Skip to content

Commit fd7eaf1

Browse files
committed
Minor fix
1 parent 7774c73 commit fd7eaf1

7 files changed

Lines changed: 52 additions & 12 deletions

File tree

.github/workflows/tests.yml

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -93,13 +93,19 @@ jobs:
9393
- name: Basic import test
9494
run: python -c "import sqlmap; import sqlmapapi"
9595

96+
- name: Install optional test deps (lxml, jinja2)
97+
# lxml has no PyPy-2.7 wheel and 5.x is Py3-only, so it cannot be pip-installed there. The
98+
# tests that use it (test_xpath's real-XPath checks, and the --xpath/--ssti vuln-test
99+
# endpoints) skip themselves when the engine is unavailable, so these deps are only needed
100+
# on the Py3 jobs.
101+
if: matrix.python-version != 'pypy-2.7'
102+
run: python -m pip install -q lxml jinja2
103+
96104
- name: Unit tests
97105
# -B: do not write .pyc files. On Python 2 / PyPy a cached .pyc makes a module's __file__
98106
# point at the .pyc, which would make the later --smoke getFileType(__file__) doctest see
99107
# 'binary' instead of 'text'. Keeping this step byte-compile-free leaves --smoke clean.
100-
run: |
101-
python -m pip install -q lxml jinja2
102-
python -B -m unittest discover -s tests -p "test_*.py"
108+
run: python -B -m unittest discover -s tests -p "test_*.py"
103109

104110
- name: Coverage
105111
if: matrix.python-version != 'pypy-2.7'
@@ -110,9 +116,7 @@ jobs:
110116
python -m coverage report --fail-under=50
111117
112118
- name: Smoke test
113-
run: |
114-
python -m pip install -q lxml jinja2
115-
python sqlmap.py --smoke-test
119+
run: python sqlmap.py --smoke-test
116120

117121
- name: Vuln test
118122
run: python sqlmap.py --vuln-test

data/txt/sha256sums.txt

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -189,11 +189,11 @@ e033b20a0f7821797a10f4bf4235723f38c7db551c611fbb713faa621b123c4a lib/core/optio
189189
9bf174058f15d14e24e94f9aaf42df045119d3617c6c54bd2f3af79b462f331d lib/core/replication.py
190190
0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py
191191
888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py
192-
ccc5d5c67d6e62cf9232a57ba0fc6f4ce4bcd44f6f836934b2e35f4dcd08cd0c lib/core/settings.py
192+
63d268179251bfbf231a5f4d5242e628a465be88a37e6e58accac950aa0b2f74 lib/core/settings.py
193193
c7804223319e18eb0b8e2cbf0a8b6896d1cefb7b0b1a2e9f1cf826a8a3b56750 lib/core/shell.py
194194
a2e98a94b231432736d6b304fc75525c8b5fdb4768c418387c5b4c1a610dad64 lib/core/subprocessng.py
195195
19f1e3c5e3ba703d28d510cd7a9ab8284d5fbe9df5ce7e77c86e5931571364b7 lib/core/target.py
196-
4056457dd8502ec367ec4633a33856561f562778f862fedc1372531bb2f58671 lib/core/testing.py
196+
e2c6321ffc5a384dcf2115248053a731dfca43cc62067d661012f558eb6ad87e lib/core/testing.py
197197
95656c44bab1771f4808030dd6a17eae5b129cb1234443f00b19695c7b712b86 lib/core/threads.py
198198
b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02 lib/core/unescaper.py
199199
53e396902cb2546eaa09e77073fcba8be8827ee9ce055cfc899e81b0e6ad4d6d lib/core/update.py
@@ -618,7 +618,7 @@ bb6991260a994fcbe79e05febaa34affd5631d02299fbc626820addd5f6ea4f4 tests/test_err
618618
f1f38f8b8ca667caadcb027d1a20eb895be4ef0935511114db235e66903bb463 tests/test_graphql.py
619619
50b71422ee91b9a4864f4d5ce6c9bdf169dc5f57ed1db05c152eb010c282136b tests/test_gui_helpers.py
620620
92648f2fe81e22c5726b198bbbda14961cd4d3294a0d9139dcea808b324142ac tests/test_har.py
621-
70919c6ee8fbb3d619873489c819fa37d9035beb2e9b658cc5aa531d86a40380 tests/test_hash_crack.py
621+
cc7677bc6c568c395112c1aa7d01e1d664e4d5940c86cb4d44987172864bae6f tests/test_hash_crack.py
622622
0336c875dd2b6554bff6eafd746229e38c69ca8070cd933d45cf27c82ef3e05f tests/test_hashdb.py
623623
c04e8358fb6df45f69f2f26435c971acde280535bf304e84d30cf2681158c6a7 tests/test_hash.py
624624
d539d0ae758b5bb91e314ab82ab4fe03d6fb2f8b377d16aefa6d7d1d77a7d5a9 tests/test_identifiers_output.py
@@ -655,11 +655,11 @@ f49bcce1df533ffa1acfd02af43faf6687b21eebda9362ceb1e5871b8cb37fd4 tests/test_thr
655655
48b0ae4abe0fdde8ce4975c5cbf4c3514a2815021cb2e3a490a189bea5edfe78 tests/test_unpickle_security.py
656656
4b646f513c6da1e33200184ed6eabe0aa345eb2e2a19598dc123e191168591bf tests/test_urls.py
657657
eca021208e388b4d14c53f1e9f8a6e7d685e54ba572fb2a8487e6b620a20bcb5 tests/test_users_enum.py
658-
23ffd75b5aec33066e6d6aad01ab2c9c1b12ee20c1a0990f8f1be81f1ad16161 tests/_testutils.py
658+
045f05f958100adc883b3f56613c5f8002dd19d0752225397a1f771775cb2779 tests/_testutils.py
659659
2364db35025a53ea4e5a0a80c034997642785f7e6d1566d0d0f1db959fe3c82e tests/test_utils.py
660660
93ef9944effc62d4f744c57bd643137c90fd92205c6a6cbe891e0e99efb80a7f tests/test_wafbypass.py
661661
81bb6d7449f224fa337734ae361c1a340bf9a51768a854d6a1a6e718ed1263ca tests/test_wordlist.py
662-
9c1c23a83408e6012e019e82ffb53e25e317054d1b28ca61a2c4fe830a472fcf tests/test_xpath.py
662+
2698060e7f001e054e345512ce95be458d9902b913afa769398b53145475738a tests/test_xpath.py
663663
55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a thirdparty/ansistrm/ansistrm.py
664664
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/ansistrm/__init__.py
665665
f597b49ef445bfbfb8f98d1f1a08dcfe4810de5769c0abfab7cdce4eebbfcae7 thirdparty/beautifulsoup/beautifulsoup.py

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
from thirdparty import six
2121

2222
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
23-
VERSION = "1.10.6.192"
23+
VERSION = "1.10.6.193"
2424
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2525
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2626
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/core/testing.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,20 @@ def vulnTest():
100100
("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")),
101101
)
102102

103+
# The vulnserver's XPath endpoint renders with lxml and its SSTI endpoint with jinja2; where those
104+
# optional third-party engines are not importable (e.g. PyPy 2.7, which has no lxml wheel), skip
105+
# just those entries instead of failing the whole run - the rest of the suite is unaffected.
106+
try:
107+
import lxml # noqa
108+
except ImportError:
109+
TESTS = tuple(_ for _ in TESTS if "--xpath" not in _[0])
110+
logger.warning("skipping the XPath vuln-test entry ('lxml' not available)")
111+
try:
112+
import jinja2 # noqa
113+
except ImportError:
114+
TESTS = tuple(_ for _ in TESTS if "--ssti" not in _[0])
115+
logger.warning("skipping the SSTI vuln-test entry ('jinja2' not available)")
116+
103117
retVal = True
104118
count = 0
105119
cleanups = []

tests/_testutils.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,15 @@ def bootstrap():
7373
import logging
7474
logging.getLogger("sqlmapLog").setLevel(logging.CRITICAL + 1)
7575

76+
# Some console output bypasses the logger entirely and goes straight through dataToStdout():
77+
# the \r-progress lines ("[INFO] retrieved: ...", "[INFO] cracked password ..."), and the echo
78+
# of batch-auto-answered readInput() prompts (the fingerprint-mismatch prompt, the LIKE/exact
79+
# and common-wordlist choices, ...). dataToStdout() only writes forced output or when
80+
# kb.wizardMode is False, and readInput() echoes with forceOutput=not kb.wizardMode - so setting
81+
# wizardMode keeps the unittest report to just dots. wizardMode is read ONLY by dataToStdout/
82+
# readInput (plus the interactive wizard flow, unused here), so this has no effect on results.
83+
kb.wizardMode = True
84+
7685
sys.argv = _orig_argv # restore so unittest's arg parsing works
7786
_BOOTSTRAPPED = True
7887

tests/test_hash_crack.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,18 @@ def setUp(self):
7777
conf.hashDB = None
7878
kb.wordlists = [self.wordlist]
7979

80+
# cracking prints "[INFO] cracked password ..." via dataToStdout(forceOutput=True), which
81+
# bypasses both the logger and kb.wizardMode suppression; redirect stdout so the unittest
82+
# report stays clean (these tests assert on return values/kb, never on console output).
83+
self._saved_stdout = sys.stdout
84+
sys.stdout = open(os.devnull, "w")
85+
8086
def tearDown(self):
87+
if getattr(self, "_saved_stdout", None) is not None:
88+
try:
89+
sys.stdout.close()
90+
finally:
91+
sys.stdout = self._saved_stdout
8192
conf.disableMulti = self._saved["disableMulti"]
8293
conf.hashDB = self._saved["hashDB"]
8394
conf.hashFile = self._saved["hashFile"]

tests/test_xpath.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -435,6 +435,8 @@ def test_all_extractable_boundaries_have_valid_extraction(self):
435435
payload = xpath._makePayload(original, boundary, "true()")
436436
try:
437437
count = self._count(template, payload)
438+
except unittest.SkipTest:
439+
raise # lxml unavailable -> skip cleanly; SkipTest is an Exception, so the broad except below would otherwise mask it into a failure
438440
except Exception as e:
439441
self.fail("Boundary '%s' in '%s' with orig='%s' invalid: %s\n payload: %s" % (bk, tkey, original, e, payload))
440442
self.assertIsInstance(count, int,

0 commit comments

Comments
 (0)