From faf154d2b377ccac0d5dc018cf05ff49575f83e8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Apr 2019 15:15:12 +0200 Subject: [PATCH] Update regarding #3553 --- lib/core/common.py | 10 ++++++++++ lib/core/settings.py | 7 +++++-- sqlmap.py | 7 +++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index d71b98a3f..718220476 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3418,6 +3418,16 @@ def checkIntegrity(): return retVal +def getDaysFromLastUpdate(): + """ + Get total number of days from last update + """ + + if not paths: + return + + return int(time.time() - os.path.getmtime(paths.SQLMAP_SETTINGS_PATH)) // (3600 * 24) + def unhandledExceptionMessage(): """ Returns detailed message about occurred unhandled exception diff --git a/lib/core/settings.py b/lib/core/settings.py index baa8c0e8a..89512e3c3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.4.11" +VERSION = "1.3.4.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -530,6 +530,9 @@ BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)" # Data inside shellcodeexec to be filled with random string SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" +# Period after last-update to start nagging about the old revision +LAST_UPDATE_NAGGING_DAYS = 60 + # Generic address for checking the Internet connection while using switch --check-internet CHECK_INTERNET_ADDRESS = "https://ipinfo.io/" @@ -676,7 +679,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100 CHECK_ZERO_COLUMNS_THRESHOLD = 10 # Boldify all logger messages containing these "patterns" -BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED") +BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than") # TLDs used in randomization of email-alike parameter values RANDOMIZATION_TLDS = ("com", "net", "ru", "org", "de", "jp", "cn", "fr", "it", "pl", "tv", "edu", "in", "ir", "es", "me", "info", "gr", "gov", "ca", "co", "se", "cz", "to", "vn", "nl", "cc", "az", "hu", "ua", "be", "no", "biz", "io", "ch", "ro", "sk", "eu", "us", "tw", "pt", "fi", "at", "lt", "kz", "cl", "hr", "pk", "lv", "la", "pe") diff --git a/sqlmap.py b/sqlmap.py index bb119e06a..8bb852b97 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -43,6 +43,7 @@ try: from lib.core.common import createGithubIssue from lib.core.common import dataToStdout from lib.core.common import filterNone + from lib.core.common import getDaysFromLastUpdate from lib.core.common import getSafeExString from lib.core.common import getUnicode from lib.core.common import maskSensitiveData @@ -64,6 +65,7 @@ try: from lib.core.patch import dirtyPatches from lib.core.settings import GIT_PAGE from lib.core.settings import IS_WIN + from lib.core.settings import LAST_UPDATE_NAGGING_DAYS from lib.core.settings import LEGAL_DISCLAIMER from lib.core.settings import THREAD_FINALIZATION_TIMEOUT from lib.core.settings import UNICODE_ENCODING @@ -351,6 +353,11 @@ def main(): finally: kb.threadContinue = False + _ = getDaysFromLastUpdate() + if _ > LAST_UPDATE_NAGGING_DAYS: + warnMsg = "you haven't updated sqlmap for more than %d days!!!" % _ + logger.warn(warnMsg) + if conf.get("showTime"): dataToStdout("\n[*] ending @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True)