Merge pull request #10 from sqlmapproject/master

Endika · Endika · commit e629620b1c7c · 2015-01-01T00:51:27.000+01:00
update all commits
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -2928,6 +2928,7 @@ def createGithubIssue(errMsg, excMsg):
     _ = re.sub(r"'[^']+'", "''", excMsg)
     _ = re.sub(r"\s+line \d+", "", _)
     _ = re.sub(r'File ".+?/(\w+\.py)', "\g<1>", _)
+    _ = re.sub(r".+\Z", "", _)
     key = hashlib.md5(_).hexdigest()[:8]
 
     if key in issues:
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1079,7 +1079,12 @@ def _setHTTPProxy():
     debugMsg = "setting the HTTP/SOCKS proxy for all HTTP requests"
     logger.debug(debugMsg)
 
-    _ = urlparse.urlsplit(conf.proxy)
+    try:
+        _ = urlparse.urlsplit(conf.proxy)
+    except Exception, ex:
+        errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, ex)
+        raise SqlmapSyntaxException, errMsg
+
     hostnamePort = _.netloc.split(":")
 
     scheme = _.scheme.upper()
@@ -2182,6 +2187,13 @@ def _basicOptionValidation():
         errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.regexp:
+        try:
+            re.compile(conf.regexp)
+        except re.error, ex:
+            errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, ex)
+            raise SqlmapSyntaxException(errMsg)
+
     if conf.dumpTable and conf.dumpAll:
         errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
         raise SqlmapSyntaxException(errMsg)
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -517,7 +517,7 @@
 DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.ascii_letters)
 
 # Alphabet used for heuristic checks
-HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', '[', ']', ',', '.')
+HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.')
 
 # String used for dummy XSS check of a tested parameter value
 DUMMY_XSS_CHECK_APPENDIX = "<'\">"
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -43,7 +43,7 @@ def cmdLineParser():
 
     checkSystemEncoding()
 
-    _ = getUnicode(os.path.normpath(sys.argv[0]), encoding=sys.getfilesystemencoding())
+    _ = getUnicode(os.path.basename(sys.argv[0]), encoding=sys.getfilesystemencoding())
 
     usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
             "\"%s\"" % _ if " " in _ else _)
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
@@ -135,10 +135,16 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
         while True:
             try:
                 seqMatcher.set_seq1(seq1)
+            except MemoryError:
+                seq1 = seq1[:len(seq1) / 1024]
+            else:
+                break
+
+        while True:
+            try:
                 seqMatcher.set_seq2(seq2)
             except MemoryError:
-                seq1 = seq1[:len(seq1) / 4]
-                seq2 = seq2[:len(seq2) / 4]
+                seq2 = seq2[:len(seq2) / 1024]
             else:
                 break
 
diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
@@ -53,7 +53,7 @@ def create_sock():
                     break
                 else:
                     sock.close()
-            except ssl.SSLError, errMsg:
+            except (ssl.SSLError, socket.error), errMsg:
                 logger.debug("SSL connection error occurred ('%s')" % errMsg)
 
         if not success:
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
@@ -665,7 +665,7 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found
 
 def dictionaryAttack(attack_dict):
     suffix_list = [""]
-    custom_wordlist = []
+    custom_wordlist = [""]
     hash_regexes = []
     results = []
     resumes = []
@@ -769,9 +769,9 @@ def dictionaryAttack(attack_dict):
 
                     kb.wordlists = dictPaths
 
-                except SqlmapFilePathException, msg:
+                except Exception, ex:
                     warnMsg = "there was a problem while loading dictionaries"
-                    warnMsg += " ('%s')" % msg
+                    warnMsg += " ('%s')" % ex
                     logger.critical(warnMsg)
 
             message = "do you want to use common password suffixes? (slow!) [y/N] "
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
@@ -772,6 +772,9 @@ def getSchema(self):
         return kb.data.cachedColumns
 
     def _tableGetCount(self, db, table):
+        if not db or not table:
+            return None
+
         if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
             db = db.upper()
             table = table.upper()
