Some more DREI stuff

2026-01-22 22:29:05 +00:00 · 2019-04-19 11:24:34 +02:00
parent da15701a55
commit bb7bd51d94
15 changed files with 94 additions and 71 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -882,6 +882,16 @@ def singleTimeLogMessage(message, level=logging.INFO, flag=None):
        logger.log(level, message)

 def boldifyMessage(message):
+    """
+    Sets ANSI bold marking on entire message if parts found in predefined BOLD_PATTERNS
+
+    >>> boldifyMessage("Hello World")
+    'Hello World'
+
+    >>> boldifyMessage("GET parameter id is not injectable")
+    '\\x1b[1mGET parameter id is not injectable\\x1b[0m'
+    """
+
    retVal = message

    if any(_ in message for _ in BOLD_PATTERNS):
@@ -890,6 +900,13 @@ def boldifyMessage(message):
    return retVal

 def setColor(message, color=None, bold=False, level=None):
+    """
+    Sets ANSI color codes
+
+    >>> setColor("Hello World", "red")
+    '\\x1b[31mHello World\\x1b[0m'
+    """
+
    retVal = message
    level = level or extractRegexResult(r"\[(?P<result>%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message)

@@ -933,7 +950,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
            if multiThreadMode:
                logging._acquireLock()

-            if isinstance(data, unicode):
+            if isinstance(data, six.text_type):
                message = stdoutencode(data)
            else:
                message = data
@@ -1840,7 +1857,7 @@ def safeFilepathEncode(filepath):

    retVal = filepath

-    if filepath and isinstance(filepath, unicode):
+    if filepath and isinstance(filepath, six.text_type):
        retVal = filepath.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)

    return retVal
@@ -1927,7 +1944,7 @@ def getFilteredPageContent(page, onlyText=True, split=" "):
    retVal = page

    # only if the page's charset has been successfully identified
-    if isinstance(page, unicode):
+    if isinstance(page, six.text_type):
        retVal = re.sub(r"(?si)<script.+?</script>|<!--.+?-->|<style.+?</style>%s" % (r"|<[^>]+>|\t|\n|\r" if onlyText else ""), split, page)
        retVal = re.sub(r"%s{2,}" % split, split, retVal)
        retVal = htmlunescape(retVal.strip().strip(split))
@@ -1945,7 +1962,7 @@ def getPageWordSet(page):
    retVal = set()

    # only if the page's charset has been successfully identified
-    if isinstance(page, unicode):
+    if isinstance(page, six.text_type):
        retVal = set(_.group(0) for _ in re.finditer(r"\w+", getFilteredPageContent(page)))

    return retVal
@@ -2430,7 +2447,7 @@ def getUnicode(value, encoding=None, noneToNull=False):
        except UnicodeDecodeError:
            return six.text_type(str(value), errors="ignore")  # encoding ignored for non-basestring instances

-def getBytes(value, encoding=UNICODE_ENCODING):
+def getBytes(value, encoding=UNICODE_ENCODING, errors="strict"):
    """
    Returns byte representation of provided Unicode value

@@ -2445,11 +2462,11 @@ def getBytes(value, encoding=UNICODE_ENCODING):
            for char in xrange(0xF0000, 0xF00FF + 1):
                value = value.replace(unichr(char), "%s%02x" % (SAFE_HEX_MARKER, char - 0xF0000))

-            retVal = value.encode(encoding)
+            retVal = value.encode(encoding, errors)

            retVal = re.sub(r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER, lambda _: _.group(1).decode("hex"), retVal)
        else:
-            retVal = value.encode(encoding)
+            retVal = value.encode(encoding, errors)
            retVal = re.sub(r"\\x([0-9a-f]{2})", lambda _: _.group(1).decode("hex"), retVal)

    return retVal
@@ -3694,7 +3711,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
    retVal = content

    try:
-        if all((content, payload)) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
+        if all((content, payload)) and isinstance(content, six.text_type) and kb.reflectiveMechanism and not kb.heuristicMode:
            def _(value):
                while 2 * REFLECTED_REPLACEMENT_REGEX in value:
                    value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
@@ -3786,7 +3803,7 @@ def normalizeUnicode(value):
    'sucuraj'
    """

-    return unicodedata.normalize("NFKD", value).encode("ascii", "ignore") if isinstance(value, unicode) else value
+    return unicodedata.normalize("NFKD", value).encode("ascii", "ignore") if isinstance(value, six.text_type) else value

 def safeSQLIdentificatorNaming(name, isTable=False):
    """
@@ -4105,7 +4122,7 @@ def asciifyUrl(url, forceQuote=False):
        #     _urllib.parse.quote(s.replace('%', '')) != s.replace('%', '')
        # which would trigger on all %-characters, e.g. "&".
        if getUnicode(s).encode("ascii", "replace") != s or forceQuote:
-            return _urllib.parse.quote(s.encode(UNICODE_ENCODING) if isinstance(s, unicode) else s, safe=safe)
+            return _urllib.parse.quote(s.encode(UNICODE_ENCODING) if isinstance(s, six.text_type) else s, safe=safe)
        return s

    username = quote(parts.username, '')
@@ -4459,8 +4476,8 @@ def decodeHexValue(value, raw=False):
                        retVal = retVal.decode("utf-16-be")
                    except UnicodeDecodeError:
                        pass
-                if not isinstance(retVal, unicode):
-                    retVal = getUnicode(retVal, conf.encoding or "utf8")
+                if not isinstance(retVal, six.text_type):
+                    retVal = getUnicode(retVal, conf.encoding or UNICODE_ENCODING)

        return retVal

--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -242,7 +242,7 @@ class Dump(object):
                    if table and isListLike(table):
                        table = table[0]

-                    maxlength = max(maxlength, len(unsafeSQLIdentificatorNaming(normalizeUnicode(table) or unicode(table))))
+                    maxlength = max(maxlength, len(unsafeSQLIdentificatorNaming(normalizeUnicode(table) or getUnicode(table))))

            lines = "-" * (int(maxlength) + 2)

@@ -263,7 +263,7 @@ class Dump(object):
                        table = table[0]

                    table = unsafeSQLIdentificatorNaming(table)
-                    blank = " " * (maxlength - len(normalizeUnicode(table) or unicode(table)))
+                    blank = " " * (maxlength - len(normalizeUnicode(table) or getUnicode(table)))
                    self._write("| %s%s |" % (table, blank))

                self._write("+%s+\n" % lines)
@@ -358,7 +358,7 @@ class Dump(object):
            for ctables in dbTables.values():
                for tables in ctables.values():
                    for table in tables:
-                        maxlength1 = max(maxlength1, len(normalizeUnicode(table) or unicode(table)))
+                        maxlength1 = max(maxlength1, len(normalizeUnicode(table) or getUnicode(table)))

            for db, counts in dbTables.items():
                self._write("Database: %s" % unsafeSQLIdentificatorNaming(db) if db else "Current database")
@@ -384,7 +384,7 @@ class Dump(object):
                    tables.sort(key=lambda _: _.lower() if hasattr(_, "lower") else _)

                    for table in tables:
-                        blank1 = " " * (maxlength1 - len(normalizeUnicode(table) or unicode(table)))
+                        blank1 = " " * (maxlength1 - len(normalizeUnicode(table) or getUnicode(table)))
                        blank2 = " " * (maxlength2 - len(str(count)))
                        self._write("| %s%s | %d%s |" % (table, blank1, count, blank2))

--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1716,7 +1716,7 @@ def _cleanupOptions():
        except re.error:
            conf.csrfToken = re.escape(conf.csrfToken)
        finally:
-            class _(unicode):
+            class _(six.text_type):
                pass
            conf.csrfToken = _(conf.csrfToken)
            conf.csrfToken._original = original
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.4.28"
+VERSION = "1.3.4.29"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -73,6 +73,7 @@ from lib.core.settings import URI_INJECTABLE_REGEX
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.settings import XML_RECOGNITION_REGEX
 from lib.utils.hashdb import HashDB
+from thirdparty import six
 from thirdparty.odict import OrderedDict
 from thirdparty.six.moves import urllib as _urllib

@@ -409,7 +410,7 @@ def _setRequestParams():
                    message += "Do you want sqlmap to automatically update it in further requests? [y/N] "

                    if readInput(message, default='N', boolean=True):
-                        class _(unicode):
+                        class _(six.text_type):
                            pass
                        conf.csrfToken = _(re.escape(getUnicode(parameter)))
                        conf.csrfToken._original = getUnicode(parameter)
@@ -712,7 +713,7 @@ def initTargetEnv():
        _setDBMS()

    if conf.data:
-        class _(unicode):
+        class _(six.text_type):
            pass

        kb.postUrlEncode = True