From dc20c4f0585138038ff8945b0d921a9ce5d0415e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 27 Mar 2019 01:28:34 +0100 Subject: [PATCH] Minor refactoring --- lib/core/convert.py | 26 +++----------------------- lib/core/settings.py | 6 +----- 2 files changed, 4 insertions(+), 28 deletions(-) diff --git a/lib/core/convert.py b/lib/core/convert.py index a865ef559..91abe7f9a 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -9,18 +9,14 @@ try: import cPickle as pickle except: import pickle -finally: - import pickle as picklePy import base64 -import io import json import re import sys from lib.core.settings import IS_WIN from lib.core.settings import UNICODE_ENCODING -from lib.core.settings import PICKLE_REDUCE_WHITELIST def base64decode(value): """ @@ -66,7 +62,7 @@ def base64pickle(value): return retVal -def base64unpickle(value, unsafe=False): +def base64unpickle(value): """ Decodes value from Base64 to plain format and deserializes (with pickle) its content @@ -76,26 +72,10 @@ def base64unpickle(value, unsafe=False): retVal = None - def _(self): - if len(self.stack) > 1: - func = self.stack[-2] - if func not in PICKLE_REDUCE_WHITELIST: - raise Exception("abusing reduce() is bad, Mkay!") - self.load_reduce() - - def loads(str): - f = io.BytesIO(str) - if unsafe: - unpickler = picklePy.Unpickler(f) - unpickler.dispatch[picklePy.REDUCE] = _ - else: - unpickler = pickle.Unpickler(f) - return unpickler.load() - try: - retVal = loads(base64decode(value)) + retVal = pickle.loads(base64decode(value)) except TypeError: - retVal = loads(base64decode(bytes(value))) + retVal = pickle.loads(base64decode(bytes(value))) return retVal diff --git a/lib/core/settings.py b/lib/core/settings.py index 261ac7db7..7f2ac23f8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -11,15 +11,13 @@ import random import re import string import sys -import types -from lib.core.datatype import AttribDict from lib.core.enums import DBMS from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.3.51" +VERSION = "1.3.3.52" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -511,8 +509,6 @@ HTML_TITLE_REGEX = r"(?P<result>[^<]+)" # Table used for Base64 conversion in WordPress hash cracking routine ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" -PICKLE_REDUCE_WHITELIST = (types.BooleanType, types.DictType, types.FloatType, types.IntType, types.ListType, types.LongType, types.NoneType, types.StringType, types.TupleType, types.UnicodeType, types.XRangeType, type(AttribDict()), type(set())) - # Chars used to quickly distinguish if the user provided tainted parameter values DUMMY_SQL_INJECTION_CHARS = ";()'"