diff --git a/lib/core/common.py b/lib/core/common.py index c4d93c5cd..6cc483189 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -245,26 +245,36 @@ class Format(object): """ infoStr = "" + infoApi = {} if info and "type" in info: - infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"])) + if hasattr(conf, "api"): + infoApi["%s operating system" % target] = info + else: + infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"])) - if "distrib" in info: - infoStr += " %s" % Format.humanize(info["distrib"]) + if "distrib" in info: + infoStr += " %s" % Format.humanize(info["distrib"]) - if "release" in info: - infoStr += " %s" % Format.humanize(info["release"]) + if "release" in info: + infoStr += " %s" % Format.humanize(info["release"]) - if "sp" in info: - infoStr += " %s" % Format.humanize(info["sp"]) + if "sp" in info: + infoStr += " %s" % Format.humanize(info["sp"]) - if "codename" in info: - infoStr += " (%s)" % Format.humanize(info["codename"]) + if "codename" in info: + infoStr += " (%s)" % Format.humanize(info["codename"]) if "technology" in info: - infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ") + if hasattr(conf, "api"): + infoApi["web application technology"] = Format.humanize(info["technology"], ", ") + else: + infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ") - return infoStr.lstrip() + if hasattr(conf, "api"): + return infoApi + else: + return infoStr.lstrip() class Backend: # Set methods diff --git a/lib/utils/api.py b/lib/utils/api.py index 27bf7eee1..e7a0e96f0 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -129,8 +129,9 @@ class Task(object): return self.options def set_output_directory(self): - self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-") - self.set_option("oDir", self.output_directory) + if not self.output_directory or not os.path.isdir(self.output_directory): + self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-") + self.set_option("oDir", self.output_directory) def clean_filesystem(self): shutil.rmtree(self.output_directory) @@ -180,6 +181,8 @@ class StdDbOut(object): def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): if self.messagetype == "stdout": + insert = True + if content_type is None: if kb.partRun is not None: content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) @@ -189,28 +192,32 @@ class StdDbOut(object): #print >>sys.__stdout__, "value: %s\nstatus: %d\ncontent_type: %d\nkb.partRun: %s\n--------------" % (value, status, content_type, kb.partRun) - output = conf.database_cursor.execute("SELECT id, value FROM data WHERE taskid = ? AND content_type = ?", + output = conf.database_cursor.execute("SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?", (self.taskid, content_type)) # Delete partial output from IPC database if we have got a complete output - if status == CONTENT_STATUS.COMPLETE and len(output) > 0: - for index in xrange(0, len(output)-1): - conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) + if status == CONTENT_STATUS.COMPLETE: + if len(output) > 0: + for index in xrange(0, len(output)-1): + if output[index][1] == CONTENT_STATUS.COMPLETE: + insert = False + else: + conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) + if insert: + conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", + (self.taskid, status, content_type, jsonize(value))) if kb.partRun: kb.partRun = None - if status == CONTENT_STATUS.IN_PROGRESS: + elif status == CONTENT_STATUS.IN_PROGRESS: if len(output) == 0: conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: - new_value = "%s%s" % (dejsonize(output[0][1]), value) + new_value = "%s%s" % (dejsonize(output[0][2]), value) conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?", (jsonize(new_value), output[0][0])) - else: - conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", - (self.taskid, status, content_type, jsonize(value))) else: conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else "")) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index f4cdc1a11..9c86ed697 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -91,13 +91,13 @@ class Fingerprint(GenericFingerprint): value = "" wsOsFp = Format.getOs("web server", kb.headersFp) - if wsOsFp: + if wsOsFp and not hasattr(conf, "api"): value += "%s\n" % wsOsFp if kb.data.banner: dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) - if dbmsOsFp: + if dbmsOsFp and not hasattr(conf, "api"): value += "%s\n" % dbmsOsFp value += "back-end DBMS: "