Skip to content

Commit e24678f

Browse files
committed
Couple of bug fixes
1 parent bc4ce6e commit e24678f

11 files changed

Lines changed: 66 additions & 34 deletions

File tree

data/txt/sha256sums.txt

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,7 @@ c4590a37dc1372be29b9ba8674b5e12bcda6ab62c5b2d18dab20bcb73a4ffbeb doc/translatio
118118
8c4b528855c2391c91ec1643aeff87cae14246570fd95dac01b3326f505cd26e extra/beep/beep.py
119119
509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9 extra/beep/beep.wav
120120
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 extra/beep/__init__.py
121-
b8d919ad6c632a9f5b292ee6c0476e9b092a39c0727fe89d12102d1938217116 extra/cloak/cloak.py
121+
7f6394c9b3566bf93fc10020bc584aa8fac36dc11c3c523096eadc63ab243ec9 extra/cloak/cloak.py
122122
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 extra/cloak/__init__.py
123123
6879b01859b2003fbab79c5188fce298264cd00300f9dcecbe1ffd980fe2e128 extra/cloak/README.txt
124124
4b6d44258599f306186a24e99d8648d94b04d85c1f2c2a442b15dc26d862b41e extra/dbgtool/dbgtool.py
@@ -169,7 +169,7 @@ bc655c5f09a4048e53d2fec5f65e9e45024c2ad9882b8824b0d338917fd6496b lib/core/agent
169169
ca3e5ce56cb1cae0a8e815425ab6810068004bffe8861d1037c7c87c0ae02477 lib/core/bigarray.py
170170
c91b6b9429a50d28b88334e3f88557d40a01893a7e69c30186c2f6efd0ce9906 lib/core/common.py
171171
8f1272487e1adfcc8c755a2f56f0c6d21eac5e685a73a9a159482f9dc9142bc5 lib/core/compat.py
172-
e37bfd314a46699b14e1c8a5ea851d546d3a36bea8e5f37466ef2921ff78fefd lib/core/convert.py
172+
742bce10b97034966021ec60c7ac294db4af4fe7893613d63172a02c29f009f8 lib/core/convert.py
173173
c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data.py
174174
6acb645b1f285b21673c70824b03f6209acc5993b50e50da5ed2c713a30626f5 lib/core/datatype.py
175175
70fb2528e580b22564899595b0dff6b1bc257c6a99d2022ce3996a3d04e68e4e lib/core/decorators.py
@@ -182,13 +182,13 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data.
182182
914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad lib/core/log.py
183183
67ea32c993cbf23cdbd5170360c020ca33363b7c516ff3f8da4124ef7cb0254d lib/core/optiondict.py
184184
3ff871fe8391952c3ec3bb528ba592a13926c80ca0b68fd322a317f69a651ef7 lib/core/option.py
185-
3371a9c79ad7d2eb578e705cb077098a9f63cabb5472e4e66c4dac094a438bcd lib/core/patch.py
185+
2e66d74a4d9adb9ce30f48e22ab83b7fdccb54e7ea7b74a6104bda7d80a71a7a lib/core/patch.py
186186
49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec lib/core/profiling.py
187187
03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04 lib/core/readlineng.py
188188
48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py
189189
0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py
190190
888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py
191-
a1b8c758a0b9a4952c015bc46bb68b779a7b2e75b73419318bf4c9b6d91ab702 lib/core/settings.py
191+
40244898d0eb5e2634a6794d78fa29315e9e4b9c6f773133a29dd20259bc63a0 lib/core/settings.py
192192
cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py
193193
bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py
194194
70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py
@@ -203,12 +203,12 @@ b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02 lib/core/unesc
203203
02d82e4069bd98c52755417f8b8e306d79945672656ac24f1a45e7a6eff4b158 lib/parse/configfile.py
204204
c5b258be7485089fac9d9cd179960e774fbd85e62836dc67cce76cc028bb6aeb lib/parse/handler.py
205205
5c9a9caee948843d5537745640cc7b98d70a0412cc0949f59d4ebe8b2907c06c lib/parse/headers.py
206-
1ad9054cd8476a520d4e2c141085ae45d94519df5c66f25fac41fe7d552ab952 lib/parse/html.py
206+
ea9b195e5f5030b96d1993c106c1e13fb5c7faaf6bdc5daacfd06ec984e7f323 lib/parse/html.py
207207
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/parse/__init__.py
208208
d2e771cdacef25ee3fdc0e0355b92e7cd1b68f5edc2756ffc19f75d183ba2c73 lib/parse/payloads.py
209-
455ab0ec63e55cd56ce4a884b85bdc089223155008cab0f3696da5a33118f95b lib/parse/sitemap.py
209+
c2f34e27578742e729c2fa9c1d4f0a0d8f8f7f4cf0fc14c62ec817a260c71dec lib/parse/sitemap.py
210210
1be3da334411657461421b8a26a0f2ff28e1af1e28f1e963c6c92768f9b0847c lib/request/basicauthhandler.py
211-
de8e087e041e3252e6dd60d171a0cfe349f1e11764274108e8e13ba5be992ef3 lib/request/basic.py
211+
369484a2999d29f49bf839a329d1686ed94f6ea27c695e027fe08c8da51f30a3 lib/request/basic.py
212212
bc61bc944b81a7670884f82231033a6ac703324b34b071c9834886a92e249d0e lib/request/chunkedhandler.py
213213
09c2d8786fb5280f5f14a7b4345ecb2e7c2ca836ee06a6cf9b51770df923d94c lib/request/comparison.py
214214
c4a0759ee29ce8a29648090660dc273494abef9bda52430c38e41675a9b6ac6a lib/request/connect.py
@@ -241,7 +241,7 @@ f552b6140d4069be6a44792a08f295da8adabc1c4bb6a5e100f222f87144ca9d lib/techniques
241241
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/techniques/union/__init__.py
242242
30cae858e2a5a75b40854399f65ad074e6bb808d56d5ee66b94d4002dc6e101b lib/techniques/union/test.py
243243
a8a795f29ec6fd66482926f04b054ed492a033982c3b7837c5d2ea32368acec0 lib/techniques/union/use.py
244-
5832f1b9cce5e8fe71cc1e07a690fa30f2bc0caa07e734220372a846aae6b95f lib/utils/api.py
244+
7c33894b640d93fc8062781525586791479c9984c3de04283826642e5c7c4374 lib/utils/api.py
245245
442555ab85277aff7c9e0cf465ea5b0d28395c326f68363449b2d3941f4b6de2 lib/utils/brute.py
246246
da5bcbcda3f667582adf5db8c1b5d511b469ac61b55d387cec66de35720ed718 lib/utils/crawler.py
247247
a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb lib/utils/deps.py
@@ -253,11 +253,11 @@ a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb lib/utils/deps
253253
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/utils/__init__.py
254254
e7d31de0e268c129ee11c590eb618f73a85e1022c08b8ed1f77753043c949214 lib/utils/pivotdumptable.py
255255
c1dfc3bed0fed9b181f612d1d747955dd2b506dbe99bc9fd481495602371473a lib/utils/progress.py
256-
27afe211030d06db28df85296bfbf698296c94440904c390cef0ff0c259dbbc5 lib/utils/purge.py
256+
2cd84db16edef8c9948e197a51d870cf1c338f4a89037b4d422de990f4a45237 lib/utils/purge.py
257257
f635872093a12cd63a72d77adf88e8f8cd4084a5cc64384f12966cd75a499bdf lib/utils/safe2bin.py
258258
de4be7e291db0962cd59f9c04b3f7259f846e315df1fd9b323954f89fae0b2db lib/utils/search.py
259259
8258d0f54ad94e6101934971af4e55d5540f217c40ddcc594e2fba837b856d35 lib/utils/sgmllib.py
260-
92361b3c14ca472f0f89c275814da021c4f0e2de6ffa1bffc691b4cdc38d59dc lib/utils/sqlalchemy.py
260+
2760c4b82382e501f16bb98edec9531f46e5b286fbf004b346545b9b62f84824 lib/utils/sqlalchemy.py
261261
f0e5525a92fe971defc8f74c27942ff9138b1e8251f2e0d9a8bd59285b656084 lib/utils/timeout.py
262262
f821dc39a75ea48dccfa758788de15d38b9ca6a780a98f59935fb6610f75508c lib/utils/tui.py
263263
e430db49aa768ff2cdba76932e30871c366054599c44d91580dde459ab9b6fef lib/utils/versioncheck.py

extra/cloak/cloak.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,8 +43,6 @@ def decloak(inputFile=None, data=None):
4343
print(ex)
4444
print('ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile)
4545
sys.exit(1)
46-
finally:
47-
f.close()
4846

4947
return data
5048

lib/core/convert.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ def base64pickle(value):
4545
4646
>>> base64unpickle(base64pickle([1, 2, 3])) == [1, 2, 3]
4747
True
48+
>>> isinstance(base64unpickle(base64pickle(BigArray([1, 2, 3]))), BigArray)
49+
True
4850
"""
4951

5052
retVal = None

lib/core/patch.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -182,15 +182,17 @@ def reject(*args): raise ValueError("XML entities are forbidden")
182182
import pickle
183183
if not getattr(pickle, "_patched", False):
184184
class RestrictedUnpickler(pickle.Unpickler):
185+
# Note: allowlist (not blacklist) - a module blacklist is bypassable (e.g. importlib/ctypes/operator), so only
186+
# explicitly-safe builtin data types and sqlmap's own (and bundled) classes are permitted to be unpickled
185187
def find_class(self, module, name):
186-
# blacklist for OS-level execution modules
187-
if module in ("os", "subprocess", "sys", "posix", "nt", "pty", "commands", "shutil"):
188+
# safe builtin data types only (blocks eval/exec/__import__/getattr/etc.)
189+
if module in ("builtins", "__builtin__"):
190+
if name not in ("set", "frozenset", "dict", "list", "tuple", "int", "float", "bool", "str", "bytes", "bytearray", "object", "NoneType", "complex"):
191+
raise ValueError("unpickling of '%s.%s' is forbidden" % (module, name))
192+
# everything else must be one of sqlmap's own (or bundled) classes (e.g. lib.core.datatype.AttribDict)
193+
elif (module or "").split(".")[0] not in ("lib", "plugins", "thirdparty"):
188194
raise ValueError("unpickling of module '%s' is forbidden" % module)
189195

190-
# partial whitelist for builtins to allow safe data types but block eval/exec/__import__
191-
if module in ("builtins", "__builtin__") and name not in ("set", "frozenset", "dict", "list", "tuple", "int", "float", "bool", "str", "bytes", "bytearray", "object", "NoneType"):
192-
raise ValueError("unpickling of '%s.%s' is forbidden" % (module, name))
193-
194196
# Python 2/3 method resolution
195197
if hasattr(pickle.Unpickler, "find_class"):
196198
return pickle.Unpickler.find_class(self, module, name)

lib/core/settings.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
from thirdparty import six
2121

2222
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
23-
VERSION = "1.10.6.99"
23+
VERSION = "1.10.6.100"
2424
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2525
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2626
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -681,6 +681,9 @@
681681
# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149
682682
DUMP_FILE_BUFFER_SIZE = 1024
683683

684+
# Block size used for the in-place secure-overwrite passes of '--purge' (bounds peak memory regardless of file size)
685+
PURGE_BLOCK_SIZE = 1024 * 1024
686+
684687
# Parse response headers only first couple of times
685688
PARSE_HEADERS_LIMIT = 3
686689

lib/parse/html.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,11 @@ def __init__(self, page):
2727

2828
self._dbms = None
2929
self._page = (page or "")
30+
self._urldecodedPage = urldecode(self._page)
3031
try:
31-
self._lower_page = self._page.lower()
32+
self._lowerPage = self._urldecodedPage.lower() # Note: keyword pre-filter must match the page that re.search() runs on (the URL-decoded one)
3233
except SystemError: # https://bugs.python.org/issue18183
33-
self._lower_page = None
34-
self._urldecoded_page = urldecode(self._page)
34+
self._lowerPage = None
3535

3636
self.dbms = None
3737

@@ -53,7 +53,7 @@ def startElement(self, name, attrs):
5353
keywords = sorted(keywords, key=len)
5454
kb.cache.regex[regexp] = keywords[-1].lower()
5555

56-
if ('|' in regexp or kb.cache.regex[regexp] in (self._lower_page or kb.cache.regex[regexp])) and re.search(regexp, self._urldecoded_page, re.I):
56+
if ('|' in regexp or kb.cache.regex[regexp] in (self._lowerPage or kb.cache.regex[regexp])) and re.search(regexp, self._urldecodedPage, re.I):
5757
self.dbms = self._dbms
5858
self._markAsErrorPage()
5959
kb.forkNote = kb.forkNote or attrs.get("fork")

lib/parse/sitemap.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ def parseSitemap(url, retVal=None, visited=None):
4141
raise SqlmapSyntaxException(errMsg)
4242

4343
if content:
44-
content = re.sub(r"", "", content, flags=re.DOTALL)
44+
content = re.sub(r"<!--.*?-->", "", content, flags=re.DOTALL) # Note: strip (possibly multi-line) XML comments so commented-out <loc> entries aren't harvested
4545

4646
for match in re.finditer(r"<\w*?loc[^>]*>\s*([^<]+)", content, re.I):
4747
if abortedFlag:

lib/request/basic.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,8 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True):
284284
'\\t'
285285
>>> getText(decodePage(b"&#x4A;", None, "text/html; charset=utf-8"))
286286
'J'
287+
>>> decodePage(b"&#x2122;", None, "text/html; charset=utf-8") == u"\u2122"
288+
True
287289
"""
288290

289291
if not page or (conf.nullConnection and len(page) < 2):
@@ -379,6 +381,16 @@ def _(match):
379381
return retVal
380382
page = re.sub(r"&#(\d+);", _, page)
381383

384+
# e.g. &#x2019;&#x2026;&#x2122; (hex numeric refs >= U+0100; smaller ones already handled at byte-level)
385+
def _(match):
386+
retVal = match.group(0)
387+
try:
388+
retVal = _unichr(int(match.group(1), 16))
389+
except (ValueError, OverflowError):
390+
pass
391+
return retVal
392+
page = re.sub(r"(?i)&#x([0-9a-f]+);", _, page)
393+
382394
# e.g. &zeta;
383395
page = re.sub(r"&([^;]+);", lambda _: _unichr(HTML_ENTITIES[_.group(1)]) if HTML_ENTITIES.get(_.group(1), 0) > 255 else _.group(0), page)
384396
else:

lib/utils/api.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -327,10 +327,10 @@ def check_authentication():
327327
except:
328328
request.environ["PATH_INFO"] = "/error/401"
329329
else:
330-
if creds.count(':') != 1:
330+
if ':' not in creds:
331331
request.environ["PATH_INFO"] = "/error/401"
332332
else:
333-
username, password = creds.split(':')
333+
username, password = creds.split(':', 1)
334334
if username.strip() != (DataStore.username or "") or password.strip() != (DataStore.password or ""):
335335
request.environ["PATH_INFO"] = "/error/401"
336336

lib/utils/purge.py

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,9 @@
1313
import string
1414

1515
from lib.core.common import getSafeExString
16-
from lib.core.common import openFile
17-
from lib.core.compat import xrange
1816
from lib.core.convert import getUnicode
1917
from lib.core.data import logger
20-
from thirdparty.six import unichr as _unichr
18+
from lib.core.settings import PURGE_BLOCK_SIZE
2119

2220
def purge(directory):
2321
"""
@@ -46,12 +44,25 @@ def purge(directory):
4644
except:
4745
pass
4846

49-
logger.debug("writing random data to files")
47+
logger.debug("overwriting file contents")
5048
for filepath in filepaths:
5149
try:
5250
filesize = os.path.getsize(filepath)
53-
with openFile(filepath, "w+") as f:
54-
f.write("".join(_unichr(random.randint(0, 255)) for _ in xrange(filesize)))
51+
if filesize:
52+
# Note: NIST SP 800-88 ("Clear") / DoD 5220.22-M style multi-pass in-place overwrite
53+
# (zeros, ones, random) forcing each pass to disk; performed BEFORE the truncation below
54+
# so the original bytes are actually overwritten and not just released to free blocks.
55+
# Written in bounded blocks so peak memory stays O(PURGE_BLOCK_SIZE), not O(filesize)
56+
with open(filepath, "r+b") as f:
57+
for getBlock in (lambda n: b"\x00" * n, lambda n: b"\xff" * n, lambda n: os.urandom(n)):
58+
f.seek(0)
59+
remaining = filesize
60+
while remaining > 0:
61+
count = min(PURGE_BLOCK_SIZE, remaining)
62+
f.write(getBlock(count))
63+
remaining -= count
64+
f.flush()
65+
os.fsync(f.fileno())
5566
except:
5667
pass
5768

0 commit comments

Comments
 (0)