diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 4a987277d..9f90fe745 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -182,13 +182,13 @@ a033f92d136c707a25927c2383125ddb004d4283db62c004dcd67c3fc242bb1c lib/core/dump. 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad lib/core/log.py 02a2264324caa249154e024a01bcd7cc40dbca4d647d5d10a50654b4415a6d77 lib/core/optiondict.py c1cb56f2a43e9f2f6b25d5f3d504e856ea21df6fc14af5e37b1000feef2bdb5a lib/core/option.py -8171f6ee33e7742f06bb3014a28324496374beddee7b378ace10a26414a97762 lib/core/patch.py +9a213f91c8ad468466bd92e5e5805040f904055eb607fb2ed75b4c0e30b8accd lib/core/patch.py 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec lib/core/profiling.py 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04 lib/core/readlineng.py 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -1bc3458243a0ad82344ffffa3ae24afbe259f7130faaefe6d1c4f6c23f544446 lib/core/settings.py +66cbde8c76851d5e8de6b93d6dbd3cd58e4473a1f307326aa672c3628253775e lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py d35650179816193164a5f177102f18379dfbe6bb6d40fbb67b78d907b41c8038 lib/core/target.py diff --git a/lib/core/patch.py b/lib/core/patch.py index bcd79982e..86a5c4e6b 100644 --- a/lib/core/patch.py +++ b/lib/core/patch.py @@ -160,6 +160,23 @@ def dirtyPatches(): logging._releaseLock = _releaseLock + from xml.etree import ElementTree as et + if not getattr(et, "_patched", False): + _real_parse = et.parse + + def _safe_parse(source, parser=None): + if parser is None: + parser = et.XMLParser() + if hasattr(parser, "parser"): + def reject(*args): raise ValueError("XML entities are forbidden") + parser.parser.EntityDeclHandler = reject + parser.parser.UnparsedEntityDeclHandler = reject + + return _real_parse(source, parser=parser) + + et.parse = _safe_parse + et._patched = True + def resolveCrossReferences(): """ Place for cross-reference resolution diff --git a/lib/core/settings.py b/lib/core/settings.py index 446f790d9..ca88c0f20 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.10.2.1" +VERSION = "1.10.2.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)