Minor improvement for --parse-errors

stamparm · stamparm · commit 00435934bc60 · 2019-05-28T23:44:27.000+02:00
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -2642,7 +2642,9 @@ def extractErrorMessage(page):
     """
     Returns reported error message from page if it founds one
 
-    >>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>') == u'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
+    >>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>') 
+    'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
+    >>> extractErrorMessage('Warning: This is only a dummy foobar test') is None
     True
     """
 
@@ -2653,8 +2655,10 @@ def extractErrorMessage(page):
             match = re.search(regex, page, re.IGNORECASE)
 
             if match:
-                retVal = htmlUnescape(match.group("result")).replace("<br>", "\n").strip()
-                break
+                candidate = htmlUnescape(match.group("result")).replace("<br>", "\n").strip()
+                if re.search(r"\b([a-z]+ ){5}", candidate) is None:  # check for legitimate (e.g. Warning:...) text
+                    retVal = candidate
+                    break
 
     return retVal
 
diff --git a/lib/core/convert.py b/lib/core/convert.py
@@ -80,15 +80,17 @@ def htmlUnescape(value):
     """
 
     retVal = value
+
     if value and isinstance(value, six.string_types):
         replacements = (("&lt;", '<'), ("&gt;", '>'), ("&quot;", '"'), ("&nbsp;", ' '), ("&amp;", '&'), ("&apos;", "'"))
         for code, value in replacements:
             retVal = retVal.replace(code, value)
 
         try:
-            retVal = re.sub(r"&#x([^ ;]+);", lambda match: _unichr(int(match.group(1), 16)), retVal)
+            retVal = getText(re.sub(r"&#x([^ ;]+);", lambda match: _unichr(int(match.group(1), 16)), retVal))
         except ValueError:
             pass
+
     return retVal
 
 def singleTimeWarnMessage(message):  # Cross-referenced function
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.150"
+VERSION = "1.3.5.151"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
