Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e485531

Browse files
stamparmstamparm
committed
Adding integrity checks in case of unhandled exceptions
1 parent 7427b55 commit e485531

5 files changed

Lines changed: 33 additions & 11 deletions

File tree

.gitattributes

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
1-
*.py text eol=lf
21
*.conf text eol=lf
2+
*.md5 text eol=lf
3+
*.py text eol=lf
34

45
*_ binary
56
*.dll binary

lib/core/common.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1207,6 +1207,7 @@ def setPaths():
12071207
paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
12081208
paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst")
12091209
paths.GITHUB_HISTORY = os.path.join(_, "github.hst")
1210+
paths.CHECKSUM_MD5 = os.path.join(paths.SQLMAP_TXT_PATH, "checksum.md5")
12101211
paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
12111212
paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
12121213
paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
@@ -3077,6 +3078,22 @@ def decodeIntToUnicode(value):
30773078

30783079
return retVal
30793080

3081+
def checkIntegrity():
3082+
"""
3083+
Checks integrity of code files during the unhandled exceptions
3084+
"""
3085+
3086+
retVal = True
3087+
for checksum, _ in (re.split(r'\s+', _) for _ in getFileItems(paths.CHECKSUM_MD5)):
3088+
path = os.path.normpath(os.path.join(paths.SQLMAP_ROOT_PATH, _))
3089+
if not os.path.isfile(path):
3090+
logger.error("missing file detected '%s'" % path)
3091+
retVal = False
3092+
elif hashlib.md5(open(path, 'rb').read()).hexdigest() != checksum:
3093+
logger.error("wrong checksum of file '%s' detected" % path)
3094+
retVal = False
3095+
return retVal
3096+
30803097
def unhandledExceptionMessage():
30813098
"""
30823099
Returns detailed message about occurred unhandled exception

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.revision import getRevisionNumber
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.0.7.29"
22+
VERSION = "1.0.7.30"
2323
REVISION = getRevisionNumber()
2424
STABLE = VERSION.count('.') <= 2
2525
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")

sqlmap.py

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
try:
3535
from lib.controller.controller import start
3636
from lib.core.common import banner
37+
from lib.core.common import checkIntegrity
3738
from lib.core.common import createGithubIssue
3839
from lib.core.common import dataToStdout
3940
from lib.core.common import getSafeExString
@@ -196,7 +197,15 @@ def main():
196197
excMsg = traceback.format_exc()
197198

198199
try:
199-
if any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
200+
if not checkIntegrity():
201+
errMsg = "code integrity check failed. "
202+
errMsg += "You should retrieve the latest development version from official GitHub "
203+
errMsg += "repository at '%s'" % GIT_PAGE
204+
logger.critical(errMsg)
205+
print
206+
print excMsg.strip()
207+
raise SystemExit
208+
elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
200209
errMsg = "no space left on output device"
201210
logger.error(errMsg)
202211
raise SystemExit
@@ -213,11 +222,6 @@ def main():
213222
logger.error(errMsg)
214223
raise SystemExit
215224

216-
elif "in _loadQueries" in excMsg:
217-
errMsg = "invalid structure of 'xml/queries.xml' file"
218-
logger.error(errMsg)
219-
raise SystemExit
220-
221225
elif "_mkstemp_inner" in excMsg:
222226
errMsg = "there has been a problem while accessing temporary files"
223227
logger.error(errMsg)

txt/checksum.md5

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ b04db3e861edde1f9dd0a3850d5b96c8 ./shell/backdoor.asp_
109109
ff90cb0366f7cefbdd6e573e27e6238c ./shell/runcmd.exe_
110110
01e3505e796edf19aad6a996101c81c9 ./shell/stager.php_
111111
1f7f125f30e0e800beb21e2ebbab18e1 ./shell/stager.jsp_
112-
28bdeba99aa04e10f00530eb88fef301 ./sqlmap.py
112+
af69c5e3d20bd472ba386056e9cf2fd6 ./sqlmap.py
113113
07eb9ee33a3e31bfc74763bea8026a2b ./waf/knownsec.py
114114
d50415b49d9df72cb9d193d05630ab8a ./waf/fortiweb.py
115115
8d5609a37127782fb35af4f67b5787ee ./waf/proventia.py
@@ -311,7 +311,7 @@ e77cca1cb063016f71f6e6bdebf4ec73 ./lib/core/data.py
311311
2689f320908964b2c88a3eb8265fd2dd ./lib/core/agent.py
312312
8485a3cd94c0a5af2718bad60c5f1ae5 ./lib/core/wordlist.py
313313
eb0bd28b0bd9fbf67dcc3119116df377 ./lib/core/bigarray.py
314-
86f543debcb2011d983fac4482f1e544 ./lib/core/settings.py
314+
662c04d988a5308b98ea74df68f50392 ./lib/core/settings.py
315315
34a45b9bc68a6381247a620ddf30de1c ./lib/core/enums.py
316316
99a2b496b9d5b546b335653ca801153f ./lib/core/revision.py
317317
4a16002c5d9cd047c2e89ddc5db63737 ./lib/core/dicts.py
@@ -333,7 +333,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e ./lib/core/__init__.py
333333
67f206cf2658145992cc1d7020138325 ./lib/core/defaults.py
334334
7af83e4f18cab6dff5e67840eb65be80 ./lib/core/shell.py
335335
1d042f0bc0557d3fd564ea5a46deb77e ./lib/core/datatype.py
336-
b1e8297aa42eec379936b4ce7f2934b2 ./lib/core/common.py
336+
25fcb4a9fd187cb587847852df4ac784 ./lib/core/common.py
337337
1d064463302b85b2241263ea48a83837 ./lib/takeover/metasploit.py
338338
7083825564c051a7265cfdd1a5e6629c ./lib/takeover/registry.py
339339
7d6cd7bdfc8f4bc4e8aed60c84cdf87f ./lib/takeover/udf.py

0 commit comments

Comments
 (0)