sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

improvements to --live-test

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-18 13:02:35 +00:00
parent b3d9f1a907
commit 1bb061f68c
1 changed files with 25 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
lib/core/testing.py
View File

@ -172,26 +172,34 @@ def liveTest():
cleanCase() cleanCase()
else: else:
errMsg = "test failed " errMsg = "test failed "
if failedTraceBack:
errMsg += "(got a traceback) "
traceback_fd = codecs.open("%s%straceback" % (paths.SQLMAP_OUTPUT_PATH, os.sep), "wb", UNICODE_ENCODING)
traceback_fd.write(failedTraceBack)
traceback_fd.close()
if failedItem: if failedItem:
errMsg += "at parsing item: %s " % failedItem errMsg += "at parsing item \"%s\" " % failedItem
errMsg += "- scan folder: %s " % paths.SQLMAP_OUTPUT_PATH
errMsg += "- traceback: %s" % bool(failedTraceBack)
if result is False:
errMsg += " - SQL injection not detected"
logger.error(errMsg)
if failedParseOn: if failedParseOn:
console_output_fd = codecs.open("%s%sconsole_output" % (paths.SQLMAP_OUTPUT_PATH, os.sep), "wb", UNICODE_ENCODING) console_output_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "console_output"), "wb", UNICODE_ENCODING)
console_output_fd.write(failedParseOn) console_output_fd.write(failedParseOn)
console_output_fd.close() console_output_fd.close()
errMsg += "- scan folder is %s" % paths.SQLMAP_OUTPUT_PATH if failedTraceBack:
logger.error(errMsg) traceback_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "traceback"), "wb", UNICODE_ENCODING)
traceback_fd.write(failedTraceBack)
traceback_fd.close()
beep() beep()
if conf.stopFail is True: if conf.stopFail is True:
return retVal return retVal
retVal &= result retVal &= bool(result)
dataToStdout("\n") dataToStdout("\n")
@ -242,7 +250,6 @@ def runCase(switches=None, parse=None):
unhandled_exception = None unhandled_exception = None
result = False result = False
console = "" console = ""
tback = None
try: try:
result = start() result = start()
@ -258,15 +265,12 @@ def runCase(switches=None, parse=None):
LOGGER_HANDLER.stream = sys.stdout = sys.__stdout__ LOGGER_HANDLER.stream = sys.stdout = sys.__stdout__
if unhandled_exception: if unhandled_exception:
logger.error("unhandled exception occurred") failedTraceBack = "unhandled exception: %s" % str(traceback.format_exc())
tback = traceback.format_exc() retVal = None
retVal = False
elif handled_exception: elif handled_exception:
logger.error("handled exception occurred") failedTraceBack = "handled exception: %s" % str(traceback.format_exc())
tback = traceback.format_exc() retVal = None
retVal = False elif result is False: # this means no SQL injection has been detected - if None, ignore
elif result is False: # if None, ignore
logger.error("the test did not identify the SQL injection")
retVal = False retVal = False
console = getUnicode(console, system=True) console = getUnicode(console, system=True)
@ -280,12 +284,12 @@ def runCase(switches=None, parse=None):
if item.startswith("r'") and item.endswith("'"): if item.startswith("r'") and item.endswith("'"):
if not re.search(item[2:-1], parse_on, re.DOTALL): if not re.search(item[2:-1], parse_on, re.DOTALL):
retVal = False retVal = None
failedItem = item failedItem = item
break break
elif item not in parse_on: elif item not in parse_on:
retVal = False retVal = None
failedItem = item failedItem = item
break break
@ -294,8 +298,6 @@ def runCase(switches=None, parse=None):
elif retVal is False: elif retVal is False:
failedParseOn = console failedParseOn = console
if tback:
failedTraceBack = tback
return retVal return retVal