Minor cleanup and one bug fix

Author: stamparm

lib/controller/checks.py

@@ -739,15 +739,15 @@ def genCmpPayload():
  logger.warn(warnMsg)
 
  msg = "how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]"
- choice = readInput(msg, default='S', checkBatch=False).strip().upper()
+ choice = readInput(msg, default='S', checkBatch=False).upper()
 
  if choice == 'C':
  choice = None
  while not ((choice or "").isdigit() and 0 <= int(choice) <= 6):
  if choice:
  logger.warn("invalid value")
  msg = "enter new verbosity level: [0-6] "
- choice = readInput(msg, default=str(conf.verbose), checkBatch=False).strip()
+ choice = readInput(msg, default=str(conf.verbose), checkBatch=False)
  conf.verbose = int(choice)
  setVerbosity()
  tests.insert(0, test)
@@ -998,7 +998,7 @@ def _(page):
 
  if kb.ignoreCasted is None:
  message = "do you want to skip those kind of cases (and save scanning time)? %s " % ("[Y/n]" if conf.multipleTargets else "[y/N]")
- kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N').upper() != 'N'
+ kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N', boolean=True)
 
  elif result:
  infoMsg += "be injectable"
@@ -1176,7 +1176,7 @@ def checkStability():
  logger.warn(warnMsg)
 
  message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
- choice = readInput(message, default='C').strip().upper()
+ choice = readInput(message, default='C').upper()
 
  if choice == 'Q':
  raise SqlmapUserQuitException
@@ -1306,9 +1306,8 @@ def checkWaf():
  if not conf.identifyWaf:
  message = "do you want sqlmap to try to detect backend "
  message += "WAF/IPS/IDS? [y/N] "
- output = readInput(message, default="N")
 
- if output and output[0] in ("Y", "y"):
+ if readInput(message, default='N', boolean=True):
  conf.identifyWaf = True
 
  if conf.timeout == defaults.timeout:

lib/controller/controller.py

@@ -116,11 +116,11 @@ def _selectInjection():
  message += "\n"
 
  message += "[q] Quit"
- select = readInput(message, default="0")
+ choice = readInput(message, default='0').upper()
 
- if select.isdigit() and int(select) < len(kb.injections) and int(select) >= 0:
- index = int(select)
- elif select[0] in ("Q", "q"):
+ if choice.isdigit() and int(choice) < len(kb.injections) and int(choice) >= 0:
+ index = int(choice)
+ elif choice == 'Q':
  raise SqlmapUserQuitException
  else:
  errMsg = "invalid choice"
@@ -184,7 +184,7 @@ def _randomFillBlankFields(value):
  if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):
  message = "do you want to fill blank fields with random values? [Y/n] "
 
- if readInput(message, default="Y", boolean=True):
+ if readInput(message, default='Y', boolean=True):
  for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
  item = match.group("result")
  if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
@@ -306,7 +306,7 @@ def start():
  message += "against '%s'. Do you want to skip " % conf.hostname
  message += "further tests involving it? [Y/n]"
 
- kb.skipVulnHost = readInput(message, default="Y", boolean=True)
+ kb.skipVulnHost = readInput(message, default='Y', boolean=True)
 
  testSqlInj = not kb.skipVulnHost
 
@@ -334,7 +334,7 @@ def start():
  continue
 
  message += "\ndo you want to test this form? [Y/n/q] "
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'N':
  continue
@@ -360,7 +360,7 @@ def start():
 
  else:
  message += "\ndo you want to test this URL? [Y/n/q]"
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'N':
  dataToStdout(os.linesep)
@@ -640,7 +640,7 @@ def start():
  logger.warn(warnMsg)
 
  message = "do you want to skip to the next target in list? [Y/n/q]"
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'N':
  return False

lib/core/common.py

@@ -322,14 +322,14 @@ def setDbms(dbms):
  msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
 
  while True:
- _ = readInput(msg, default=kb.dbms)
+ choice = readInput(msg, default=kb.dbms)
 
- if aliasToDbmsEnum(_) == kb.dbms:
+ if aliasToDbmsEnum(choice) == kb.dbms:
  kb.dbmsVersion = []
  kb.resolutionDbms = kb.dbms
  break
- elif aliasToDbmsEnum(_) == dbms:
- kb.dbms = aliasToDbmsEnum(_)
+ elif aliasToDbmsEnum(choice) == dbms:
+ kb.dbms = aliasToDbmsEnum(choice)
  break
  else:
  warnMsg = "invalid value"
@@ -382,12 +382,12 @@ def setOs(os):
  msg += "correct [%s (default)/%s] " % (kb.os, os)
 
  while True:
- _ = readInput(msg, default=kb.os)
+ choice = readInput(msg, default=kb.os)
 
- if _ == kb.os:
+ if choice == kb.os:
  break
- elif _ == os:
- kb.os = _.capitalize()
+ elif choice == os:
+ kb.os = choice.capitalize()
  break
  else:
  warnMsg = "invalid value"
@@ -421,10 +421,10 @@ def setArch():
  msg += "\n[2] 64-bit"
 
  while True:
- _ = readInput(msg, default='1')
+ choice = readInput(msg, default='1')
 
- if isinstance(_, basestring) and _.isdigit() and int(_) in (1, 2):
- kb.arch = 32 if int(_) == 1 else 64
+ if isinstance(choice, basestring) and choice.isdigit() and int(choice) in (1, 2):
+ kb.arch = 32 if int(choice) == 1 else 64
  break
  else:
  warnMsg = "invalid value. Valid values are 1 and 2"
@@ -754,17 +754,17 @@ def getManualDirectories():
  message += "[2] custom location(s)\n"
  message += "[3] custom directory list file\n"
  message += "[4] brute force search"
- choice = readInput(message, default="1").strip()
+ choice = readInput(message, default='1')
 
- if choice == "2":
+ if choice == '2':
  message = "please provide a comma separate list of absolute directory paths: "
  directories = readInput(message, default="").split(',')
- elif choice == "3":
+ elif choice == '3':
  message = "what's the list file location?\n"
  listPath = readInput(message, default="")
  checkFile(listPath)
  directories = getFileItems(listPath)
- elif choice == "4":
+ elif choice == '4':
  targets = set([conf.hostname])
  _ = conf.hostname.split('.')
 
@@ -1038,8 +1038,11 @@ def readInput(message, default=None, checkBatch=True, boolean=False):
  finally:
  logging._releaseLock()
 
+ if retVal and default and isinstance(default, basestring) and len(default) == 1:
+ retVal = retVal.strip()
+
  if boolean:
- retVal = retVal.strip().upper == 'Y'
+ retVal = retVal.strip().upper() == 'Y'
 
  return retVal
 

lib/core/option.py

@@ -944,7 +944,7 @@ def _setTamperingFunctions():
  message = "it appears that you might have mixed "
  message += "the order of tamper scripts. "
  message += "Do you want to auto resolve this? [Y/n/q] "
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'N':
  resolve_priorities = False

lib/core/settings.py

@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.4.37"
+VERSION = "1.1.4.38"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/core/target.py

@@ -152,7 +152,7 @@ def process(match, repl):
  elif re.search(JSON_LIKE_RECOGNITION_REGEX, conf.data):
  message = "JSON-like data found in %s data. " % conf.method
  message += "Do you want to process it? [Y/n/q] "
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'Q':
  raise SqlmapUserQuitException
@@ -166,7 +166,7 @@ def process(match, repl):
  elif re.search(ARRAY_LIKE_RECOGNITION_REGEX, conf.data):
  message = "Array-like data found in %s data. " % conf.method
  message += "Do you want to process it? [Y/n/q] "
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'Q':
  raise SqlmapUserQuitException
@@ -178,7 +178,7 @@ def process(match, repl):
  elif re.search(XML_RECOGNITION_REGEX, conf.data):
  message = "SOAP/XML data found in %s data. " % conf.method
  message += "Do you want to process it? [Y/n/q] "
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'Q':
  raise SqlmapUserQuitException
@@ -191,7 +191,7 @@ def process(match, repl):
  elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):
  message = "Multipart-like data found in %s data. " % conf.method
  message += "Do you want to process it? [Y/n/q] "
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'Q':
  raise SqlmapUserQuitException
@@ -228,7 +228,7 @@ def process(match, repl):
 
  message = "do you want to try URI injections "
  message += "in the target URL itself? [Y/n/q] "
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'Q':
  raise SqlmapUserQuitException
@@ -243,7 +243,7 @@ def process(match, repl):
  lut = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer/--cookie'}
  message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
  message += "'%s'. Do you want to process it? [Y/n/q] " % lut[place]
- choice = readInput(message, default='Y').strip().upper()
+ choice = readInput(message, default='Y').upper()
 
  if choice == 'Q':
  raise SqlmapUserQuitException

lib/request/inject.py

@@ -208,7 +208,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
  message += "entries do you want to retrieve?\n"
  message += "[a] All (default)\n[#] Specific number\n"
  message += "[q] Quit"
- choice = readInput(message, default='A').strip().upper()
+ choice = readInput(message, default='A').upper()
 
  if choice == 'A':
  stopLimit = count

lib/request/redirecthandler.py

@@ -59,7 +59,7 @@ def _ask_redirect_choice(self, redcode, redurl, method):
  msg += "resend original POST data to a new "
  msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N")
 
- kb.resendPostOnRedirect = readInput(msg, default=("Y" if not kb.originalPage else "N"), boolean=True)
+ kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True)
 
  if kb.resendPostOnRedirect:
  self.redirect_request = self._redirect_request

lib/takeover/udf.py

@@ -154,9 +154,8 @@ def udfInjectCore(self, udfDict):
 
  message = "do you want to proceed anyway? Beware that the "
  message += "operating system takeover will fail [y/N] "
- choice = readInput(message, default="N")
 
- if choice and choice.lower() == "y":
+ if readInput(message, default='N', boolean=True):
  written = True
  else:
  return False
@@ -237,20 +236,16 @@ def udfInjectCustom(self):
  msg += "from the shared library? "
 
  while True:
- udfCount = readInput(msg, default=1)
+ udfCount = readInput(msg, default='1')
 
- if isinstance(udfCount, basestring) and udfCount.isdigit():
+ if udfCount.isdigit():
  udfCount = int(udfCount)
 
  if udfCount <= 0:
  logger.info("nothing to inject then")
  return
  else:
  break
-
- elif isinstance(udfCount, int):
- break
-
  else:
  logger.warn("invalid value, only digits are allowed")
 
@@ -272,20 +267,16 @@ def udfInjectCustom(self):
 
  self.udfs[udfName]["input"] = []
 
- default = 1
  msg = "how many input parameters takes UDF "
- msg += "'%s'? (default: %d) " % (udfName, default)
+ msg += "'%s'? (default: 1) " % udfName
 
  while True:
- parCount = readInput(msg, default=default)
+ parCount = readInput(msg, default='1')
 
- if isinstance(parCount, basestring) and parCount.isdigit() and int(parCount) >= 0:
+ if parCount.isdigit() and int(parCount) >= 0:
  parCount = int(parCount)
  break
 
- elif isinstance(parCount, int):
- break
-
  else:
  logger.warn("invalid value, only digits >= 0 are allowed")
 
@@ -294,9 +285,9 @@ def udfInjectCustom(self):
  msg += "number %d? (default: %s) " % ((y + 1), defaultType)
 
  while True:
- parType = readInput(msg, default=defaultType)
+ parType = readInput(msg, default=defaultType).strip()
 
- if isinstance(parType, basestring) and parType.isdigit():
+ if parType.isdigit():
  logger.warn("you need to specify the data-type of the parameter")
 
  else:
@@ -323,7 +314,7 @@ def udfInjectCustom(self):
 
  msg = "do you want to call your injected user-defined "
  msg += "functions now? [Y/n/q] "
- choice = readInput(msg, default='Y').strip().upper()
+ choice = readInput(msg, default='Y').upper()
 
  if choice == 'N':
  self.cleanup(udfDict=self.udfs)
@@ -343,7 +334,7 @@ def udfInjectCustom(self):
  msg += "\n[q] Quit"
 
  while True:
- choice = readInput(msg).strip().upper()
+ choice = readInput(msg).upper()
 
  if choice == 'Q':
  break

lib/utils/hash.py

@@ -482,7 +482,7 @@ def attackDumpedTable():
  storeHashesToFile(attack_dict)
 
  message = "do you want to crack them via a dictionary-based attack? %s" % ("[y/N/q]" if conf.multipleTargets else "[Y/n/q]")
- choice = readInput(message, default='N' if conf.multipleTargets else 'Y').strip().upper()
+ choice = readInput(message, default='N' if conf.multipleTargets else 'Y').upper()
 
  if choice == 'N':
  return