Minor optimization of randomizeParameterValue

2026-01-29 17:49:09 +00:00 · 2026-01-28 18:53:00 +01:00
parent fbee649fb6
commit cd6e2f1c8a
3 changed files with 22 additions and 24 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -4512,34 +4512,32 @@ def randomizeParameterValue(value):

    retVal = value

-    value = re.sub(r"%[0-9a-fA-F]{2}", "", value)
+    retVal = re.sub(r"%[0-9a-fA-F]{2}", "", retVal)

-    for match in re.finditer(r"[A-Z]+", value):
+    def _replace_upper(match):
+        original = match.group()
        while True:
-            original = match.group()
-            candidate = randomStr(len(match.group())).upper()
-            if original != candidate:
-                break
+            candidate = randomStr(len(original)).upper()
+            if candidate != original:
+                return candidate

-        retVal = retVal.replace(original, candidate)
-
-    for match in re.finditer(r"[a-z]+", value):
+    def _replace_lower(match):
+        original = match.group()
        while True:
-            original = match.group()
-            candidate = randomStr(len(match.group())).lower()
-            if original != candidate:
-                break
+            candidate = randomStr(len(original)).lower()
+            if candidate != original:
+                return candidate

-        retVal = retVal.replace(original, candidate)
-
-    for match in re.finditer(r"[0-9]+", value):
+    def _replace_digit(match):
+        original = match.group()
        while True:
-            original = match.group()
-            candidate = str(randomInt(len(match.group())))
-            if original != candidate:
-                break
+            candidate = str(randomInt(len(original)))
+            if candidate != original:
+                return candidate

-        retVal = retVal.replace(original, candidate, 1)
+    retVal = re.sub(r"[A-Z]+", _replace_upper, retVal)
+    retVal = re.sub(r"[a-z]+", _replace_lower, retVal)
+    retVal = re.sub(r"[0-9]+", _replace_digit, retVal)

    if re.match(r"\A[^@]+@.+\.[a-z]+\Z", value):
        parts = retVal.split('.')
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.1.67"
+VERSION = "1.10.1.68"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)