[pull] master from sqlmapproject:master

data/txt/sha256sums.txt

@@ -170,7 +170,7 @@ ac44a343947162532dbf17bd1f9ab424f8008f677367c5ad3f9f7b715a679818  lib/core/agent
 86a9cb82c7e7beb4730264dae20bf3b7cd87c0dcaee587367362cf319f7bb079  lib/core/bigarray.py
 f6062e324fdeaacf9df0a289fc3f12f755143e3876a70cb65b38aa2e690f73c1  lib/core/common.py
 11c748cc96ea2bc507bc6c1930a17fe4bc6fdd2dd2a80430df971cb21428eb00  lib/core/compat.py
-39ea62d4224be860befeffb3843c150f2343b64555ad8c438a400222056f6cc0  lib/core/convert.py
+e5eae3c41fbe525326a14fa240882ba7e1083e0fc0561f15c9ae41a4592d3f53  lib/core/convert.py
 ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1  lib/core/data.py
 b22decc8389c94a13f1adf07eb343cf3b2aae3fb3909fd4107e24bbede7c7deb  lib/core/datatype.py
 253309dc355ae27cd275e7de5a068e7e22feba603c4fe3429e2b69f8a51c0d13  lib/core/decorators.py
@@ -190,7 +190,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-9fd2f4141bce8cfa5b0e10d7391c12b46fa5a7d574c548a5d75597ff6df48bf0  lib/core/settings.py
+f869523fb2f64f4cb415ede7dda998b903dfd885c6a65b860e4f572497675181  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
@@ -393,7 +393,7 @@ a1cf9a8cd5e263d1e48dc8b5281febaf868ee91f1e0587dee915949fdb6da1ea  plugins/dbms/m
 84d9f336ff3d75a1127c7f5ccda7bff6dac947d7d8bbeee2014e8a29b984a98d  plugins/dbms/monetdb/takeover.py
 545fbbb386ab7819261a3917d0f016d723dbced8e065945ba60271a73544c459  plugins/dbms/mssqlserver/connector.py
 2895d14ead30d7ee4e1fdb29a8d1d059493ad60490ed2e9ff6cb9680257554cd  plugins/dbms/mssqlserver/enumeration.py
-89cbc49cd9113e9ba91be090f79c0384089d1bfed785ac8ee5b07f84309c74cb  plugins/dbms/mssqlserver/filesystem.py
+5f8789cca87732612044fa1b952eceb52c0a354d70dc31fb9fe966ce796f89b7  plugins/dbms/mssqlserver/filesystem.py
 87a35cadd3fe4987f548f498c442f748cf1f37650fd1dcd8decd1455a90d675c  plugins/dbms/mssqlserver/fingerprint.py
 784d6065921a8efbba970864a2cb2e0ef1dd1fcea7181cfc3f737bbfa18f0574  plugins/dbms/mssqlserver/__init__.py
 79a887b5a2449bb086805560ff0ec2a2304dd142f47450ae9c2f88cf8bda9ac9  plugins/dbms/mssqlserver/syntax.py

lib/core/convert.py

@@ -138,29 +138,6 @@ def dejsonize(data):
 
     return json.loads(data)
 
-def rot13(data):
-    """
-    Returns ROT13 encoded/decoded text
-
-    >>> rot13('foobar was here!!')
-    'sbbone jnf urer!!'
-    >>> rot13('sbbone jnf urer!!')
-    'foobar was here!!'
-    >>> rot13(b'foobar was here!!')
-    'sbbone jnf urer!!'
-    """
-
-    retVal = ""
-    alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
-
-    if isinstance(data, six.binary_type):
-        data = getText(data)
-
-    for char in data:
-        retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char
-
-    return retVal
-
 def decodeHex(value, binary=True):
     """
     Returns a decoded representation of the provided hexadecimal value
@@ -361,6 +338,8 @@ def getUnicode(value, encoding=None, noneToNull=False):
     True
     >>> getUnicode(None) == 'None'
     True
+    >>> getUnicode(b'/etc/passwd') == '/etc/passwd'
+    True
     """
 
     # Best position for --time-limit mechanism
@@ -377,7 +356,7 @@ def getUnicode(value, encoding=None, noneToNull=False):
         candidates = filterNone((encoding, kb.get("pageEncoding") if kb.get("originalPage") else None, conf.get("encoding"), UNICODE_ENCODING, sys.getfilesystemencoding()))
         if all(_ in value for _ in (b'<', b'>')):
             pass
-        elif any(_ in value for _ in (b":\\", b'/', b'.')) and b'\n' not in value:
+        elif b'\n' not in value and re.search(r"(?i)\w+\.\w{2,3}\Z|\A(\w:\\|/\w+)", six.text_type(value, UNICODE_ENCODING, errors="ignore")):
             candidates = filterNone((encoding, sys.getfilesystemencoding(), kb.get("pageEncoding") if kb.get("originalPage") else None, UNICODE_ENCODING, conf.get("encoding")))
         elif conf.get("encoding") and b'\n' not in value:
             candidates = filterNone((encoding, conf.get("encoding"), kb.get("pageEncoding") if kb.get("originalPage") else None, sys.getfilesystemencoding(), UNICODE_ENCODING))
@@ -426,10 +405,13 @@ def getText(value, encoding=None):
 
 def stdoutEncode(value):
     """
-    Returns binary representation of a given Unicode value safe for writing to stdout
+    Returns textual representation of a given value safe for writing to stdout
+    >>> stdoutEncode(b"foobar")
+    'foobar'
     """
 
-    value = value or ""
+    if value is None:
+        value = ""
 
     if IS_WIN and IS_TTY and kb.get("codePage", -1) is None:
         output = shellExec("chcp")
@@ -439,36 +421,32 @@ def stdoutEncode(value):
             try:
                 candidate = "cp%s" % match.group(1)
                 codecs.lookup(candidate)
-            except LookupError:
-                pass
-            else:
                 kb.codePage = candidate
+            except (LookupError, TypeError):
+                pass
 
         kb.codePage = kb.codePage or ""
 
-    if isinstance(value, six.text_type):
-        encoding = kb.get("codePage") or getattr(sys.stdout, "encoding", None) or UNICODE_ENCODING
-
-        while True:
-            try:
-                retVal = value.encode(encoding)
-                break
-            except UnicodeEncodeError as ex:
-                value = value[:ex.start] + "?" * (ex.end - ex.start) + value[ex.end:]
-
-                warnMsg = "cannot properly display (some) Unicode characters "
-                warnMsg += "inside your terminal ('%s') environment. All " % encoding
-                warnMsg += "unhandled occurrences will result in "
-                warnMsg += "replacement with '?' character. Please, find "
-                warnMsg += "proper character representation inside "
-                warnMsg += "corresponding output files"
-                singleTimeWarnMessage(warnMsg)
+    encoding = kb.get("codePage") or getattr(sys.stdout, "encoding", None) or UNICODE_ENCODING
 
-        if six.PY3:
-            retVal = getUnicode(retVal, encoding)
+    if six.PY3:
+        if isinstance(value, (bytes, bytearray)):
+            value = getUnicode(value, encoding)
+        elif not isinstance(value, str):
+            value = str(value)
 
+        try:
+            retVal = value.encode(encoding, errors="replace").decode(encoding, errors="replace")
+        except (LookupError, TypeError):
+            retVal = value.encode("ascii", errors="replace").decode("ascii", errors="replace")
     else:
-        retVal = value
+        if isinstance(value, six.text_type):
+            try:
+                retVal = value.encode(encoding, errors="replace")
+            except (LookupError, TypeError):
+                retVal = value.encode("ascii", errors="replace")
+        else:
+            retVal = value
 
     return retVal
 

lib/core/settings.py

@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.12.51"
+VERSION = "1.9.12.54"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

plugins/dbms/mssqlserver/filesystem.py

@@ -5,6 +5,7 @@
 See the file 'LICENSE' for copying permission
 """
 
+import codecs
 import ntpath
 import os
 
@@ -18,7 +19,6 @@
 from lib.core.compat import xrange
 from lib.core.convert import encodeBase64
 from lib.core.convert import encodeHex
-from lib.core.convert import rot13
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -334,7 +334,7 @@ def _stackedWriteFileVbs(self, tmpPath, localFileContent, remoteFile, fileType):
         Raq Shapgvba"""
 
         # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5581
-        vbs = rot13(vbs)
+        vbs = codecs.decode(vbs, "rot13")
         vbs = vbs.replace("    ", "")
         encodedFileContent = encodeBase64(localFileContent, binary=False)