Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6666188

Browse files
stamparmstamparm
committed
To prevent ugly unhandled cases like #3523 
1 parent 09e8c26 commit 6666188

3 files changed

Lines changed: 5 additions & 5 deletions

File tree

lib/core/common.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3501,7 +3501,7 @@ def maskSensitiveData(msg):
35013501
retVal = retVal.replace(value, '*' * len(value))
35023502

35033503
# Just in case (for problematic parameters regarding user encoding)
3504-
for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie)( |=)(.*?)(?= -?-[a-z]|\Z)", retVal):
3504+
for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie|auth-\w+|proxy)( |=)(.*?)(?= -?-[a-z]|\Z)", retVal):
35053505
retVal = retVal.replace(match.group(3), '*' * len(match.group(3)))
35063506

35073507
# Fail-safe substitution

lib/core/settings.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.3.3.10"
22+
VERSION = "1.3.3.11"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -378,7 +378,7 @@
378378
URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z"
379379

380380
# Regex used for masking sensitive data
381-
SENSITIVE_DATA_REGEX = r"(\s|=)(?P<result>[^\s=]*%s[^\s]*)\s"
381+
SENSITIVE_DATA_REGEX = r"(\s|=)(?P<result>[^\s=]*\b%s\b[^\s]*)\s"
382382

383383
# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)
384384
SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "fileRead", "fileWrite", "fileDest", "testParameter", "authCred")

txt/checksum.md5

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py
3030
fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py
3131
ed7874be0d2d3802f3d20184f2b280d5 lib/core/agent.py
3232
a932126e7d80e545c5d44af178d0bc0c lib/core/bigarray.py
33-
8996b4b377b859dc69de323416615f2f lib/core/common.py
33+
a929b8d7bb1ad777e882fa21d1795d98 lib/core/common.py
3434
de8d27ae6241163ff9e97aa9e7c51a18 lib/core/convert.py
3535
abcb1121eb56d3401839d14e8ed06b6e lib/core/data.py
3636
00828c4455321b6987e3f882f4ef4f92 lib/core/datatype.py
@@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
5050
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
5151
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
5252
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
53-
1ed091ad5a1a44ecff6809e8e3079644 lib/core/settings.py
53+
eb07a9af69c00494766108efe4df86a7 lib/core/settings.py
5454
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
5555
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
5656
0a5b0a97a36c19022665f66858fd7450 lib/core/target.py

0 commit comments

Comments
 (0)