Minor update

stamparm · stamparm · commit 130bcd4b9b2c · 2019-05-24T14:18:18.000+02:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -7,13 +7,11 @@
 
 import copy
 import logging
-import os
 import random
 import re
 import socket
 import subprocess
 import sys
-import tempfile
 import time
 
 from extra.beep.beep import beep
@@ -33,7 +31,6 @@
 from lib.core.common import hashDBWrite
 from lib.core.common import intersect
 from lib.core.common import listToStrValue
-from lib.core.common import openFile
 from lib.core.common import parseFilePaths
 from lib.core.common import popValue
 from lib.core.common import pushValue
@@ -44,26 +41,22 @@
 from lib.core.common import singleTimeLogMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
-from lib.core.common import urlencode
 from lib.core.common import wasLastResponseDBMSError
 from lib.core.common import wasLastResponseHTTPError
 from lib.core.compat import xrange
 from lib.core.convert import getUnicode
-from lib.core.defaults import defaults
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
-from lib.core.decorators import cachedmethod
 from lib.core.decorators import stackedmethod
 from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.enums import DBMS
 from lib.core.enums import HASHDB_KEYS
 from lib.core.enums import HEURISTIC_TEST
 from lib.core.enums import HTTP_HEADER
 from lib.core.enums import HTTPMETHOD
-from lib.core.enums import MKSTEMP_PREFIX
 from lib.core.enums import NOTE
 from lib.core.enums import NULLCONNECTION
 from lib.core.enums import PAYLOAD
@@ -81,7 +74,6 @@
 from lib.core.settings import CHECK_INTERNET_ADDRESS
 from lib.core.settings import CHECK_INTERNET_VALUE
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
-from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
 from lib.core.settings import FI_ERROR_REGEX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@@ -1387,6 +1379,7 @@ def checkWaf():
     pushValue(kb.resendPostOnRedirect)
     pushValue(conf.timeout)
 
+    kb.identYwaf = True
     kb.redirectChoice = REDIRECTION.YES
     kb.resendPostOnRedirect = False
     conf.timeout = IDS_WAF_CHECK_TIMEOUT
@@ -1396,30 +1389,31 @@ def checkWaf():
     except SqlmapConnectionException:
         retVal = True
     finally:
+        kb.identYwaf = False
         kb.matchRatio = None
 
         conf.timeout = popValue()
         kb.resendPostOnRedirect = popValue()
         kb.redirectChoice = popValue()
 
+    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
+
     if retVal:
         if not kb.identifiedWafs:
             warnMsg = "heuristics detected that the target "
             warnMsg += "is protected by some kind of WAF/IPS"
             logger.critical(warnMsg)
 
         message = "are you sure that you want to "
-        message += "continue with further target testing? [y/N] "
-        choice = readInput(message, default='N', boolean=True)
-
-        if not conf.tamper:
-            warnMsg = "please consider usage of tamper scripts (option '--tamper')"
-            singleTimeWarnMessage(warnMsg)
+        message += "continue with further target testing? [Y/n] "
+        choice = readInput(message, default='Y', boolean=True)
 
         if not choice:
             raise SqlmapUserQuitException
-
-    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
+        else:
+            if not conf.tamper:
+                warnMsg = "please consider usage of tamper scripts (option '--tamper')"
+                singleTimeWarnMessage(warnMsg)
 
     return retVal
 
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -68,7 +68,7 @@
 from lib.core.defaults import defaults
 from lib.core.dicts import DBMS_DICT
 from lib.core.dicts import DEFAULT_DOC_ROOTS
-from lib.core.dicts import DEPRECATED_OPTIONS
+from lib.core.dicts import OLD_OPTIONS
 from lib.core.dicts import SQL_STATEMENTS
 from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CONTENT_STATUS
@@ -4457,17 +4457,19 @@ def getHostHeader(url):
 
     return retVal
 
-def checkDeprecatedOptions(args):
+def checkOldOptions(args):
     """
-    Checks for deprecated options
+    Checks for deprecated/obsolete options
     """
 
     for _ in args:
         _ = _.split('=')[0].strip()
-        if _ in DEPRECATED_OPTIONS:
-            errMsg = "switch/option '%s' is deprecated" % _
-            if DEPRECATED_OPTIONS[_]:
-                errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
+        if _ in OLD_OPTIONS:
+            if OLD_OPTIONS[_]:
+                errMsg = "switch/option '%s' is deprecated" % _
+                errMsg += " (hint: %s)" % OLD_OPTIONS[_]
+            else:
+                errMsg = "switch/option '%s' is obsolete" % _
             raise SqlmapSyntaxException(errMsg)
 
 def checkSystemEncoding():
diff --git a/lib/core/dicts.py b/lib/core/dicts.py
@@ -280,7 +280,7 @@
     POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
 }
 
-DEPRECATED_OPTIONS = {
+OLD_OPTIONS = {
     "--replicate": "use '--dump-format=SQLITE' instead",
     "--no-unescape": "use '--no-escape' instead",
     "--binary": "use '--binary-fields' instead",
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1886,6 +1886,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.hintValue = None
     kb.htmlFp = []
     kb.httpErrorCodes = {}
+    kb.identYwaf = False
     kb.inferenceMode = False
     kb.ignoreCasted = None
     kb.ignoreNotFound = False
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.132"
+VERSION = "1.3.5.133"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/core/testing.py b/lib/core/testing.py
@@ -71,7 +71,7 @@ def _thread():
     thread.start()
 
     for options, checks in (
-        ("--flush-session --identify-waf", ("CloudFlare",)),
+        ("--flush-session", ("CloudFlare",)),
         ("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
         ("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
         ("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py
@@ -5,7 +5,6 @@
 See the file 'LICENSE' for copying permission
 """
 
-import os
 import zipfile
 
 from lib.core.common import getSafeExString
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -17,7 +17,7 @@
 from optparse import OptionParser
 from optparse import SUPPRESS_HELP
 
-from lib.core.common import checkDeprecatedOptions
+from lib.core.common import checkOldOptions
 from lib.core.common import checkSystemEncoding
 from lib.core.common import dataToStdout
 from lib.core.common import expandMnemonics
@@ -789,7 +789,7 @@ def _(self, *args):
             _.append(getUnicode(arg, encoding=sys.stdin.encoding))
 
         argv = _
-        checkDeprecatedOptions(argv)
+        checkOldOptions(argv)
 
         prompt = "--sqlmap-shell" in argv
 
diff --git a/lib/request/basic.py b/lib/request/basic.py
@@ -387,13 +387,14 @@ def processResponse(page, responseHeaders, code=None, status=None):
 
     rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(responseHeaders.headers), page)
 
-    identYwaf.non_blind.clear()
-    if identYwaf.non_blind_check(rawResponse, silent=True):
-        for waf in identYwaf.non_blind:
-            if waf not in kb.identifiedWafs:
-                kb.identifiedWafs.add(waf)
-                errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
-                singleTimeLogMessage(errMsg, logging.CRITICAL)
+    if kb.identYwaf:
+        identYwaf.non_blind.clear()
+        if identYwaf.non_blind_check(rawResponse, silent=True):
+            for waf in identYwaf.non_blind:
+                if waf not in kb.identifiedWafs:
+                    kb.identifiedWafs.add(waf)
+                    errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
+                    singleTimeLogMessage(errMsg, logging.CRITICAL)
 
     if kb.originalPage is None:
         for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX):

Original file line number	Diff line number	Diff line change
`@@ -280,7 +280,7 @@`
`280`	`280`	`POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",`
`281`	`281`	`}`
`282`	`282`
`283`		`-DEPRECATED_OPTIONS = {`
	`283`	`+OLD_OPTIONS = {`
`284`	`284`	`"--replicate": "use '--dump-format=SQLITE' instead",`
`285`	`285`	`"--no-unescape": "use '--no-escape' instead",`
`286`	`286`	`"--binary": "use '--binary-fields' instead",`