Merged master.

Author: tanaydin

data/txt/sha256sums.txt

@@ -174,8 +174,8 @@ e050353f74c0baaf906ffca91dd04591645455ae363ae732a7a23f91ffe2ef1c  lib/core/datat
 bdd1b5b3eb42cffdc1be78b8fe4e1bb2ec17cd86440a7aeb08fc599205089e94  lib/core/decorators.py
 9219f0bd659e4e22f4238ca67830adcb1e86041ce7fd3a8ae0e842f2593ae043  lib/core/defaults.py
 ec8d94fb704c0a40c88f5f283624cda025e2ea0e8b68722fe156c2b5676f53ac  lib/core/dicts.py
-65fb5a2fc7b3bb502cc2db684370f213ab76bff875f3cf72ef2b9ace774efda9  lib/core/dump.py
-0e28c66ea9dfa1b721cfca63c364bdc139f53ebc8f9c57126b0af7dc6b433dcc  lib/core/enums.py
+2070b406f123e4cc2b0015d125947c48b5f9afcb976ffaba9534841d30325310  lib/core/dump.py
+d653ec01dfa47ee93d2ffe53b1ab76b3a4fb649f517f9f6572a38186882e0255  lib/core/enums.py
 64bf6a5c2e456306a7b4f4c51f077412daf6c697fed232d8e23b77fd1a4c736e  lib/core/exception.py
 93c256111dc753967169988e1289a0ea10ec77bfb8e2cbd1f6725e939bfbc235  lib/core/gui.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/core/__init__.py
@@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7  lib/core/readl
 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c  lib/core/replication.py
 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f  lib/core/revision.py
 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24  lib/core/session.py
-f04c8a49a6c7205949d54bed4226abf8ab97361ceb4e0325fc260456a0ad412f  lib/core/settings.py
+fffc75cd873d5d75436e24a0121492e08a436846673ff43fffc3b2173162ff94  lib/core/settings.py
 a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db  lib/core/shell.py
 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7  lib/core/subprocessng.py
 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc  lib/core/target.py
@@ -199,7 +199,7 @@ b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625  lib/core/testi
 12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30  lib/core/wordlist.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/__init__.py
 a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2  lib/parse/banner.py
-2838467a296a05c6c94ddef1f42f1e7cddee3a9e755143bcb70129233056abad  lib/parse/cmdline.py
+947be08682b822eebc14caf0cf9b8f8c089a737ea511147d7262eb03b28c5f0b  lib/parse/cmdline.py
 3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac  lib/parse/configfile.py
 ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64  lib/parse/handler.py
 3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c  lib/parse/headers.py
@@ -476,8 +476,8 @@ b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294  plugins/generi
 5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c  README.md
 8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
-4037f1c78180550c1896543581c0c2423e970086bae46f175397f2b4c54b7323  sqlmap.conf
-f84846b8493d809d697a75b3d13d904013bbb03e0edd82b724f4753801609057  sqlmap.py
+002d27074b16fb864cbecfc2a065357e2727c43086bdf87c72979fa35f9b4ca3  sqlmap.conf
+6d75a4879385977c799852744a309d6f19c3155c7a5e9fd48633df48d80e4451  sqlmap.py
 9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0  tamper/0eunion.py
 c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54  tamper/apostrophemask.py
 19023093ab22aec3bce9523f28e8111e8f6125973e6d9c82adb60da056bdf617  tamper/apostrophenullencode.py
@@ -511,7 +511,6 @@ d498e409c96d2ae2cc86263ead52ae385e95e9ec27f28247180c7c73ec348b3f  tamper/informa
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  tamper/__init__.py
 b9a84211c84785361f4efa55858a1cdddd63cee644d0b8d4323b3a5e3db7d12f  tamper/least.py
 0de2bd766f883ac742f194f991c5d38799ffbf4346f4376be7ec8d750f2d9ef8  tamper/lowercase.py
-5015f35181dd4e4e0bddc67c4dfd86d6c509ae48a5f0212a122ff9a62f7352ce  tamper/luanginxmore.py
 c390d072ed48431ab5848d51b9ca5c4ff323964a770f0597bdde943ed12377f8  tamper/luanginx.py
 7eba10540514a5bfaee02e92b711e0f89ffe30b1672ec25c7680f2aa336c8a58  tamper/misunion.py
 b262da8d38dbb4be64d42e0ab07e25611da11c5d07aa11b09497b344a4c76b8d  tamper/modsecurityversioned.py

lib/core/dump.py

@@ -47,6 +47,8 @@
 from lib.core.replication import Replication
 from lib.core.settings import DUMP_FILE_BUFFER_SIZE
 from lib.core.settings import HTML_DUMP_CSS_STYLE
+from lib.core.settings import HTML_DUMP_CSS_SORTABLE_STYLE
+from lib.core.settings import HTML_DUMP_SORTABLE_JAVASCRIPT
 from lib.core.settings import IS_WIN
 from lib.core.settings import METADB_SUFFIX
 from lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE
@@ -541,6 +543,9 @@ def dbTableValues(self, tableValues):
             dataToDumpFile(dumpFP, "<meta name=\"generator\" content=\"%s\" />\n" % VERSION_STRING)
             dataToDumpFile(dumpFP, "<title>%s</title>\n" % ("%s%s" % ("%s." % db if METADB_SUFFIX not in db else "", table)))
             dataToDumpFile(dumpFP, HTML_DUMP_CSS_STYLE)
+            if conf.dumpSortable:
+                dataToDumpFile(dumpFP, HTML_DUMP_CSS_SORTABLE_STYLE)
+                dataToDumpFile(dumpFP, HTML_DUMP_SORTABLE_JAVASCRIPT)
             dataToDumpFile(dumpFP, "\n</head>\n<body>\n<table>\n<thead>\n<tr>\n")
 
         if count == 1:

lib/core/enums.py

@@ -229,6 +229,7 @@ class REGISTRY_OPERATION(object):
 class DUMP_FORMAT(object):
     CSV = "CSV"
     HTML = "HTML"
+    SORTABLE_HTML = "SORTABLE_HTML"
     SQLITE = "SQLITE"
 
 class HTTP_HEADER(object):

lib/core/settings.py

@@ -918,29 +918,163 @@
 
 # CSS style used in HTML dump format
 HTML_DUMP_CSS_STYLE = """<style>
-table{
-    margin:10;
-    background-color:#FFFFFF;
-    font-family:verdana;
-    font-size:12px;
-    align:center;
+table {
+  margin: 10px;
+  background: #fff;
+  font: 12px verdana;
+  text-align: center;
 }
 thead{
     font-weight:bold;
     background-color:#4F81BD;
-    color:#FFFFFF;
+    color: #fff;
 }
 tr:nth-child(even) {
-    background-color: #D3DFEE
+    background-color: #D3DFEE;
 }
-td{
-    font-size:12px;
+</style>"""
+
+HTML_DUMP_CSS_SORTABLE_STYLE = """
+<style>
+table thead th {
+  cursor: pointer;
+  white-space: nowrap;
+  position: sticky;
+  top: 0;
+  z-index: 1;
 }
-th{
-    font-size:12px;
+
+table thead th::after,
+table thead th::before {
+  color: transparent;
+}
+
+table thead th::after {
+  margin-left: 3px;
+  content: "▸";
+}
+
+table thead th:hover::after,
+table thead th[aria-sort]::after {
+  color: inherit;
+}
+
+table thead th[aria-sort=descending]::after {
+  content: "▾";
 }
-</style>"""
 
+table thead th[aria-sort=ascending]::after {
+  content: "▴";
+}
+
+table thead th.indicator-left::before {
+  margin-right: 3px;
+  content: "▸";
+}
+
+table thead th.indicator-left[aria-sort=descending]::before {
+  color: inherit;
+  content: "▾";
+}
+
+table thead th.indicator-left[aria-sort=ascending]::before {
+  color: inherit;
+  content: "▴";
+}
+</style>
+"""
+HTML_DUMP_SORTABLE_JAVASCRIPT = """<script>
+window.addEventListener('DOMContentLoaded', () => {
+  document.addEventListener('click', event => {
+    try {
+      const isAltSort = event.shiftKey || event.altKey;
+
+      // Find the clicked table header
+      const findParentElement = (element, nodeName) => 
+        element.nodeName === nodeName ? element : findParentElement(element.parentNode, nodeName);
+      
+      const headerCell = findParentElement(event.target, 'TH');
+      const headerRow = headerCell.parentNode;
+      const thead = headerRow.parentNode;
+      const table = thead.parentNode;
+
+      if (thead.nodeName !== 'THEAD') return;
+
+      // Reset sort indicators on other headers
+      Array.from(headerRow.cells).forEach(cell => {
+        if (cell !== headerCell) cell.removeAttribute('aria-sort');
+      });
+
+      // Toggle sort direction
+      const currentSort = headerCell.getAttribute('aria-sort');
+      const isAscending = table.classList.contains('asc') && currentSort !== 'ascending';
+      const sortDirection = (currentSort === 'descending' || isAscending) ? 'ascending' : 'descending';
+      headerCell.setAttribute('aria-sort', sortDirection);
+
+      // Debounce sort operation
+      if (table.dataset.timer) clearTimeout(Number(table.dataset.timer));
+      
+      table.dataset.timer = setTimeout(() => {
+        sortTable(table, isAltSort);
+      }, 1).toString();
+    } catch (error) {
+      console.error('Sorting error:', error);
+    }
+  });
+});
+
+function sortTable(table, useAltSort) {
+  table.dispatchEvent(new CustomEvent('sort-start', { bubbles: true }));
+
+  const sortHeader = table.tHead.querySelector('th[aria-sort]');
+  const headerRow = table.tHead.children[0];
+  const isAscending = sortHeader.getAttribute('aria-sort') === 'ascending';
+  const shouldPushEmpty = table.classList.contains('n-last');
+  const sortColumnIndex = Number(sortHeader.dataset.sortCol ?? sortHeader.cellIndex);
+
+  const getCellValue = cell => {
+    if (useAltSort) return cell.dataset.sortAlt;
+    return cell.dataset.sort ?? cell.textContent;
+  };
+
+  const compareRows = (row1, row2) => {
+    const value1 = getCellValue(row1.cells[sortColumnIndex]);
+    const value2 = getCellValue(row2.cells[sortColumnIndex]);
+
+    // Handle empty values
+    if (shouldPushEmpty) {
+      if (value1 === '' && value2 !== '') return -1;
+      if (value2 === '' && value1 !== '') return 1;
+    }
+
+    // Compare numerically if possible, otherwise use string comparison
+    const numericDiff = Number(value1) - Number(value2);
+    const comparison = isNaN(numericDiff) ? 
+      value1.localeCompare(value2, undefined, { numeric: true }) : 
+      numericDiff;
+
+    // Handle tiebreaker
+    if (comparison === 0 && headerRow.cells[sortColumnIndex]?.dataset.sortTbr) {
+      const tiebreakIndex = Number(headerRow.cells[sortColumnIndex].dataset.sortTbr);
+      return compareRows(row1, row2, tiebreakIndex);
+    }
+
+    return isAscending ? -comparison : comparison;
+  };
+
+  // Sort each tbody
+  Array.from(table.tBodies).forEach(tbody => {
+    const rows = Array.from(tbody.rows);
+    const sortedRows = rows.sort(compareRows);
+    
+    const newTbody = tbody.cloneNode();
+    newTbody.append(...sortedRows);
+    tbody.replaceWith(newTbody);
+  });
+
+  table.dispatchEvent(new CustomEvent('sort-end', { bubbles: true }));
+}
+</script>"""
 # Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)
 for key, value in os.environ.items():
     if key.upper().startswith("%s_" % SQLMAP_ENVIRONMENT_PREFIX):

lib/parse/cmdline.py

@@ -677,7 +677,7 @@ def cmdLineParser(argv=None):
             help="Store dumped data to a custom file")
 
         general.add_argument("--dump-format", dest="dumpFormat",
-            help="Format of dumped data (CSV (default), HTML or SQLITE)")
+            help="Format of dumped data (CSV (default), HTML, SORTABLE_HTML or SQLITE)")
 
         general.add_argument("--encoding", dest="encoding",
             help="Character encoding used for data retrieval (e.g. GBK)")
@@ -857,6 +857,9 @@ def cmdLineParser(argv=None):
         parser.add_argument("--smoke-test", dest="smokeTest", action="store_true",
             help=SUPPRESS)
 
+        parser.add_argument("--update-sums", dest="updateSums", action="store_true",
+            help=SUPPRESS)
+
         parser.add_argument("--vuln-test", dest="vulnTest", action="store_true",
             help=SUPPRESS)
 

sqlmap.conf

@@ -758,9 +758,10 @@ csvDel = ,
 dumpFile =
 
 # Format of dumped data
-# Valid: CSV, HTML or SQLITE
+# Valid: CSV, HTML, SORTABLE_HTML or SQLITE
 dumpFormat = CSV
 
+dumpSortable = False
 # Force character encoding used for data retrieval.
 encoding = 
 

sqlmap.py

@@ -158,6 +158,12 @@ def main():
         if checkPipedInput():
             conf.batch = True
 
+        if conf.get("dumpFormat") == "SORTABLE_HTML":
+            conf.dumpFormat = "HTML"
+            conf.dumpSortable = True
+        else:
+            conf.dumpSortable = False
+
         if conf.get("api"):
             # heavy imports
             from lib.utils.api import StdDbOut
@@ -179,6 +185,9 @@ def main():
         if not conf.updateAll:
             # Postponed imports (faster start)
             if conf.smokeTest:
+                if conf.updateSums:
+                    from lib.core.common import updateSums
+                    updateSums()
                 from lib.core.testing import smokeTest
                 os._exitcode = 1 - (smokeTest() or 0)
             elif conf.vulnTest: