Merge branch 'master' of github.com:sqlmapproject/sqlmap

2025-01-24 00:04:23 +03:00 · 2012-12-20 20:51:41 +01:00 · 2012-12-20 20:51:41 +01:00 · 1073ebc697
commit 1073ebc697
parent 1c4d438aff 89d8c58fd1
4 changed files with 71 additions and 35 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1784,7 +1784,7 @@ def _mergeOptions(inputOptions, overrideOptions):
            kb.explicitSettings.add(key)

    for key, value in defaults.items():
-        if conf[key] is None:
+        if hasattr(conf, key) and conf[key] is None:
            conf[key] = value

 def _setTrafficOutputFP():
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -183,6 +183,7 @@ optDict = {
                               "hexConvert":        "boolean",
                               "oDir":              "string",
                               "parseErrors":       "boolean",
+                               "saveCmdline":       "boolean",
                               "updateAll":         "boolean",
                               "tor":               "boolean",
                               "torPort":           "integer",
@ -202,9 +203,19 @@ optDict = {
                               "hpp":               "boolean",
                               "mobile":            "boolean",
                               "pageRank":          "boolean",
+                               "purgeOutput":       "boolean",
                               "smart":             "boolean",
                               "testFilter":        "string",
                               "wizard":            "boolean",
                               "verbose":           "integer"
                             },
+            "Hidden": {
+                               "profile":           "boolean",
+                               "cpuThrottle":       "integer",
+                               "forceDns":          "boolean",
+                               "smokeTest":         "boolean",
+                               "liveTest":          "boolean",
+                               "stopFail":          "boolean",
+                               "runCase":           "string"
+                      }
          }
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission

 import json
 import logging
-import optparse
 import os
 import shutil
 import sys
@ -16,6 +15,17 @@ import tempfile
 import threading
 import types

+_multiprocessing = None
+try:
+    import multiprocessing
+
+    # problems on FreeBSD (Reference: http://www.eggheadcafe.com/microsoft/Python/35880259/multiprocessing-on-freebsd.aspx)
+    _ = multiprocessing.Queue()
+except (ImportError, OSError):
+    pass
+else:
+    _multiprocessing = multiprocessing
+
 from extra.bottle.bottle import abort
 from extra.bottle.bottle import error
 from extra.bottle.bottle import get
@ -27,20 +37,21 @@ from extra.bottle.bottle import run
 from extra.bottle.bottle import static_file
 from extra.bottle.bottle import template
 from lib.controller.controller import start
+from lib.core.common import unArrayizeValue
 from lib.core.convert import hexencode
 from lib.core.convert import stdoutencode
 from lib.core.data import paths
 from lib.core.datatype import AttribDict
-from lib.core.data import cmdLineOptions
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.defaults import _defaults
 from lib.core.log import FORMATTER
 from lib.core.log import LOGGER_HANDLER
 from lib.core.log import LOGGER_OUTPUT
 from lib.core.exception import SqlmapMissingDependence
+from lib.core.optiondict import optDict
 from lib.core.option import init
 from lib.core.settings import UNICODE_ENCODING
-from lib.parse.cmdline import cmdLineParser

 RESTAPI_SERVER_HOST = "127.0.0.1"
 RESTAPI_SERVER_PORT = 8775
@ -60,6 +71,37 @@ def is_admin(taskid):
    else:
        return True

+def init_options():
+    dataype = {"boolean": False, "string": None, "integer": None, "float": None}
+    options = AttribDict()
+
+    for _ in optDict:
+        for name, type_ in optDict[_].items():
+            type_ = unArrayizeValue(type_)
+            options[name] = _defaults.get(name, dataype[type_])
+
+    # Enforce batch mode and disable coloring
+    options.batch = True
+    options.disableColoring = True
+
+    return options
+
+def start_scan():
+    # Wrap logger stdout onto a custom file descriptor (LOGGER_OUTPUT)
+    def emit(self, record):
+        message = stdoutencode(FORMATTER.format(record))
+        print >>LOGGER_OUTPUT, message.strip('\r')
+
+    LOGGER_HANDLER.emit = types.MethodType(emit, LOGGER_HANDLER, type(LOGGER_HANDLER))
+
+    # Wrap standard output onto a custom file descriptor
+    sys.stdout = open(str(os.getpid()) + ".out", "wb")
+    #sys.stderr = StringIO.StringIO()
+
+    taskid = multiprocessing.current_process().name
+    init(tasks[taskid], True)
+    start()
+
@hook("after_request")
 def security_headers():
    """
@ -106,10 +148,8 @@ def task_new():
    """
    global tasks

-    optset()
-
    taskid = hexencode(os.urandom(16))
-    tasks[taskid] = AttribDict(cmdLineOptions)
+    tasks[taskid] = init_options()

    return jsonize({"taskid": taskid})

@ -247,17 +287,18 @@ def scan_start(taskid):
    for key, value in request.json.items():
        tasks[taskid][key] = value

-    print "TASKS:", tasks
-
    # Overwrite output directory (oDir) value to a temporary directory
    tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-")

-    init(tasks[taskid], True)
-
    # Launch sqlmap engine in a separate thread
-    thread = threading.Thread(target=start)
-    thread.daemon = True
-    thread.start()
+    logger.debug("starting a scan for task ID %s" % taskid)
+
+    if _multiprocessing:
+        #_multiprocessing.log_to_stderr(logging.DEBUG)
+        p = _multiprocessing.Process(name=taskid, target=start_scan)
+        p.daemon = True
+        p.start()
+        p.join()

    return jsonize({"success": True})

@ -328,10 +369,6 @@ def download(taskid, target, filename):
    else:
        abort(500)

-def optset():
-    # Store original command line options for possible later restoration
-    cmdLineOptions.update(cmdLineParser().__dict__)
-
 def server(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
    """
    REST-JSON API server
@ -339,27 +376,12 @@ def server(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
    global adminid
    global tasks

-    # Enforce batch mode and disable coloring
-    cmdLineOptions.batch = True
-    cmdLineOptions.disableColoring = True
-
    adminid = hexencode(os.urandom(16))
-    tasks[adminid] = AttribDict(cmdLineOptions)
+    tasks[adminid] = init_options()

    logger.info("running REST-JSON API server at '%s:%d'.." % (host, port))
    logger.info("the admin task ID is: %s" % adminid)

-    # Wrap logger stdout onto a custom file descriptor (LOGGER_OUTPUT)
-    def emit(self, record):
-        message = stdoutencode(FORMATTER.format(record))
-        print >>LOGGER_OUTPUT, message.strip('\r')
-
-    LOGGER_HANDLER.emit = types.MethodType(emit, LOGGER_HANDLER, type(LOGGER_HANDLER))
-
-    # Wrap standard output onto a custom file descriptor
-    sys.stdout = StringIO.StringIO()
-    #sys.stderr = StringIO.StringIO()
-
    # Run RESTful API
    run(host=host, port=port, quiet=False, debug=False)

--- a/sqlmapapi.py
+++ b/sqlmapapi.py
@ -25,16 +25,19 @@ if __name__ == "__main__":
    # Set default logging level to debug
    logger.setLevel(logging.DEBUG)

+    # Initialize path variable
    paths.SQLMAP_ROOT_PATH = modulePath()
    setPaths()

+    # Parse command line options
    apiparser = optparse.OptionParser()
-    apiparser.add_option("--server", help="Act as a REST-JSON API server", default=RESTAPI_SERVER_PORT, action="store_true")
+    apiparser.add_option("-s", "--server", help="Act as a REST-JSON API server", default=RESTAPI_SERVER_PORT, action="store_true")
    apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_SERVER_PORT, action="store_true")
    apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server", default=RESTAPI_SERVER_HOST, action="store")
    apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server", default=RESTAPI_SERVER_PORT, type="int", action="store")
    (args, _) = apiparser.parse_args()

+    # Start the client or the server
    if args.server is True:
        server(args.host, args.port)
    elif args.client is True: