sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor code style updates

Browse Source
This commit is contained in:
Miroslav Stampar 2018-06-09 23:38:00 +02:00
parent a97fd1dede
commit c268663bd9
26 changed files with 85 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extra/icmpsh/icmpsh_m.py
View File

@ -80,7 +80,7 @@ def main(src, dst):
cmd = ''
# Wait for incoming replies
if sock in select.select([ sock ], [], [])[0]:
if sock in select.select([sock], [], [])[0]:
buff = sock.recv(4096)
if 0 == len(buff):

4
extra/mssqlsig/update.py
View File

@ -43,7 +43,7 @@ def updateMSSQLXML():
return
releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I)
releases = re.findall(r"class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I)
releasesCount = len(releases)
# Create the minidom document
@ -74,7 +74,7 @@ def updateMSSQLXML():
stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1])
mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx]
servicepackVersion = re.findall("</td><td>(7\.0|2000|2005|2008|2008 R2)*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I)
servicepackVersion = re.findall(r"</td><td>(7\.0|2000|2005|2008|2008 R2)*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I)
for servicePack, version in servicepackVersion:
if servicePack.startswith(" "):

7
extra/shutils/newlines.py
View File

@ -4,16 +4,15 @@
# Reference: http://rowinggolfer.blogspot.com/2009/08/pylint-recursively.html
import os
import re
import sys
def check(filepath):
if filepath.endswith(".py"):
content = open(filepath, "rb").read()
#if re.search(r"\r?\n\r?\n", content):
content = open(filepath, "rb").read()
if "\n\n\n" in content:
index = content.find("\n\n\n")
print filepath, repr(content[index-30:index+30])
print filepath, repr(content[index - 30:index + 30])
if __name__ == "__main__":
try:

7
extra/shutils/pep8.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs pep8 on all python files (prerequisite: apt-get install pep8)
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pep8 '{}' \;

7
extra/shutils/pycodestyle.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pycodestyle --ignore=E501,E302,E305,E722,E402 '{}' \;

4
extra/shutils/regressiontest.py
View File

@ -27,7 +27,7 @@ SMTP_SERVER = "127.0.0.1"
SMTP_PORT = 25
SMTP_TIMEOUT = 30
FROM = "regressiontest@sqlmap.org"
#TO = "dev@sqlmap.org"
# TO = "dev@sqlmap.org"
TO = ["bernardo.damele@gmail.com", "miroslav.stampar@gmail.com"]
SUBJECT = "regression test started on %s using revision %s" % (START_TIME, getRevisionNumber())
TARGET = "debian"
@ -83,7 +83,7 @@ def main():
if stderr:
failure_email("Execution of regression test failed with error:\n\n%s" % stderr)
failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout)
failed_tests = re.findall(r"running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout)
for failed_test in failed_tests:
title = failed_test[0]

8
lib/core/agent.py
View File

@ -198,7 +198,7 @@ class Agent(object):
regex = r"(\A|\b)%s=%s%s" % (re.escape(parameter), re.escape(origValue), r"(\Z|\b)" if origValue[-1].isalnum() else "")
retVal = _(regex, "%s=%s" % (parameter, self.addPayloadDelimiters(newValue)), paramString)
else:
retVal = _(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), "%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue)), paramString)
retVal = _(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), r"%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue)), paramString)
if retVal == paramString and urlencode(parameter) != parameter:
retVal = _(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue)), paramString)
@ -535,7 +535,7 @@ class Agent(object):
fieldsToCastStr = fieldsToCastStr or ""
# Function
if re.search("\A\w+\(.*\)", fieldsToCastStr, re.I) or (fieldsSelectCase and "WHEN use" not in query) or fieldsSubstr:
if re.search(r"\A\w+\(.*\)", fieldsToCastStr, re.I) or (fieldsSelectCase and "WHEN use" not in query) or fieldsSubstr:
fieldsToCastList = [fieldsToCastStr]
else:
fieldsToCastList = splitFields(fieldsToCastStr)
@ -627,7 +627,7 @@ class Agent(object):
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
_ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, " FROM "))
concatenatedQuery = "%s||'%s'%s" % (concatenatedQuery[:_], kb.chars.stop, concatenatedQuery[_:])
concatenatedQuery = re.sub(r"('%s'\|\|)(.+)(%s)" % (kb.chars.start, re.escape(castedFields)), "\g<2>\g<1>\g<3>", concatenatedQuery)
concatenatedQuery = re.sub(r"('%s'\|\|)(.+)(%s)" % (kb.chars.start, re.escape(castedFields)), r"\g<2>\g<1>\g<3>", concatenatedQuery)
elif fieldsSelect:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
concatenatedQuery += "||'%s'" % kb.chars.stop
@ -639,7 +639,7 @@ class Agent(object):
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.chars.start, 1)
concatenatedQuery += "+'%s'" % kb.chars.stop
elif fieldsSelectTop:
topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1)
topNum = re.search(r"\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1)
concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.chars.start), 1)
concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.chars.stop, 1)
elif fieldsSelectCase:

12
lib/core/common.py
View File

@ -1317,7 +1317,7 @@ def parseTargetDirect():
remote = False
for dbms in SUPPORTED_DBMS:
details = re.search("^(?P<dbms>%s)://(?P<credentials>(?P<user>.+?)\:(?P<pass>.*)\@)?(?P<remote>(?P<hostname>[\w.-]+?)\:(?P<port>[\d]+)\/)?(?P<db>[\w\d\ \:\.\_\-\/\\\\]+?)$" % dbms, conf.direct, re.I)
details = re.search(r"^(?P<dbms>%s)://(?P<credentials>(?P<user>.+?)\:(?P<pass>.*)\@)?(?P<remote>(?P<hostname>[\w.-]+?)\:(?P<port>[\d]+)\/)?(?P<db>[\w\d\ \:\.\_\-\/\\]+?)$" % dbms, conf.direct, re.I)
if details:
conf.dbms = details.group("dbms")
@ -1440,7 +1440,7 @@ def parseTargetUrl():
errMsg += "in the hostname part"
raise SqlmapGenericException(errMsg)
hostnamePort = urlSplit.netloc.split(":") if not re.search(r"\[.+\]", urlSplit.netloc) else filter(None, (re.search("\[.+\]", urlSplit.netloc).group(0), re.search(r"\](:(?P<port>\d+))?", urlSplit.netloc).group("port")))
hostnamePort = urlSplit.netloc.split(":") if not re.search(r"\[.+\]", urlSplit.netloc) else filter(None, (re.search(r"\[.+\]", urlSplit.netloc).group(0), re.search(r"\](:(?P<port>\d+))?", urlSplit.netloc).group("port")))
conf.scheme = (urlSplit.scheme.strip().lower() or "http") if not conf.forceSSL else "https"
conf.path = urlSplit.path.strip()
@ -3355,7 +3355,7 @@ def createGithubIssue(errMsg, excMsg):
_ = re.sub(r"'[^']+'", "''", excMsg)
_ = re.sub(r"\s+line \d+", "", _)
_ = re.sub(r'File ".+?/(\w+\.py)', "\g<1>", _)
_ = re.sub(r'File ".+?/(\w+\.py)', r"\g<1>", _)
_ = re.sub(r".+\Z", "", _)
key = hashlib.md5(_).hexdigest()[:8]
@ -3522,6 +3522,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
regex = r"%s\b" % regex
_retVal = [retVal]
def _thread(regex):
try:
_retVal[0] = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, _retVal[0])
@ -3957,6 +3958,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
def __init__(self, content, url):
StringIO.__init__(self, unicodeencode(content, kb.pageEncoding) if isinstance(content, unicode) else content)
self._url = url
def geturl(self):
return self._url
@ -4082,7 +4084,7 @@ def getHostHeader(url):
retVal = urlparse.urlparse(url).netloc
if re.search(r"http(s)?://\[.+\]", url, re.I):
retVal = extractRegexResult("http(s)?://\[(?P<result>.+)\]", url)
retVal = extractRegexResult(r"http(s)?://\[(?P<result>.+)\]", url)
elif any(retVal.endswith(':%d' % _) for _ in (80, 443)):
retVal = retVal.split(':')[0]
@ -4339,7 +4341,7 @@ def resetCookieJar(cookieJar):
except cookielib.LoadError, msg:
errMsg = "there was a problem loading "
errMsg += "cookies file ('%s')" % re.sub(r"(cookies) file '[^']+'", "\g<1>", str(msg))
errMsg += "cookies file ('%s')" % re.sub(r"(cookies) file '[^']+'", r"\g<1>", str(msg))
raise SqlmapGenericException(errMsg)
def decloakToTemp(filename):

2
lib/core/decorators.py
View File

@ -38,4 +38,4 @@ def stackedmethod(f):
return result
return _
return _

4
lib/core/option.py
View File

@ -1722,7 +1722,7 @@ def _cleanupOptions():
if conf.testFilter:
conf.testFilter = conf.testFilter.strip('*+')
conf.testFilter = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testFilter)
conf.testFilter = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testFilter)
try:
re.compile(conf.testFilter)
@ -1731,7 +1731,7 @@ def _cleanupOptions():
if conf.testSkip:
conf.testSkip = conf.testSkip.strip('*+')
conf.testSkip = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testSkip)
conf.testSkip = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testSkip)
try:
re.compile(conf.testSkip)

10
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.6.15"
VERSION = "1.2.6.16"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -364,7 +364,7 @@ URI_HTTP_HEADER = "URI"
URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z"
# Regex used for masking sensitive data
SENSITIVE_DATA_REGEX = "(\s|=)(?P<result>[^\s=]*%s[^\s]*)\s"
SENSITIVE_DATA_REGEX = r"(\s|=)(?P<result>[^\s=]*%s[^\s]*)\s"
# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)
SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred")
@ -388,7 +388,7 @@ CANDIDATE_SENTENCE_MIN_LENGTH = 10
CUSTOM_INJECTION_MARK_CHAR = '*'
# Other way to declare injection position
INJECT_HERE_REGEX = '(?i)%INJECT[_ ]?HERE%'
INJECT_HERE_REGEX = r"(?i)%INJECT[_ ]?HERE%"
# Minimum chunk length used for retrieving data over error based payloads
MIN_ERROR_CHUNK_LENGTH = 8
@ -487,7 +487,7 @@ LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual c
REFLECTIVE_MISS_THRESHOLD = 20
# Regular expression used for extracting HTML title
HTML_TITLE_REGEX = "<title>(?P<result>[^<]+)</title>"
HTML_TITLE_REGEX = r"<title>(?P<result>[^<]+)</title>"
# Table used for Base64 conversion in WordPress hash cracking routine
ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
@ -631,7 +631,7 @@ BANNER = re.sub(r"\[.\]", lambda _: "[\033[01;41m%s\033[01;49m]" % random.sample
DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">"
# Regular expression used for recognition of file inclusion errors
FI_ERROR_REGEX = "(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}"
FI_ERROR_REGEX = r"(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}"
# Length of prefix and suffix used in non-SQLI heuristic checks
NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6

4
lib/core/target.py
View File

@ -148,8 +148,8 @@ def _setRequestParams():
match = re.search(r'(?P<name>[^"]+)"\s*:\s*\[([^\]]+)\]', conf.data)
if match and not (conf.testParameter and match.group("name") not in conf.testParameter):
_ = match.group(2)
_ = re.sub(r'("[^"]+)"', '\g<1>%s"' % kb.customInjectionMark, _)
_ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', '\g<0>%s' % kb.customInjectionMark, _)
_ = re.sub(r'("[^"]+)"', r'\g<1>%s"' % kb.customInjectionMark, _)
_ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', r'\g<0>%s' % kb.customInjectionMark, _)
conf.data = conf.data.replace(match.group(0), match.group(0).replace(match.group(2), _))
kb.postHint = POST_HINT.JSON

1
lib/request/basic.py
View File

@ -35,7 +35,6 @@ from lib.core.enums import PLACE
from lib.core.exception import SqlmapCompressionException
from lib.core.settings import BLOCKED_IP_REGEX
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import DEV_EMAIL_ADDRESS
from lib.core.settings import EVENTVALIDATION_REGEX
from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
from lib.core.settings import META_CHARSET_REGEX

21
lib/request/connect.py
View File

@ -8,7 +8,6 @@ See the file 'LICENSE' for copying permission
import binascii
import compiler
import httplib
import json
import keyword
import logging
import re
@ -408,8 +407,10 @@ class Connect(object):
ws.close()
code = ws.status
status = httplib.responses[code]
class _(dict):
pass
responseHeaders = _(ws.getheaders())
responseHeaders.headers = ["%s: %s\r\n" % (_[0].capitalize(), _[1]) for _ in responseHeaders.items()]
@ -736,10 +737,10 @@ class Connect(object):
if conn and getattr(conn, "redurl", None):
_ = urlparse.urlsplit(conn.redurl)
_ = ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else ""))
requestMsg = re.sub(r"(\n[A-Z]+ ).+?( HTTP/\d)", "\g<1>%s\g<2>" % getUnicode(_).replace("\\", "\\\\"), requestMsg, 1)
requestMsg = re.sub(r"(\n[A-Z]+ ).+?( HTTP/\d)", r"\g<1>%s\g<2>" % getUnicode(_).replace("\\", "\\\\"), requestMsg, 1)
if kb.resendPostOnRedirect is False:
requestMsg = re.sub(r"(\[#\d+\]:\n)POST ", "\g<1>GET ", requestMsg)
requestMsg = re.sub(r"(\[#\d+\]:\n)POST ", r"\g<1>GET ", requestMsg)
requestMsg = re.sub(r"(?i)Content-length: \d+\n", "", requestMsg)
requestMsg = re.sub(r"(?s)\n\n.+", "\n", requestMsg)
@ -1104,33 +1105,33 @@ class Connect(object):
if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
if re.search(r"<%s\b" % re.escape(name), post):
found = True
post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
elif re.search(r"\b%s>" % re.escape(name), post):
found = True
post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
if not found and re.search(regex, (post or "")):
found = True
post = re.sub(regex, "\g<1>\g<2>%s" % value.replace('\\', r'\\'), post)
post = re.sub(regex, r"\g<1>\g<2>%s" % value.replace('\\', r'\\'), post)
regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))
if not found and re.search(regex, (post or "")):
found = True
post = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
post = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
if re.search(regex, (get or "")):
found = True
get = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), get)
get = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), get)
if re.search(regex, (query or "")):
found = True
uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), uri)
uri = re.sub(regex.replace(r"\A", r"\?"), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), uri)
regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), re.escape(name), re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER))
if re.search(regex, (cookie or "")):
found = True
cookie = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), cookie)
cookie = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), cookie)
if not found:
if post is not None:

8
lib/takeover/web.py
View File

@ -219,7 +219,7 @@ class Web:
finally:
been.add(url)
url = re.sub(r"(\.\w+)\Z", "~\g<1>", conf.url)
url = re.sub(r"(\.\w+)\Z", r"~\g<1>", conf.url)
if url not in been:
try:
page, _, _ = Request.getPage(url=url, raise404=False, silent=True)
@ -231,7 +231,7 @@ class Web:
for place in (PLACE.GET, PLACE.POST):
if place in conf.parameters:
value = re.sub(r"(\A|&)(\w+)=", "\g<2>[]=", conf.parameters[place])
value = re.sub(r"(\A|&)(\w+)=", r"\g<2>[]=", conf.parameters[place])
if "[]" in value:
page, headers, _ = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False)
parseFilePaths(page)
@ -243,12 +243,12 @@ class Web:
cookie = headers[HTTP_HEADER.SET_COOKIE]
if cookie:
value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie)
value = re.sub(r"(\A|;)(\w+)=[^;]*", r"\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie)
if value != cookie:
page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
parseFilePaths(page)
value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=", cookie)
value = re.sub(r"(\A|;)(\w+)=[^;]*", r"\g<2>=", cookie)
if value != cookie:
page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
parseFilePaths(page)

2
lib/techniques/dns/use.py
View File

@ -83,7 +83,7 @@ def dnsUse(payload, expression):
_ = conf.dnsServer.pop(prefix, suffix)
if _:
_ = extractRegexResult("%s\.(?P<result>.+)\.%s" % (prefix, suffix), _, re.I)
_ = extractRegexResult(r"%s\.(?P<result>.+)\.%s" % (prefix, suffix), _, re.I)
_ = decodeHexValue(_)
output = (output or "") + _
offset += len(_)

8
lib/utils/api.py
View File

@ -498,9 +498,7 @@ def scan_stop(taskid):
Stop a scan
"""
if (taskid not in DataStore.tasks or
DataStore.tasks[taskid].engine_process() is None or
DataStore.tasks[taskid].engine_has_terminated()):
if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()):
logger.warning("[%s] Invalid task ID provided to scan_stop()" % taskid)
return jsonize({"success": False, "message": "Invalid task ID"})
@ -515,9 +513,7 @@ def scan_kill(taskid):
Kill a scan
"""
if (taskid not in DataStore.tasks or
DataStore.tasks[taskid].engine_process() is None or
DataStore.tasks[taskid].engine_has_terminated()):
if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()):
logger.warning("[%s] Invalid task ID provided to scan_kill()" % taskid)
return jsonize({"success": False, "message": "Invalid task ID"})

6
lib/utils/xrange.py
View File

@ -49,12 +49,10 @@ class xrange(object):
return hash(self._slice)
def __cmp__(self, other):
return (cmp(type(self), type(other)) or
cmp(self._slice, other._slice))
return (cmp(type(self), type(other)) or cmp(self._slice, other._slice))
def __repr__(self):
return '%s(%r, %r, %r)' % (type(self).__name__,
self.start, self.stop, self.step)
return '%s(%r, %r, %r)' % (type(self).__name__, self.start, self.stop, self.step)
def __len__(self):
return self._len()

2
sqlmap.py
View File

@ -397,4 +397,4 @@ if __name__ == "__main__":
main()
else:
# cancelling postponed imports (because of Travis CI checks)
from lib.controller.controller import start
from lib.controller.controller import start

1
tamper/0x2char.py
View File

@ -7,7 +7,6 @@ See the file 'LICENSE' for copying permission
import re
from lib.core.data import kb
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL

2
tamper/between.py
View File

@ -46,7 +46,7 @@ def tamper(payload, **kwargs):
_ = "%s %s NOT BETWEEN 0 AND %s" % (match.group(2), match.group(4), match.group(5))
retVal = retVal.replace(match.group(0), _)
else:
retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", " NOT BETWEEN 0 AND \g<1>", payload)
retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload)
if retVal == payload:
match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*(\w+)\s*", payload)

2
tamper/commentbeforeparentheses.py
View File

@ -35,6 +35,6 @@ def tamper(payload, **kwargs):
retVal = payload
if payload:
retVal = re.sub(r"\b(\w+)\(", "\g<1>/**/(", retVal)
retVal = re.sub(r"\b(\w+)\(", r"\g<1>/**/(", retVal)
return retVal

2
tamper/informationschemacomment.py
View File

@ -22,6 +22,6 @@ def tamper(payload, **kwargs):
retVal = payload
if payload:
retVal = re.sub(r"(?i)(information_schema)\.", "\g<1>/**/.", payload)
retVal = re.sub(r"(?i)(information_schema)\.", r"\g<1>/**/.", payload)
return retVal

4
tamper/multiplespaces.py
View File

@ -43,7 +43,7 @@ def tamper(payload, **kwargs):
words.add(word)
for word in words:
retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' ' * random.randrange(1, 4), word, ' ' * random.randrange(1, 4)), retVal)
retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randrange(1, 4), word), retVal)
retVal = re.sub(r"(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' ' * random.randrange(1, 4), word, ' ' * random.randrange(1, 4)), retVal)
retVal = re.sub(r"(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randrange(1, 4), word), retVal)
return retVal

46
txt/checksum.md5
View File

@ -5,10 +5,10 @@ b0eb597c613afeff9d62898cf4c67a56 extra/cloak/cloak.py
e0911386106b95d2ba4b12d651b2eb16 extra/dbgtool/dbgtool.py
1e5532ede194ac9c083891c2f02bca93 extra/dbgtool/__init__.py
acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_
fe39e5c315d63afff5cb99ec42fc883f extra/icmpsh/icmpsh_m.py
708e9fd35dabcbfcd10e91bbc14f091f extra/icmpsh/icmpsh_m.py
2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py
1e5532ede194ac9c083891c2f02bca93 extra/__init__.py
27629e01ba722271c990ad4b27151917 extra/mssqlsig/update.py
fe141ec3178a46e7151c7f34bb747c68 extra/mssqlsig/update.py
ff90cb0366f7cefbdd6e573e27e6238c extra/runcmd/runcmd.exe_
1e5532ede194ac9c083891c2f02bca93 extra/safe2bin/__init__.py
b6c0f2047e9bea90f4d5c5806c0f6a9a extra/safe2bin/safe2bin.py
@ -16,9 +16,9 @@ d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_
2fe2f94eebc62f7614f0391a8a90104f extra/shellcodeexec/linux/shellcodeexec.x64_
c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_
220745c50d375dad7aefebf8ca3611ef extra/shutils/duplicates.py
1f33abe1a67493909d29a35ca72ecedb extra/shutils/newlines.py
e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py
71b9d4357c31db013ecda27433830090 extra/shutils/pylint.py
c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py
1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py
1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py
b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
0f581182871148b0456a691ae85b04c0 lib/controller/action.py
@ -26,13 +26,13 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py
c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
ee096e173a5caa7724e751c693880925 lib/core/agent.py
0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py
fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py
59246d63fd0f8ffa6db61ff1ba0797c8 lib/core/common.py
6470770fb1296acb13c3e49a77ee0159 lib/core/common.py
0d082da16c388b3445e656e0760fb582 lib/core/convert.py
9f87391b6a3395f7f50830b391264f27 lib/core/data.py
72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py
93567739d591829c1fb9ff77a50bcc87 lib/core/decorators.py
4086fb55f42e27de5330505605baad0f lib/core/decorators.py
fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py
da98f5288aad57855c6d287ba3b397a1 lib/core/dicts.py
9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py
@ -41,16 +41,16 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
458a194764805cd8312c14ecd4be4d1e lib/core/log.py
c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py
83345a6b0b7e187d2cbcc280a509f03e lib/core/option.py
718646541f2b446f40533149fc0f1b30 lib/core/option.py
7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py
6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
bb3cda01d9f6c71382beba250e0777fc lib/core/settings.py
c769cdd91e5adaf3c6a1cdfe24b7a544 lib/core/settings.py
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
6306284edcccc185b2df085438572b0d lib/core/target.py
8f8613d1a960d53655ceee0114e2b206 lib/core/target.py
72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py
de9922a29c71a235cb95a916ff925db2 lib/core/threads.py
c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py
@ -67,9 +67,9 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py
ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py
492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py
30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py
62e4500ef19f7795a1443897b535b36d lib/request/basic.py
2b81435f5a7519298c15c724e3194a0d lib/request/basic.py
c0cabedead14b8a23353b606672cff42 lib/request/comparison.py
0ad9051e84e8fefe826f1a574b41b1b0 lib/request/connect.py
8500dfaccd8ac4a6eecbca266f6327c9 lib/request/connect.py
dd4598675027fae99f2e2475b05986da lib/request/direct.py
2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py
98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py
@ -86,20 +86,20 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py
46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py
fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py
48575dde7bb867b7937769f569a98309 lib/takeover/udf.py
2665fa7eedb19a1b10ffe949999b75f1 lib/takeover/web.py
f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py
f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py
4a7f231e597f754e9fcd116d13ad1a4d lib/techniques/blind/inference.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py
799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py
bad83c6386adf345fbc982bdafbe3b93 lib/techniques/dns/use.py
48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py
f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py
94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py
11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py
3e404b091e698cceadc1b9d2f1dae4d9 lib/utils/api.py
ecedf10e09525ac4be07bd27cbd31d81 lib/utils/api.py
37dfb641358669f62c2acedff241348b lib/utils/brute.py
31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py
de9620f03231d8329ee8434884b6bacd lib/utils/deps.py
@ -116,7 +116,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py
571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py
dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py
fad14adffa8b640a15b06db955031695 lib/utils/versioncheck.py
7348ee704485651737ddbe3538271be9 lib/utils/xrange.py
e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py
b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py
3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py
fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py
@ -225,13 +225,13 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_
0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_
2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_
4eaeef94314956e4517e5310a28d579a sqlmapapi.py
5c8583dd47f92935ceb41210a10eeebf sqlmap.py
b2c2cc55ba4e31bea94494dcafe5d8cc tamper/0x2char.py
2cc55aaabe5b5acb29745c3832d16aaa sqlmap.py
1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py
4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py
4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py
d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py
0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py
4d44f868c6c97ced29e306347ce5d650 tamper/between.py
9a3da4aa7b220448aa3ecbb92f68330f tamper/between.py
e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py
e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py
3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py
@ -239,7 +239,7 @@ b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py
2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py
6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py
211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py
19acfde79c9a2d8458e15182f5b73d71 tamper/commentbeforeparentheses.py
6082358eb328d1cdd4587e73c95bbefc tamper/commentbeforeparentheses.py
334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py
dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py
06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py
@ -248,13 +248,13 @@ dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py
9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py
3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py
e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py
91c92ee203e7e619cb547643883924ca tamper/informationschemacomment.py
21665e68ef9f91b2395e81d2f341412d tamper/informationschemacomment.py
1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py
2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py
1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py
de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py
39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py
b4cadf2ddcdc0598c9a3bf24521a2fa1 tamper/multiplespaces.py
5ee5147612ebe4769a67a8e2305d62f7 tamper/multiplespaces.py
be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py
e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py
b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py
@ -400,7 +400,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py
6a2834daf767491d3331bd31e946d540 waf/binarysec.py
41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py
2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py
cf979f0393523c028d8190ef6116884f waf/cloudbric.py
ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py
21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py
b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py
ac96f34c254951d301973617064eb1b5 waf/comodo.py

3
waf/cloudbric.py
View File

@ -5,9 +5,6 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import re
from lib.core.enums import HTTP_HEADER
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Cloudbric Web Application Firewall (Cloudbric)"