added initial support (hidden from -hh and not yet usable) for REST-JSON API

2025-03-03 11:45:46 +03:00 · 2012-12-14 02:49:25 +00:00 · 2012-12-14 02:49:25 +00:00 · 6e31e87de1
commit 6e31e87de1
parent 46885d4c28
4 changed files with 36 additions and 2 deletions
--- a/_sqlmap.py
+++ b/_sqlmap.py
@ -32,6 +32,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.common import unhandledExceptionMessage
 from lib.core.exception import exceptionsTuple
+from lib.core.exception import SqlmapMissingDependence
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.log import FORMATTER
@ -39,12 +40,20 @@ from lib.core.log import LOGGER_HANDLER
 from lib.core.option import init
 from lib.core.profiling import profile
 from lib.core.settings import LEGAL_DISCLAIMER
+from lib.core.settings import RESTAPI_SERVER_PORT
 from lib.core.settings import XMLRPC_SERVER_PORT
 from lib.core.testing import smokeTest
 from lib.core.testing import liveTest
 from lib.parse.cmdline import cmdLineParser
 from lib.utils.xmlrpc import XMLRPCServer

+try:
+    from lib.utils.restapi import restAPIrun
+except SqlmapMissingDependence, e:
+    e = getUnicode(e)
+    logger.critical(e)
+    sys.exit(1)
+
 def modulePath():
    """
    This will get us the program's directory, even if we are frozen
@ -53,6 +62,18 @@ def modulePath():

    return os.path.dirname(getUnicode(sys.executable if weAreFrozen() else __file__, sys.getfilesystemencoding()))

+def restApiServe():
+    logger.setLevel(logging.INFO)
+    cmdLineOptions.batch = True
+    cmdLineOptions.disableColoring = True
+    restAPIrun(port=cmdLineOptions.restApiPort or RESTAPI_SERVER_PORT)
+    def emit(self, record):
+        message = stdoutencode(FORMATTER.format(record))
+        sys.stdout.write("%s\n" % message.strip('\r'))
+    LOGGER_HANDLER.emit = types.MethodType(emit, LOGGER_HANDLER, type(LOGGER_HANDLER))
+    sys.stdout = StringIO.StringIO()
+    sys.stderr = StringIO.StringIO()
+
 def xmlRpcServe():
    logger.setLevel(logging.INFO)
    cmdLineOptions.batch = True
@ -82,7 +103,9 @@ def main():
        # Store original command line options for possible later restoration
        cmdLineOptions.update(cmdLineParser().__dict__)

-        if cmdLineOptions.xmlRpc:
+        if cmdLineOptions.restApi:
+            restApiServe()
+        elif cmdLineOptions.xmlRpc:
            xmlRpcServe()
        else:
            init(cmdLineOptions)
@ -106,6 +129,7 @@ def main():
    except exceptionsTuple, e:
        e = getUnicode(e)
        logger.critical(e)
+        sys.exit(1)

    except KeyboardInterrupt:
        print
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -485,6 +485,9 @@ LIMITED_ROWS_TEST_NUMBER = 15
 # Default TCP port used for XML-RPC server instance
 XMLRPC_SERVER_PORT = 8776

+# Default TCP port used for REST API server instance
+RESTAPI_SERVER_PORT = 8775
+
 # Regular expression for SOAP-like POST data
 SOAP_RECOGNITION_REGEX = r"(?s)\A(<\?xml[^>]+>)?\s*<([^> ]+)( [^>]+)?>.+</\2.*>\s*\Z"

--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -682,6 +682,12 @@ def cmdLineParser():
        parser.add_option("--run-case", dest="runCase", type="int",
                          help=SUPPRESS_HELP)

+        parser.add_option("--restapi", dest="restApi", action="store_true",
+                          help=SUPPRESS_HELP)
+
+        parser.add_option("--restApi-port", dest="restApiPort", type="int",
+                          help=SUPPRESS_HELP)
+
        parser.add_option("--xmlrpc", dest="xmlRpc", action="store_true",
                          help=SUPPRESS_HELP)

@ -761,7 +767,7 @@ def cmdLineParser():

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
-            args.xmlRpc, args.purgeOutput)):
+            args.restApi, args.xmlRpc, args.purgeOutput)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
            errMsg += "use -h for basic or -hh for advanced help"
            parser.error(errMsg)
--- a/lib/utils/xmlrpc.py
+++ b/lib/utils/xmlrpc.py
@ -66,6 +66,7 @@ class XMLRPCServer:
        return retval

    def run(self):
+        print "CALLING RUN"
        if not self.is_busy():
            init(self.options, True)
            thread = threading.Thread(target=start)