Adding integrity checks in case of unhandled exceptions

2024-11-21 17:16:35 +03:00 · 2016-07-17 00:04:30 +02:00 · 2016-07-17 00:04:30 +02:00 · e485531b71
commit e485531b71
parent 7427b554e3
5 changed files with 33 additions and 11 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,5 +1,6 @@
-*.py text eol=lf
 *.conf text eol=lf
+*.md5 text eol=lf
+*.py text eol=lf

 *_ binary
 *.dll binary
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1207,6 +1207,7 @@ def setPaths():
    paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
    paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst")
    paths.GITHUB_HISTORY = os.path.join(_, "github.hst")
+    paths.CHECKSUM_MD5 = os.path.join(paths.SQLMAP_TXT_PATH, "checksum.md5")
    paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
    paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
    paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
@ -3077,6 +3078,22 @@ def decodeIntToUnicode(value):

    return retVal

+def checkIntegrity():
+    """
+    Checks integrity of code files during the unhandled exceptions
+    """
+
+    retVal = True
+    for checksum, _ in (re.split(r'\s+', _) for _ in getFileItems(paths.CHECKSUM_MD5)):
+        path = os.path.normpath(os.path.join(paths.SQLMAP_ROOT_PATH, _))
+        if not os.path.isfile(path):
+            logger.error("missing file detected '%s'" % path)
+            retVal = False
+        elif hashlib.md5(open(path, 'rb').read()).hexdigest() != checksum:
+            logger.error("wrong checksum of file '%s' detected" % path)
+            retVal = False
+    return retVal
+
 def unhandledExceptionMessage():
    """
    Returns detailed message about occurred unhandled exception
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.7.29"
+VERSION = "1.0.7.30"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
--- a/sqlmap.py
+++ b/sqlmap.py
@ -34,6 +34,7 @@ from lib.core.data import logger
 try:
    from lib.controller.controller import start
    from lib.core.common import banner
+    from lib.core.common import checkIntegrity
    from lib.core.common import createGithubIssue
    from lib.core.common import dataToStdout
    from lib.core.common import getSafeExString
@ -196,7 +197,15 @@ def main():
        excMsg = traceback.format_exc()

        try:
-            if any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
+            if not checkIntegrity():
+                errMsg = "code integrity check failed. "
+                errMsg += "You should retrieve the latest development version from official GitHub "
+                errMsg += "repository at '%s'" % GIT_PAGE
+                logger.critical(errMsg)
+                print
+                print excMsg.strip()
+                raise SystemExit
+            elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
                errMsg = "no space left on output device"
                logger.error(errMsg)
                raise SystemExit
@ -213,11 +222,6 @@ def main():
                logger.error(errMsg)
                raise SystemExit

-            elif "in _loadQueries" in excMsg:
-                errMsg = "invalid structure of 'xml/queries.xml' file"
-                logger.error(errMsg)
-                raise SystemExit
-
            elif "_mkstemp_inner" in excMsg:
                errMsg = "there has been a problem while accessing temporary files"
                logger.error(errMsg)
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -109,7 +109,7 @@ b04db3e861edde1f9dd0a3850d5b96c8  ./shell/backdoor.asp_
 ff90cb0366f7cefbdd6e573e27e6238c  ./shell/runcmd.exe_
 01e3505e796edf19aad6a996101c81c9  ./shell/stager.php_
 1f7f125f30e0e800beb21e2ebbab18e1  ./shell/stager.jsp_
-28bdeba99aa04e10f00530eb88fef301  ./sqlmap.py
+af69c5e3d20bd472ba386056e9cf2fd6  ./sqlmap.py
 07eb9ee33a3e31bfc74763bea8026a2b  ./waf/knownsec.py
 d50415b49d9df72cb9d193d05630ab8a  ./waf/fortiweb.py
 8d5609a37127782fb35af4f67b5787ee  ./waf/proventia.py
@ -311,7 +311,7 @@ e77cca1cb063016f71f6e6bdebf4ec73  ./lib/core/data.py
 2689f320908964b2c88a3eb8265fd2dd  ./lib/core/agent.py
 8485a3cd94c0a5af2718bad60c5f1ae5  ./lib/core/wordlist.py
 eb0bd28b0bd9fbf67dcc3119116df377  ./lib/core/bigarray.py
-86f543debcb2011d983fac4482f1e544  ./lib/core/settings.py
+662c04d988a5308b98ea74df68f50392  ./lib/core/settings.py
 34a45b9bc68a6381247a620ddf30de1c  ./lib/core/enums.py
 99a2b496b9d5b546b335653ca801153f  ./lib/core/revision.py
 4a16002c5d9cd047c2e89ddc5db63737  ./lib/core/dicts.py
@ -333,7 +333,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e  ./lib/core/__init__.py
 67f206cf2658145992cc1d7020138325  ./lib/core/defaults.py
 7af83e4f18cab6dff5e67840eb65be80  ./lib/core/shell.py
 1d042f0bc0557d3fd564ea5a46deb77e  ./lib/core/datatype.py
-b1e8297aa42eec379936b4ce7f2934b2  ./lib/core/common.py
+25fcb4a9fd187cb587847852df4ac784  ./lib/core/common.py
 1d064463302b85b2241263ea48a83837  ./lib/takeover/metasploit.py
 7083825564c051a7265cfdd1a5e6629c  ./lib/takeover/registry.py
 7d6cd7bdfc8f4bc4e8aed60c84cdf87f  ./lib/takeover/udf.py