Merge branch 'master' of github.com:sqlmapproject/sqlmap

bdamele · bdamele · commit a7cab6379619 · 2013-01-18T10:44:43.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -99,6 +99,7 @@
 from lib.core.settings import ISSUES_PAGE
 from lib.core.settings import IS_WIN
 from lib.core.settings import LARGE_OUTPUT_THRESHOLD
+from lib.core.settings import MIN_ENCODED_LEN_CHECK
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import ML
 from lib.core.settings import NULL
@@ -570,7 +571,7 @@ def paramToDict(place, parameters=None):
                 for encoding in ("hex", "base64"):
                     try:
                         decoded = value.decode(encoding)
-                        if all(_ in string.printable for _ in decoded):
+                        if len(decoded) > MIN_ENCODED_LEN_CHECK and all(_ in string.printable for _ in decoded):
                             warnMsg = "provided parameter '%s' " % parameter
                             warnMsg += "seems to be '%s' encoded" % encoding
                             logger.warn(warnMsg)
@@ -768,13 +769,6 @@ def dataToOutFile(filename, data):
 
     return retVal
 
-def strToHex(value):
-    """
-    Converts string value to it's hexadecimal representation
-    """
-
-    return (value if not isinstance(value, unicode) else value.encode(UNICODE_ENCODING)).encode("hex").upper()
-
 def readInput(message, default=None, checkBatch=True):
     """
     Reads input from terminal
@@ -1313,20 +1307,6 @@ def getCharset(charsetType=None):
 
     return asciiTbl
 
-def searchEnvPath(filename):
-    retVal = None
-    path = os.environ.get("PATH", "")
-    paths = path.split(";") if IS_WIN else path.split(":")
-
-    for _ in paths:
-        _ = _.replace(";", "")
-        retVal = os.path.exists(os.path.normpath(os.path.join(_, filename)))
-
-        if retVal:
-            break
-
-    return retVal
-
 def directoryPath(filepath):
     """
     Returns directory path for a given filepath
@@ -1434,13 +1414,6 @@ def showStaticWords(firstPage, secondPage):
 
     logger.info(infoMsg)
 
-def isWindowsPath(filepath):
-    """
-    Returns True if given filepath is in Windows format
-    """
-
-    return re.search("\A[\w]\:\\\\", filepath) is not None
-
 def isWindowsDriveLetterPath(filepath):
     """
     Returns True if given filepath starts with a Windows drive letter
@@ -1470,18 +1443,6 @@ def ntToPosixSlashes(filepath):
 
     return filepath.replace('\\', '/')
 
-def isBase64EncodedString(subject):
-    """
-    Checks if the provided string is Base64 encoded
-
-    >>> isBase64EncodedString('dGVzdA==')
-    True
-    >>> isBase64EncodedString('123456')
-    False
-    """
-
-    return re.match(r"\A(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z", subject) is not None
-
 def isHexEncodedString(subject):
     """
     Checks if the provided string is hex encoded
@@ -2485,20 +2446,6 @@ def showHttpErrorCodes():
           for code, count in kb.httpErrorCodes.items())
         logger.warn(warnMsg)
 
-def getComparePageRatio(firstPage, secondPage, filtered=False):
-    """
-    Returns comparison ratio between two given pages
-    """
-
-    if filtered:
-        (firstPage, secondPage) = map(getFilteredPageContent, (firstPage, secondPage))
-
-    seqMatcher = getCurrentThreadData().seqMatcher
-    seqMatcher.set_seq1(firstPage)
-    seqMatcher.set_seq2(secondPage)
-
-    return seqMatcher.quick_ratio()
-
 def openFile(filename, mode='r'):
     """
     Returns file handle of a given filename
@@ -2752,16 +2699,6 @@ def unsafeSQLIdentificatorNaming(name):
 
     return retVal
 
-def isBinaryData(value):
-    """
-    Tests given value for binary content
-    """
-
-    retVal = False
-    if isinstance(value, basestring):
-        retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False)
-    return retVal
-
 def isNoneValue(value):
     """
     Returns whether the value is unusable (None or '')
diff --git a/lib/core/convert.py b/lib/core/convert.py
@@ -47,25 +47,6 @@ def hexdecode(value):
 def hexencode(value):
     return utf8encode(value).encode("hex")
 
-def md5hash(value):
-    if "hashlib" in sys.modules:
-        return hashlib.md5(value).hexdigest()
-    else:
-        return md5.new(value).hexdigest()
-
-def orddecode(value):
-    packedString = struct.pack("!" + "I" * len(value), *value)
-    return "".join(chr(char) for char in struct.unpack("!" + "I" * (len(packedString) / 4), packedString))
-
-def ordencode(value):
-    return tuple(ord(char) for char in value)
-
-def sha1hash(value):
-    if "hashlib" in sys.modules:
-        return hashlib.sha1(value).hexdigest()
-    else:
-        return sha.new(value).hexdigest()
-
 def unicodeencode(value, encoding=None):
     """
     Return 8-bit string representation of the supplied unicode value:
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -131,7 +131,6 @@
 from lib.request.basic import checkCharEncoding
 from lib.request.connect import Connect as Request
 from lib.request.dns import DNSServer
-from lib.request.proxy import ProxyHTTPSHandler
 from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler
 from lib.request.certhandler import HTTPSCertAuthHandler
 from lib.request.httpshandler import HTTPSHandler
@@ -970,17 +969,7 @@ def _setHTTPProxy():
             proxyString = ""
 
         proxyString += "%s:%d" % (hostname, port)
-
-        # Workaround for http://bugs.python.org/issue1424152 (urllib/urllib2:
-        # HTTPS over (Squid) Proxy fails) as long as HTTP over SSL requests
-        # can't be tunneled over an HTTP proxy natively by Python (<= 2.5)
-        # urllib2 standard library
-        if PYVERSION >= "2.6":
-            proxyHandler = urllib2.ProxyHandler({"http": proxyString, "https": proxyString})
-        elif conf.scheme == "https":
-            proxyHandler = ProxyHTTPSHandler(proxyString)
-        else:
-            proxyHandler = urllib2.ProxyHandler({"http": proxyString})
+        proxyHandler = urllib2.ProxyHandler({"http": proxyString, "https": proxyString})
 
 def _setSafeUrl():
     """
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -506,6 +506,9 @@
 # Regular expression used for extracting form tags
 FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"
 
+# Minimum field entry length needed for encoded content (hex, base64,...) check
+MIN_ENCODED_LEN_CHECK = 5
+
 # CSS style used in HTML dump format
 HTML_DUMP_CSS_STYLE = """<style>
 table{
diff --git a/lib/request/proxy.py b/lib/request/proxy.py
diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py
@@ -45,7 +45,7 @@ def connect(self):
         except (pyodbc.Error, pyodbc.OperationalError), msg:
             raise SqlmapConnectionException(msg[1])
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py
@@ -38,7 +38,7 @@ def connect(self):
             raise SqlmapConnectionException(msg)
 
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/firebird/connector.py b/plugins/dbms/firebird/connector.py
@@ -43,7 +43,7 @@ def connect(self):
                 user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8")  # Reference: http://www.daniweb.com/forums/thread248499.html
         except kinterbasdb.OperationalError, msg:
             raise SqlmapConnectionException(msg[1])
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py
@@ -44,7 +44,7 @@ def connect(self):
         except pymssql.OperationalError, msg:
             raise SqlmapConnectionException(msg)
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py
@@ -39,7 +39,7 @@ def connect(self):
         except (pymysql.OperationalError, pymysql.InternalError), msg:
             raise SqlmapConnectionException(msg[1])
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py
@@ -48,7 +48,7 @@ def connect(self):
             except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg:
                 raise SqlmapConnectionException(msg)
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/postgresql/connector.py b/plugins/dbms/postgresql/connector.py
@@ -41,7 +41,7 @@ def connect(self):
 
         self.connector.set_client_encoding('UNICODE')
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py
@@ -63,7 +63,7 @@ def connect(self):
             except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg:
                 raise SqlmapConnectionException(msg[0])
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py
@@ -44,7 +44,7 @@ def connect(self):
         except pymssql.OperationalError, msg:
             raise SqlmapConnectionException(msg)
 
-        self.setCursor()
+        self.initCursor()
         self.connected()
 
     def fetchall(self):
diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py
@@ -41,12 +41,9 @@ def closed(self):
         self.connector = None
         self.cursor = None
 
-    def setCursor(self):
+    def initCursor(self):
         self.cursor = self.connector.cursor()
 
-    def getCursor(self):
-        return self.cursor
-
     def close(self):
         try:
             self.cursor.close()
diff --git a/plugins/generic/users.py b/plugins/generic/users.py
