MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / maskSensitiveData

Function maskSensitiveData

lib/core/common.py:4034–4066  ·  view source on GitHub ↗

Masks sensitive data in the supplied message >>> maskSensitiveData('python sqlmap.py -u "http://www.test.com/vuln.php?id=1" --banner') == 'python sqlmap.py -u *********************************** --banner' True >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index --auth-ty

(msg)

Source from the content-addressed store, hash-verified

4032 logger.warning(warnMsg)
4033
4034def maskSensitiveData(msg):
4035 """
4036 Masks sensitive data in the supplied message
4037
4038 >>> maskSensitiveData('python sqlmap.py -u "http://www.test.com/vuln.php?id=1" --banner') == 'python sqlmap.py -u *********************************** --banner'
4039 True
4040 >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index --auth-type=basic --auth-creds=foo:bar\\ndummy line') == 'sqlmap.py -u ************************** --auth-type=***** --auth-creds=*******\\ndummy line'
4041 True
4042 """
4043
4044 retVal = getUnicode(msg)
4045
4046 for item in filterNone(conf.get(_) for _ in SENSITIVE_OPTIONS):
4047 if isListLike(item):
4048 item = listToStrValue(item)
4049
4050 regex = SENSITIVE_DATA_REGEX % re.sub(r"(\W)", r"\\\1", getUnicode(item))
4051 while extractRegexResult(regex, retVal):
4052 value = extractRegexResult(regex, retVal)
4053 retVal = retVal.replace(value, '*' * len(value))
4054
4055 # Just in case (for problematic parameters regarding user encoding)
4056 for match in re.finditer(r"(?im)[ -]-(u|url|data|cookie|auth-\w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]|$)", retVal):
4057 retVal = retVal.replace(match.group(3), '*' * len(match.group(3)))
4058
4059 # Fail-safe substitutions
4060 retVal = re.sub(r"(?i)(Command line:.+)\b(https?://[^ ]+)", lambda match: "%s%s" % (match.group(1), '*' * len(match.group(2))), retVal)
4061 retVal = re.sub(r"(?i)(\b\w:[\\/]+Users[\\/]+|[\\/]+home[\\/]+)([^\\/]+)", lambda match: "%s%s" % (match.group(1), '*' * len(match.group(2))), retVal)
4062
4063 if getpass.getuser():
4064 retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), '*' * len(getpass.getuser()), retVal)
4065
4066 return retVal
4067
4068def listToStrValue(value):
4069 """

Callers 1

mainFunction · 0.90

Calls 8

getUnicodeFunction · 0.90
listToStrValueFunction · 0.85
extractRegexResultFunction · 0.85
filterNoneFunction · 0.70
isListLikeFunction · 0.70
getMethod · 0.45
replaceMethod · 0.45
escapeMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…