More anonymization of unhanded exception data

stamparm · stamparm · commit a4d058d70cb8 · 2014-11-02T10:55:38.000+01:00
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -9,6 +9,7 @@
 import contextlib
 import cookielib
 import copy
+import getpass
 import hashlib
 import httplib
 import inspect
@@ -2845,7 +2846,7 @@ def unhandledExceptionMessage():
     errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
     errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
 
-    return maskSensitiveData(errMsg)
+    return errMsg
 
 def createGithubIssue(errMsg, excMsg):
     """
@@ -2896,6 +2897,9 @@ def maskSensitiveData(msg):
             value = extractRegexResult(regex, retVal)
             retVal = retVal.replace(value, '*' * len(value))
 
+    if getpass.getuser():
+        retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), "*" * len(getpass.getuser()), retVal)
+
     return retVal
 
 def listToStrValue(value):
diff --git a/sqlmap.py b/sqlmap.py
@@ -25,6 +25,7 @@
 from lib.core.common import createGithubIssue
 from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
+from lib.core.common import maskSensitiveData
 from lib.core.common import setColor
 from lib.core.common import setPaths
 from lib.core.common import weAreFrozen
@@ -138,6 +139,9 @@ def main():
             file_ = re.sub(r"\.\./", '/', file_).lstrip('/')
             excMsg = excMsg.replace(match.group(1), file_)
 
+        errMsg = maskSensitiveData(errMsg)
+        excMsg = maskSensitiveData(excMsg)
+
         logger.critical(errMsg)
         kb.stickyLevel = logging.CRITICAL
         dataToStdout(excMsg)
