Fixes leakage of sqlmap temporary directories

stamparm · stamparm · commit de10cff3e0a1 · 2025-07-09T23:18:48.000+02:00
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -180,14 +180,14 @@ c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35  lib/core/log.py
 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3  lib/core/optiondict.py
-97378f241005dc1b8b4c0a67b9b39af76a9735d2bb0a49e8f2ef59c0d115d93e  lib/core/option.py
+3ca1a6759c196aa104130af0ed47826cd01009beaa3fa836a25faabfec7dd18e  lib/core/option.py
 866e93c93541498ecce70125037bdd376d78188e481d225f81843f21f4797d8c  lib/core/patch.py
 85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d  lib/core/profiling.py
 c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readlineng.py
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-a4f0bd3aec711d65a6a18dfb1b966c5890a93f3c1a47187831c0831fb0e89034  lib/core/settings.py
+9e356b74c0f4db3788619d4c4090290b4175cccc58650ef5667813ae11b1d71b  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
@@ -476,7 +476,7 @@ baaf7a29a1fe07e7cecc7fb1b1f6a6f327b12154b8d5619e9808b2cf43ad2198  README.md
 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
 c43cc0dd5b4026083ad420c04705a031504aa503cc99ab2236010c4cbd472d39  sqlmap.conf
-e29538ddcb7bb80fc3b07b3ccc23e46df1faf9ff4b6d7db0558a9a9587a6b8c6  sqlmap.py
+cf35266a47f5acfd5f0c7dfc4443bf46480cdc2e1ae9cfc2014602e798e91d24  sqlmap.py
 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a  tamper/0eunion.py
 bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460  tamper/apostrophemask.py
 c9c3d71f11de0140906d7b4f24fadb9926dc8eaf5adab864f8106275f05526ce  tamper/apostrophenullencode.py
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1657,6 +1657,8 @@ def _createTemporaryDirectory():
             errMsg += "temporary directory location ('%s')" % getSafeExString(ex)
             raise SqlmapSystemException(errMsg)
 
+    conf.tempDirs.append(tempfile.tempdir)
+
     if six.PY3:
         _pympTempLeakPatch(kb.tempDir)
 
@@ -1982,6 +1984,8 @@ def _setConfAttributes():
     conf.dbmsHandler = None
     conf.dnsServer = None
     conf.dumpPath = None
+    conf.fileWriteType = None
+    conf.HARCollectorFactory = None
     conf.hashDB = None
     conf.hashDBFile = None
     conf.httpCollector = None
@@ -1998,9 +2002,8 @@ def _setConfAttributes():
     conf.resultsFP = None
     conf.scheme = None
     conf.tests = []
+    conf.tempDirs = []
     conf.trafficFP = None
-    conf.HARCollectorFactory = None
-    conf.fileWriteType = None
 
 def _setKnowledgeBaseAttributes(flushAll=True):
     """
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.7.2"
+VERSION = "1.9.7.3"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/sqlmap.py b/sqlmap.py
@@ -567,17 +567,17 @@ def main():
 
         kb.threadException = True
 
-        if kb.get("tempDir"):
+        for tempDir in conf.get("tempDirs", []):
             for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):
-                for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):
+                for filepath in glob.glob(os.path.join(tempDir, "%s*" % prefix)):
                     try:
                         os.remove(filepath)
                     except OSError:
                         pass
 
-            if not filterNone(filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # ignore junk files
+            if any((conf.vulnTest, conf.smokeTest)) or not filterNone(filepath for filepath in glob.glob(os.path.join(tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # ignore junk files
                 try:
-                    shutil.rmtree(kb.tempDir, ignore_errors=True)
+                    shutil.rmtree(tempDir, ignore_errors=True)
                 except OSError:
                     pass
 
