From bcd62ecc5bc14c76c777dc9ed67ed47ec7053e6a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 20 Sep 2016 09:56:08 +0200 Subject: [PATCH] Minor optimization (avoiding unnecessary deepcopies) --- lib/controller/checks.py | 12 ++++++------ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 76e69ba0c..de803eb09 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -94,6 +94,12 @@ def checkSqlInjection(place, parameter, value): # Localized thread data needed for some methods threadData = getCurrentThreadData() + # Favoring non-string specific boundaries in case of digit-like parameter values + if value.isdigit(): + boundaries = sorted(copy.deepcopy(conf.boundaries), key=lambda boundary: any(_ in (boundary.prefix or "") or _ in (boundary.suffix or "") for _ in ('"', '\''))) + else: + boundaries = conf.boundaries + # Set the flag for SQL injection test mode kb.testMode = True @@ -311,12 +317,6 @@ def checkSqlInjection(place, parameter, value): comment = agent.getComment(test.request) if len(conf.boundaries) > 1 else None fstPayload = agent.cleanupPayload(test.request.payload, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) else None) - # Favoring non-string specific boundaries in case of digit-like parameter values - if value.isdigit(): - boundaries = sorted(copy.deepcopy(conf.boundaries), key=lambda x: any(_ in (x.prefix or "") or _ in (x.suffix or "") for _ in ('"', '\''))) - else: - boundaries = conf.boundaries - for boundary in boundaries: injectable = False diff --git a/lib/core/settings.py b/lib/core/settings.py index 3d6ccf8b5..4d7bff57f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.9.17" +VERSION = "1.0.9.18" REVISION = getRevisionNumber() TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e2875c964..a3098c32b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -20,7 +20,7 @@ b46521e29ea3d813bab5aeb16cac6498 extra/shutils/duplicates.py cc9c82cfffd8ee9b25ba3af6284f057e extra/sqlharvest/__init__.py 4f2f817596540d82f9fcc0c5b2228beb extra/sqlharvest/sqlharvest.py 2daa39e4d59526acb4772b6c47eb315f lib/controller/action.py -8eab6910c9807e6fda0f40fb0df9345a lib/controller/checks.py +0408ef9325f4cde05df8732aeb67323b lib/controller/checks.py 7c5ba631796f12d6de9b667e4cc7812b lib/controller/controller.py 5ae8f657fd4e8026fcc9624f5b5533fe lib/controller/handler.py cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py @@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -7592c234fac1036667aaa5a772615fa8 lib/core/settings.py +75f0fdc76631aa563d217e4ca5993628 lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py