sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-24 18:43:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

support for nested payloads

Browse Source
This commit is contained in:
donnd-t 2021-11-03 13:03:32 +11:00
parent 1141f21dee
commit 5ab5f5811f
1 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/core/swagger.py
View File

@ -10,6 +10,7 @@ import json
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import SqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import SqlmapSkipTargetException from lib.core.exception import SqlmapSkipTargetException
from typing import Dict
class Operation: class Operation:
@ -70,28 +71,39 @@ class Operation:
hdrs.append((hp["name"], "%s*" %hp["example"])) hdrs.append((hp["name"], "%s*" %hp["example"]))
return hdrs return hdrs
def _ref(swagger, refPath): def _obj(swagger, objOrRefPath):
paths = refPath.replace("#/", "", 1).split('/') if isinstance(objOrRefPath, Dict):
return objOrRefPath
paths = objOrRefPath.replace("#/", "", 1).split('/')
r = swagger r = swagger
for p in paths: for p in paths:
r = r[p] r = r[p]
return r return r
def _example(swagger, refPath): def _example(swagger, objOrRefPath):
example = {} example = {}
ref = _ref(swagger, refPath) obj = _obj(swagger, objOrRefPath)
if "type" in ref and ref["type"] == "object" and "properties" in ref:
properties = ref["properties"] if "type" in obj and obj["type"] == "object" and "properties" in obj:
properties = obj["properties"]
for prop in properties: for prop in properties:
if "example" in properties[prop]: if properties[prop]["type"] == "object":
value = properties[prop]["example"] example[prop] = {}
example[prop] = value for objectProp in properties[prop]["properties"]:
example[prop][objectProp] = _example(swagger, properties[prop]["properties"][objectProp])
elif "$ref" in properties[prop]: elif "$ref" in properties[prop]:
example[prop] = _example(swagger, properties[prop]["$ref"]) example[prop] = _example(swagger, properties[prop]["$ref"])
elif properties[prop]["type"] == "array" and "$ref" in properties[prop]["items"]: elif properties[prop]["type"] == "array" and "$ref" in properties[prop]["items"]:
example[prop] = [ _example(swagger, properties[prop]["items"]["$ref"]) ] example[prop] = [ _example(swagger, properties[prop]["items"]["$ref"]) ]
elif "example" in properties[prop]:
value = properties[prop]["example"]
example[prop] = value
else: else:
raise SqlmapSkipTargetException("missing example for parameter '%s'" %prop) raise SqlmapSkipTargetException("missing example for parameter '%s'" %prop)
elif "example" in obj:
return obj["example"]
else:
raise SqlmapSkipTargetException("missing example for object '%s'" %obj)
return example return example