Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ce3abda

Browse files
stamparmstamparm
committed
Fixes #3745 
1 parent e30155b commit ce3abda

2 files changed

Lines changed: 54 additions & 25 deletions

File tree

lib/core/common.py

Lines changed: 50 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
import collections
1313
import contextlib
1414
import copy
15-
import distutils
1615
import functools
1716
import getpass
1817
import hashlib
@@ -176,6 +175,7 @@
176175
from lib.core.settings import URLENCODE_CHAR_LIMIT
177176
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
178177
from lib.core.settings import USER_AGENT_ALIASES
178+
from lib.core.settings import VERSION_COMPARISON_CORRECTION
179179
from lib.core.settings import VERSION_STRING
180180
from lib.core.settings import ZIP_HEADER
181181
from lib.core.settings import WEBSCARAB_SPLITTER
@@ -517,15 +517,15 @@ def getIdentifiedDbms():
517517

518518
@staticmethod
519519
def getVersion():
520-
versions = filterNone(flattenValue(kb.dbmsVersion))
520+
versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]
521521
if not isNoneValue(versions):
522522
return versions[0]
523523
else:
524524
return None
525525

526526
@staticmethod
527527
def getVersionList():
528-
versions = filterNone(flattenValue(kb.dbmsVersion))
528+
versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]
529529
if not isNoneValue(versions):
530530
return versions
531531
else:
@@ -3110,37 +3110,63 @@ def filterNone(values):
31103110

31113111
return retVal
31123112

3113-
def isDBMSVersionAtLeast(version):
3113+
def isDBMSVersionAtLeast(minimum):
31143114
"""
31153115
Checks if the recognized DBMS version is at least the version specified
3116+
3117+
>>> pushValue(kb.dbmsVersion)
3118+
>>> kb.dbmsVersion = "2"
3119+
>>> isDBMSVersionAtLeast("1.3.4.1.4")
3120+
True
3121+
>>> isDBMSVersionAtLeast(2.1)
3122+
False
3123+
>>> isDBMSVersionAtLeast(">2")
3124+
False
3125+
>>> isDBMSVersionAtLeast(">=2.0")
3126+
True
3127+
>>> kb.dbmsVersion = "<2"
3128+
>>> isDBMSVersionAtLeast("2")
3129+
False
3130+
>>> isDBMSVersionAtLeast("1.5")
3131+
True
3132+
>>> kb.dbmsVersion = popValue()
31163133
"""
31173134

31183135
retVal = None
31193136

3120-
if Backend.getVersion() and Backend.getVersion() != UNKNOWN_DBMS_VERSION:
3121-
value = Backend.getVersion().replace(" ", "").rstrip('.')
3137+
if not any(isNoneValue(_) for _ in (Backend.getVersion(), minimum)) and Backend.getVersion() != UNKNOWN_DBMS_VERSION:
3138+
version = Backend.getVersion().replace(" ", "").rstrip('.')
31223139

3123-
while True:
3124-
index = value.find('.', value.find('.') + 1)
3140+
if '.' in version:
3141+
parts = version.split('.', 1)
3142+
parts[1] = filterStringValue(parts[1], '[0-9]')
3143+
version = '.'.join(parts)
31253144

3126-
if index > -1:
3127-
value = value[0:index] + value[index + 1:]
3128-
else:
3129-
break
3145+
correction = 0.0
3146+
if ">=" in version:
3147+
pass
3148+
elif '>' in version:
3149+
correction = VERSION_COMPARISON_CORRECTION
3150+
elif '<' in version:
3151+
correction = -VERSION_COMPARISON_CORRECTION
31303152

3131-
value = filterStringValue(value, '[0-9.><=]')
3153+
version = float(filterStringValue(version, '[0-9.]')) + correction
31323154

3133-
if value and isinstance(value, six.string_types):
3134-
if value.startswith(">="):
3135-
value = float(value.replace(">=", ""))
3136-
elif value.startswith(">"):
3137-
value = float(value.replace(">", "")) + 0.01
3138-
elif value.startswith("<="):
3139-
value = float(value.replace("<=", ""))
3140-
elif value.startswith(">"):
3141-
value = float(value.replace("<", "")) - 0.01
3142-
3143-
retVal = distutils.version.LooseVersion(getUnicode(value)) >= distutils.version.LooseVersion(getUnicode(version))
3155+
if isinstance(minimum, six.string_types):
3156+
if '.' in minimum:
3157+
parts = minimum.split('.', 1)
3158+
parts[1] = filterStringValue(parts[1], '[0-9]')
3159+
minimum = '.'.join(parts)
3160+
3161+
correction = 0.0
3162+
if minimum.startswith(">="):
3163+
pass
3164+
elif minimum.startswith(">"):
3165+
correction = VERSION_COMPARISON_CORRECTION
3166+
3167+
minimum = float(filterStringValue(minimum, '[0-9.]')) + correction
3168+
3169+
retVal = version >= minimum
31443170

31453171
return retVal
31463172

lib/core/settings.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.3.6.34"
21+
VERSION = "1.3.6.35"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -500,6 +500,9 @@
500500
# Percentage below which comparison engine could have problems
501501
LOW_TEXT_PERCENT = 20
502502

503+
# Auxiliary value used in isDBMSVersionAtLeast() version comparison correction cases
504+
VERSION_COMPARISON_CORRECTION = 0.0001
505+
503506
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
504507
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
505508
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")

0 commit comments

Comments
 (0)