From a4d058d70cb89e88790c7003182733b033f80087 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 2 Nov 2014 10:55:38 +0100
Subject: [PATCH] More anonymization of unhanded exception data

---
 lib/core/common.py | 6 +++++-
 sqlmap.py          | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6d69fbfd7..0182c2949 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -9,6 +9,7 @@ import codecs
 import contextlib
 import cookielib
 import copy
+import getpass
 import hashlib
 import httplib
 import inspect
@@ -2845,7 +2846,7 @@ def unhandledExceptionMessage():
     errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
     errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
 
-    return maskSensitiveData(errMsg)
+    return errMsg
 
 def createGithubIssue(errMsg, excMsg):
     """
@@ -2896,6 +2897,9 @@ def maskSensitiveData(msg):
             value = extractRegexResult(regex, retVal)
             retVal = retVal.replace(value, '*' * len(value))
 
+    if getpass.getuser():
+        retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), "*" * len(getpass.getuser()), retVal)
+
     return retVal
 
 def listToStrValue(value):
diff --git a/sqlmap.py b/sqlmap.py
index 3472b17a8..6a4683881 100755
--- a/sqlmap.py
+++ b/sqlmap.py
@@ -25,6 +25,7 @@ from lib.core.common import banner
 from lib.core.common import createGithubIssue
 from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
+from lib.core.common import maskSensitiveData
 from lib.core.common import setColor
 from lib.core.common import setPaths
 from lib.core.common import weAreFrozen
@@ -138,6 +139,9 @@ def main():
             file_ = re.sub(r"\.\./", '/', file_).lstrip('/')
             excMsg = excMsg.replace(match.group(1), file_)
 
+        errMsg = maskSensitiveData(errMsg)
+        excMsg = maskSensitiveData(excMsg)
+
         logger.critical(errMsg)
         kb.stickyLevel = logging.CRITICAL
         dataToStdout(excMsg)