mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-04 11:53:07 +03:00
added more comments, improved cleanup method
This commit is contained in:
parent
b50ea26e7b
commit
21ecffb750
|
@ -44,7 +44,7 @@ from lib.core.settings import RESTAPI_SERVER_PORT
|
||||||
options = {}
|
options = {}
|
||||||
output = ""
|
output = ""
|
||||||
adminid = ""
|
adminid = ""
|
||||||
tasks = []
|
tasks = {}
|
||||||
|
|
||||||
# Generic functions
|
# Generic functions
|
||||||
def jsonize(data):
|
def jsonize(data):
|
||||||
|
@ -57,7 +57,7 @@ def is_admin(taskid):
|
||||||
else:
|
else:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
@hook('after_request')
|
@hook("after_request")
|
||||||
def security_headers():
|
def security_headers():
|
||||||
"""
|
"""
|
||||||
Set some headers across all HTTP responses
|
Set some headers across all HTTP responses
|
||||||
|
@ -106,7 +106,7 @@ def task_new():
|
||||||
taskid = hexencode(os.urandom(16))
|
taskid = hexencode(os.urandom(16))
|
||||||
options[taskid] = AttribDict(cmdLineOptions)
|
options[taskid] = AttribDict(cmdLineOptions)
|
||||||
options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
|
options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
|
||||||
tasks.append(taskid)
|
tasks[taskid] = options[adminid]["oDir"]
|
||||||
return jsonize({"taskid": taskid})
|
return jsonize({"taskid": taskid})
|
||||||
|
|
||||||
@get("/task/<taskid>/destroy")
|
@get("/task/<taskid>/destroy")
|
||||||
|
@ -147,6 +147,7 @@ def task_flush(taskid):
|
||||||
# sqlmap core interact functions #
|
# sqlmap core interact functions #
|
||||||
##################################
|
##################################
|
||||||
|
|
||||||
|
# Admin's methods
|
||||||
@get("/status/<taskid>")
|
@get("/status/<taskid>")
|
||||||
def status(taskid):
|
def status(taskid):
|
||||||
"""
|
"""
|
||||||
|
@ -166,15 +167,16 @@ def cleanup(taskid):
|
||||||
"""
|
"""
|
||||||
global tasks
|
global tasks
|
||||||
if is_admin(taskid):
|
if is_admin(taskid):
|
||||||
for task in tasks:
|
for task, taskdir in tasks.items():
|
||||||
if task == adminid:
|
if task == adminid:
|
||||||
continue
|
continue
|
||||||
os.removedirs(options[task]["oDir"])
|
os.removedirs(taskdir)
|
||||||
tasks = [ adminid ]
|
tasks = [ adminid ]
|
||||||
return jsonize({"success": True})
|
return jsonize({"success": True})
|
||||||
else:
|
else:
|
||||||
abort(401)
|
abort(401)
|
||||||
|
|
||||||
|
# Functions to handle options
|
||||||
@get("/option/<taskid>/list")
|
@get("/option/<taskid>/list")
|
||||||
def option_list(taskid):
|
def option_list(taskid):
|
||||||
"""
|
"""
|
||||||
|
@ -217,6 +219,7 @@ def option_set(taskid):
|
||||||
|
|
||||||
return jsonize({"success": True})
|
return jsonize({"success": True})
|
||||||
|
|
||||||
|
# Function to handle scans
|
||||||
@post("/scan/<taskid>/start")
|
@post("/scan/<taskid>/start")
|
||||||
def scan(taskid):
|
def scan(taskid):
|
||||||
"""
|
"""
|
||||||
|
@ -253,6 +256,18 @@ def scan_output(taskid):
|
||||||
sys.stdout.truncate(0)
|
sys.stdout.truncate(0)
|
||||||
return jsonize({"output": output})
|
return jsonize({"output": output})
|
||||||
|
|
||||||
|
# Function to handle scans' logs
|
||||||
|
@get("/log/<taskid>/info")
|
||||||
|
def log_info(taskid):
|
||||||
|
"""
|
||||||
|
Read the informational log messages
|
||||||
|
"""
|
||||||
|
if taskid not in tasks:
|
||||||
|
abort(500, "Invalid task ID")
|
||||||
|
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Function to handle files inside the output directory
|
||||||
@get("/download/<taskid>/<target>/<filename:path>")
|
@get("/download/<taskid>/<target>/<filename:path>")
|
||||||
def download(taskid, target, filename):
|
def download(taskid, target, filename):
|
||||||
"""
|
"""
|
||||||
|
@ -281,7 +296,7 @@ def restAPIsetup(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
|
||||||
adminid = hexencode(os.urandom(16))
|
adminid = hexencode(os.urandom(16))
|
||||||
options[adminid] = AttribDict(cmdLineOptions)
|
options[adminid] = AttribDict(cmdLineOptions)
|
||||||
options[adminid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
|
options[adminid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
|
||||||
tasks.append(adminid)
|
tasks[adminid] = options[adminid]["oDir"]
|
||||||
logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
|
logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
|
||||||
logger.info("The admin task ID is: %s" % adminid)
|
logger.info("The admin task ID is: %s" % adminid)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user