From ccf9e7de542d4b4b1bd833bf4be311e64fba8b4a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jan 2021 14:00:10 +0100 Subject: [PATCH] Another patch regarding #4530 --- lib/core/settings.py | 4 ++-- lib/request/basic.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9f076ec8b..afa14eb93 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.1.15" +VERSION = "1.5.1.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -757,7 +757,7 @@ MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024 # For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher) MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024 -# Maximum size used per page content in getHeuristicCharEncoding() +# Maximum size used per page content in getHeuristicCharEncoding() and identYwaf MAX_CHAR_HEURISTICS_SIZE = 10000 # Maximum (multi-threaded) length of entry in bisection algorithm diff --git a/lib/request/basic.py b/lib/request/basic.py index ead947cad..be19290dc 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -396,7 +396,7 @@ def processResponse(page, responseHeaders, code=None, status=None): logger.warning("parsed DBMS error message: '%s'" % msg.rstrip('.')) if not conf.skipWaf and kb.processResponseCounter < IDENTYWAF_PARSE_LIMIT: - rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(getUnicode(responseHeaders.headers if responseHeaders else [])), page) + rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(getUnicode(responseHeaders.headers if responseHeaders else [])), page[:MAX_CHAR_HEURISTICS_SIZE]) identYwaf.non_blind.clear() if identYwaf.non_blind_check(rawResponse, silent=True):