fix(backend): add trailing newline defense for SQLMap -r request files

lanshuizhiyue · lanshuizhiyue · commit ea9a72a5a2c0 · 2026-04-16T10:10:40.000+08:00
- 后端 Task 引擎 _build_raw_http_request() 增加尾部空行防御性清理

- 同步版本号到 1.8.52

- 更新 README 中英文变更日志
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@
   <img src="https://img.shields.io/badge/Vue-3.x-green.svg" alt="Vue">
   <img src="https://img.shields.io/badge/FastAPI-0.100+-red.svg" alt="FastAPI">
   <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License">
-  <img src="https://img.shields.io/badge/Version-1.8.51-orange.svg" alt="Version">
+  <img src="https://img.shields.io/badge/Version-1.8.52-orange.svg" alt="Version">
 </p>
 
 <p align="center">
@@ -292,6 +292,12 @@ sqlmapWebUI/
 
 ## 📝 更新日志
 
+### v1.8.52 (2026-04-16)
+
+**修复 (Burp 插件 & 后端)**
+- 修复 Burp 插件和后端生成的 HTTP 请求文件尾部多余空行导致 SQLMap `-r` 模式误将 GET 识别为 POST 的问题
+- 在 Montoya API、Legacy API 插件以及后端 Task 引擎中增加尾部空行防御性清理逻辑
+
 ### v1.8.51 (2026-04-16)
 
 **修复 (Burp 插件)**
diff --git a/README_EN.md b/README_EN.md
@@ -9,7 +9,7 @@
   <img src="https://img.shields.io/badge/Vue-3.x-green.svg" alt="Vue">
   <img src="https://img.shields.io/badge/FastAPI-0.100+-red.svg" alt="FastAPI">
   <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License">
-  <img src="https://img.shields.io/badge/Version-1.8.51-orange.svg" alt="Version">
+  <img src="https://img.shields.io/badge/Version-1.8.52-orange.svg" alt="Version">
 </p>
 
 <p align="center">
@@ -292,6 +292,12 @@ Please read the [Disclaimer](DISCLAIMER.md) before use.
 
 ## 📝 Changelog
 
+### v1.8.52 (2026-04-16)
+
+**Fixes (Burp Plugin & Backend)**
+- Fixed SQLMap `-r` mode incorrectly treating GET as POST due to trailing newlines in HTTP request files generated by Burp plugins and backend task engine
+- Added defensive trailing newline cleanup logic in Montoya API, Legacy API plugins, and backend Task engine
+
 ### v1.8.51 (2026-04-16)
 
 **Fixes (Burp Plugin)**
diff --git a/src/backEnd/config.py b/src/backEnd/config.py
@@ -4,4 +4,4 @@
 MAX_TASKS_COUNT_LOCK = threading.Lock()
 
 
-VERSION = "1.8.51"
+VERSION = "1.8.52"
diff --git a/src/backEnd/model/Task.py b/src/backEnd/model/Task.py
@@ -347,6 +347,11 @@ def _build_raw_http_request(self):
         else:
             raw_request += CRLF + CRLF
         
+        # 防御性修复：去除尾部多余空行，避免SQLMap -r模式误将GET识别为POST
+        # (SQLMap在请求文件末尾存在多余空行时会错误推断存在body并切换为POST方法)
+        while raw_request.endswith(CRLF + CRLF):
+            raw_request = raw_request[:-len(CRLF)]
+        
         return raw_request
 
     def _create_request_file(self):
diff --git a/src/burpEx/legacy-api/pom.xml b/src/burpEx/legacy-api/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.sqlmapwebui</groupId>
     <artifactId>sqlmap-webui-burp-legacy</artifactId>
-    <version>1.8.51</version>
+    <version>1.8.52</version>
     <packaging>jar</packaging>
 
     <name>SQLMap WebUI Burp Extension (Legacy API)</name>
diff --git a/src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java b/src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java
@@ -50,7 +50,7 @@ public class BurpExtender implements IBurpExtender, IContextMenuFactory, ITab {
     private SqlmapUITab uiTab;
     
     private static final String EXTENSION_NAME = "SQLMap WebUI";
-    private static final String EXTENSION_VERSION = "1.8.51";
+    private static final String EXTENSION_VERSION = "1.8.52";
     
     /**
      * 过滤结果类 - 存储过滤后的纯文本请求和过滤统计
diff --git a/src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java b/src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java
@@ -11,7 +11,7 @@
  */
 public class AboutDialog extends JDialog {
     
-    private static final String VERSION = "1.8.51";
+    private static final String VERSION = "1.8.52";
     
     // 帮助内容HTML模板 - 使用模块化组织
     private static final String HELP_CONTENT_HTML = "<html><head><style>" +
diff --git a/src/burpEx/montoya-api/pom.xml b/src/burpEx/montoya-api/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.sqlmapwebui</groupId>
     <artifactId>sqlmap-webui-burp-montoya</artifactId>
-    <version>1.8.51</version>
+    <version>1.8.52</version>
     <packaging>jar</packaging>
 
     <name>SQLMap WebUI Burp Extension (Montoya API)</name>
diff --git a/src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/SqlmapWebUIExtension.java b/src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/SqlmapWebUIExtension.java
@@ -19,7 +19,7 @@
 public class SqlmapWebUIExtension implements BurpExtension {
     
     private static final String EXTENSION_NAME = "SQLMap WebUI";
-    private static final String EXTENSION_VERSION = "1.8.51";
+    private static final String EXTENSION_VERSION = "1.8.52";
     
     private MontoyaApi api;
     private ConfigManager configManager;
diff --git a/src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java b/src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java
@@ -11,7 +11,7 @@
  */
 public class AboutDialog extends JDialog {
     
-    private static final String VERSION = "1.8.51";
+    private static final String VERSION = "1.8.52";
     
     // 帮助内容HTML模板 - 使用模块化组织
     private static final String HELP_CONTENT_HTML = "<html><head><style>" +

Original file line number	Diff line number	Diff line change
`@@ -4,4 +4,4 @@`
`4`	`4`	`MAX_TASKS_COUNT_LOCK = threading.Lock()`
`5`	`5`
`6`	`6`
`7`		`-VERSION = "1.8.51"`
	`7`	`+VERSION = "1.8.52"`