This commit is contained in:
Miroslav Stampar 2019-11-04 12:53:29 +01:00
parent c91fcbb0c7
commit ce9618c307
8 changed files with 38 additions and 17 deletions

View File

@ -1770,7 +1770,18 @@ def _cleanupOptions():
conf.col = re.sub(r"\s*,\s*", ',', conf.col) conf.col = re.sub(r"\s*,\s*", ',', conf.col)
if conf.exclude: if conf.exclude:
conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude) regex = False
if any(_ in conf.exclude for _ in ('+', '*')):
try:
re.compile(conf.exclude)
except re.error:
pass
else:
regex = True
if not regex:
conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude)
conf.exclude = "\A%s\Z" % '|'.join(re.escape(_) for _ in conf.exclude.split(','))
if conf.binaryFields: if conf.binaryFields:
conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields) conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields)

View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.11.1" VERSION = "1.3.11.2"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import re
from lib.core.common import isListLike from lib.core.common import isListLike
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import safeSQLIdentificatorNaming
@ -121,7 +123,7 @@ class Enumeration(GenericEnumeration):
colList = [] colList = []
if conf.exclude: if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')] colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
for col in colList: for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col) colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import re
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import arrayizeValue from lib.core.common import arrayizeValue
from lib.core.common import getLimitRange from lib.core.common import getLimitRange
@ -96,7 +98,7 @@ class Enumeration(GenericEnumeration):
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
if conf.exclude and db in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
infoMsg = "skipping database '%s'" % db infoMsg = "skipping database '%s'" % db
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
@ -119,7 +121,7 @@ class Enumeration(GenericEnumeration):
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
if conf.exclude and db in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
infoMsg = "skipping database '%s'" % db infoMsg = "skipping database '%s'" % db
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
@ -209,7 +211,7 @@ class Enumeration(GenericEnumeration):
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
if conf.exclude and db in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
infoMsg = "skipping database '%s'" % db infoMsg = "skipping database '%s'" % db
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
@ -283,7 +285,7 @@ class Enumeration(GenericEnumeration):
colList = conf.col.split(',') colList = conf.col.split(',')
if conf.exclude: if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')] colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
origTbl = conf.tbl origTbl = conf.tbl
origDb = conf.db origDb = conf.db
@ -344,7 +346,7 @@ class Enumeration(GenericEnumeration):
if conf.excludeSysDbs and db in self.excludeDbsList: if conf.excludeSysDbs and db in self.excludeDbsList:
continue continue
if conf.exclude and db in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
continue continue
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:

View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import re
from lib.core.common import filterPairValues from lib.core.common import filterPairValues
from lib.core.common import isListLike from lib.core.common import isListLike
from lib.core.common import isTechniqueAvailable from lib.core.common import isTechniqueAvailable
@ -185,7 +187,7 @@ class Enumeration(GenericEnumeration):
colList = [] colList = []
if conf.exclude: if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')] colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
for col in colList: for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col) colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import re
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import arrayizeValue from lib.core.common import arrayizeValue
from lib.core.common import Backend from lib.core.common import Backend
@ -332,7 +334,7 @@ class Databases(object):
logger.info(infoMsg) logger.info(infoMsg)
continue continue
if conf.exclude and db in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, db, re.I) is not None:
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db) infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db)
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
@ -466,7 +468,7 @@ class Databases(object):
colList = [] colList = []
if conf.exclude: if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')] colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
for col in colList: for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col) colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

View File

@ -78,7 +78,7 @@ class Entries(object):
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
if conf.exclude and conf.db in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, conf.db, re.I) is not None:
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db) infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
return return
@ -112,7 +112,7 @@ class Entries(object):
if kb.dumpKeyboardInterrupt: if kb.dumpKeyboardInterrupt:
break break
if conf.exclude and tbl in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, tbl, re.I) is not None:
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
continue continue
@ -145,7 +145,7 @@ class Entries(object):
colList = sorted(column for column in columns if column) colList = sorted(column for column in columns if column)
if conf.exclude: if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')] colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
if not colList: if not colList:
warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
@ -491,7 +491,7 @@ class Entries(object):
conf.db = db conf.db = db
for table in tables: for table in tables:
if conf.exclude and table in conf.exclude.split(','): if conf.exclude and re.search(conf.exclude, table, re.I) is not None:
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table) infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
logger.info(infoMsg) logger.info(infoMsg)
continue continue
@ -562,7 +562,7 @@ class Entries(object):
colList = [_ for _ in columns if _] colList = [_ for _ in columns if _]
if conf.exclude: if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')] colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
conf.col = ','.join(colList) conf.col = ','.join(colList)
kb.data.cachedColumns = {} kb.data.cachedColumns = {}

View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
import re
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import arrayizeValue from lib.core.common import arrayizeValue
from lib.core.common import Backend from lib.core.common import Backend
@ -376,7 +378,7 @@ class Search(object):
colList = conf.col.split(',') colList = conf.col.split(',')
if conf.exclude: if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')] colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
origTbl = conf.tbl origTbl = conf.tbl
origDb = conf.db origDb = conf.db