From bb725d222c6ec1241bab9ea26b6a046a4efd287f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 1 Apr 2025 10:26:19 +0200 Subject: [PATCH] Fixes #5885 --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 3 +++ lib/request/connect.py | 5 +++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 56d7cf94d..51794f7f8 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -f04c8a49a6c7205949d54bed4226abf8ab97361ceb4e0325fc260456a0ad412f lib/core/settings.py +75d5ce99d50b42999fcbcd05edade1e9774c383bbdeddafd2a4c91d287f610e1 lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -211,7 +211,7 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d lib/parse/site 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py 6be5719f3c922682931779830a4571a13d5612a69e2423fd60a254e8dbceaf5c lib/request/comparison.py -7345c12a0a1d4c583766b46ba38263cbc4603a85aa4216deddd62958d4e5d596 lib/request/connect.py +b27dd003eba5ac4697b6a1d5a6712e6aca380436a5a379bd5f2e831d6dca19bd lib/request/connect.py 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py 844fae318d6b3141bfc817aac7a29868497b5e7b4b3fdd7c751ad1d4a485324f lib/request/httpshandler.py diff --git a/lib/core/settings.py b/lib/core/settings.py index a5793f9b2..ab2e55161 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -835,6 +835,9 @@ INVALID_UNICODE_PRIVATE_AREA = False # Format used for representing invalid unicode characters INVALID_UNICODE_CHAR_FORMAT = r"\x%02x" +# Minimum supported version of httpx library (for --http2) +MIN_HTTPX_VERSION = "0.28" + # Regular expression for XML POST data XML_RECOGNITION_REGEX = r"(?s)\A\s*<[^>]+>(.+>)?\s*\Z" diff --git a/lib/request/connect.py b/lib/request/connect.py index 0fce5106e..cdbbabca0 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -62,6 +62,7 @@ from lib.core.common import unsafeVariableNaming from lib.core.common import urldecode from lib.core.common import urlencode from lib.core.common import wasLastResponseDelayed +from lib.core.compat import LooseVersion from lib.core.compat import patchHeaders from lib.core.compat import xrange from lib.core.convert import encodeBase64 @@ -109,6 +110,7 @@ from lib.core.settings import IS_WIN from lib.core.settings import JAVASCRIPT_HREF_REGEX from lib.core.settings import LARGE_READ_TRIM_MARKER from lib.core.settings import LIVE_COOKIES_TIMEOUT +from lib.core.settings import MIN_HTTPX_VERSION from lib.core.settings import MAX_CONNECTION_READ_SIZE from lib.core.settings import MAX_CONNECTIONS_REGEX from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE @@ -618,6 +620,9 @@ class Connect(object): except ImportError: raise SqlmapMissingDependence("httpx[http2] not available (e.g. 'pip%s install httpx[http2]')" % ('3' if six.PY3 else "")) + if LooseVersion(httpx.__version__) < LooseVersion(MIN_HTTPX_VERSION): + raise SqlmapMissingDependence("outdated version of httpx detected (%s<%s)" % (httpx.__version__, MIN_HTTPX_VERSION)) + try: proxy_mounts = dict(("%s://" % key, httpx.HTTPTransport(proxy="%s%s" % ("http://" if not "://" in kb.proxies[key] else "", kb.proxies[key]))) for key in kb.proxies) if kb.proxies else None with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj, mounts=proxy_mounts) as client: