Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8cd257c

Browse files
stamparmstamparm
committed
Implementation for #3505 
1 parent 10977ca commit 8cd257c

6 files changed

Lines changed: 95 additions & 6 deletions

File tree

lib/core/enums.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -377,6 +377,7 @@ class MKSTEMP_PREFIX:
377377
COOKIE_JAR = "sqlmapcookiejar-"
378378
BIG_ARRAY = "sqlmapbigarray-"
379379
SPECIFIC_RESPONSE = "sqlmapresponse-"
380+
PREPROCESS = "sqlmappreprocess-"
380381

381382
class TIMEOUT_STATE:
382383
NORMAL = 0

lib/core/option.py

Lines changed: 77 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@
7676
from lib.core.enums import DUMP_FORMAT
7777
from lib.core.enums import HTTP_HEADER
7878
from lib.core.enums import HTTPMETHOD
79+
from lib.core.enums import MKSTEMP_PREFIX
7980
from lib.core.enums import MOBILES
8081
from lib.core.enums import OPTION_TYPE
8182
from lib.core.enums import PAYLOAD
@@ -825,6 +826,80 @@ def _setTamperingFunctions():
825826
for _, function in priorities:
826827
kb.tamperFunctions.append(function)
827828

829+
def _setPreprocessFunctions():
830+
"""
831+
Loads preprocess functions from given script(s)
832+
"""
833+
834+
if conf.preprocess:
835+
for script in re.split(PARAMETER_SPLITTING_REGEX, conf.preprocess):
836+
found = False
837+
838+
script = script.strip().encode(sys.getfilesystemencoding() or UNICODE_ENCODING)
839+
840+
try:
841+
if not script:
842+
continue
843+
844+
if not os.path.exists(script):
845+
errMsg = "preprocess script '%s' does not exist" % script
846+
raise SqlmapFilePathException(errMsg)
847+
848+
elif not script.endswith(".py"):
849+
errMsg = "preprocess script '%s' should have an extension '.py'" % script
850+
raise SqlmapSyntaxException(errMsg)
851+
except UnicodeDecodeError:
852+
errMsg = "invalid character provided in option '--preprocess'"
853+
raise SqlmapSyntaxException(errMsg)
854+
855+
dirname, filename = os.path.split(script)
856+
dirname = os.path.abspath(dirname)
857+
858+
infoMsg = "loading preprocess module '%s'" % filename[:-3]
859+
logger.info(infoMsg)
860+
861+
if not os.path.exists(os.path.join(dirname, "__init__.py")):
862+
errMsg = "make sure that there is an empty file '__init__.py' "
863+
errMsg += "inside of preprocess scripts directory '%s'" % dirname
864+
raise SqlmapGenericException(errMsg)
865+
866+
if dirname not in sys.path:
867+
sys.path.insert(0, dirname)
868+
869+
try:
870+
module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
871+
except Exception as ex:
872+
raise SqlmapSyntaxException("cannot import preprocess module '%s' (%s)" % (filename[:-3], getSafeExString(ex)))
873+
874+
for name, function in inspect.getmembers(module, inspect.isfunction):
875+
if name == "preprocess" and inspect.getargspec(function).args and all(_ in inspect.getargspec(function).args for _ in ("page", "headers", "code")):
876+
found = True
877+
878+
kb.preprocessFunctions.append(function)
879+
function.func_name = module.__name__
880+
881+
break
882+
883+
if not found:
884+
errMsg = "missing function 'preprocess(page, headers=None, code=None)' "
885+
errMsg += "in preprocess script '%s'" % script
886+
raise SqlmapGenericException(errMsg)
887+
else:
888+
try:
889+
_, _, _ = function("", {}, None)
890+
except:
891+
handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=".py")
892+
os.close(handle)
893+
894+
open(filename, "w+b").write("#!/usr/bin/env\n\ndef preprocess(page, headers=None, code=None):\n return page, headers, code\n")
895+
open(os.path.join(os.path.dirname(filename), "__init__.py"), "w+b").write("pass")
896+
897+
errMsg = "function 'preprocess(page, headers=None, code=None)' "
898+
errMsg += "in preprocess script '%s' " % script
899+
errMsg += "should return a tuple '(page, headers, code)' "
900+
errMsg += "(Note: find template script at '%s')" % filename
901+
raise SqlmapGenericException(errMsg)
902+
828903
def _setWafFunctions():
829904
"""
830905
Loads WAF/IPS detecting functions from script(s)
@@ -1937,6 +2012,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
19372012
kb.headerPaths = {}
19382013
kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
19392014
kb.passwordMgr = None
2015+
kb.preprocessFunctions = []
19402016
kb.skipVulnHost = None
19412017
kb.tamperFunctions = []
19422018
kb.targets = oset()
@@ -2549,6 +2625,7 @@ def init():
25492625
_setMultipleTargets()
25502626
_listTamperingFunctions()
25512627
_setTamperingFunctions()
2628+
_setPreprocessFunctions()
25522629
_setWafFunctions()
25532630
_setTrafficOutputFP()
25542631
_setupHTTPCollector()

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.3.3.1"
22+
VERSION = "1.3.3.2"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/parse/cmdline.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -595,6 +595,9 @@ def cmdLineParser(argv=None):
595595
general.add_option("--parse-errors", dest="parseErrors", action="store_true",
596596
help="Parse and display DBMS error messages from responses")
597597

598+
general.add_option("--preprocess", dest="preprocess",
599+
help="Use given script(s) for preprocessing of response data")
600+
598601
general.add_option("--repair", dest="repair", action="store_true",
599602
help="Redump entries having unknown character marker (%s)" % INFERENCE_UNKNOWN_CHAR)
600603

lib/request/connect.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -746,6 +746,14 @@ class _(dict):
746746
page = getUnicode(page)
747747
socket.setdefaulttimeout(conf.timeout)
748748

749+
for function in kb.preprocessFunctions:
750+
try:
751+
page, responseHeaders, code = function(page, responseHeaders, code)
752+
except Exception as ex:
753+
errMsg = "error occurred while running preprocess "
754+
errMsg += "function '%s' ('%s')" % (function.func_name, getSafeExString(ex))
755+
raise SqlmapGenericException(errMsg)
756+
749757
processResponse(page, responseHeaders, status)
750758

751759
if conn and getattr(conn, "redurl", None):

txt/checksum.md5

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -38,19 +38,19 @@ abcb1121eb56d3401839d14e8ed06b6e lib/core/data.py
3838
5f4680b769ae07f22157bd832c97cf8f lib/core/defaults.py
3939
9dfc69ba47209a4ceca494dde9ee8183 lib/core/dicts.py
4040
4ba141124699fd7a763dea82f17fe523 lib/core/dump.py
41-
0a49eaf3f940382464ee08c03c9891a8 lib/core/enums.py
41+
1226fed38d1175aee8907e31ddf0cab2 lib/core/enums.py
4242
84ef8f32e4582fcc294dc14e1997131d lib/core/exception.py
4343
fb6be55d21a70765e35549af2484f762 lib/core/__init__.py
4444
18c896b157b03af716542e5fe9233ef9 lib/core/log.py
4545
151136142a14bee82cb02a9ca64c741d lib/core/optiondict.py
46-
7f9d7b65f2278e5d233008a8bdd22c87 lib/core/option.py
46+
5d21cede75bd8043a0b9f2605047ea07 lib/core/option.py
4747
fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py
4848
4b12aa67fbf6c973d12e54cf9cb54ea0 lib/core/profiling.py
4949
d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
5050
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
5151
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
5252
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
53-
9dbce20566a1964f650b8986885ae370 lib/core/settings.py
53+
177d5fddb467b206530dacbc8618928d lib/core/settings.py
5454
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
5555
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
5656
43772ea73e9e3d446f782af591cb4eda lib/core/target.py
@@ -61,7 +61,7 @@ d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
6161
5b3f08208be0579356f78ce5805d37b2 lib/core/wordlist.py
6262
fb6be55d21a70765e35549af2484f762 lib/__init__.py
6363
4881480d0c1778053908904e04570dc3 lib/parse/banner.py
64-
b23a0940d21347975a783c63fe671974 lib/parse/cmdline.py
64+
fafa321d2bbfc60410a131f68d5203ea lib/parse/cmdline.py
6565
06ccbccb63255c8f1c35950a4c8a6f6b lib/parse/configfile.py
6666
d34df646508c2dceb25205e1316673d1 lib/parse/handler.py
6767
43deb2400e269e602e916efaec7c0903 lib/parse/headers.py
@@ -72,7 +72,7 @@ adcecd2d6a8667b22872a563eb83eac0 lib/parse/payloads.py
7272
e4ea70bcd461f5176867dcd89d372386 lib/request/basicauthhandler.py
7373
b23163d485e0dbc038cbf1ba80be11da lib/request/basic.py
7474
fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py
75-
2b58b3ed5f3aff7025e02bb1427bc637 lib/request/connect.py
75+
3925fef5710ac4e96b85c808df1c2f6a lib/request/connect.py
7676
43005bd6a78e9cf0f3ed2283a1cb122e lib/request/direct.py
7777
2b7509ba38a667c61cefff036ec4ca6f lib/request/dns.py
7878
ceac6b3bf1f726f8ff43c6814e9d7281 lib/request/httpshandler.py

0 commit comments

Comments
 (0)