Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dc20c4f

Browse files
stamparmstamparm
committed
Minor refactoring
1 parent a21cbcb commit dc20c4f

2 files changed

Lines changed: 4 additions & 28 deletions

File tree

lib/core/convert.py

Lines changed: 3 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -9,18 +9,14 @@
99
import cPickle as pickle
1010
except:
1111
import pickle
12-
finally:
13-
import pickle as picklePy
1412

1513
import base64
16-
import io
1714
import json
1815
import re
1916
import sys
2017

2118
from lib.core.settings import IS_WIN
2219
from lib.core.settings import UNICODE_ENCODING
23-
from lib.core.settings import PICKLE_REDUCE_WHITELIST
2420

2521
def base64decode(value):
2622
"""
@@ -66,7 +62,7 @@ def base64pickle(value):
6662

6763
return retVal
6864

69-
def base64unpickle(value, unsafe=False):
65+
def base64unpickle(value):
7066
"""
7167
Decodes value from Base64 to plain format and deserializes (with pickle) its content
7268
@@ -76,26 +72,10 @@ def base64unpickle(value, unsafe=False):
7672

7773
retVal = None
7874

79-
def _(self):
80-
if len(self.stack) > 1:
81-
func = self.stack[-2]
82-
if func not in PICKLE_REDUCE_WHITELIST:
83-
raise Exception("abusing reduce() is bad, Mkay!")
84-
self.load_reduce()
85-
86-
def loads(str):
87-
f = io.BytesIO(str)
88-
if unsafe:
89-
unpickler = picklePy.Unpickler(f)
90-
unpickler.dispatch[picklePy.REDUCE] = _
91-
else:
92-
unpickler = pickle.Unpickler(f)
93-
return unpickler.load()
94-
9575
try:
96-
retVal = loads(base64decode(value))
76+
retVal = pickle.loads(base64decode(value))
9777
except TypeError:
98-
retVal = loads(base64decode(bytes(value)))
78+
retVal = pickle.loads(base64decode(bytes(value)))
9979

10080
return retVal
10181

lib/core/settings.py

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,15 +11,13 @@
1111
import re
1212
import string
1313
import sys
14-
import types
1514

16-
from lib.core.datatype import AttribDict
1715
from lib.core.enums import DBMS
1816
from lib.core.enums import DBMS_DIRECTORY_NAME
1917
from lib.core.enums import OS
2018

2119
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.3.3.51"
20+
VERSION = "1.3.3.52"
2321
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2422
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2523
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -511,8 +509,6 @@
511509
# Table used for Base64 conversion in WordPress hash cracking routine
512510
ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
513511

514-
PICKLE_REDUCE_WHITELIST = (types.BooleanType, types.DictType, types.FloatType, types.IntType, types.ListType, types.LongType, types.NoneType, types.StringType, types.TupleType, types.UnicodeType, types.XRangeType, type(AttribDict()), type(set()))
515-
516512
# Chars used to quickly distinguish if the user provided tainted parameter values
517513
DUMMY_SQL_INJECTION_CHARS = ";()'"
518514

0 commit comments

Comments
 (0)