mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Implements #3993
This commit is contained in:
parent
c91fcbb0c7
commit
ce9618c307
|
@ -1770,7 +1770,18 @@ def _cleanupOptions():
|
||||||
conf.col = re.sub(r"\s*,\s*", ',', conf.col)
|
conf.col = re.sub(r"\s*,\s*", ',', conf.col)
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude)
|
regex = False
|
||||||
|
if any(_ in conf.exclude for _ in ('+', '*')):
|
||||||
|
try:
|
||||||
|
re.compile(conf.exclude)
|
||||||
|
except re.error:
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
regex = True
|
||||||
|
|
||||||
|
if not regex:
|
||||||
|
conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude)
|
||||||
|
conf.exclude = "\A%s\Z" % '|'.join(re.escape(_) for _ in conf.exclude.split(','))
|
||||||
|
|
||||||
if conf.binaryFields:
|
if conf.binaryFields:
|
||||||
conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields)
|
conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields)
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.11.1"
|
VERSION = "1.3.11.2"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
|
|
||||||
from lib.core.common import isListLike
|
from lib.core.common import isListLike
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.common import safeSQLIdentificatorNaming
|
from lib.core.common import safeSQLIdentificatorNaming
|
||||||
|
@ -121,7 +123,7 @@ class Enumeration(GenericEnumeration):
|
||||||
colList = []
|
colList = []
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
||||||
|
|
||||||
for col in colList:
|
for col in colList:
|
||||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||||
|
|
|
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import arrayizeValue
|
from lib.core.common import arrayizeValue
|
||||||
from lib.core.common import getLimitRange
|
from lib.core.common import getLimitRange
|
||||||
|
@ -96,7 +98,7 @@ class Enumeration(GenericEnumeration):
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if conf.exclude and db in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
|
||||||
infoMsg = "skipping database '%s'" % db
|
infoMsg = "skipping database '%s'" % db
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
@ -119,7 +121,7 @@ class Enumeration(GenericEnumeration):
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if conf.exclude and db in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
|
||||||
infoMsg = "skipping database '%s'" % db
|
infoMsg = "skipping database '%s'" % db
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
@ -209,7 +211,7 @@ class Enumeration(GenericEnumeration):
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if conf.exclude and db in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
|
||||||
infoMsg = "skipping database '%s'" % db
|
infoMsg = "skipping database '%s'" % db
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
@ -283,7 +285,7 @@ class Enumeration(GenericEnumeration):
|
||||||
colList = conf.col.split(',')
|
colList = conf.col.split(',')
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
||||||
|
|
||||||
origTbl = conf.tbl
|
origTbl = conf.tbl
|
||||||
origDb = conf.db
|
origDb = conf.db
|
||||||
|
@ -344,7 +346,7 @@ class Enumeration(GenericEnumeration):
|
||||||
if conf.excludeSysDbs and db in self.excludeDbsList:
|
if conf.excludeSysDbs and db in self.excludeDbsList:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if conf.exclude and db in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||||
|
|
|
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
|
|
||||||
from lib.core.common import filterPairValues
|
from lib.core.common import filterPairValues
|
||||||
from lib.core.common import isListLike
|
from lib.core.common import isListLike
|
||||||
from lib.core.common import isTechniqueAvailable
|
from lib.core.common import isTechniqueAvailable
|
||||||
|
@ -185,7 +187,7 @@ class Enumeration(GenericEnumeration):
|
||||||
colList = []
|
colList = []
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
||||||
|
|
||||||
for col in colList:
|
for col in colList:
|
||||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||||
|
|
|
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import arrayizeValue
|
from lib.core.common import arrayizeValue
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
|
@ -332,7 +334,7 @@ class Databases(object):
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if conf.exclude and db in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
|
||||||
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db)
|
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
@ -466,7 +468,7 @@ class Databases(object):
|
||||||
colList = []
|
colList = []
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
||||||
|
|
||||||
for col in colList:
|
for col in colList:
|
||||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||||
|
|
|
@ -78,7 +78,7 @@ class Entries(object):
|
||||||
errMsg += "the tables' columns"
|
errMsg += "the tables' columns"
|
||||||
raise SqlmapMissingMandatoryOptionException(errMsg)
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
if conf.exclude and conf.db in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, conf.db, re.I) is not None:
|
||||||
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
return
|
return
|
||||||
|
@ -112,7 +112,7 @@ class Entries(object):
|
||||||
if kb.dumpKeyboardInterrupt:
|
if kb.dumpKeyboardInterrupt:
|
||||||
break
|
break
|
||||||
|
|
||||||
if conf.exclude and tbl in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, tbl, re.I) is not None:
|
||||||
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
@ -145,7 +145,7 @@ class Entries(object):
|
||||||
colList = sorted(column for column in columns if column)
|
colList = sorted(column for column in columns if column)
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
||||||
|
|
||||||
if not colList:
|
if not colList:
|
||||||
warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
||||||
|
@ -491,7 +491,7 @@ class Entries(object):
|
||||||
conf.db = db
|
conf.db = db
|
||||||
|
|
||||||
for table in tables:
|
for table in tables:
|
||||||
if conf.exclude and table in conf.exclude.split(','):
|
if conf.exclude and re.search(conf.exclude, table, re.I) is not None:
|
||||||
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
|
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
@ -562,7 +562,7 @@ class Entries(object):
|
||||||
colList = [_ for _ in columns if _]
|
colList = [_ for _ in columns if _]
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
||||||
|
|
||||||
conf.col = ','.join(colList)
|
conf.col = ','.join(colList)
|
||||||
kb.data.cachedColumns = {}
|
kb.data.cachedColumns = {}
|
||||||
|
|
|
@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import arrayizeValue
|
from lib.core.common import arrayizeValue
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
|
@ -376,7 +378,7 @@ class Search(object):
|
||||||
colList = conf.col.split(',')
|
colList = conf.col.split(',')
|
||||||
|
|
||||||
if conf.exclude:
|
if conf.exclude:
|
||||||
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
||||||
|
|
||||||
origTbl = conf.tbl
|
origTbl = conf.tbl
|
||||||
origDb = conf.db
|
origDb = conf.db
|
||||||
|
|
Loading…
Reference in New Issue
Block a user