speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)

2025-12-29 19:09:02 +00:00 · 2011-11-22 08:39:13 +00:00
parent 493e436e16
commit 2ed3efba12
6 changed files with 49 additions and 20 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1390,6 +1390,23 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)

    return data

+def parseFilePaths(page):
+    """
+    Detect (possible) absolute system paths inside the provided page content
+    """
+
+    if page:
+        for regex in ( r" in <b>(?P<result>.*?)</b> on line",  r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" ):
+            for match in re.finditer(regex, page):
+                absFilePath = match.group("result").strip()
+                page = page.replace(absFilePath, "")
+
+                if isWindowsDriveLetterPath(absFilePath):
+                    absFilePath = posixToNtSlashes(absFilePath)
+
+                if absFilePath not in kb.absFilePaths:
+                    kb.absFilePaths.add(absFilePath)
+
 def getDelayQuery(andCond=False):
    query = None

@@ -3146,3 +3163,12 @@ def executeCode(code, variables=None):
    except Exception, ex:
        errMsg = "an error occured while evaluating provided code ('%s'). " % ex
        raise sqlmapGenericException, errMsg
+
+def serializeObject(object_):
+    return pickle.dumps(object_)
+
+def unserializeObject(value):
+    retVal = None
+    if value:
+        retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode
+    return retVal
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -17,6 +17,7 @@ from lib.core.common import dataToSessionFile
 from lib.core.common import intersect
 from lib.core.common import paramToDict
 from lib.core.common import readInput
+from lib.core.common import unserializeObject
 from lib.core.convert import urldecode
 from lib.core.data import cmdLineOptions
 from lib.core.data import conf
@@ -177,6 +178,7 @@ def __setHashDB():
    """
    Check and set the HashDB SQLite file for query resume functionality.
    """
+
    if not conf.hashDBFile:
        conf.hashDBFile = "%s%shashdb" % (conf.outputPath, os.sep)

@@ -191,6 +193,13 @@ def __setHashDB():

    conf.hashDB = HashDB(conf.hashDBFile)

+def __resumeHashDBValues():
+    """
+    Resume stored data values from HashDB
+    """
+
+    kb.absFilePaths = unserializeObject(conf.hashDB.retrieve("kb.absFilePaths")) or kb.absFilePaths
+
 def __setOutputResume():
    """
    Check and set the output text file and the resume functionality.
@@ -383,4 +392,5 @@ def setupTargetEnv():
    __setRequestParams()
    __setOutputResume()
    __setHashDB()
+    __resumeHashDBValues()
    __setResultsFile()