Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 84ed7f1

Browse files
bdamelebdamele
committed
Cosmetic fixes
1 parent 1336b97 commit 84ed7f1

2 files changed

Lines changed: 37 additions & 7 deletions

File tree

lib/controller/checks.py

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,15 @@ def heuristicCheckSqlInjection(place, parameter, value):
9999
postfix = conf.postfix
100100

101101
payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
102+
102103
if place == "URI":
103104
payload = conf.paramDict[place][parameter].replace('*', payload)
105+
104106
Request.queryPage(payload, place)
105107
result = kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID
108+
106109
infoMsg = "(error based) heuristics show that %s parameter '%s' is " % (place, parameter)
110+
107111
if result:
108112
infoMsg += "injectable"
109113
logger.info(infoMsg)
@@ -147,6 +151,7 @@ def checkDynamicContent(*pages):
147151
This function checks if the provided pages have dynamic content. If they
148152
are dynamic, their content differs at specific lines.
149153
"""
154+
150155
infoMsg = "searching for dynamic content"
151156
logger.info(infoMsg)
152157

@@ -170,6 +175,7 @@ def checkDynamicContent(*pages):
170175

171176
for other in kb.dynamicContent:
172177
found = True
178+
173179
if other.pageTotal == item.pageTotal:
174180
if isinstance(other.lineNumber, int):
175181
if other.lineNumber == item.lineNumber - 1:
@@ -235,28 +241,34 @@ def checkStability():
235241

236242
elif not condition:
237243
warnMsg = "url is not stable, sqlmap will base the page "
238-
warnMsg += "comparison on a sequence matcher. if no dynamic nor "
239-
warnMsg += "injectable parameters are detected, or in case of junk "
240-
warnMsg += "results, refer to user's "
241-
warnMsg += "manual paragraph 'Page comparison' and provide a "
242-
warnMsg += "string or regular expression to match on"
244+
warnMsg += "comparison on a sequence matcher. If no dynamic nor "
245+
warnMsg += "injectable parameters are detected, or in case of "
246+
warnMsg += "junk results, refer to user's manual paragraph "
247+
warnMsg += "'Page comparison' and provide a string or regular "
248+
warnMsg += "expression to match on"
243249
logger.warn(warnMsg)
244250

245251
message = "how do you want to proceed? [C(ontinue)/s(tring)/r(egex)/q(uit)] "
246252
test = readInput(message, default="C")
253+
247254
if test and test[0] in ("q", "Q"):
248255
raise sqlmapUserQuitException
256+
249257
elif test and test[0] in ("s", "S"):
250258
showStaticWords(firstPage, secondPage)
259+
251260
message = "please enter value for parameter 'string': "
252261
test = readInput(message)
262+
253263
if test:
254264
conf.string = test
255265
else:
256266
raise sqlmapSilentQuitException
267+
257268
elif test and test[0] in ("r", "R"):
258269
message = "please enter value for parameter 'regex': "
259270
test = readInput(message)
271+
260272
if test:
261273
conf.regex = test
262274
else:

lib/core/common.py

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1107,33 +1107,42 @@ def sanitizeAsciiString(subject):
11071107

11081108
def preparePageForLineComparison(page):
11091109
retVal = page
1110+
11101111
if isinstance(page, basestring):
11111112
return page.replace("><", ">\n<").replace("<br>", "\n").splitlines()
1113+
11121114
return retVal
11131115

11141116
def getFilteredPageContent(page):
11151117
retVal = page
1118+
11161119
if isinstance(page, basestring):
11171120
retVal = re.sub(r"(?s)<script.+?</script>|<style.+?</style>|<[^>]+>|\t|\n|\r", " ", page)
1121+
11181122
while retVal.find(" ") != -1:
11191123
retVal = retVal.replace(" ", " ")
1124+
11201125
return retVal
11211126

11221127
def getPageTextWordsSet(page):
11231128
retVal = None
1129+
11241130
if isinstance(page, basestring):
11251131
page = getFilteredPageContent(page)
11261132
retVal = set(re.findall(r"\w+", page))
1133+
11271134
return retVal
11281135

11291136
def showStaticWords(firstPage, secondPage):
11301137
infoMsg = "finding static words in longest matching part of dynamic page content"
11311138
logger.info(infoMsg)
1139+
11321140
firstPage = getFilteredPageContent(firstPage)
11331141
secondPage = getFilteredPageContent(secondPage)
11341142
match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage))
11351143
commonText = firstPage[match[0]:match[0]+match[2]]
11361144
commonWords = getPageTextWordsSet(commonText)
1145+
11371146
infoMsg = "static words: "
11381147

11391148
if commonWords:
@@ -1190,6 +1199,7 @@ def posixToNtSlashes(filepath):
11901199
>>> posixToNtSlashes('C:/Windows')
11911200
'C:\\\\Windows'
11921201
"""
1202+
11931203
return filepath.replace('/', '\\')
11941204

11951205
def ntToPosixSlashes(filepath):
@@ -1199,6 +1209,7 @@ def ntToPosixSlashes(filepath):
11991209
>>> ntToPosixSlashes('C:\\Windows')
12001210
'C:/Windows'
12011211
"""
1212+
12021213
return filepath.replace('\\', '/')
12031214

12041215
def isBase64EncodedString(subject):
@@ -1209,6 +1220,7 @@ def isBase64EncodedString(subject):
12091220
>>> isBase64EncodedString('123456')
12101221
False
12111222
"""
1223+
12121224
return re.match(r"\A(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z", subject) is not None
12131225

12141226
def isHexEncodedString(subject):
@@ -1219,6 +1231,7 @@ def isHexEncodedString(subject):
12191231
>>> isHexEncodedString('test')
12201232
False
12211233
"""
1234+
12221235
return re.match(r"\A[0-9a-fA-F]+\Z", subject) is not None
12231236

12241237
def getConsoleWidth(default=80):
@@ -1229,12 +1242,14 @@ def getConsoleWidth(default=80):
12291242
else:
12301243
output=subprocess.Popen('stty size', shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE).stdout.read()
12311244
items = output.split()
1245+
12321246
if len(items) == 2 and items[1].isdigit():
12331247
width = int(items[1])
12341248

12351249
if width is None:
12361250
try:
12371251
import curses
1252+
12381253
stdscr = curses.initscr()
12391254
_, width = stdscr.getmaxyx()
12401255
curses.endwin()
@@ -1268,10 +1283,13 @@ def calculateDeltaSeconds(start, epsilon=0.05):
12681283

12691284
def getInjectionCase(name):
12701285
retVal = None
1286+
12711287
for case in kb.injections.root.case:
12721288
if case.name == name:
12731289
retVal = case
1290+
12741291
break
1292+
12751293
return retVal
12761294

12771295
def initCommonOutputs():
@@ -1302,9 +1320,9 @@ def getFileItems(filename):
13021320
retVal = []
13031321

13041322
checkFile(filename)
1305-
file = codecs.open(filename, 'r', conf.dataEncoding)
1323+
ifile = codecs.open(filename, 'r', conf.dataEncoding)
13061324

1307-
for line in file.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
1325+
for line in ifile.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
13081326
if line.find('#') != -1:
13091327
line = line[:line.find('#')]
13101328
line = line.strip()

0 commit comments

Comments
 (0)