Minor optimization

This commit is contained in:
Miroslav Štampar 2026-06-30 23:50:45 +02:00
parent 74f90df8ae
commit 92a9446c46
3 changed files with 28 additions and 6 deletions

View file

@ -93,6 +93,7 @@ from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH
from lib.core.settings import MAX_STABILITY_DELAY
from lib.core.settings import NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH
from lib.core.settings import NOSQL_ERROR_REGEX
from lib.core.settings import NULL_CONNECTION_SKIP_READ_MIN_LENGTH
from lib.core.settings import PRECONNECT_INCOMPATIBLE_SERVERS
from lib.core.settings import SINGLE_QUOTE_MARKER
from lib.core.settings import SLEEP_TIME_MARKER
@ -1552,10 +1553,24 @@ def checkNullConnection():
_, headers, _ = Request.getPage(skipRead=True)
if HTTP_HEADER.CONTENT_LENGTH in (headers or {}):
kb.nullConnection = NULLCONNECTION.SKIP_READ
try:
length = int(headers[HTTP_HEADER.CONTENT_LENGTH].split(',')[0])
except ValueError:
length = len(kb.originalPage or "")
infoMsg = "NULL connection is supported with 'skip-read' method"
logger.info(infoMsg)
# Unlike HEAD/Range, 'skip-read' leaves the body unread and must close the
# connection (an unread body cannot be reused), paying a fresh TCP/TLS handshake
# per request. That only outweighs the avoided body transfer for large responses;
# for small ones it is a net slowdown, so it is gated by the response size here
if length >= NULL_CONNECTION_SKIP_READ_MIN_LENGTH:
kb.nullConnection = NULLCONNECTION.SKIP_READ
infoMsg = "NULL connection is supported with 'skip-read' method"
logger.info(infoMsg)
else:
debugMsg = "'skip-read' NULL connection method is available but skipped because the "
debugMsg += "response (%d B) is too small for it to outweigh the per-request reconnect cost" % length
logger.debug(debugMsg)
except SqlmapConnectionException:
pass

View file

@ -20,7 +20,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.10.6.199"
VERSION = "1.10.6.200"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -187,6 +187,13 @@ STRUCTURAL_TAG_REGEX = r"(?si)<\s*([a-z][a-z0-9]*)((?:\s+[^<>]*)?)/?>"
STRUCTURAL_CLASS_REGEX = r"""(?si)\bclass\s*=\s*(?:"([^"]*)"|'([^']*)'|([^\s"'<>]+))"""
STRUCTURAL_ID_REGEX = r"""(?si)\bid\s*=\s*(?:"([^"]*)"|'([^']*)'|([^\s"'<>]+))"""
# Minimum response size (in bytes) for the 'skip-read' NULL connection method to be used. Unlike
# HEAD/Range, 'skip-read' leaves the body unread and must therefore close the connection (an unread
# body cannot be reused), paying a fresh TCP/TLS handshake per request. That only pays off when
# avoiding the body transfer outweighs the reconnect - i.e. for large responses; for small ones it
# is a net slowdown, so it is gated by this size
NULL_CONNECTION_SKIP_READ_MIN_LENGTH = 256 * 1024
# Regular expression used for recognition of IP addresses
IP_ADDRESS_REGEX = r"\b(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b"