Implements #3993

2024-11-22 17:46:37 +03:00 · 2019-11-04 12:53:29 +01:00 · 2019-11-04 12:53:29 +01:00 · ce9618c307
commit ce9618c307
parent c91fcbb0c7
8 changed files with 38 additions and 17 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1770,7 +1770,18 @@ def _cleanupOptions():
        conf.col = re.sub(r"\s*,\s*", ',', conf.col)
    if conf.exclude:
        regex = False
        if any(_ in conf.exclude for _ in ('+', '*')):
            try:
                re.compile(conf.exclude)
            except re.error:
                pass
            else:
                regex = True
        if not regex:
            conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude)
            conf.exclude = "\A%s\Z" % '|'.join(re.escape(_) for _ in conf.exclude.split(','))
    if conf.binaryFields:
        conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields)
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.11.1"
+VERSION = "1.3.11.2"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/plugins/dbms/maxdb/enumeration.py
+++ b/plugins/dbms/maxdb/enumeration.py
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import re
 from lib.core.common import isListLike
 from lib.core.common import readInput
 from lib.core.common import safeSQLIdentificatorNaming
@ -121,7 +123,7 @@ class Enumeration(GenericEnumeration):
            colList = []
        if conf.exclude:
-            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
+            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
        for col in colList:
            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import re
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
 from lib.core.common import getLimitRange
@ -96,7 +98,7 @@ class Enumeration(GenericEnumeration):
                    singleTimeLogMessage(infoMsg)
                    continue
-                if conf.exclude and db in conf.exclude.split(','):
+                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
                    infoMsg = "skipping database '%s'" % db
                    singleTimeLogMessage(infoMsg)
                    continue
@ -119,7 +121,7 @@ class Enumeration(GenericEnumeration):
                    singleTimeLogMessage(infoMsg)
                    continue
-                if conf.exclude and db in conf.exclude.split(','):
+                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
                    infoMsg = "skipping database '%s'" % db
                    singleTimeLogMessage(infoMsg)
                    continue
@ -209,7 +211,7 @@ class Enumeration(GenericEnumeration):
                    singleTimeLogMessage(infoMsg)
                    continue
-                if conf.exclude and db in conf.exclude.split(','):
+                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
                    infoMsg = "skipping database '%s'" % db
                    singleTimeLogMessage(infoMsg)
                    continue
@ -283,7 +285,7 @@ class Enumeration(GenericEnumeration):
        colList = conf.col.split(',')
        if conf.exclude:
-            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
+            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
        origTbl = conf.tbl
        origDb = conf.db
@ -344,7 +346,7 @@ class Enumeration(GenericEnumeration):
                if conf.excludeSysDbs and db in self.excludeDbsList:
                    continue
-                if conf.exclude and db in conf.exclude.split(','):
+                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
                    continue
                if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import re
 from lib.core.common import filterPairValues
 from lib.core.common import isListLike
 from lib.core.common import isTechniqueAvailable
@ -185,7 +187,7 @@ class Enumeration(GenericEnumeration):
            colList = []
        if conf.exclude:
-            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
+            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
        for col in colList:
            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import re
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
 from lib.core.common import Backend
@ -332,7 +334,7 @@ class Databases(object):
                    logger.info(infoMsg)
                    continue
-                if conf.exclude and db in conf.exclude.split(','):
+                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
                    infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db)
                    singleTimeLogMessage(infoMsg)
                    continue
@ -466,7 +468,7 @@ class Databases(object):
            colList = []
        if conf.exclude:
-            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
+            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
        for col in colList:
            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@ -78,7 +78,7 @@ class Entries(object):
                errMsg += "the tables' columns"
                raise SqlmapMissingMandatoryOptionException(errMsg)
-            if conf.exclude and conf.db in conf.exclude.split(','):
+            if conf.exclude and re.search(conf.exclude, conf.db, re.I) is not None:
                infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                singleTimeLogMessage(infoMsg)
                return
@ -112,7 +112,7 @@ class Entries(object):
            if kb.dumpKeyboardInterrupt:
                break
-            if conf.exclude and tbl in conf.exclude.split(','):
+            if conf.exclude and re.search(conf.exclude, tbl, re.I) is not None:
                infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
                singleTimeLogMessage(infoMsg)
                continue
@ -145,7 +145,7 @@ class Entries(object):
                colList = sorted(column for column in columns if column)
                if conf.exclude:
-                    colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
+                    colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
                if not colList:
                    warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
@ -491,7 +491,7 @@ class Entries(object):
                conf.db = db
                for table in tables:
-                    if conf.exclude and table in conf.exclude.split(','):
+                    if conf.exclude and re.search(conf.exclude, table, re.I) is not None:
                        infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
                        logger.info(infoMsg)
                        continue
@ -562,7 +562,7 @@ class Entries(object):
                colList = [_ for _ in columns if _]
                if conf.exclude:
-                    colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
+                    colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
                conf.col = ','.join(colList)
                kb.data.cachedColumns = {}
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 import re
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
 from lib.core.common import Backend
@ -376,7 +378,7 @@ class Search(object):
        colList = conf.col.split(',')
        if conf.exclude:
-            colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
+            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
        origTbl = conf.tbl
        origDb = conf.db