Couple of drei patches

stamparm · stamparm · commit 285482b39646 · 2019-05-07T23:00:15.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.41"
+VERSION = "1.3.5.42"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -803,7 +803,7 @@ class _(dict):
                 responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, code, status)
 
             if responseHeaders:
-                logHeaders = getUnicode("".join(responseHeaders.headers).strip() if six.PY2 else responseHeaders.__bytes__())
+                logHeaders = getUnicode("".join(responseHeaders.headers).strip())
 
             logHTTPTraffic(requestMsg, "%s%s\r\n\r\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]), start, time.time())
 
diff --git a/lib/utils/purge.py b/lib/utils/purge.py
@@ -5,6 +5,7 @@
 See the file 'LICENSE' for copying permission
 """
 
+import functools
 import os
 import random
 import shutil
@@ -14,6 +15,7 @@
 from lib.core.common import getSafeExString
 from lib.core.compat import xrange
 from lib.core.data import logger
+from thirdparty import six
 
 def purge(directory):
     """
@@ -66,7 +68,10 @@ def purge(directory):
         except:
             pass
 
-    dirpaths.sort(cmp=lambda x, y: y.count(os.path.sep) - x.count(os.path.sep))
+    if six.PY2:
+        dirpaths.sort(cmp=lambda x, y: y.count(os.path.sep) - x.count(os.path.sep))
+    else:
+        dirpaths.sort(key=functools.cmp_to_key(lambda x, y: y.count(os.path.sep) - x.count(os.path.sep)))
 
     logger.debug("renaming directory names to random values")
     for dirpath in dirpaths:
diff --git a/waf/chinacache.py b/waf/chinacache.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and headers.get("Powered-By-ChinaCache") is not None
+        retval |= (code or 0) >= 400 and headers.get("Powered-By-ChinaCache") is not None
 
         if retval:
             break
diff --git a/waf/cloudbric.py b/waf/cloudbric.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
+        retval |= (code or 0) >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
         if retval:
             break
 
diff --git a/waf/cloudflare.py b/waf/cloudflare.py
@@ -18,7 +18,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
 
-        if code >= 400:
+        if (code or 0) >= 400:
             retval |= re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
             retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
             retval |= headers.get("cf-ray") is not None
diff --git a/waf/crawlprotect.py b/waf/crawlprotect.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, code = get_page(get=vector)
-        retval |= code >= 400 and "This site is protected by CrawlProtect" in (page or "")
+        retval |= (code or 0) >= 400 and "This site is protected by CrawlProtect" in (page or "")
         retval |= "<title>CrawlProtect" in (page or "")
         if retval:
             break
diff --git a/waf/generic.py b/waf/generic.py
@@ -19,13 +19,13 @@ def detect(get_page):
     retval = False
 
     original, _, code = get_page()
-    if original is None or code >= 400:
+    if original is None or (code or 0) >= 400:
         return False
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
 
-        if code >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
+        if (code or 0) >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
             if code is not None:
                 kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(getUnicode(_) for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), getUnicode(page or ""))
 
diff --git a/waf/kona.py b/waf/kona.py
@@ -17,7 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         if retval:
             break
 
diff --git a/waf/secureentry.py b/waf/secureentry.py
@@ -17,7 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         if retval:
             break
 
diff --git a/waf/urlmaster.py b/waf/urlmaster.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, code = get_page(get=vector)
-        retval |= code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
+        retval |= (code or 0) >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
         if retval:
             break
 
diff --git a/waf/varnish.py b/waf/varnish.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, code = get_page(get=vector)
-        retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
+        retval |= (code or 0) >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
         if retval:
             break
 
diff --git a/waf/watchguard.py b/waf/watchguard.py
@@ -17,7 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         retval |= "Request denied by WatchGuard Firewall" in (page or "")
         if retval:
             break
diff --git a/waf/zenedge.py b/waf/zenedge.py
@@ -17,7 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval |= code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= (code or 0) >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         retval |= all(_ in (page or "") for _ in ("Your request has been blocked", "Incident ID", "/__zenedge/assets/"))
         if retval:
             break
