PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-28 18:39:04 +00:00
Code Issues Projects Releases Wiki Activity

Update related to the last commit

Browse Source
This commit is contained in:
Miroslav Stampar
2019-01-22 01:20:27 +01:00
parent 7672b9a0a2
commit db3bed3f44
29 changed files with 140 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/controller/checks.py
View File

@@ -627,10 +627,10 @@ def checkSqlInjection(place, parameter, value):
injectable = True
except SqlmapConnectionException, msg:
except SqlmapConnectionException as ex:
debugMsg = "problem occurred most likely because the "
debugMsg += "server hasn't recovered as expected from the "
debugMsg += "error-based payload used ('%s')" % msg
debugMsg += "error-based payload used ('%s')" % getSafeExString(ex)
logger.debug(debugMsg)
# In case of time-based blind or stacked queries

2
lib/core/common.py
View File

@@ -4746,6 +4746,8 @@ def getSafeExString(ex, encoding=None):
retVal = ex.msg
elif isinstance(ex, (list, tuple)) and len(ex) > 1 and isinstance(ex[1], basestring):
retVal = ex[1]
elif isinstance(ex, (list, tuple)) and len(ex) > 0 and isinstance(ex[0], basestring):
retVal = ex[0]
return getUnicode(retVal or "", encoding=encoding).strip()

4
lib/core/dump.py
View File

@@ -624,8 +624,8 @@ class Dump(object):
with open(filepath, "wb") as f:
_ = safechardecode(value, True)
f.write(_)
except magic.MagicException, err:
logger.debug(str(err))
except magic.MagicException as ex:
logger.debug(getSafeExString(ex))
if conf.dumpFormat == DUMP_FORMAT.CSV:
if field == fields:

2
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.1.60"
VERSION = "1.3.1.61"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

6
lib/core/target.py
View File

@@ -646,7 +646,7 @@ def _createTargetDirs():
except (OSError, IOError) as ex:
try:
tempDir = tempfile.mkdtemp(prefix="sqlmap%s" % context)
except Exception, _:
except Exception as _:
errMsg = "unable to write to the temporary directory ('%s'). " % _
errMsg += "Please make sure that your disk is not full and "
errMsg += "that you have sufficient write permissions to "
@@ -668,7 +668,7 @@ def _createTargetDirs():
except (OSError, IOError, TypeError) as ex:
try:
tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
except Exception, _:
except Exception as _:
errMsg = "unable to write to the temporary directory ('%s'). " % _
errMsg += "Please make sure that your disk is not full and "
errMsg += "that you have sufficient write permissions to "
@@ -767,4 +767,4 @@ def setupTargetEnv():
_resumeHashDBValues()
_setResultsFile()
_setAuthCred()
_setAuxOptions()
_setAuxOptions()

12
lib/core/testing.py
View File

@@ -75,10 +75,10 @@ def smokeTest():
try:
__import__(path)
module = sys.modules[path]
except Exception, msg:
except Exception as ex:
retVal = False
dataToStdout("\r")
errMsg = "smoke test failed at importing module '%s' (%s):\n%s" % (path, os.path.join(root, filename), msg)
errMsg = "smoke test failed at importing module '%s' (%s):\n%s" % (path, os.path.join(root, filename), ex)
logger.error(errMsg)
else:
# Run doc tests
@@ -275,10 +275,10 @@ def runCase(parse):
result = start()
except KeyboardInterrupt:
pass
except SqlmapBaseException, e:
handled_exception = e
except Exception, e:
unhandled_exception = e
except SqlmapBaseException as ex:
handled_exception = ex
except Exception as ex:
unhandled_exception = ex
finally:
sys.stdout.seek(0)
console = sys.stdout.read()

4
lib/parse/cmdline.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import re
import shlex
@@ -842,7 +844,7 @@ def cmdLineParser(argv=None):
argv[i] = argv[i][:-1]
conf.skipThreadCheck = True
elif argv[i] == "--version":
print VERSION_STRING.split('/')[-1]
print(VERSION_STRING.split('/')[-1])
raise SystemExit
elif argv[i] in ("-h", "--help"):
advancedHelp = False

5
lib/request/basic.py
View File

@@ -17,6 +17,7 @@ from lib.core.common import Backend
from lib.core.common import extractErrorMessage
from lib.core.common import extractRegexResult
from lib.core.common import getPublicTypeMembers
from lib.core.common import getSafeExString
from lib.core.common import getUnicode
from lib.core.common import isListLike
from lib.core.common import randomStr
@@ -280,10 +281,10 @@ def decodePage(page, contentEncoding, contentType):
raise Exception("size too large")
page = data.read()
except Exception, msg:
except Exception as ex:
if "<html" not in page: # in some cases, invalid "Content-Encoding" appears for plain HTML (should be ignored)
errMsg = "detected invalid data for declared content "
errMsg += "encoding '%s' ('%s')" % (contentEncoding, msg)
errMsg += "encoding '%s' ('%s')" % (contentEncoding, getSafeExString(ex))
singleTimeLogMessage(errMsg, logging.ERROR)
warnMsg = "turning off page compression"

6
lib/request/dns.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import re
import socket
@@ -145,13 +147,13 @@ if __name__ == "__main__":
if _ is None:
break
else:
print "[i] %s" % _
print("[i] %s" % _)
time.sleep(1)
except socket.error as ex:
if 'Permission' in str(ex):
print "[x] Please run with sudo/Administrator privileges"
print("[x] Please run with sudo/Administrator privileges")
else:
raise
except KeyboardInterrupt:

5
lib/request/redirecthandler.py
View File

@@ -16,6 +16,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.common import getHostHeader
from lib.core.common import getSafeExString
from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic
from lib.core.common import readInput
@@ -75,9 +76,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
try:
content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
except Exception, msg:
except Exception as ex:
dbgMsg = "there was a problem while retrieving "
dbgMsg += "redirect response content (%s)" % msg
dbgMsg += "redirect response content ('%s')" % getSafeExString(ex)
logger.debug(dbgMsg)
finally:
if content:

8
lib/utils/hash.py
View File

@@ -770,8 +770,8 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc
except (UnicodeEncodeError, UnicodeDecodeError):
pass # ignore possible encoding problems caused by some words in custom dictionaries
except Exception, e:
warnMsg = "there was a problem while hashing entry: %s (%s). " % (repr(word), e)
except Exception as ex:
warnMsg = "there was a problem while hashing entry: %s ('%s'). " % (repr(word), getSafeExString(ex))
warnMsg += "Please report by e-mail to '%s'" % DEV_EMAIL_ADDRESS
logger.critical(warnMsg)
@@ -847,8 +847,8 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found
except (UnicodeEncodeError, UnicodeDecodeError):
pass # ignore possible encoding problems caused by some words in custom dictionaries
except Exception, e:
warnMsg = "there was a problem while hashing entry: %s (%s). " % (repr(word), e)
except Exception as ex:
warnMsg = "there was a problem while hashing entry: %s ('%s'). " % (repr(word), getSafeExString(ex))
warnMsg += "Please report by e-mail to '%s'" % DEV_EMAIL_ADDRESS
logger.critical(warnMsg)

16
lib/utils/sqlalchemy.py
View File

@@ -76,8 +76,8 @@ class SQLAlchemy(GenericConnector):
raise
except SqlmapFilePathException:
raise
except Exception, msg:
raise SqlmapConnectionException("SQLAlchemy connection issue ('%s')" % msg[0])
except Exception as ex:
raise SqlmapConnectionException("SQLAlchemy connection issue ('%s')" % ex[0])
self.printConnected()
else:
@@ -89,17 +89,17 @@ class SQLAlchemy(GenericConnector):
for row in self.cursor.fetchall():
retVal.append(tuple(row))
return retVal
except _sqlalchemy.exc.ProgrammingError, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg.message if hasattr(msg, "message") else msg)
except _sqlalchemy.exc.ProgrammingError as ex:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % ex.message if hasattr(ex, "message") else ex)
return None
def execute(self, query):
try:
self.cursor = self.connector.execute(query)
except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg.message if hasattr(msg, "message") else msg)
except _sqlalchemy.exc.InternalError, msg:
raise SqlmapConnectionException(msg[1])
except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError) as ex:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % ex.message if hasattr(ex, "message") else ex)
except _sqlalchemy.exc.InternalError as ex:
raise SqlmapConnectionException(ex[1])
def select(self, query):
self.execute(query)

4
lib/utils/timeout.py
View File

@@ -22,8 +22,8 @@ def timeout(func, args=(), kwargs={}, duration=1, default=None):
try:
self.result = func(*args, **kwargs)
self.timeout_state = TIMEOUT_STATE.NORMAL
except Exception, msg:
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, msg)
except Exception as ex:
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, ex)
self.result = default
self.timeout_state = TIMEOUT_STATE.EXCEPTION