From ccbc3e62f895567ff85ec2531453f2eff17616e6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jan 2021 11:44:00 +0100 Subject: [PATCH] First patch for #4530 --- lib/core/settings.py | 4 +++- lib/request/basic.py | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 75b13d7ff..6c09af2df 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.1.12" +VERSION = "1.5.1.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -757,6 +757,8 @@ MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024 # For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher) MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024 +MAX_CHAR_HEURISTICS_SIZE = 10000 + # Maximum (multi-threaded) length of entry in bisection algorithm MAX_BISECTION_LENGTH = 50 * 1024 * 1024 diff --git a/lib/request/basic.py b/lib/request/basic.py index db10990c3..ead947cad 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -44,6 +44,7 @@ from lib.core.settings import BLOCKED_IP_REGEX from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import EVENTVALIDATION_REGEX from lib.core.settings import IDENTYWAF_PARSE_LIMIT +from lib.core.settings import MAX_CHAR_HEURISTICS_SIZE from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE from lib.core.settings import META_CHARSET_REGEX from lib.core.settings import PARSE_HEADERS_LIMIT @@ -258,7 +259,7 @@ def getHeuristicCharEncoding(page): """ key = hash(page) - retVal = kb.cache.encoding.get(key) or detect(page)["encoding"] + retVal = kb.cache.encoding.get(key) or detect(page[:MAX_CHAR_HEURISTICS_SIZE])["encoding"] kb.cache.encoding[key] = retVal if retVal and retVal.lower().replace('-', "") == UNICODE_ENCODING.lower().replace('-', ""):