sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-15 10:42:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

added more comments, improved cleanup method

Browse Source
This commit is contained in:
Bernardo Damele 2012-12-14 17:21:19 +00:00
parent b50ea26e7b
commit 21ecffb750
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/utils/restapi.py
View File

@ -44,7 +44,7 @@ from lib.core.settings import RESTAPI_SERVER_PORT
options = {} options = {}
output = "" output = ""
adminid = "" adminid = ""
tasks = [] tasks = {}
# Generic functions # Generic functions
def jsonize(data): def jsonize(data):
@ -57,7 +57,7 @@ def is_admin(taskid):
else: else:
return True return True
@hook('after_request') @hook("after_request")
def security_headers(): def security_headers():
""" """
Set some headers across all HTTP responses Set some headers across all HTTP responses
@ -106,7 +106,7 @@ def task_new():
taskid = hexencode(os.urandom(16)) taskid = hexencode(os.urandom(16))
options[taskid] = AttribDict(cmdLineOptions) options[taskid] = AttribDict(cmdLineOptions)
options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-") options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
tasks.append(taskid) tasks[taskid] = options[adminid]["oDir"]
return jsonize({"taskid": taskid}) return jsonize({"taskid": taskid})
@get("/task/<taskid>/destroy") @get("/task/<taskid>/destroy")
@ -147,6 +147,7 @@ def task_flush(taskid):
# sqlmap core interact functions # # sqlmap core interact functions #
################################## ##################################
# Admin's methods
@get("/status/<taskid>") @get("/status/<taskid>")
def status(taskid): def status(taskid):
""" """
@ -166,15 +167,16 @@ def cleanup(taskid):
""" """
global tasks global tasks
if is_admin(taskid): if is_admin(taskid):
for task in tasks: for task, taskdir in tasks.items():
if task == adminid: if task == adminid:
continue continue
os.removedirs(options[task]["oDir"]) os.removedirs(taskdir)
tasks = [ adminid ] tasks = [ adminid ]
return jsonize({"success": True}) return jsonize({"success": True})
else: else:
abort(401) abort(401)
# Functions to handle options
@get("/option/<taskid>/list") @get("/option/<taskid>/list")
def option_list(taskid): def option_list(taskid):
""" """
@ -217,6 +219,7 @@ def option_set(taskid):
return jsonize({"success": True}) return jsonize({"success": True})
# Function to handle scans
@post("/scan/<taskid>/start") @post("/scan/<taskid>/start")
def scan(taskid): def scan(taskid):
""" """
@ -253,6 +256,18 @@ def scan_output(taskid):
sys.stdout.truncate(0) sys.stdout.truncate(0)
return jsonize({"output": output}) return jsonize({"output": output})
# Function to handle scans' logs
@get("/log/<taskid>/info")
def log_info(taskid):
"""
Read the informational log messages
"""
if taskid not in tasks:
abort(500, "Invalid task ID")
pass
# Function to handle files inside the output directory
@get("/download/<taskid>/<target>/<filename:path>") @get("/download/<taskid>/<target>/<filename:path>")
def download(taskid, target, filename): def download(taskid, target, filename):
""" """
@ -281,7 +296,7 @@ def restAPIsetup(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
adminid = hexencode(os.urandom(16)) adminid = hexencode(os.urandom(16))
options[adminid] = AttribDict(cmdLineOptions) options[adminid] = AttribDict(cmdLineOptions)
options[adminid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-") options[adminid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
tasks.append(adminid) tasks[adminid] = options[adminid]["oDir"]
logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port)) logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
logger.info("The admin task ID is: %s" % adminid) logger.info("The admin task ID is: %s" % adminid)