Fixes #3745

2024-11-22 09:36:35 +03:00 · 2019-06-09 01:11:29 +02:00 · 2019-06-09 01:11:29 +02:00 · ce3abdaa4d
commit ce3abdaa4d
parent e30155b657
2 changed files with 53 additions and 24 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -12,7 +12,6 @@ import codecs
 import collections
 import contextlib
 import copy
-import distutils
 import functools
 import getpass
 import hashlib
@ -176,6 +175,7 @@ from lib.core.settings import URI_QUESTION_MARKER
 from lib.core.settings import URLENCODE_CHAR_LIMIT
 from lib.core.settings import URLENCODE_FAILSAFE_CHARS
 from lib.core.settings import USER_AGENT_ALIASES
+from lib.core.settings import VERSION_COMPARISON_CORRECTION
 from lib.core.settings import VERSION_STRING
 from lib.core.settings import ZIP_HEADER
 from lib.core.settings import WEBSCARAB_SPLITTER
@ -517,7 +517,7 @@ class Backend(object):

    @staticmethod
    def getVersion():
-        versions = filterNone(flattenValue(kb.dbmsVersion))
+        versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]
        if not isNoneValue(versions):
            return versions[0]
        else:
@ -525,7 +525,7 @@ class Backend(object):

    @staticmethod
    def getVersionList():
-        versions = filterNone(flattenValue(kb.dbmsVersion))
+        versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]
        if not isNoneValue(versions):
            return versions
        else:
@ -3110,37 +3110,63 @@ def filterNone(values):

    return retVal

-def isDBMSVersionAtLeast(version):
+def isDBMSVersionAtLeast(minimum):
    """
    Checks if the recognized DBMS version is at least the version specified
+
+    >>> pushValue(kb.dbmsVersion)
+    >>> kb.dbmsVersion = "2"
+    >>> isDBMSVersionAtLeast("1.3.4.1.4")
+    True
+    >>> isDBMSVersionAtLeast(2.1)
+    False
+    >>> isDBMSVersionAtLeast(">2")
+    False
+    >>> isDBMSVersionAtLeast(">=2.0")
+    True
+    >>> kb.dbmsVersion = "<2"
+    >>> isDBMSVersionAtLeast("2")
+    False
+    >>> isDBMSVersionAtLeast("1.5")
+    True
+    >>> kb.dbmsVersion = popValue()
    """

    retVal = None

-    if Backend.getVersion() and Backend.getVersion() != UNKNOWN_DBMS_VERSION:
-        value = Backend.getVersion().replace(" ", "").rstrip('.')
+    if not any(isNoneValue(_) for _ in (Backend.getVersion(), minimum)) and Backend.getVersion() != UNKNOWN_DBMS_VERSION:
+        version = Backend.getVersion().replace(" ", "").rstrip('.')

-        while True:
-            index = value.find('.', value.find('.') + 1)
+        if '.' in version:
+            parts = version.split('.', 1)
+            parts[1] = filterStringValue(parts[1], '[0-9]')
+            version = '.'.join(parts)

-            if index > -1:
-                value = value[0:index] + value[index + 1:]
-            else:
-                break
+        correction = 0.0
+        if ">=" in version:
+            pass
+        elif '>' in version:
+            correction = VERSION_COMPARISON_CORRECTION
+        elif '<' in version:
+            correction = -VERSION_COMPARISON_CORRECTION

-        value = filterStringValue(value, '[0-9.><=]')
+        version = float(filterStringValue(version, '[0-9.]')) + correction

-        if value and isinstance(value, six.string_types):
-            if value.startswith(">="):
-                value = float(value.replace(">=", ""))
-            elif value.startswith(">"):
-                value = float(value.replace(">", "")) + 0.01
-            elif value.startswith("<="):
-                value = float(value.replace("<=", ""))
-            elif value.startswith(">"):
-                value = float(value.replace("<", "")) - 0.01
+        if isinstance(minimum, six.string_types):
+            if '.' in minimum:
+                parts = minimum.split('.', 1)
+                parts[1] = filterStringValue(parts[1], '[0-9]')
+                minimum = '.'.join(parts)

-            retVal = distutils.version.LooseVersion(getUnicode(value)) >= distutils.version.LooseVersion(getUnicode(version))
+            correction = 0.0
+            if minimum.startswith(">="):
+                pass
+            elif minimum.startswith(">"):
+                correction = VERSION_COMPARISON_CORRECTION
+
+            minimum = float(filterStringValue(minimum, '[0-9.]')) + correction
+
+        retVal = version >= minimum

    return retVal

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.6.34"
+VERSION = "1.3.6.35"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -500,6 +500,9 @@ DEFAULT_TOR_HTTP_PORTS = (8123, 8118)
 # Percentage below which comparison engine could have problems
 LOW_TEXT_PERCENT = 20

+# Auxiliary value used in isDBMSVersionAtLeast() version comparison correction cases
+VERSION_COMPARISON_CORRECTION = 0.0001
+
 # These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
 # Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
 IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")