Minor refactoring

2025-01-25 00:34:28 +03:00 · 2019-03-27 01:28:34 +01:00 · 2019-03-27 01:28:34 +01:00 · dc20c4f058
commit dc20c4f058
parent a21cbcb665
2 changed files with 4 additions and 28 deletions
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@ -9,18 +9,14 @@ try:
    import cPickle as pickle
 except:
    import pickle
-finally:
-    import pickle as picklePy

 import base64
-import io
 import json
 import re
 import sys

 from lib.core.settings import IS_WIN
 from lib.core.settings import UNICODE_ENCODING
-from lib.core.settings import PICKLE_REDUCE_WHITELIST

 def base64decode(value):
    """
@ -66,7 +62,7 @@ def base64pickle(value):

    return retVal

-def base64unpickle(value, unsafe=False):
+def base64unpickle(value):
    """
    Decodes value from Base64 to plain format and deserializes (with pickle) its content

@ -76,26 +72,10 @@ def base64unpickle(value, unsafe=False):

    retVal = None

-    def _(self):
-        if len(self.stack) > 1:
-            func = self.stack[-2]
-            if func not in PICKLE_REDUCE_WHITELIST:
-                raise Exception("abusing reduce() is bad, Mkay!")
-        self.load_reduce()
-
-    def loads(str):
-        f = io.BytesIO(str)
-        if unsafe:
-            unpickler = picklePy.Unpickler(f)
-            unpickler.dispatch[picklePy.REDUCE] = _
-        else:
-            unpickler = pickle.Unpickler(f)
-        return unpickler.load()
-
    try:
-        retVal = loads(base64decode(value))
+        retVal = pickle.loads(base64decode(value))
    except TypeError:
-        retVal = loads(base64decode(bytes(value)))
+        retVal = pickle.loads(base64decode(bytes(value)))

    return retVal

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -11,15 +11,13 @@ import random
 import re
 import string
 import sys
-import types

-from lib.core.datatype import AttribDict
 from lib.core.enums import DBMS
 from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.3.51"
+VERSION = "1.3.3.52"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -511,8 +509,6 @@ HTML_TITLE_REGEX = r"<title>(?P<result>[^<]+)</title>"
 # Table used for Base64 conversion in WordPress hash cracking routine
 ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

-PICKLE_REDUCE_WHITELIST = (types.BooleanType, types.DictType, types.FloatType, types.IntType, types.ListType, types.LongType, types.NoneType, types.StringType, types.TupleType, types.UnicodeType, types.XRangeType, type(AttribDict()), type(set()))
-
 # Chars used to quickly distinguish if the user provided tainted parameter values
 DUMMY_SQL_INJECTION_CHARS = ";()'"