Switching to the getSafeExString (where it can be used)

2024-11-21 17:16:35 +03:00 · 2015-09-10 15:51:33 +02:00 · 2015-09-10 15:51:33 +02:00 · f494004f44
commit f494004f44
parent 7a261ef447
15 changed files with 66 additions and 39 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -22,6 +22,7 @@ from lib.core.common import findDynamicContent
 from lib.core.common import Format
 from lib.core.common import getLastRequestHTTPError
 from lib.core.common import getPublicTypeMembers
+from lib.core.common import getSafeExString
 from lib.core.common import getSortedInjectionTests
 from lib.core.common import getUnicode
 from lib.core.common import intersect
@ -1279,7 +1280,7 @@ def checkNullConnection():
                    logger.info(infoMsg)

    except SqlmapConnectionException, ex:
-        errMsg = getUnicode(ex.message)
+        errMsg = getSafeExString(ex)
        raise SqlmapConnectionException(errMsg)

    finally:
@ -1298,7 +1299,7 @@ def checkConnection(suppressOutput=False):
            raise SqlmapConnectionException(errMsg)
        except socket.error, ex:
            errMsg = "problem occurred while "
-            errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, ex.message)
+            errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex))
            raise SqlmapConnectionException(errMsg)

    if not suppressOutput and not conf.dummy and not conf.offline:
@ -1336,7 +1337,7 @@ def checkConnection(suppressOutput=False):
            singleTimeWarnMessage(warnMsg)

        if any(code in kb.httpErrorCodes for code in (httplib.NOT_FOUND, )):
-            errMsg = getUnicode(ex.message)
+            errMsg = getSafeExString(ex)
            logger.critical(errMsg)

            if conf.multipleTargets:
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -24,6 +24,7 @@ from lib.core.common import dataToStdout
 from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
 from lib.core.common import getPublicTypeMembers
+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
@ -648,7 +649,7 @@ def start():
            raise

        except SqlmapBaseException, ex:
-            errMsg = getUnicode(ex.message)
+            errMsg = getSafeExString(ex)

            if conf.multipleTargets:
                errMsg += ", skipping to the next %s" % ("form" if conf.forms else "URL")
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -879,7 +879,7 @@ def dataToOutFile(filename, data):
                f.write(data)
        except IOError, ex:
            errMsg = "something went wrong while trying to write "
-            errMsg += "to the output file ('%s')" % ex.message
+            errMsg += "to the output file ('%s')" % getSafeExString(ex)
            raise SqlmapGenericException(errMsg)

    return retVal
@ -3008,7 +3008,7 @@ def createGithubIssue(errMsg, excMsg):
        else:
            warnMsg = "something went wrong while creating a Github issue"
            if ex:
-                warnMsg += " ('%s')" % ex.message
+                warnMsg += " ('%s')" % getSafeExString(ex)
            if "Unauthorized" in warnMsg:
                warnMsg += ". Please update to the latest revision"
            logger.warn(warnMsg)
@ -3567,7 +3567,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
                request = form.click()
            except (ValueError, TypeError), ex:
                errMsg = "there has been a problem while "
-                errMsg += "processing page forms ('%s')" % ex.message
+                errMsg += "processing page forms ('%s')" % getSafeExString(ex)
                if raise_:
                    raise SqlmapGenericException(errMsg)
                else:
@ -3670,7 +3670,7 @@ def evaluateCode(code, variables=None):
    except KeyboardInterrupt:
        raise
    except Exception, ex:
-        errMsg = "an error occurred while evaluating provided code ('%s') " % ex.message
+        errMsg = "an error occurred while evaluating provided code ('%s') " % getSafeExString(ex)
        raise SqlmapGenericException(errMsg)

 def serializeObject(object_):
@ -3977,3 +3977,18 @@ def pollProcess(process, suppress_errors=False):
                    dataToStdout(" quit unexpectedly with return code %d\n" % returncode)

            break
+
+def getSafeExString(ex):
+    """
+    Safe way how to get the proper exception represtation as a string
+    (Note: errors to be avoided: 1) "%s" % Exception(u'\u0161') and 2) "%s" % str(Exception(u'\u0161'))
+    """
+
+    retVal = ex
+
+    if getattr(ex, "message", None):
+        retVal = ex.message
+    elif getattr(ex, "msg", None):
+        retVal = ex.msg
+
+    return getUnicode(retVal)
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@ -15,6 +15,7 @@ import threading
 from lib.core.common import Backend
 from lib.core.common import dataToDumpFile
 from lib.core.common import dataToStdout
+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import isListLike
 from lib.core.common import normalizeUnicode
@ -74,7 +75,7 @@ class Dump(object):
        try:
            self._outputFP.write(text)
        except IOError, ex:
-            errMsg = "error occurred while writing to log file ('%s')" % ex.message
+            errMsg = "error occurred while writing to log file ('%s')" % getSafeExString(ex)
            raise SqlmapGenericException(errMsg)

        if kb.get("multiThreadMode"):
@ -94,7 +95,7 @@ class Dump(object):
        try:
            self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb")
        except IOError, ex:
-            errMsg = "error occurred while opening log file ('%s')" % ex.message
+            errMsg = "error occurred while opening log file ('%s')" % getSafeExString(ex)
            raise SqlmapGenericException(errMsg)

    def getOutputFile(self):
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1523,7 +1523,7 @@ def _createTemporaryDirectory():
            os.makedirs(tempfile.gettempdir())
    except IOError, ex:
        errMsg = "there has been a problem while accessing "
-        errMsg += "system's temporary directory location(s) ('%s'). Please " % ex.message
+        errMsg += "system's temporary directory location(s) ('%s'). Please " % getSafeExString(ex)
        errMsg += "make sure that there is enough disk space left. If problem persists, "
        errMsg += "try to set environment variable 'TEMP' to a location "
        errMsg += "writeable by the current user"
@ -2071,7 +2071,7 @@ def _mergeOptions(inputOptions, overrideOptions):
            inputOptions = base64unpickle(inputOptions.pickledOptions)
        except Exception, ex:
            errMsg = "provided invalid value '%s' for option '--pickled-options'" % inputOptions.pickledOptions
-            errMsg += " ('%s')" % ex.message if ex.message else ""
+            errMsg += " ('%s')" % ex if ex.message else ""
            raise SqlmapSyntaxException(errMsg)

    if inputOptions.configFile:
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """

 from lib.core.common import checkFile
+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import openFile
 from lib.core.common import unArrayizeValue
@ -67,7 +68,7 @@ def configFileParser(configFile):
        config = UnicodeRawConfigParser()
        config.readfp(configFP)
    except Exception, ex:
-        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % ex.message
+        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % getSafeExString(ex)
        raise SqlmapSyntaxException(errMsg)

    if not config.has_section("Target"):
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -40,6 +40,7 @@ from lib.core.common import getCurrentThreadData
 from lib.core.common import getHeader
 from lib.core.common import getHostHeader
 from lib.core.common import getRequestHeader
+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import logHTTPTraffic
 from lib.core.common import pushValue
@ -497,22 +498,22 @@ class Connect(object):
                    if hasattr(conn.fp, '_sock'):
                        conn.fp._sock.close()
                    conn.close()
-                except Exception, msg:
-                    warnMsg = "problem occurred during connection closing ('%s')" % msg
+                except Exception, ex:
+                    warnMsg = "problem occurred during connection closing ('%s')" % getSafeExString(ex)
                    logger.warn(warnMsg)

-        except urllib2.HTTPError, e:
+        except urllib2.HTTPError, ex:
            page = None
            responseHeaders = None

            try:
-                page = e.read() if not skipRead else None
-                responseHeaders = e.info()
-                responseHeaders[URI_HTTP_HEADER] = e.geturl()
+                page = ex.read() if not skipRead else None
+                responseHeaders = ex.info()
+                responseHeaders[URI_HTTP_HEADER] = ex.geturl()
                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
            except socket.timeout:
                warnMsg = "connection timed out while trying "
-                warnMsg += "to get error page information (%d)" % e.code
+                warnMsg += "to get error page information (%d)" % ex.code
                logger.warn(warnMsg)
                return None, None, None
            except KeyboardInterrupt:
@ -522,13 +523,13 @@ class Connect(object):
            finally:
                page = page if isinstance(page, unicode) else getUnicode(page)

-            code = e.code
+            code = ex.code

            kb.originalCode = kb.originalCode or code
            threadData.lastHTTPError = (threadData.lastRequestUID, code)
            kb.httpErrorCodes[code] = kb.httpErrorCodes.get(code, 0) + 1

-            status = getUnicode(e.msg)
+            status = getUnicode(ex.msg)
            responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, status)

            if responseHeaders:
@ -545,11 +546,11 @@ class Connect(object):

            logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)

-            if e.code == httplib.UNAUTHORIZED and not conf.ignore401:
+            if ex.code == httplib.UNAUTHORIZED and not conf.ignore401:
                errMsg = "not authorized, try to provide right HTTP "
                errMsg += "authentication type and valid credentials (%d)" % code
                raise SqlmapConnectionException(errMsg)
-            elif e.code == httplib.NOT_FOUND:
+            elif ex.code == httplib.NOT_FOUND:
                if raise404:
                    errMsg = "page not found (%d)" % code
                    raise SqlmapConnectionException(errMsg)
@ -557,11 +558,11 @@ class Connect(object):
                    debugMsg = "page not found (%d)" % code
                    singleTimeLogMessage(debugMsg, logging.DEBUG)
                    processResponse(page, responseHeaders)
-            elif e.code == httplib.GATEWAY_TIMEOUT:
+            elif ex.code == httplib.GATEWAY_TIMEOUT:
                if ignoreTimeout:
                    return None, None, None
                else:
-                    warnMsg = "unable to connect to the target URL (%d - %s)" % (e.code, httplib.responses[e.code])
+                    warnMsg = "unable to connect to the target URL (%d - %s)" % (ex.code, httplib.responses[ex.code])
                    if threadData.retriesCount < conf.retries and not kb.threadException:
                        warnMsg += ". sqlmap is going to retry the request"
                        logger.critical(warnMsg)
@ -575,7 +576,7 @@ class Connect(object):
                debugMsg = "got HTTP error code: %d (%s)" % (code, status)
                logger.debug(debugMsg)

-        except (urllib2.URLError, socket.error, socket.timeout, httplib.HTTPException, struct.error, ProxyError, SqlmapCompressionException, WebSocketException), e:
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.HTTPException, struct.error, ProxyError, SqlmapCompressionException, WebSocketException):
            tbMsg = traceback.format_exc()

            if "no host given" in tbMsg:
@ -718,7 +719,7 @@ class Connect(object):
                        payload = function(payload=payload, headers=auxHeaders)
                    except Exception, ex:
                        errMsg = "error occurred while running tamper "
-                        errMsg += "function '%s' ('%s')" % (function.func_name, ex)
+                        errMsg += "function '%s' ('%s')" % (function.func_name, getSafeExString(ex))
                        raise SqlmapGenericException(errMsg)

                    if not isinstance(payload, basestring):
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@ -9,6 +9,7 @@ import httplib
 import socket
 import urllib2

+from lib.core.common import getSafeExString
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapConnectionException
@ -57,7 +58,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
                        sock.close()
                except (ssl.SSLError, socket.error, httplib.BadStatusLine), ex:
                    self._tunnel_host = None
-                    logger.debug("SSL connection error occurred ('%s')" % ex.message)
+                    logger.debug("SSL connection error occurred ('%s')" % getSafeExString(ex))

        # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
        #               https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
@ -77,7 +78,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
                        sock.close()
                except (ssl.SSLError, socket.error, httplib.BadStatusLine), ex:
                    self._tunnel_host = None
-                    logger.debug("SSL connection error occurred ('%s')" % ex.message)
+                    logger.debug("SSL connection error occurred ('%s')" % getSafeExString(ex))

        if not success:
            raise SqlmapConnectionException("can't establish SSL connection")
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@ -17,6 +17,7 @@ import time
 import urllib2

 from lib.core.common import dataToStdout
+from lib.core.common import getSafeExString
 from lib.core.common import unArrayizeValue
 from lib.core.convert import base64pickle
 from lib.core.convert import hexencode
@ -87,7 +88,7 @@ class Database(object):
                else:
                    self.cursor.execute(statement)
            except sqlite3.OperationalError, ex:
-                if not "locked" in ex.message:
+                if not "locked" in getSafeExString(ex):
                    raise
            else:
                break
--- a/lib/utils/google.py
+++ b/lib/utils/google.py
@ -12,6 +12,7 @@ import socket
 import urllib
 import urllib2

+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import readInput
 from lib.core.common import urlencode
@ -50,7 +51,7 @@ class Google(object):
            conn = self.opener.open("http://www.google.com/ncr")
            conn.info()  # retrieve session cookie
        except Exception, ex:
-            errMsg = "unable to connect to Google ('%s')" % ex.message
+            errMsg = "unable to connect to Google ('%s')" % getSafeExString(ex)
            raise SqlmapConnectionException(errMsg)

    def search(self, dork):
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@ -44,6 +44,7 @@ from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
 from lib.core.common import getFileItems
 from lib.core.common import getPublicTypeMembers
+from lib.core.common import getSafeExString
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import normalizeUnicode
@ -771,7 +772,7 @@ def dictionaryAttack(attack_dict):

                except Exception, ex:
                    warnMsg = "there was a problem while loading dictionaries"
-                    warnMsg += " ('%s')" % ex.message
+                    warnMsg += " ('%s')" % getSafeExString(ex)
                    logger.critical(warnMsg)

            message = "do you want to use common password suffixes? (slow!) [y/N] "
--- a/lib/utils/hashdb.py
+++ b/lib/utils/hashdb.py
@ -11,6 +11,7 @@ import sqlite3
 import threading
 import time

+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import serializeObject
 from lib.core.common import unserializeObject
@ -77,7 +78,7 @@ class HashDB(object):
                        for row in self.cursor.execute("SELECT value FROM storage WHERE id=?", (hash_,)):
                            retVal = row[0]
                    except sqlite3.OperationalError, ex:
-                        if not "locked" in ex.message:
+                        if not "locked" in getSafeExString(ex):
                            raise
                    except sqlite3.DatabaseError, ex:
                        errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, ex)
@ -127,7 +128,7 @@ class HashDB(object):

                        if retries == 0:
                            warnMsg = "there has been a problem while writing to "
-                            warnMsg += "the session file ('%s')" % ex.message
+                            warnMsg += "the session file ('%s')" % getSafeExString(ex)
                            logger.warn(warnMsg)

                        if retries >= HASHDB_FLUSH_RETRIES:
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@ -12,6 +12,7 @@ from lib.core.bigarray import BigArray
 from lib.core.common import Backend
 from lib.core.common import clearConsoleLine
 from lib.core.common import getLimitRange
+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import isInferenceAvailable
 from lib.core.common import isListLike
@ -341,13 +342,13 @@ class Entries:
                        attackDumpedTable()
                    except (IOError, OSError), ex:
                        errMsg = "an error occurred while attacking "
-                        errMsg += "table dump ('%s')" % ex.message
+                        errMsg += "table dump ('%s')" % getSafeExString(ex)
                        logger.critical(errMsg)
                    conf.dumper.dbTableValues(kb.data.dumpedTable)

            except SqlmapConnectionException, ex:
                errMsg = "connection exception detected in dumping phase "
-                errMsg += "('%s')" % ex.message
+                errMsg += "('%s')" % getSafeExString(ex)
                logger.critical(errMsg)

            finally:
--- a/sqlmap.py
+++ b/sqlmap.py
@ -25,6 +25,7 @@ from lib.controller.controller import start
 from lib.core.common import banner
 from lib.core.common import createGithubIssue
 from lib.core.common import dataToStdout
+from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import maskSensitiveData
 from lib.core.common import setPaths
@ -119,7 +120,7 @@ def main():
        cmdLineOptions.sqlmapShell = False

    except SqlmapBaseException as ex:
-        errMsg = getUnicode(ex.message)
+        errMsg = getSafeExString(ex)
        logger.critical(errMsg)
        sys.exit(1)

--- a/tamper/symboliclogical.py
+++ b/tamper/symboliclogical.py
@ -19,7 +19,7 @@ def tamper(payload, **kwargs):
    Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)

    >>> tamper("1 AND '1'='1")
-    '1 && '1'='1'
+    "1 %26%26 '1'='1"
    """

    retVal = payload