diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 9e2155934e..f56a318885 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -166,7 +166,7 @@ de2b0220db1c79d8720b636d267b11e117151f5f99740567096e9b4cbb7cc9d5 lib/controller 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/controller/__init__.py 41c7fb7e486c4383a114c851f0c32c81c53c2b4f1d2a0fd99f70885072646387 lib/core/agent.py f848dcfdacb5143f803f4e9474cf3eef939039c26c522ca09777c425661300f0 lib/core/bigarray.py -afecad4b14e8008f6f97a6ec653fc930dfd8dc65f9d24a51274f8b5c3f63a4e2 lib/core/common.py +d97c7aa46adc682cb56ebeb192fa4aefdf578ffb7869cc939e7f5b508a5632c7 lib/core/common.py 88fbbe7c41511b17d7ef449d675a84eaa80cac6ebf457a18577eadd62f6f1330 lib/core/compat.py 5ce8f2292f99d17d69bfc40ded206bfdfd06e2e3660ff9d1b3c56163793f8d1c lib/core/convert.py f561310b3cea570cc13d9f0aff16cce8b097d51275f8b947e7fff4876ac65c32 lib/core/data.py @@ -199,7 +199,7 @@ b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625 lib/core/testi 12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30 lib/core/wordlist.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/__init__.py a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2 lib/parse/banner.py -2838467a296a05c6c94ddef1f42f1e7cddee3a9e755143bcb70129233056abad lib/parse/cmdline.py +1bd0c5d9be63151b8ec4127f6a3c8821f5bf74ae904184e3374f2da00e9c96cc lib/parse/cmdline.py 3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac lib/parse/configfile.py ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64 lib/parse/handler.py 3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c lib/parse/headers.py @@ -477,7 +477,7 @@ b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294 plugins/generi 8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30 sqlmapapi.py 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml 4037f1c78180550c1896543581c0c2423e970086bae46f175397f2b4c54b7323 sqlmap.conf -f84846b8493d809d697a75b3d13d904013bbb03e0edd82b724f4753801609057 sqlmap.py +8b835a80cf49cc9532442e09f5cae05059811c003099ae84ddab0ad6bd5271a7 sqlmap.py 9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0 tamper/0eunion.py c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54 tamper/apostrophemask.py 19023093ab22aec3bce9523f28e8111e8f6125973e6d9c82adb60da056bdf617 tamper/apostrophenullencode.py diff --git a/lib/core/common.py b/lib/core/common.py index 8fc73e956b..a3c0d052e9 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2555,7 +2555,7 @@ def initCommonOutputs(): if line not in kb.commonOutputs[key]: kb.commonOutputs[key].add(line) -def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False): +def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False, raiseOnError=True): """ Returns newline delimited items contained inside file @@ -2568,7 +2568,7 @@ def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, un if filename: filename = filename.strip('"\'') - checkFile(filename) + checkFile(filename, raiseOnError=raiseOnError) try: with openFile(filename, 'r', errors="ignore") if unicoded else open(filename, 'r') as f: @@ -5601,18 +5601,45 @@ def checkSums(): retVal = True - if paths.get("DIGEST_FILE"): - for entry in getFileItems(paths.DIGEST_FILE): - match = re.search(r"([0-9a-f]+)\s+([^\s]+)", entry) - if match: - expected, filename = match.groups() - filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename).replace('/', os.path.sep) - if not checkFile(filepath, False): - continue - with open(filepath, "rb") as f: - content = f.read() - if not hashlib.sha256(content).hexdigest() == expected: - retVal &= False - break + for entry in getFileItems(paths.DIGEST_FILE, raiseOnError=False): + try: + (file_hash, file_name) = entry.split() + except ValueError: + retVal &= False + break + if len(file_hash) == 64: + if not hashlib.sha256( + openFile( + os.path.join( + paths.SQLMAP_ROOT_PATH, file_name.encode('utf-8').decode('utf-8') + ).replace('/', os.path.sep), + 'rb', None).read()).hexdigest() == file_hash: + retVal &= False + break return retVal + + +def updateSums(): + # Read existing entries to maintain file order + entries = "" + for entry in getFileItems(paths.DIGEST_FILE, raiseOnError=False): + try: + (file_hash, file_name) = entry.split() + except ValueError: + break + if len(file_hash) == 64: + entries += "%s %s\n" % ( + hashlib.sha256( + openFile( + os.path.join( + paths.SQLMAP_ROOT_PATH, file_name.encode('utf-8').decode('utf-8') + ).replace('/', os.path.sep), 'rb', None).read() + ).hexdigest(), + file_name.encode('utf-8').decode('utf-8'), + ) + with open(paths.DIGEST_FILE, "w") as f: + f.write(entries) + else: + pass + diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 30951855b1..ac3797ab7b 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -857,6 +857,9 @@ def cmdLineParser(argv=None): parser.add_argument("--smoke-test", dest="smokeTest", action="store_true", help=SUPPRESS) + parser.add_argument("--update-sums", dest="updateSums", action="store_true", + help=SUPPRESS) + parser.add_argument("--vuln-test", dest="vulnTest", action="store_true", help=SUPPRESS) diff --git a/sqlmap.py b/sqlmap.py index d2ccee7455..abff2fd7b4 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -179,6 +179,9 @@ def main(): if not conf.updateAll: # Postponed imports (faster start) if conf.smokeTest: + if conf.updateSums: + from lib.core.common import updateSums + updateSums() from lib.core.testing import smokeTest os._exitcode = 1 - (smokeTest() or 0) elif conf.vulnTest: