From a60c9b0dcc79aafd0e2b5dc65a76eaf0845a812d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 9 Nov 2016 11:29:08 +0100 Subject: [PATCH] Minor patch --- lib/core/common.py | 3 ++- lib/core/settings.py | 5 ++++- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a61273b23..b0b0a6220 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -141,6 +141,7 @@ from lib.core.settings import REFLECTED_REPLACEMENT_REGEX from lib.core.settings import REFLECTED_VALUE_MARKER from lib.core.settings import REFLECTIVE_MISS_THRESHOLD from lib.core.settings import SENSITIVE_DATA_REGEX +from lib.core.settings import SENSITIVE_OPTIONS from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import TEXT_TAG_REGEX from lib.core.settings import TIME_STDEV_COEFF @@ -3242,7 +3243,7 @@ def maskSensitiveData(msg): retVal = getUnicode(msg) - for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))): + for item in filter(None, map(lambda x: conf.get(x), SENSITIVE_OPTIONS)): regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item)) while extractRegexResult(regex, retVal): value = extractRegexResult(regex, retVal) diff --git a/lib/core/settings.py b/lib/core/settings.py index e7e45d78b..2765a92e3 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.0.11.6" +VERSION = "1.0.11.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -343,6 +343,9 @@ URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z" # Regex used for masking sensitive data SENSITIVE_DATA_REGEX = "(\s|=)(?P[^\s=]*%s[^\s]*)\s" +# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the inside) +SENSITIVE_OPTIONS = ("hostname", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred") + # Maximum number of threads (avoiding connection issues and/or DoS) MAX_NUMBER_OF_THREADS = 10 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c38b9e0cb..fda801259 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -26,7 +26,7 @@ ec007a1424da78cfdae90da6ae49ed9b lib/controller/handler.py cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py 04f16204c899438dc7599a9a8426bfee lib/core/agent.py eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py -136246c879e7a15309ed892ea4c1c3eb lib/core/common.py +b660a7a68f1bd92b1be0bd5069943686 lib/core/common.py ab5ef8fe4e4beaef4016d458d0fdefe3 lib/core/convert.py e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py 1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py @@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -f2af4d009e24068b5a6f41063d35ff25 lib/core/settings.py +766f2beb17bc407c8b7a55527d9c089d lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py