mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
introducing safe deprecation mechanism for HashDB versioning
This commit is contained in:
parent
48bcde478e
commit
cda8815634
|
@ -89,6 +89,7 @@ from lib.core.settings import DESCRIPTION
|
||||||
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
||||||
from lib.core.settings import FORMATTER
|
from lib.core.settings import FORMATTER
|
||||||
from lib.core.settings import NULL
|
from lib.core.settings import NULL
|
||||||
|
from lib.core.settings import HASHDB_MILESTONE_VALUE
|
||||||
from lib.core.settings import IS_WIN
|
from lib.core.settings import IS_WIN
|
||||||
from lib.core.settings import PLATFORM
|
from lib.core.settings import PLATFORM
|
||||||
from lib.core.settings import PYVERSION
|
from lib.core.settings import PYVERSION
|
||||||
|
@ -3187,7 +3188,7 @@ def hashDBWrite(key, value, serialize=False):
|
||||||
Helper function for writing session data to HashDB
|
Helper function for writing session data to HashDB
|
||||||
"""
|
"""
|
||||||
|
|
||||||
_ = "%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key)
|
_ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE)
|
||||||
conf.hashDB.write(_, value, serialize)
|
conf.hashDB.write(_, value, serialize)
|
||||||
|
|
||||||
def hashDBRetrieve(key, unserialize=False, checkConf=False):
|
def hashDBRetrieve(key, unserialize=False, checkConf=False):
|
||||||
|
@ -3195,7 +3196,7 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False):
|
||||||
Helper function for restoring session data from HashDB
|
Helper function for restoring session data from HashDB
|
||||||
"""
|
"""
|
||||||
|
|
||||||
_ = "%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key)
|
_ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE)
|
||||||
return conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any([conf.flushSession, conf.freshQueries])) else None
|
return conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any([conf.flushSession, conf.freshQueries])) else None
|
||||||
|
|
||||||
def resetCookieJar(cookieJar):
|
def resetCookieJar(cookieJar):
|
||||||
|
|
|
@ -446,6 +446,9 @@ DEFAULT_COOKIE_DELIMITER = ';'
|
||||||
# Skip unforced HashDB flush requests below the threshold number of cached items
|
# Skip unforced HashDB flush requests below the threshold number of cached items
|
||||||
HASHDB_FLUSH_THRESHOLD = 32
|
HASHDB_FLUSH_THRESHOLD = 32
|
||||||
|
|
||||||
|
# Unique milestone value used for forced deprecation of old HashDB values (e.g. because of changing of load/store mechanism)
|
||||||
|
HASHDB_MILESTONE_VALUE = "4SXDcCai5n" # r4853
|
||||||
|
|
||||||
# Warn user of possible delay due to large page dump in full UNION query injections
|
# Warn user of possible delay due to large page dump in full UNION query injections
|
||||||
LARGE_OUTPUT_THRESHOLD = 1024**2
|
LARGE_OUTPUT_THRESHOLD = 1024**2
|
||||||
|
|
||||||
|
|
|
@ -211,31 +211,25 @@ def __resumeHashDBValues():
|
||||||
Resume stored data values from HashDB
|
Resume stored data values from HashDB
|
||||||
"""
|
"""
|
||||||
|
|
||||||
try:
|
kb.absFilePaths = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True) or kb.absFilePaths
|
||||||
kb.absFilePaths = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True) or kb.absFilePaths
|
kb.chars = hashDBRetrieve(HASHDB_KEYS.KB_CHARS, True) or kb.chars
|
||||||
kb.chars = hashDBRetrieve(HASHDB_KEYS.KB_CHARS, True) or kb.chars
|
kb.dynamicMarkings = hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, True) or kb.dynamicMarkings
|
||||||
kb.dynamicMarkings = hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, True) or kb.dynamicMarkings
|
kb.brute.tables = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_TABLES, True) or kb.brute.tables
|
||||||
kb.brute.tables = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_TABLES, True) or kb.brute.tables
|
kb.brute.columns = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_COLUMNS, True) or kb.brute.columns
|
||||||
kb.brute.columns = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_COLUMNS, True) or kb.brute.columns
|
kb.xpCmdshellAvailable = hashDBRetrieve(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable
|
||||||
kb.xpCmdshellAvailable = hashDBRetrieve(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable
|
|
||||||
|
|
||||||
conf.tmpPath = conf.tmpPath or hashDBRetrieve(HASHDB_KEYS.CONF_TMP_PATH)
|
conf.tmpPath = conf.tmpPath or hashDBRetrieve(HASHDB_KEYS.CONF_TMP_PATH)
|
||||||
|
|
||||||
for injection in hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or []:
|
for injection in hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or []:
|
||||||
if injection.place in conf.paramDict and \
|
if injection.place in conf.paramDict and \
|
||||||
injection.parameter in conf.paramDict[injection.place]:
|
injection.parameter in conf.paramDict[injection.place]:
|
||||||
|
|
||||||
if not conf.tech or intersect(conf.tech, injection.data.keys()):
|
if not conf.tech or intersect(conf.tech, injection.data.keys()):
|
||||||
if intersect(conf.tech, injection.data.keys()):
|
if intersect(conf.tech, injection.data.keys()):
|
||||||
injection.data = dict(filter(lambda (key, item): key in conf.tech, injection.data.items()))
|
injection.data = dict(filter(lambda (key, item): key in conf.tech, injection.data.items()))
|
||||||
|
|
||||||
if injection not in kb.injections:
|
if injection not in kb.injections:
|
||||||
kb.injections.append(injection)
|
kb.injections.append(injection)
|
||||||
except binascii.Error:
|
|
||||||
errMsg = "revision r4833 invalidated all previous session data. "
|
|
||||||
errMsg += "You are advised either to temporary revert to the previous "
|
|
||||||
errMsg += "revision or (recommended) run with the switch '--flush-session'"
|
|
||||||
raise sqlmapGenericException, errMsg
|
|
||||||
|
|
||||||
def __setOutputResume():
|
def __setOutputResume():
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in New Issue
Block a user