Minor bug fixes

stamparm · stamparm · commit 31850e454402 · 2016-05-27T13:58:18.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.5.87"
+VERSION = "1.0.5.88"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
diff --git a/waf/denyall.py b/waf/denyall.py
@@ -18,7 +18,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retval = re.search(r"\Asessioncookie=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
-        retval |= code == 200 and re.search(r"\ACondition Intercepted", page, re.I) is not None
+        retval |= code == 200 and re.search(r"\ACondition Intercepted", page or "", re.I) is not None
         if retval:
             break
 
diff --git a/waf/expressionengine.py b/waf/expressionengine.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, _ = get_page(get=vector)
-        retval = "Invalid GET Data" in page
+        retval = "Invalid GET Data" in (page or "")
         if retval:
             break
 
diff --git a/waf/jiasule.py b/waf/jiasule.py
@@ -20,7 +20,7 @@ def detect(get_page):
         retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
         retval |= re.search(r"jsl_tracking", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
-        retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page, re.I) is not None
+        retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page or "", re.I) is not None
         retval |= code == 403 and "notice-jiasule" in (page or "")
         if retval:
             break
diff --git a/waf/knownsec.py b/waf/knownsec.py
@@ -16,7 +16,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, _ = get_page(get=vector)
-        retval = re.search(r"url\('/ks-waf-error\.png'\)", page, re.I) is not None
+        retval = re.search(r"url\('/ks-waf-error\.png'\)", page or "", re.I) is not None
         if retval:
             break
 
diff --git a/waf/kona.py b/waf/kona.py
@@ -17,7 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval = code in (400, 403, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is not None
+        retval = code in (400, 403, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is not None
         retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         if retval:
             break
diff --git a/waf/modsecurity.py b/waf/modsecurity.py
@@ -17,9 +17,10 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is None
+        retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is None
         retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
-        retval |= code == 406 and "This error was generated by Mod_Security" in page
+        retval |= code == 406  # specific for mod_security (and forks)
+        retval |= "This error was generated by Mod_Security" in (page or "")
         if retval:
             break
 
diff --git a/waf/paloalto.py b/waf/paloalto.py
@@ -16,7 +16,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, _ = get_page(get=vector)
-        retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page, re.I) is not None
+        retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page or "", re.I) is not None
         if retval:
             break
 
diff --git a/waf/radware.py b/waf/radware.py
@@ -16,7 +16,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, _ = get_page(get=vector)
-        retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page, re.I | re.S) is not None
+        retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page or "", re.I | re.S) is not None
         retval |= headers.get("X-SL-CompState") is not None
         if retval:
             break
diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py
@@ -14,8 +14,8 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, _ = get_page(get=vector)
-        retval = "ASP.NET has detected data in the request that is potentially dangerous" in page
-        retval |= "Request Validation has detected a potentially dangerous client input value" in page
+        retval = "ASP.NET has detected data in the request that is potentially dangerous" in (page or "")
+        retval |= "Request Validation has detected a potentially dangerous client input value" in (page or "")
         if retval:
             break
 
diff --git a/waf/senginx.py b/waf/senginx.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, _, _ = get_page(get=vector)
-        retval = "SENGINX-ROBOT-MITIGATION" in page
+        retval = "SENGINX-ROBOT-MITIGATION" in (page or "")
         if retval:
             break
 
