbd971df lib/core/option.py fdce95c552a097bf0dd44e5d6be2204c4c458d490e62c4d9d68fca5e2dc37c48 lib/core/patch.py bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profiling.py 4ccce0d53f467166d4084c9ef53a07f54cc352e75f785454a31c8a820511a84e lib/core/readlineng.py 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py -0308b7517a512a96a28d39ecbcc14e825cec4f237d4db6f85cc9002ee3020530 lib/core/settings.py +8c56685dbca6414a9b3c1dcc45249d41ab4677635edd8a5a68cc8ef5504d39da lib/core/settings.py 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py @@ -210,7 +210,7 @@ b48edf3f30db127b18419f607894d5de46fc949d14c65fdc85ece524207d6dfd lib/parse/html c8446d4a50f06a50d7db18adc04c321e12cd2d0fa8b04bd58306511c89823316 lib/request/basic.py ead55e936dfc8941e512c8e8a4f644689387f331f4eed97854c558be3e227a91 lib/request/chunkedhandler.py 06128c4e3e0e1fe34618de9d1fd5ee21292953dce4a3416567e200d2dfda79f2 lib/request/comparison.py -952c2c17b3a11ef282aef8910cb2d2b2ae52070880f35c24de6189585ca6554a lib/request/connect.py +00b23e22a65889829f4ffe65eea5e2bd5cf6ceab4f9b0f32b05047335b0b4a3e lib/request/connect.py 470e96857a7037a2d74b2c4b1c8c5d8379b76ea8cbdb1d8dd4367a7a852fa93c lib/request/direct.py e802cc9099282764da0280172623600b6b9bb9fe1c87f352ade8be7a3f622585 lib/request/dns.py 226226c2b8c906e0d0612ea68404c7f266e7a6685e0bf233e5456e10625b012d lib/request/httpshandler.py @@ -240,7 +240,7 @@ f948fefb0fa67da8cf037f7abbcdbb740148babda9ad8a58fab1693456834817 lib/techniques 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/techniques/union/__init__.py 700cc5e8cae85bd86674d0cb6c97093fde2c52a480cc1e40ae0010fffd649395 lib/techniques/union/test.py 4252a1829e60bb9a69e3927bf68a320976b8ef637804b7032d7497699f2e89e7 lib/techniques/union/use.py -a642cacecff4b2e39983ea0704f5f4b19a7c43bd263b24de16354115ec6ad6b5 lib/utils/api.py +6b3f83a85c576830783a64e943a58e90b1f25e9e24cd51ae12b1d706796124e9 lib/utils/api.py 1d4d1e49a0897746d4ad64316d4d777f4804c4c11e349e9eb3844130183d4887 lib/utils/brute.py c0a4765aa80c5d9b7ef1abe93401a78dd45b2766a1f4ff6286287dc6188294de lib/utils/crawler.py 3f97e327c548d8b5d74fda96a2a0d1b2933b289b9ec2351b06c91cefdd38629d lib/utils/deps.py diff --git a/lib/core/option.py b/lib/core/option.py index 55cf43713..6125260f7 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -128,7 +128,6 @@ from lib.core.settings import SQLMAP_ENVIRONMENT_PREFIX from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import SUPPORTED_OS from lib.core.settings import TIME_DELAY_CANDIDATES -from lib.core.settings import UNION_CHAR_REGEX from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import URI_INJECTABLE_REGEX from lib.core.threads import getCurrentThreadData diff --git a/lib/core/settings.py b/lib/core/settings.py index 80f8ee88d..590c53660 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.8.3.15" +VERSION = "1.8.4.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -683,9 +683,6 @@ MAX_REVALIDATION_STEPS = 5 # Characters that can be used to split parameter values in provided command line (e.g. in --tamper) PARAMETER_SPLITTING_REGEX = r"[,|;]" -# Regular expression describing possible union char value (e.g. used in --union-char) -UNION_CHAR_REGEX = r"\A\w+\Z" - # Attribute used for storing original parameter value in special cases (e.g. POST) UNENCODED_ORIGINAL_VALUE = "original" diff --git a/lib/request/connect.py b/lib/request/connect.py index 0e7d2fa8a..4b341eccd 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -281,7 +281,6 @@ class Connect(object): cookie = kwargs.get("cookie", None) ua = kwargs.get("ua", None) or conf.agent referer = kwargs.get("referer", None) or conf.referer - host = kwargs.get("host", None) or conf.host direct_ = kwargs.get("direct", False) multipart = kwargs.get("multipart", None) silent = kwargs.get("silent", False) From 853cb3fa067abd57e6886c2839d61bb00769b80a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 8 Apr 2024 10:59:06 +0200 Subject: [PATCH 3/7] Minor patch --- data/txt/sha256sums.txt | 4 ++-- extra/shutils/pypi.sh | 4 +++- lib/core/settings.py | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index b8141c18f..9712c81e3 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -153,7 +153,7 @@ dc35b51f5c9347eda8130106ee46bb051474fc0c5ed101f84abf3e546f729ceb extra/shutils/ fa1a42d189188770e82d536821d694626ca854438dadb9e08e143d3ece8c7e27 extra/shutils/pydiatra.sh 5da7d1c86ca93313477d1deb0d6d4490798a2b63a2dd8729094184625b971e11 extra/shutils/pyflakes.sh c941be05376ba0a99d329e6de60e3b06b3fb261175070da6b1fc073d3afd5281 extra/shutils/pylint.sh -bc2ceff560d11d696329bd976b14fbd8cddf428ad9f95eeb0a8f53e1afdc998b extra/shutils/pypi.sh +47b75c19b8c3dc6bca9e81918a838bd9261dac9c57366e75c4300c247dec2263 extra/shutils/pypi.sh df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/recloak.sh 1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f extra/shutils/strip.sh 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 extra/vulnserver/__init__.py @@ -187,7 +187,7 @@ bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profi 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py -8c56685dbca6414a9b3c1dcc45249d41ab4677635edd8a5a68cc8ef5504d39da lib/core/settings.py +40d5fc7351089b69e4cb5c12e190ab224475b64d1cd3911ec30d43a3bc35de94 lib/core/settings.py 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py diff --git a/extra/shutils/pypi.sh b/extra/shutils/pypi.sh index 9866b9d81..a2d8c3d45 100755 --- a/extra/shutils/pypi.sh +++ b/extra/shutils/pypi.sh @@ -176,5 +176,7 @@ EOF sed -i "s/^VERSION =.*/VERSION = \"$VERSION\"/g" sqlmap/lib/core/settings.py sed -i "s/^TYPE =.*/TYPE = \"$TYPE\"/g" sqlmap/lib/core/settings.py for file in $(find sqlmap -type f | grep -v -E "\.(git|yml)"); do echo include $file >> MANIFEST.in; done -python setup.py sdist upload +python setup.py sdist bdist_wheel +twine check dist/* +twine upload --config-file=~/.pypirc dist/* rm -rf $TMP_DIR diff --git a/lib/core/settings.py b/lib/core/settings.py index 590c53660..521185a38 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.8.4.0" +VERSION = "1.8.4.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From b3896f3f8c9f4660241b80aa3c5dc48da2ef913c Mon Sep 17 00:00:00 2001 From: laterlaugh <166613655+laterlaugh@users.noreply.github.com> Date: Fri, 12 Apr 2024 22:18:02 +0800 Subject: [PATCH 4/7] chore: remove repetitive words (#5687) Signed-off-by: laterlaugh --- lib/takeover/metasploit.py | 2 +- sqlmapapi.py | 2 +- thirdparty/beautifulsoup/__init__.py | 2 +- thirdparty/beautifulsoup/beautifulsoup.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 0e88aa1c7..f3028028d 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -196,7 +196,7 @@ class Metasploit(object): if Backend.isDbms(DBMS.MYSQL): debugMsg = "by default MySQL on Windows runs as SYSTEM " - debugMsg += "user, it is likely that the the VNC " + debugMsg += "user, it is likely that the VNC " debugMsg += "injection will be successful" logger.debug(debugMsg) diff --git a/sqlmapapi.py b/sqlmapapi.py index 7eb435dc5..8527f1e5b 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -98,7 +98,7 @@ def main(): apiparser.add_argument("-s", "--server", help="Run as a REST-JSON API server", action="store_true") apiparser.add_argument("-c", "--client", help="Run as a REST-JSON API client", action="store_true") apiparser.add_argument("-H", "--host", help="Host of the REST-JSON API server (default \"%s\")" % RESTAPI_DEFAULT_ADDRESS, default=RESTAPI_DEFAULT_ADDRESS) - apiparser.add_argument("-p", "--port", help="Port of the the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type=int) + apiparser.add_argument("-p", "--port", help="Port of the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type=int) apiparser.add_argument("--adapter", help="Server (bottle) adapter to use (default \"%s\")" % RESTAPI_DEFAULT_ADAPTER, default=RESTAPI_DEFAULT_ADAPTER) apiparser.add_argument("--database", help="Set IPC database filepath (optional)") apiparser.add_argument("--username", help="Basic authentication username (optional)") diff --git a/thirdparty/beautifulsoup/__init__.py b/thirdparty/beautifulsoup/__init__.py index 38750ac1e..a905a4ce4 100644 --- a/thirdparty/beautifulsoup/__init__.py +++ b/thirdparty/beautifulsoup/__init__.py @@ -16,7 +16,7 @@ # disclaimer in the documentation and/or other materials provided # with the distribution. # -# * Neither the name of the the Beautiful Soup Consortium and All +# * Neither the name of the Beautiful Soup Consortium and All # Night Kosher Bakery nor the names of its contributors may be # used to endorse or promote products derived from this software # without specific prior written permission. diff --git a/thirdparty/beautifulsoup/beautifulsoup.py b/thirdparty/beautifulsoup/beautifulsoup.py index 60ff0475f..a1dec76f9 100644 --- a/thirdparty/beautifulsoup/beautifulsoup.py +++ b/thirdparty/beautifulsoup/beautifulsoup.py @@ -58,7 +58,7 @@ met: disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of the the Beautiful Soup Consortium and All + * Neither the name of the Beautiful Soup Consortium and All Night Kosher Bakery nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. From dce99e0b40d3425d47ba8361032878fd36a56ea1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Apr 2024 16:21:32 +0200 Subject: [PATCH 5/7] Trivial update --- data/txt/sha256sums.txt | 12 ++++++------ lib/core/settings.py | 2 +- plugins/dbms/mysql/fingerprint.py | 5 +++-- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 9712c81e3..78d5bfc18 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -187,7 +187,7 @@ bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profi 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py -40d5fc7351089b69e4cb5c12e190ab224475b64d1cd3911ec30d43a3bc35de94 lib/core/settings.py +f41eae63de373d61f92ad9a4697dfdaa7cc0a53ffc119d906171726e7c2553f3 lib/core/settings.py 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py @@ -224,7 +224,7 @@ c6b222c0d34313cdea82fb39c8ead5d658400bf41e56aabd9640bdcf9bedc3a1 lib/request/ra f07a4e40819dc2e7920f9291424761971a9769e4acfd34da223f24717563193c lib/takeover/abstraction.py e775a0abe52c1a204c484ef212ff135c857cc8b7e2c94da23b5624c561ec4b9e lib/takeover/icmpsh.py 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/takeover/__init__.py -d7ef25256e5f69b5a54569ad8b87ffa2045b5ed678e5bfbcea75136c0201b034 lib/takeover/metasploit.py +c3d8c98a6d44d392f7b8572d3b35804f85838ddbc8e2a2f57af58f8e598af2f4 lib/takeover/metasploit.py a31b1bf60fcf58b7b735a64d73335212d5089e84051ff7883c14f6c73e055643 lib/takeover/registry.py 90655344c9968e841eb809845e30da8cc60160390911345ac873be39d270467f lib/takeover/udf.py 145a9a8b7afb6504700faa1c61ca18eabab3253951788f29e7ee63c3ebff0e48 lib/takeover/web.py @@ -398,7 +398,7 @@ fdc3effe9320197795137dedb58e46c0409f19649889177443a2cbf58787c0dd plugins/dbms/m 7f0165c085b0cb7d168d86acb790741c7ba12ad01ca9edf7972cfb184adb3ee9 plugins/dbms/mysql/connector.py 05c4624b2729f13af2dd19286fc9276fc97c0f1ff19a31255785b7581fc232ae plugins/dbms/mysql/enumeration.py 9915fd436ea1783724b4fe12ea1d68fc3b838c37684a2c6dd01d53c739a1633f plugins/dbms/mysql/filesystem.py -ada995d6633ea737e8f12ba4a569ecb1bae9ffe7928c47ed0235f9de2d96f263 plugins/dbms/mysql/fingerprint.py +bb5e22e286408100bcc0bd2d5f9d894ea0927c9300fa1635f4f6253590305b54 plugins/dbms/mysql/fingerprint.py ae824d447c1a59d055367aa9180acb42f7bb10df0006d4f99eeb12e43af563ae plugins/dbms/mysql/__init__.py 60fc1c647e31df191af2edfd26f99bf739fec53d3a8e1beb3bffdcf335c781fe plugins/dbms/mysql/syntax.py 784c31c2c0e19feb88bf5d21bfc7ae4bf04291922e40830da677577c5d5b4598 plugins/dbms/mysql/takeover.py @@ -473,7 +473,7 @@ fff84edc86b7d22dc01148fb10bb43d51cb9638dff21436fb94555db2a664766 plugins/generi 0bc5c150e8cf4f892aba1ff15fc8938c387fb2a173b77329a0dc4cdb8b4bb4e2 plugins/generic/users.py 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 plugins/__init__.py d5b3243c2b048aa8074d2d828f74fbf8237286c3d00fd868f1b4090c267b78ef README.md -6cfaaf6534688cecda09433246d0a8518f98ce5cf6d6a8159f24d70502cfc14f sqlmapapi.py +78aafd53980096364f0c995c6283931bff505aed88fed1e7906fb06ee60e9c5b sqlmapapi.py 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml 5e172e315524845fe091aa0b7b29303c92ac8f67594c6d50f026d627e415b7ed sqlmap.conf 7800faa964d1fc06bbca856ca35bf21d68f5e044ae0bd5d7dea16d625d585adb sqlmap.py @@ -549,8 +549,8 @@ b4b03668061ba1a1dfc2e3a3db8ba500481da23f22b2bb1ebcbddada7479c3b0 tamper/upperca bd0fd06e24c3e05aecaccf5ba4c17d181e6cd35eee82c0efd6df5414fb0cb6f6 tamper/xforwardedfor.py 55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a thirdparty/ansistrm/ansistrm.py e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/ansistrm/__init__.py -82b6daf563d8c1933a8de655e04d6c8466d3db5c583c952e450d47ccc5c7c662 thirdparty/beautifulsoup/beautifulsoup.py -bc92179cb2785712951fef05333290abf22e5b595e0a93d0168cc05132bc5f37 thirdparty/beautifulsoup/__init__.py +e8f0ea4d982ef93c8c59c7165a1f39ccccddcb24b9fec1c2d2aa5bdb2373fdd5 thirdparty/beautifulsoup/beautifulsoup.py +7d62c59f787f987cbce0de5375f604da8de0ba01742842fb2b3d12fcb92fcb63 thirdparty/beautifulsoup/__init__.py 1b0f89e4713cc8cec4e4d824368a4eb9d3bdce7ddfc712326caac4feda1d7f69 thirdparty/bottle/bottle.py 9f56e761d79bfdb34304a012586cb04d16b435ef6130091a97702e559260a2f2 thirdparty/bottle/__init__.py 0ffccae46cb3a15b117acd0790b2738a5b45417d1b2822ceac57bdff10ef3bff thirdparty/chardet/big5freq.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 521185a38..77910e1dd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.8.4.1" +VERSION = "1.8.4.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index dbb7a0469..403a878f5 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -45,10 +45,11 @@ class Fingerprint(GenericFingerprint): # Reference: https://dev.mysql.com/doc/relnotes/mysql/./en/ versions = ( + (80200, 80202), # MySQL 8.2 (80100, 80102), # MySQL 8.1 - (80000, 80035), # MySQL 8.0 + (80000, 80036), # MySQL 8.0 (60000, 60014), # MySQL 6.0 - (50700, 50744), # MySQL 5.7 + (50700, 50745), # MySQL 5.7 (50600, 50652), # MySQL 5.6 (50500, 50563), # MySQL 5.5 (50400, 50404), # MySQL 5.4 From 1e9e33d9c3743ce37fa6a6076c61d01b014658da Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Apr 2024 17:32:38 +0200 Subject: [PATCH 6/7] Proper patch for #5688 --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/parse/configfile.py | 5 ++++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 78d5bfc18..2ba72ee75 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -187,7 +187,7 @@ bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profi 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py -f41eae63de373d61f92ad9a4697dfdaa7cc0a53ffc119d906171726e7c2553f3 lib/core/settings.py +df96b0f2f935c583492c6331c6f222427976606af9a03ee5f05755a697ea7cec lib/core/settings.py 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py @@ -199,7 +199,7 @@ ce65f9e8e1c726de3cec6abf31a2ffdbc16c251f772adcc14f67dee32d0f6b57 lib/core/wordl 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/__init__.py ba16fdd71fba31990dc92ff5a7388fb0ebac21ca905c314be6c8c2b868f94ab7 lib/parse/banner.py d757343f241b14e23aefb2177b6c2598f1bc06253fd93b0d8a28d4a55c267100 lib/parse/cmdline.py -bcf0b32a730f1cdf097b00acf220eb216bc8eb4cb5d217a4a0d6ebe9f8086129 lib/parse/configfile.py +d1fa3b9457f0e934600519309cbd3d84f9e6158a620866e7b352078c7c136f01 lib/parse/configfile.py 9af4c86e41e50bd6055573a7b76e380a6658b355320c72dd6d2d5ddab14dc082 lib/parse/handler.py 13b3ab678a2c422ce1dea9558668c05e562c0ec226f36053259a0be7280ebf92 lib/parse/headers.py b48edf3f30db127b18419f607894d5de46fc949d14c65fdc85ece524207d6dfd lib/parse/html.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 77910e1dd..09121dae2 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.8.4.2" +VERSION = "1.8.4.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py index 006537888..19b6e8ec3 100644 --- a/lib/parse/configfile.py +++ b/lib/parse/configfile.py @@ -68,7 +68,10 @@ def configFileParser(configFile): try: config = UnicodeRawConfigParser() - config.readfp(configFP) + if hasattr(config, "read_file"): + config.read_file(configFP) + else: + config.readfp(configFP) except Exception as ex: errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % getSafeExString(ex) raise SqlmapSyntaxException(errMsg) From 2f01cbf71fcd48bb20f9394ff6f088211305277e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Apr 2024 18:09:13 +0200 Subject: [PATCH 7/7] Patching some resource-related warnings --- data/txt/sha256sums.txt | 6 +++--- lib/core/common.py | 34 ++++++++++++++++++++-------------- lib/core/settings.py | 2 +- lib/core/testing.py | 8 ++++++-- 4 files changed, 30 insertions(+), 20 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 2ba72ee75..d562ac1c9 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -165,7 +165,7 @@ f9c96cd3fe99578bed9d49a8bdf8d76836d320a7c48c56eb0469f48b36775c35 lib/controller 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/controller/__init__.py 826c33f1105be4c0985e1bbe1d75bdb009c17815ad6552fc8d9bf39090d3c40f lib/core/agent.py b2d69c99632da5c2acd0c0934e70d55862f1380a3f602cbe7456d617fb9c1fc9 lib/core/bigarray.py -ba3f0002aa93f8f21f06dbea343573c590b9e6ec160fc6668c15e68a970cfb12 lib/core/common.py +a4863238aba3a2d203c26127a4a7a6df873bd0c6f1cd798d4a7abcdc71a07cb6 lib/core/common.py 5c26b0f308266bc3a9679ef837439e38d1dc7a69eac6bd3422280f49aaf114d2 lib/core/compat.py b60c96780cad4a257f91a0611b08cfcc52f242908c5d5ab2bf9034ef07869602 lib/core/convert.py 5e381515873e71c395c77df00bf1dd8c4592afc6210a2f75cbc20daf384e539f lib/core/data.py @@ -187,11 +187,11 @@ bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profi 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py -df96b0f2f935c583492c6331c6f222427976606af9a03ee5f05755a697ea7cec lib/core/settings.py +4cc89d1791e21b3bb4739039cb7eb57659370ab7008902eb80871c85a52c263f lib/core/settings.py 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py -5941a7a641ea58b1d9e59ab3c9f4e9e40566ba08842e1cadb51ea8df9faf763f lib/core/testing.py +970b1c3e59481f11dd185bdde52f697f7d8dfc3152d24e3d336ec3fab59a857c lib/core/testing.py 8cb7424aa9d42d028a6780250effe4e719d9bb35558057f8ebe9e32408a6b80f lib/core/threads.py ff39235aee7e33498c66132d17e6e86e7b8a29754e3fdecd880ca8356b17f791 lib/core/unescaper.py 2984e4973868f586aa932f00da684bf31718c0331817c9f8721acd71fd661f89 lib/core/update.py diff --git a/lib/core/common.py b/lib/core/common.py index 1be307c9d..dd5fc7151 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1333,7 +1333,10 @@ def isZipFile(filename): checkFile(filename) - return openFile(filename, "rb", encoding=None).read(len(ZIP_HEADER)) == ZIP_HEADER + with openFile(filename, "rb", encoding=None) as f: + header = f.read(len(ZIP_HEADER)) + + return header == ZIP_HEADER def isDigit(value): """ @@ -2533,21 +2536,22 @@ def initCommonOutputs(): kb.commonOutputs = {} key = None - for line in openFile(paths.COMMON_OUTPUTS, 'r'): - if line.find('#') != -1: - line = line[:line.find('#')] + with openFile(paths.COMMON_OUTPUTS, 'r') as f: + for line in f: + if line.find('#') != -1: + line = line[:line.find('#')] - line = line.strip() + line = line.strip() - if len(line) > 1: - if line.startswith('[') and line.endswith(']'): - key = line[1:-1] - elif key: - if key not in kb.commonOutputs: - kb.commonOutputs[key] = set() + if len(line) > 1: + if line.startswith('[') and line.endswith(']'): + key = line[1:-1] + elif key: + if key not in kb.commonOutputs: + kb.commonOutputs[key] = set() - if line not in kb.commonOutputs[key]: - kb.commonOutputs[key].add(line) + if line not in kb.commonOutputs[key]: + kb.commonOutputs[key].add(line) def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False): """ @@ -5594,7 +5598,9 @@ def checkSums(): expected, filename = match.groups() filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename).replace('/', os.path.sep) checkFile(filepath) - if not hashlib.sha256(open(filepath, "rb").read()).hexdigest() == expected: + with open(filepath, "rb") as f: + content = f.read() + if not hashlib.sha256(content).hexdigest() == expected: retVal &= False break diff --git a/lib/core/settings.py b/lib/core/settings.py index 09121dae2..8383d26d5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.8.4.3" +VERSION = "1.8.4.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 319ac88bb..bb6af1ab6 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -162,7 +162,9 @@ def vulnTest(): direct = "sqlite3://%s" % database tmpdir = tempfile.mkdtemp() - content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))).read().replace("url =", "url = %s" % url) + with open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))) as f: + content = f.read().replace("url =", "url = %s" % url) + with open(config, "w+") as f: f.write(content) f.flush() @@ -214,7 +216,9 @@ def smokeTest(): unisonRandom() - content = open(paths.ERRORS_XML, "r").read() + with open(paths.ERRORS_XML, "r") as f: + content = f.read() + for regex in re.findall(r'', content): try: re.compile(regex)