diff --git a/lib/core/update.py b/lib/core/update.py index 811bb9604..cb19147b9 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -203,20 +203,18 @@ def __updateMSSQLXML(): def __createFile(pathname, data): mkpath(os.path.dirname(pathname)) + fileFP = open(pathname, "wb") fileFP.write(data) fileFP.close() -def __extractZipFile(zipFile): +def __extractZipFile(tempDir, zipFile, sqlmapNewestVersion): # Check if the saved binary file is really a ZIP file if zipfile.is_zipfile(zipFile): sqlmapZipFile = zipfile.ZipFile(zipFile) else: - raise sqlmapFilePathException, "the downloaded file does not seem to be a zipfile" - - # Create a temporary directory - tempDir = tempfile.mkdtemp("", "sqlmap_latest-") + raise sqlmapFilePathException, "the downloaded file does not seem to be a ZIP file" # Extract each file within the ZIP file in the temporary directory for info in sqlmapZipFile.infolist(): @@ -224,8 +222,6 @@ def __extractZipFile(zipFile): data = sqlmapZipFile.read(info.filename) __createFile(os.path.join(tempDir, info.filename), data) - return tempDir - def __updateSqlmap(): infoMsg = "updating sqlmap" @@ -247,6 +243,7 @@ def __updateSqlmap(): return sqlmapNewestVersion = str(sqlmapNewestVersion).replace("\n", "") + sqlmapNewestVersion = "0.6.1" if not re.search("^([\w\.\-]+)$", sqlmapNewestVersion): errMsg = "sqlmap version is in a wrong syntax" @@ -259,11 +256,19 @@ def __updateSqlmap(): logger.info(infoMsg) return - else: + + elif sqlmapNewestVersion > VERSION: infoMsg = "sqlmap latest stable version is %s. " % sqlmapNewestVersion infoMsg += "Going to download it from the SourceForge File List page" logger.info(infoMsg) + elif sqlmapNewestVersion < VERSION: + infoMsg = "if you are running a version of sqlmap more updated than " + infoMsg += "the latest stable version (%s)" % sqlmapNewestVersion + logger.info(infoMsg) + + return + sqlmapBinaryStringUrl = SQLMAP_SOURCE_URL % sqlmapNewestVersion try: @@ -278,25 +283,28 @@ def __updateSqlmap(): return - # Save the sqlmap compressed source to a ZIP file in a temporary - # directory and extract it - zipFile = os.path.join(tempfile.gettempdir(), "sqlmap-%s.zip" % sqlmapNewestVersion) + debugMsg = 'saving the sqlmap compressed source to a ZIP file into ' + debugMsg += 'the temporary directory and extract it' + logger.debug(debugMsg) + + tempDir = tempfile.gettempdir() + zipFile = os.path.join(tempDir, "sqlmap-%s.zip" % sqlmapNewestVersion) __createFile(zipFile, sqlmapBinaryString) - tempDir = __extractZipFile(zipFile) + __extractZipFile(tempDir, zipFile, sqlmapNewestVersion) # For each file and directory in the temporary directory copy it # to the sqlmap root path and set right permission # TODO: remove files not needed anymore and all pyc within the # sqlmap root path in the end - for root, dirs, files in os.walk(os.path.join(tempDir, "sqlmap")): + for root, dirs, files in os.walk(os.path.join(tempDir, "sqlmap-%s" % sqlmapNewestVersion)): # Just for development release - if '.svn' in dirs: - dirs.remove('.svn') + if '.svn' in root: + continue cleanRoot = root.replace(tempDir, "") - cleanRoot = cleanRoot.replace("%ssqlmap" % os.sep, "") + cleanRoot = cleanRoot.replace("%ssqlmap-%s" % (os.sep, sqlmapNewestVersion), "") - if cleanRoot.startswith("/"): + if cleanRoot.startswith(os.sep): cleanRoot = cleanRoot[1:] for f in files: @@ -307,6 +315,11 @@ def __updateSqlmap(): srcFile = os.path.join(root, f) dstFile = os.path.join(paths.SQLMAP_ROOT_PATH, os.path.join(cleanRoot, f)) + if f == "sqlmap.conf" and os.path.exists(dstFile): + infoMsg = "backupping configuration file to '%s.bak'" % dstFile + logger.info(infoMsg) + shutil.move(dstFile, "%s.bak" % dstFile) + if os.path.exists(dstFile): debugMsg = "replacing file '%s'" % dstFile else: @@ -314,11 +327,6 @@ def __updateSqlmap(): logger.debug(debugMsg) - if f == "sqlmap.conf" and os.path.exists(dstFile): - infoMsg = "backupping configuration file to '%s.bak'" % dstFile - logger.info(infoMsg) - shutil.move(dstFile, "%s.bak" % dstFile) - mkpath(os.path.dirname(dstFile)) shutil.copy(srcFile, dstFile)