Commit 8c8fa7f4 authored by Nong Hoang Tu's avatar Nong Hoang Tu
Browse files

New upstream version 1.5.6

parents
*.conf text eol=lf
*.md text eol=lf
*.md5 text eol=lf
*.py text eol=lf
*.xml text eol=lf
LICENSE text eol=lf
COMMITMENT text eol=lf
*_ binary
*.dll binary
*.pdf binary
*.so binary
*.wav binary
*.zip binary
*.x32 binary
*.x64 binary
*.exe binary
*.sln binary
*.vcproj binary
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at dev@sqlmap.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/
# Contributing to sqlmap
## Reporting bugs
**Bug reports are welcome**!
Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
### Guidelines
* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
* Make sure you can reproduce the bug with the latest development version of sqlmap.
* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
## Submitting code changes
All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
### Guidelines
In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
* Each patch should make one logical change.
* Avoid tabbing, use four blank spaces instead.
* Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org).
* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
* Style that is too different from main branch will be ''adapted'' by the developers side.
* Do not touch anything inside `thirdparty/` and `extra/` folders.
### Licensing
By submitting code contributions to the sqlmap developers or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.
custom: 'https://www.paypal.com/donate?hosted_button_id=A34GMDLKA2V7G'
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: bug report
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
1. Run '...'
2. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Running environment:**
- sqlmap version [e.g. 1.3.5.93#dev]
- Installation method [e.g. git]
- Operating system: [e.g. Microsoft Windows 10]
- Python version [e.g. 3.5.2]
**Target details:**
- DBMS [e.g. Microsoft SQL Server]
- SQLi techniques found by sqlmap [e.g. error-based and boolean-based blind]
- WAF/IPS [if any]
- Relevant console output [if any]
- Exception traceback [if any]
**Additional context**
Add any other context about the problem here.
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: feature request
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
output/
__pycache__/
*.py[cod]
.sqlmap_history
traffic.txt
*~
req*.txt
.idea/
\ No newline at end of file
# Based on Apache 2.0 licensed code from https://github.com/ClusterHQ/flocker
[MASTER]
# Specify a configuration file.
#rcfile=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
init-hook="from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))"
# Add files or directories to the blacklist. They should be base names, not
# paths.
ignore=
# Pickle collected data for later comparisons.
persistent=no
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Use multiple processes to speed up Pylint.
# DO NOT CHANGE THIS VALUES >1 HIDE RESULTS!!!!!
jobs=1
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=
# Allow optimization of some AST trees. This will activate a peephole AST
# optimizer, which will apply various small optimizations. For instance, it can
# be used to obtain the result of joining multiple strings with the addition
# operator. Joining a lot of strings can lead to a maximum recursion error in
# Pylint and this flag can prevent that. It has one side effect, the resulting
# AST will be different than the one from reality.
optimize-ast=no
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
confidence=
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time. See also the "--disable" option for examples.
disable=all
enable=import-error,
import-self,
reimported,
wildcard-import,
misplaced-future,
deprecated-module,
unpacking-non-sequence,
invalid-all-object,
undefined-all-variable,
used-before-assignment,
cell-var-from-loop,
global-variable-undefined,
redefine-in-handler,
unused-import,
unused-wildcard-import,
global-variable-not-assigned,
undefined-loop-variable,
global-at-module-level,
bad-open-mode,
redundant-unittest-assert,
boolean-datetime
deprecated-method,
anomalous-unicode-escape-in-string,
anomalous-backslash-in-string,
not-in-loop,
continue-in-finally,
abstract-class-instantiated,
star-needs-assignment-target,
duplicate-argument-name,
return-in-init,
too-many-star-expressions,
nonlocal-and-global,
return-outside-function,
return-arg-in-generator,
invalid-star-assignment-target,
bad-reversed-sequence,
nonexistent-operator,
yield-outside-function,
init-is-generator,
nonlocal-without-binding,
lost-exception,
assert-on-tuple,
dangerous-default-value,
duplicate-key,
useless-else-on-loop
expression-not-assigned,
confusing-with-statement,
unnecessary-lambda,
pointless-statement,
pointless-string-statement,
unnecessary-pass,
unreachable,
using-constant-test,
bad-super-call,
missing-super-argument,
slots-on-old-class,
super-on-old-class,
property-on-old-class,
not-an-iterable,
not-a-mapping,
format-needs-mapping,
truncated-format-string,
missing-format-string-key,
mixed-format-string,
too-few-format-args,
bad-str-strip-call,
too-many-format-args,
bad-format-character,
format-combined-specification,
bad-format-string-key,
bad-format-string,
missing-format-attribute,
missing-format-argument-key,
unused-format-string-argument
unused-format-string-key,
invalid-format-index,
bad-indentation,
mixed-indentation,
unnecessary-semicolon,
lowercase-l-suffix,
invalid-encoded-data,
unpacking-in-except,
import-star-module-level,
long-suffix,
old-octal-literal,
old-ne-operator,
backtick,
old-raise-syntax,
metaclass-assignment,
next-method-called,
dict-iter-method,
dict-view-method,
indexing-exception,
raising-string,
using-cmp-argument,
cmp-method,
coerce-method,
delslice-method,
getslice-method,
hex-method,
nonzero-method,
t-method,
setslice-method,
old-division,
logging-format-truncated,
logging-too-few-args,
logging-too-many-args,
logging-unsupported-format,
logging-format-interpolation,
invalid-unary-operand-type,
unsupported-binary-operation,
not-callable,
redundant-keyword-arg,
assignment-from-no-return,
assignment-from-none,
not-context-manager,
repeated-keyword,
missing-kwoa,
no-value-for-parameter,
invalid-sequence-index,
invalid-slice-index,
unexpected-keyword-arg,
unsupported-membership-test,
unsubscriptable-object,
access-member-before-definition,
method-hidden,
assigning-non-slot,
duplicate-bases,
inconsistent-mro,
inherit-non-class,
invalid-slots,
invalid-slots-object,
no-method-argument,
no-self-argument,
unexpected-special-method-signature,
non-iterator-returned,
arguments-differ,
signature-differs,
bad-staticmethod-argument,
non-parent-init-called,
bad-except-order,
catching-non-exception,
bad-exception-context,
notimplemented-raised,
raising-bad-type,
raising-non-exception,
misplaced-bare-raise,
duplicate-except,
nonstandard-exception,
binary-op-exception,
not-async-context-manager,
yield-inside-async-function
# Needs investigation:
# abstract-method (might be indicating a bug? probably not though)
# protected-access (requires some refactoring)
# attribute-defined-outside-init (requires some refactoring)
# super-init-not-called (requires some cleanup)
# Things we'd like to enable someday:
# redefined-builtin (requires a bunch of work to clean up our code first)
# redefined-outer-name (requires a bunch of work to clean up our code first)
# undefined-variable (re-enable when pylint fixes https://github.com/PyCQA/pylint/issues/760)
# no-name-in-module (giving us spurious warnings https://github.com/PyCQA/pylint/issues/73)
# unused-argument (need to clean up or code a lot, e.g. prefix unused_?)
# function-redefined (@overload causes lots of spurious warnings)
# too-many-function-args (@overload causes spurious warnings... I think)
# parameter-unpacking (needed for eventual Python 3 compat)
# print-statement (needed for eventual Python 3 compat)
# filter-builtin-not-iterating (Python 3)
# map-builtin-not-iterating (Python 3)
# range-builtin-not-iterating (Python 3)
# zip-builtin-not-iterating (Python 3)
# many others relevant to Python 3
# unused-variable (a little work to cleanup, is all)
# ...
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html. You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
output-format=parseable
# Put messages in a separate file for each module / package specified on the
# command line instead of printing them on stdout. Reports (if any) will be
# written in a file name "pylint_global.[txt|html]".
files-output=no
# Tells whether to display a full report or only the messages
reports=no
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
#msg-template=
[LOGGING]
# Logging modules to check that the string format arguments are in logging
# function parameter format
logging-modules=logging
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=100
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
# List of optional constructs for which whitespace checking is disabled. `dict-
# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}.
# `trailing-comma` allows a space between comma and closing bracket: (a, ).
# `empty-line` allows space-only lines.
no-space-check=trailing-comma,dict-separator
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
[TYPECHECK]
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis. It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=thirdparty.six.moves
# List of classes names for which member attributes should not be checked
# (useful for classes with attributes dynamically set). This supports can work
# with qualified names.
ignored-classes=
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the name of dummy variables (i.e. expectedly
# not used).
dummy-variables-rgx=_$|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,_cb
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=no
[SPELLING]
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[BASIC]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,filter,input
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Include a hint for the correct naming format with invalid-name
include-naming-hint=no
# Regular expression matching correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for function names
function-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for variable names
variable-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct constant names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Naming hint for constant names
const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression matching correct attribute names
attr-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for attribute names
attr-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for argument names
argument-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct class attribute names
class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Naming hint for class attribute names
class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Regular expression matching correct inline iteration names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Naming hint for inline iteration names
inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$
# Regular expression matching correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Naming hint for class names
class-name-hint=[A-Z_][a-zA-Z0-9]+$
# Regular expression matching correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Naming hint for module names
module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Regular expression matching correct method names
method-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for method names
method-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
[ELIF]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
[IMPORTS]
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,TERMIOS,Bastion,rexec
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=