Permalink
Browse files

Adding integrity checks in case of unhandled exceptions

  • Loading branch information...
1 parent 7427b55 commit e485531b71dd6b700b4dfd36ce8983144a906047 @stamparm stamparm committed Jul 16, 2016
Showing with 33 additions and 11 deletions.
  1. +2 −1 .gitattributes
  2. +17 −0 lib/core/common.py
  3. +1 −1 lib/core/settings.py
  4. +10 −6 sqlmap.py
  5. +3 −3 txt/checksum.md5
View
@@ -1,5 +1,6 @@
-*.py text eol=lf
*.conf text eol=lf
+*.md5 text eol=lf
+*.py text eol=lf
*_ binary
*.dll binary
View
@@ -1207,6 +1207,7 @@ def setPaths():
paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst")
paths.GITHUB_HISTORY = os.path.join(_, "github.hst")
+ paths.CHECKSUM_MD5 = os.path.join(paths.SQLMAP_TXT_PATH, "checksum.md5")
paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
@@ -3077,6 +3078,22 @@ def decodeIntToUnicode(value):
return retVal
+def checkIntegrity():
+ """
+ Checks integrity of code files during the unhandled exceptions
+ """
+
+ retVal = True
+ for checksum, _ in (re.split(r'\s+', _) for _ in getFileItems(paths.CHECKSUM_MD5)):
+ path = os.path.normpath(os.path.join(paths.SQLMAP_ROOT_PATH, _))
+ if not os.path.isfile(path):
+ logger.error("missing file detected '%s'" % path)
+ retVal = False
+ elif hashlib.md5(open(path, 'rb').read()).hexdigest() != checksum:
+ logger.error("wrong checksum of file '%s' detected" % path)
+ retVal = False
+ return retVal
+
def unhandledExceptionMessage():
"""
Returns detailed message about occurred unhandled exception
@@ -19,7 +19,7 @@
from lib.core.revision import getRevisionNumber
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.7.29"
+VERSION = "1.0.7.30"
REVISION = getRevisionNumber()
STABLE = VERSION.count('.') <= 2
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
View
@@ -34,6 +34,7 @@
try:
from lib.controller.controller import start
from lib.core.common import banner
+ from lib.core.common import checkIntegrity
from lib.core.common import createGithubIssue
from lib.core.common import dataToStdout
from lib.core.common import getSafeExString
@@ -196,7 +197,15 @@ def main():
excMsg = traceback.format_exc()
try:
- if any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
+ if not checkIntegrity():
+ errMsg = "code integrity check failed. "
+ errMsg += "You should retrieve the latest development version from official GitHub "
+ errMsg += "repository at '%s'" % GIT_PAGE
+ logger.critical(errMsg)
+ print
+ print excMsg.strip()
+ raise SystemExit
+ elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
errMsg = "no space left on output device"
logger.error(errMsg)
raise SystemExit
@@ -213,11 +222,6 @@ def main():
logger.error(errMsg)
raise SystemExit
- elif "in _loadQueries" in excMsg:
- errMsg = "invalid structure of 'xml/queries.xml' file"
- logger.error(errMsg)
- raise SystemExit
-
elif "_mkstemp_inner" in excMsg:
errMsg = "there has been a problem while accessing temporary files"
logger.error(errMsg)
View
@@ -109,7 +109,7 @@ b04db3e861edde1f9dd0a3850d5b96c8 ./shell/backdoor.asp_
ff90cb0366f7cefbdd6e573e27e6238c ./shell/runcmd.exe_
01e3505e796edf19aad6a996101c81c9 ./shell/stager.php_
1f7f125f30e0e800beb21e2ebbab18e1 ./shell/stager.jsp_
-28bdeba99aa04e10f00530eb88fef301 ./sqlmap.py
+af69c5e3d20bd472ba386056e9cf2fd6 ./sqlmap.py
07eb9ee33a3e31bfc74763bea8026a2b ./waf/knownsec.py
d50415b49d9df72cb9d193d05630ab8a ./waf/fortiweb.py
8d5609a37127782fb35af4f67b5787ee ./waf/proventia.py
@@ -311,7 +311,7 @@ e77cca1cb063016f71f6e6bdebf4ec73 ./lib/core/data.py
2689f320908964b2c88a3eb8265fd2dd ./lib/core/agent.py
8485a3cd94c0a5af2718bad60c5f1ae5 ./lib/core/wordlist.py
eb0bd28b0bd9fbf67dcc3119116df377 ./lib/core/bigarray.py
-86f543debcb2011d983fac4482f1e544 ./lib/core/settings.py
+662c04d988a5308b98ea74df68f50392 ./lib/core/settings.py
34a45b9bc68a6381247a620ddf30de1c ./lib/core/enums.py
99a2b496b9d5b546b335653ca801153f ./lib/core/revision.py
4a16002c5d9cd047c2e89ddc5db63737 ./lib/core/dicts.py
@@ -333,7 +333,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e ./lib/core/__init__.py
67f206cf2658145992cc1d7020138325 ./lib/core/defaults.py
7af83e4f18cab6dff5e67840eb65be80 ./lib/core/shell.py
1d042f0bc0557d3fd564ea5a46deb77e ./lib/core/datatype.py
-b1e8297aa42eec379936b4ce7f2934b2 ./lib/core/common.py
+25fcb4a9fd187cb587847852df4ac784 ./lib/core/common.py
1d064463302b85b2241263ea48a83837 ./lib/takeover/metasploit.py
7083825564c051a7265cfdd1a5e6629c ./lib/takeover/registry.py
7d6cd7bdfc8f4bc4e8aed60c84cdf87f ./lib/takeover/udf.py

0 comments on commit e485531

Please sign in to comment.