implemented suppressResumeInfo mechanism (huge slowdown on large tables)

2024-11-29 04:53:48 +03:00 · 2011-04-22 19:58:10 +00:00 · 2011-04-22 19:58:10 +00:00 · f88aa4b165
commit f88aa4b165
parent 493b9adf8e
5 changed files with 83 additions and 58 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1259,76 +1259,77 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    debugMsg = "initializing the knowledge base"
    logger.debug(debugMsg)
-    kb.absFilePaths    = set()
+    kb.absFilePaths        = set()
-    kb.adjustTimeDelay = False
+    kb.adjustTimeDelay     = False
-    kb.authHeader      = None
+    kb.authHeader          = None
-    kb.bannerFp        = advancedDict()
+    kb.bannerFp            = advancedDict()
-    kb.brute           = advancedDict({'tables':[], 'columns':[]})
+    kb.brute               = advancedDict({'tables':[], 'columns':[]})
-    kb.bruteMode       = False
+    kb.bruteMode           = False
-    kb.cache           = advancedDict()
+    kb.cache               = advancedDict()
-    kb.cache.content   = {}
+    kb.cache.content       = {}
-    kb.cache.regex     = {}
+    kb.cache.regex         = {}
-    kb.cache.stdev     = {}
+    kb.cache.stdev         = {}
-    kb.commonOutputs   = None
+    kb.commonOutputs       = None
-    kb.data            = advancedDict()
+    kb.data                = advancedDict()
    # Active back-end DBMS fingerprint
-    kb.dbms            = None
+    kb.dbms                = None
-    kb.dbmsVersion     = [ UNKNOWN_DBMS_VERSION ]
+    kb.dbmsVersion         = [ UNKNOWN_DBMS_VERSION ]
-    kb.delayCandidates = TIME_DELAY_CANDIDATES * [0]
+    kb.delayCandidates     = TIME_DELAY_CANDIDATES * [0]
-    kb.dep             = None
+    kb.dep                 = None
-    kb.docRoot         = None
+    kb.docRoot             = None
-    kb.dynamicMarkings = []
+    kb.dynamicMarkings     = []
-    kb.endDetection    = False
+    kb.endDetection        = False
-    kb.httpErrorCodes  = {}
+    kb.httpErrorCodes      = {}
-    kb.errorIsNone     = True
+    kb.errorIsNone         = True
-    kb.formNames       = []
+    kb.formNames           = []
-    kb.headersCount    = 0
+    kb.headersCount        = 0
-    kb.headersFp       = {}
+    kb.headersFp           = {}
-    kb.hintValue       = None
+    kb.hintValue           = None
-    kb.htmlFp          = []
+    kb.htmlFp              = []
-    kb.injection       = injectionDict()
+    kb.injection           = injectionDict()
-    kb.injections      = []
+    kb.injections          = []
-    kb.locks           = advancedDict()
+    kb.locks               = advancedDict()
-    kb.locks.cacheLock = threading.Lock()
+    kb.locks.cacheLock     = threading.Lock()
-    kb.locks.logLock   = threading.Lock()
+    kb.locks.logLock       = threading.Lock()
-    kb.matchRatio      = None
+    kb.matchRatio          = None
-    kb.nullConnection  = None
+    kb.nullConnection      = None
-    kb.pageTemplate    = None
+    kb.pageTemplate        = None
-    kb.pageTemplates   = dict()
+    kb.pageTemplates       = dict()
-    kb.originalPage    = None
+    kb.originalPage        = None
    # Back-end DBMS underlying operating system fingerprint via banner (-b)
    # parsing
-    kb.os              = None
+    kb.os                  = None
-    kb.osVersion       = None
+    kb.osVersion           = None
-    kb.osSP            = None
+    kb.osSP                = None
-    kb.pageEncoding    = DEFAULT_PAGE_ENCODING
+    kb.pageEncoding        = DEFAULT_PAGE_ENCODING
-    kb.pageStable      = None
+    kb.pageStable          = None
-    kb.partRun         = None
+    kb.partRun             = None
-    kb.proxyAuthHeader = None
+    kb.proxyAuthHeader     = None
-    kb.queryCounter    = 0
+    kb.queryCounter        = 0
-    kb.redirectSetCookie = None
+    kb.redirectSetCookie   = None
-    kb.responseTimes   = []
+    kb.responseTimes       = []
-    kb.resumedQueries  = {}
+    kb.resumedQueries      = {}
-    kb.retriesCount    = 0
+    kb.retriesCount        = 0
-    kb.singleLogFlags  = set()
+    kb.singleLogFlags      = set()
-    kb.skipOthersDbms  = None
+    kb.skipOthersDbms      = None
-    kb.suppressSession = False
+    kb.suppressSession     = False
-    kb.technique       = None
+    kb.suppressResumeInfo  = False
-    kb.testMode        = False
+    kb.technique           = None
-    kb.testQueryCount  = 0
+    kb.testMode            = False
-    kb.threadContinue  = True
+    kb.testQueryCount      = 0
-    kb.threadException = False
+    kb.threadContinue      = True
-    kb.threadData      = {}
+    kb.threadException     = False
    kb.threadData          = {}
    kb.xpCmdshellAvailable = False
    kb.misc            = advancedDict()
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -310,3 +310,6 @@ MAX_INT = sys.maxint
 # Parameters to be ignored in detection phase (upper case)
 IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
 # Turn off resume console info to avoid potential slowdowns
 TURN_OFF_RESUME_INFO_LIMIT = 20
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -35,6 +35,7 @@ from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapConnectionException
 from lib.core.settings import FROM_TABLE
 from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH
 from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT
 from lib.core.threads import getCurrentThreadData
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
@ -301,6 +302,12 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                    logger.info(infoMsg)
            try:
                if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:
                    kb.suppressResumeInfo = True
                    infoMsg  = "suppressing resume console info because of "
                    infoMsg += "large number of rows (possible slowdown)"
                    logger.info(infoMsg)
                for num in xrange(startLimit, stopLimit):
                    output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, resumeValue)
@ -320,6 +327,9 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                errMsg += "'%s'" % e
                logger.critical(errMsg)
            finally:
                kb.suppressResumeInfo = False
    if not outputs:
        outputs = __errorFields(expression, expressionFields, expressionFieldsList)
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -34,6 +34,7 @@ from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import FROM_TABLE
 from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 from lib.utils.resume import resume
@ -246,6 +247,12 @@ def unionUse(expression, unpack=True, dump=False):
                    logger.info(infoMsg)
            try:
                if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:
                    kb.suppressResumeInfo = True
                    infoMsg  = "suppressing resume console info because of "
                    infoMsg += "large number of rows (possible slowdown)"
                    logger.info(infoMsg)
                for num in xrange(startLimit, stopLimit):
                    if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
                        field = expressionFieldsList[0]
@ -284,6 +291,9 @@ def unionUse(expression, unpack=True, dump=False):
                errMsg += "'%s'" % e
                logger.critical(errMsg)
            finally:
                kb.suppressResumeInfo = False
    if not value:
        value = __oneShotUnionUse(expression, unpack)
--- a/lib/utils/resume.py
+++ b/lib/utils/resume.py
@ -135,7 +135,8 @@ def resume(expression, payload):
            else:
                infoMsg += logValue
-            dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))
+            if not kb.suppressResumeInfo:
                dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))
            return resumedValue