sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-26 00:33:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297

Browse Source
This commit is contained in:
Bernardo Damele 2012-12-14 15:52:35 +00:00
parent 27906f388f
commit 4c4cb856ff
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/utils/restapi.py
View File

@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
import optparse import optparse
import os import os
import sys import sys
import tempfile
import threading import threading
try: try:
@ -101,8 +102,10 @@ def task_new():
Create new task ID Create new task ID
""" """
global tasks global tasks
global options
taskid = hexencode(os.urandom(16)) taskid = hexencode(os.urandom(16))
options[taskid] = AttribDict(cmdLineOptions) options[taskid] = AttribDict(cmdLineOptions)
options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
tasks.append(taskid) tasks.append(taskid)
return jsonize({"taskid": taskid}) return jsonize({"taskid": taskid})
@ -186,7 +189,7 @@ def option_set(taskid):
return jsonize({"success": True}) return jsonize({"success": True})
@post("/scan/<taskid>") @post("/scan/<taskid>/start")
def scan(taskid): def scan(taskid):
""" """
Launch a scan Launch a scan
@ -229,9 +232,10 @@ def scan_output(taskid):
global output global output
sys.stdout.seek(len(output)) sys.stdout.seek(len(output))
output = sys.stdout.read() output = sys.stdout.read()
sys.stdout.truncate(0)
return jsonize({"output": output}) return jsonize({"output": output})
@post("/download/<taskid>/<target>/<filename:path>") @get("/download/<taskid>/<target>/<filename:path>")
def download(taskid, target, filename): def download(taskid, target, filename):
""" """
Download a certain file from the file system Download a certain file from the file system
@ -250,9 +254,11 @@ def restAPIsetup(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
Initiate REST-JSON API Initiate REST-JSON API
""" """
global adminid global adminid
global options
global tasks global tasks
adminid = hexencode(os.urandom(16)) adminid = hexencode(os.urandom(16))
options[adminid] = AttribDict(cmdLineOptions) options[adminid] = AttribDict(cmdLineOptions)
options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
tasks.append(adminid) tasks.append(adminid)
logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port)) logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
logger.info("The admin task ID is: %s" % adminid) logger.info("The admin task ID is: %s" % adminid)
@ -267,7 +273,7 @@ def client(host, port):
# TODO: write a simple client with urllib2, for now use curl from command line # TODO: write a simple client with urllib2, for now use curl from command line
print "[ERROR] Not yet implemented, use curl from command line instead for now, for example:" print "[ERROR] Not yet implemented, use curl from command line instead for now, for example:"
print "\n\t$ curl --proxy http://127.0.0.1:8080 http://127.0.0.1:%s/task/new" % port print "\n\t$ curl --proxy http://127.0.0.1:8080 http://127.0.0.1:%s/task/new" % port
print "\t$ curl --proxy http://127.0.0.1:8080 -H \"Content-Type: application/json\" -X POST -d '{\"targetUrl\": \"<target URL>\"}' http://127.0.0.1:%d/scan/<task ID>\n" % port print "\t$ curl --proxy http://127.0.0.1:8080 -H \"Content-Type: application/json\" -X POST -d '{\"url\": \"<target URL>\"}' http://127.0.0.1:%d/scan/<task ID>/start\n" % port
if __name__ == "__main__": if __name__ == "__main__":
""" """