Fixes #5942

data/txt/sha256sums.txt

@@ -76,7 +76,7 @@ a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea  data/xml/banne
 e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18  data/xml/banner/x-aspnet-version.xml
 75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82  data/xml/banner/x-powered-by.xml
 1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634  data/xml/boundaries.xml
-20fd2f2ba35ade45f242bd3c6e92898ac90b4ee6a63dbb8740cad06f91a395e5  data/xml/errors.xml
+47c444f260fcba24bb1f13e3d4819ed846909f8d2b6e715069d6372ea30f026f  data/xml/errors.xml
 cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1  data/xml/payloads/boolean_blind.xml
 f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf  data/xml/payloads/error_based.xml
 b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/payloads/inline_query.xml
@@ -181,25 +181,25 @@ c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35  lib/core/log.py
 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3  lib/core/optiondict.py
-3ca1a6759c196aa104130af0ed47826cd01009beaa3fa836a25faabfec7dd18e  lib/core/option.py
+b244a96aa96ad8da96a60b1cb17a8483c84578523e122834e0bfa40e76ac19f9  lib/core/option.py
 fd449fe2c707ce06c929fc164cbabb3342f3e4e2b86c06f3efc1fc09ac98a25a  lib/core/patch.py
 85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d  lib/core/profiling.py
 c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readlineng.py
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-d41413ff8fc43abf7330a3202092a89de65c47f7ff489a2723fdb42f770a745a  lib/core/settings.py
+135bcf03e88c81d2cb553088c8e7a488467188267ad7940f205509f897515057  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
 6cf11d8b00fa761046686437fe90565e708809f793e88a3f02527d0e49c4d2a8  lib/core/testing.py
-1ba2ba8d39c5f655f45c7454b22870f1884ae7aa36e401e3df1a9ed4de691e3d  lib/core/threads.py
+2a179b7601026a8da092271b30ad353cdb6decd658e2614fa51983aaf6dd80e7  lib/core/threads.py
 6f61e7946e368ee1450c301aaf5a26381a8ae31fc8bffa28afc9383e8b1fbc3f  lib/core/unescaper.py
 f7245b99c17ef88cd9a626ca09c0882a5e172bb10a38a5dec9d08da6c8e2d076  lib/core/update.py
 cba481f8c79f4a75bd147b9eb5a1e6e61d70422fceadd12494b1dbaa4f1d27f4  lib/core/wordlist.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/__init__.py
 7d1d3e07a1f088428d155c0e1b28e67ecbf5f62775bdeeeb11b4388369dce0f7  lib/parse/banner.py
-d361e472853d18f5bf760efc8fb63285354971f77ce97518b8bb17be63e534f1  lib/parse/cmdline.py
+c6d1527a26014b58b8a78afb851485227b86798e36551e9ac347522ef89d7a99  lib/parse/cmdline.py
 f1ad73b6368730b8b8bc2e28b3305445d2b954041717619bede421ccc4381625  lib/parse/configfile.py
 a96b7093f30b3bf774f5cc7a622867472d64a2ae8b374b43786d155cf6203093  lib/parse/handler.py
 cfd4857ce17e0a2da312c18dcff28aefaa411f419b4e383b202601c42de40eec  lib/parse/headers.py
@@ -214,7 +214,7 @@ c56a2c170507861403e0ddebd68a111bcf3a5f5fddc7334a9de4ecd572fdcc2f  lib/request/co
 cfa172dbc459a3250db7fbaadb62b282b62d56b4f290c585d3abec01597fcd40  lib/request/connect.py
 a890be5dee3fb4f5cb8b5f35984017a5c172d587722cf0c690bf50e338deebfa  lib/request/direct.py
 a53fa3513431330ce1725a90e7e3d20f223e14605d699e1f66b41625f04439c7  lib/request/dns.py
-685b3e9855c65af3f4516b4cac1d2591bd9d653246d02b08bffa94b706115fa9  lib/request/httpshandler.py
+1e76136b68743c5b25e2d8362a57c92f736d427a76b537fe07a71eeef69cdcae  lib/request/httpshandler.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/request/__init__.py
 fcab35db1da4ac11d8c5b8291f9c87b8d7bb073c460c438374bc5a71ce5c65a6  lib/request/inject.py
 03490bed87a54bf6c42a33ac1a66f7f8504c2398534a211e7e9306f408cd506a  lib/request/methodrequest.py
@@ -246,7 +246,7 @@ af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16  lib/utils/brut
 828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55  lib/utils/crawler.py
 56b93ba38f127929346f54aa75af0db5f46f9502b16acfe0d674a209de6cad2d  lib/utils/deps.py
 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437  lib/utils/getch.py
-e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636  lib/utils/har.py
+4979120bbbc030eaef97147ee9d7d564d9683989059b59be317153cdaa23d85b  lib/utils/har.py
 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d  lib/utils/hashdb.py
 d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f  lib/utils/hash.py
 ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543  lib/utils/httpd.py
@@ -476,7 +476,7 @@ ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e  plugins/generi
 f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697  README.md
 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
-c43cc0dd5b4026083ad420c04705a031504aa503cc99ab2236010c4cbd472d39  sqlmap.conf
+a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9  sqlmap.conf
 822b706e791eba9b994b08e7600a3adfc3843d360437edfa0bfd588a1f58a13c  sqlmap.py
 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a  tamper/0eunion.py
 bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460  tamper/apostrophemask.py
@@ -605,7 +605,7 @@ fd2084a132bf180dad5359e16dac8a29a73ebfd267f7c9423c814e7853060874  thirdparty/col
 4f4b2df6de9c0a8582150c59de2eb665b75548e5a57843fb6d504671ee6e4df3  thirdparty/fcrypt/fcrypt.py
 6a70ddcae455a3876a0f43b0850a19e2d9586d43f7b913dc1ffdf87e87d4bd3f  thirdparty/fcrypt/__init__.py
 dbd1639f97279c76b07c03950e7eb61ed531af542a1bdbe23e83cb2181584fd9  thirdparty/identywaf/data.json
-5aa308d6173ad9e2a5006a719fdbfe8c20d7e14b6d70c04045b935e44caa96d0  thirdparty/identywaf/identYwaf.py
+e5c0b59577c30bb44c781d2f129580eaa003e46dcc4f307f08bc7f15e1555a2e  thirdparty/identywaf/identYwaf.py
 edf23e7105539d700a1ae1bc52436e57e019b345a7d0227e4d85b6353ef535fa  thirdparty/identywaf/__init__.py
 d846fdc47a11a58da9e463a948200f69265181f3dbc38148bfe4141fade10347  thirdparty/identywaf/LICENSE
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/__init__.py

data/xml/errors.xml

@@ -27,7 +27,7 @@
         <error regexp="Npgsql\."/>
         <error regexp="PG::SyntaxError:"/>
         <error regexp="org\.postgresql\.util\.PSQLException"/>
-        <error regexp="ERROR:\s\ssyntax error at or near"/>
+        <error regexp="ERROR:\s+syntax error at or near"/>
         <error regexp="ERROR: parser: parse error at or near"/>
         <error regexp="PostgreSQL query failed"/>
         <error regexp="org\.postgresql\.jdbc"/>
@@ -104,7 +104,7 @@
 
     <!-- Interbase/Firebird -->
     <dbms value="Firebird">
-        <error regexp="Dynamic SQL Error"/>
+        <error regexp="Dynamic SQL Error.{1,10}SQL error code"/>
         <error regexp="Warning.*?\Wibase_"/>
         <error regexp="org\.firebirdsql\.jdbc"/>
         <error regexp="Pdo[./_\\]Firebird"/>
@@ -122,6 +122,7 @@
         <error regexp="org\.sqlite\.JDBC"/>
         <error regexp="Pdo[./_\\]Sqlite"/>
         <error regexp="SQLiteException"/>
+        <error regexp="SqliteError:"/>
     </dbms>
 
     <dbms value="SAP MaxDB">
@@ -129,7 +130,7 @@
         <error regexp="Warning.*?\Wmaxdb_"/>
         <error regexp="DriverSapDB"/>
         <error regexp="-3014.*?Invalid end of SQL statement"/>
-        <error regexp="com\.sap\.dbtech\.jdbc"/>
+        <error regexp="com\.sap\.db(tech)?\.jdbc"/>
         <error regexp="\[-3008\].*?: Invalid keyword or missing delimiter"/>
     </dbms>
 
@@ -164,7 +165,7 @@
 
     <dbms value="H2">
         <error regexp="org\.h2\.jdbc"/>
-        <error regexp="\[42000-192\]"/>
+        <error regexp="\[42000-\d+\]"/>
     </dbms>
 
     <dbms value="MonetDB">
@@ -211,7 +212,7 @@
     </dbms>
 
     <dbms value="ClickHouse">
-        <error regexp="Code: \d+. DB::Exception:"/>
+        <error regexp="Code: \d+[., ]+DB::Exception:"/>
         <error regexp="Syntax error: failed at position \d+"/>
     </dbms>
 

lib/core/option.py

@@ -2517,7 +2517,7 @@ def _setTorSocksProxySettings():
     socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port)
     socks.wrapmodule(_http_client)
 
-def _setHttpChunked():
+def _setHttpOptions():
     if conf.chunked and conf.data:
         if hasattr(_http_client.HTTPConnection, "_set_content_length"):
             _http_client.HTTPConnection._set_content_length = lambda self, *args, **kwargs: None
@@ -2531,7 +2531,10 @@ def _setHttpChunked():
 
             _http_client.HTTPConnection.putheader = putheader
 
-def _checkWebSocket():
+    if conf.http10:
+        _http_client.HTTPConnection._http_vsn = 10
+        _http_client.HTTPConnection._http_vsn_str = 'HTTP/1.0'
+
     if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")):
         try:
             from websocket import ABNF
@@ -2918,8 +2921,7 @@ def init():
     _setPostprocessFunctions()
     _setTrafficOutputFP()
     _setupHTTPCollector()
-    _setHttpChunked()
-    _checkWebSocket()
+    _setHttpOptions()
 
     parseTargetDirect()
 

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.8.0"
+VERSION = "1.9.8.7"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/core/threads.py

@@ -166,8 +166,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                 _threadFunction()
             except (SqlmapUserQuitException, SqlmapSkipTargetException):
                 pass
-            finally:
-                return
+            return
 
         kb.multiThreadMode = True
 

lib/parse/cmdline.py

@@ -177,6 +177,9 @@ def cmdLineParser(argv=None):
         request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true",
             help="Ignore Set-Cookie header from response")
 
+        request.add_argument("--http1.0", dest="http10", action="store_true",
+            help="Use HTTP version 1.0 (old)")
+
         request.add_argument("--http2", dest="http2", action="store_true",
             help="Use HTTP version 2 (experimental)")
 

lib/request/httpshandler.py

@@ -92,7 +92,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                         break
                     else:
                         sock.close()
-                except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:
+                except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex:
                     self._tunnel_host = None
                     logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
 

lib/utils/har.py

@@ -162,6 +162,9 @@ class Response(object):
         response = _http_client.HTTPResponse(FakeSocket(altered))
         response.begin()
 
+        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5942
+        response.length = len(raw[raw.find(b"\r\n\r\n") + 4:])
+
         try:
             content = response.read()
         except _http_client.IncompleteRead:

sqlmap.conf

@@ -61,6 +61,10 @@ loadCookies =
 # Valid: True or False
 dropSetCookie = False
 
+# Use HTTP version 1.0 (old).
+# Valid: True or False
+http10 = False
+
 # Use HTTP version 2 (experimental).
 # Valid: True or False
 http2 = False

thirdparty/identywaf/identYwaf.py

@@ -63,11 +63,11 @@ NAME = "identYwaf"
 VERSION = "1.0.131"
 BANNER = r"""
                                    ` __ __ `
- ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____ 
+ ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____
 l    j|   \    /  _]|    \ |      T`|  |  |`|  T__T  T /    T|   __|
  |  T |    \  /  [_ |  _  Yl_j  l_j`|  ~  |`|  |  |  |Y  o  ||  l_
  |  | |  D  YY    _]|  |  |  |  |  `|___  |`|  |  |  ||     ||   _|
- j  l |     ||   [_ |  |  |  |  |  `|     !` \      / |  |  ||  ] 
+ j  l |     ||   [_ |  |  |  |  |  `|     !` \      / |  |  ||  ]
 |____jl_____jl_____jl__j__j  l__j  `l____/ `  \_/\_/  l__j__jl__j  (%s)%s""".strip("\n") % (VERSION, "\n")
 
 RAW, TEXT, HTTPCODE, SERVER, TITLE, HTML, URL = xrange(7)
@@ -338,7 +338,7 @@ def load_data():
     global WAF_RECOGNITION_REGEX
 
     if os.path.isfile(DATA_JSON_FILE):
-        with codecs.open(DATA_JSON_FILE, "rb", encoding="utf8") as f:
+        with open(DATA_JSON_FILE, "r") as f:
             DATA_JSON.update(json.load(f))
 
         WAF_RECOGNITION_REGEX = ""
@@ -371,7 +371,7 @@ def init():
         if os.path.isfile(options.proxy_file):
             print(colorize("[o] loading proxy list..."))
 
-            with codecs.open(options.proxy_file, "rb", encoding="utf8") as f:
+            with open(options.proxy_file, "r") as f:
                 proxies.extend(re.sub(r"\s.*", "", _.strip()) for _ in f.read().strip().split('\n') if _.startswith("http"))
                 random.shuffle(proxies)
         else: