mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	first steps to allow multiple scans on the same taskid - issue #297
This commit is contained in:
		
							parent
							
								
									dd6c73ea24
								
							
						
					
					
						commit
						b477c56b52
					
				|  | @ -245,26 +245,36 @@ class Format(object): | ||||||
|         """ |         """ | ||||||
| 
 | 
 | ||||||
|         infoStr = "" |         infoStr = "" | ||||||
|  |         infoApi = {} | ||||||
| 
 | 
 | ||||||
|         if info and "type" in info: |         if info and "type" in info: | ||||||
|             infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"])) |             if hasattr(conf, "api"): | ||||||
|  |                 infoApi["%s operating system" % target] = info | ||||||
|  |             else: | ||||||
|  |                 infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"])) | ||||||
| 
 | 
 | ||||||
|             if "distrib" in info: |                 if "distrib" in info: | ||||||
|                 infoStr += " %s" % Format.humanize(info["distrib"]) |                     infoStr += " %s" % Format.humanize(info["distrib"]) | ||||||
| 
 | 
 | ||||||
|             if "release" in info: |                 if "release" in info: | ||||||
|                 infoStr += " %s" % Format.humanize(info["release"]) |                     infoStr += " %s" % Format.humanize(info["release"]) | ||||||
| 
 | 
 | ||||||
|             if "sp" in info: |                 if "sp" in info: | ||||||
|                 infoStr += " %s" % Format.humanize(info["sp"]) |                     infoStr += " %s" % Format.humanize(info["sp"]) | ||||||
| 
 | 
 | ||||||
|             if "codename" in info: |                 if "codename" in info: | ||||||
|                 infoStr += " (%s)" % Format.humanize(info["codename"]) |                     infoStr += " (%s)" % Format.humanize(info["codename"]) | ||||||
| 
 | 
 | ||||||
|         if "technology" in info: |         if "technology" in info: | ||||||
|             infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ") |             if hasattr(conf, "api"): | ||||||
|  |                 infoApi["web application technology"] = Format.humanize(info["technology"], ", ") | ||||||
|  |             else: | ||||||
|  |                 infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ") | ||||||
| 
 | 
 | ||||||
|         return infoStr.lstrip() |         if hasattr(conf, "api"): | ||||||
|  |             return infoApi | ||||||
|  |         else: | ||||||
|  |             return infoStr.lstrip() | ||||||
| 
 | 
 | ||||||
| class Backend: | class Backend: | ||||||
|     # Set methods |     # Set methods | ||||||
|  |  | ||||||
|  | @ -129,8 +129,9 @@ class Task(object): | ||||||
|         return self.options |         return self.options | ||||||
| 
 | 
 | ||||||
|     def set_output_directory(self): |     def set_output_directory(self): | ||||||
|         self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-") |         if not self.output_directory or not os.path.isdir(self.output_directory): | ||||||
|         self.set_option("oDir", self.output_directory) |             self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-") | ||||||
|  |             self.set_option("oDir", self.output_directory) | ||||||
| 
 | 
 | ||||||
|     def clean_filesystem(self): |     def clean_filesystem(self): | ||||||
|         shutil.rmtree(self.output_directory) |         shutil.rmtree(self.output_directory) | ||||||
|  | @ -180,6 +181,8 @@ class StdDbOut(object): | ||||||
| 
 | 
 | ||||||
|     def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): |     def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): | ||||||
|         if self.messagetype == "stdout": |         if self.messagetype == "stdout": | ||||||
|  |             insert = True | ||||||
|  | 
 | ||||||
|             if content_type is None: |             if content_type is None: | ||||||
|                 if kb.partRun is not None: |                 if kb.partRun is not None: | ||||||
|                     content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) |                     content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) | ||||||
|  | @ -189,28 +192,32 @@ class StdDbOut(object): | ||||||
| 
 | 
 | ||||||
|             #print >>sys.__stdout__, "value: %s\nstatus: %d\ncontent_type: %d\nkb.partRun: %s\n--------------" % (value, status, content_type, kb.partRun) |             #print >>sys.__stdout__, "value: %s\nstatus: %d\ncontent_type: %d\nkb.partRun: %s\n--------------" % (value, status, content_type, kb.partRun) | ||||||
| 
 | 
 | ||||||
|             output = conf.database_cursor.execute("SELECT id, value FROM data WHERE taskid = ? AND content_type = ?", |             output = conf.database_cursor.execute("SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?", | ||||||
|                                                   (self.taskid, content_type)) |                                                   (self.taskid, content_type)) | ||||||
| 
 | 
 | ||||||
|             # Delete partial output from IPC database if we have got a complete output |             # Delete partial output from IPC database if we have got a complete output | ||||||
|             if status == CONTENT_STATUS.COMPLETE and len(output) > 0: |             if status == CONTENT_STATUS.COMPLETE: | ||||||
|                 for index in xrange(0, len(output)-1): |                 if len(output) > 0: | ||||||
|                     conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) |                     for index in xrange(0, len(output)-1): | ||||||
|  |                         if output[index][1] == CONTENT_STATUS.COMPLETE: | ||||||
|  |                             insert = False | ||||||
|  |                         else: | ||||||
|  |                             conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) | ||||||
| 
 | 
 | ||||||
|  |                 if insert: | ||||||
|  |                     conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", | ||||||
|  |                                                  (self.taskid, status, content_type, jsonize(value))) | ||||||
|                 if kb.partRun: |                 if kb.partRun: | ||||||
|                     kb.partRun = None |                     kb.partRun = None | ||||||
| 
 | 
 | ||||||
|             if status == CONTENT_STATUS.IN_PROGRESS: |             elif status == CONTENT_STATUS.IN_PROGRESS: | ||||||
|                 if len(output) == 0: |                 if len(output) == 0: | ||||||
|                     conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", |                     conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", | ||||||
|                                                  (self.taskid, status, content_type, jsonize(value))) |                                                  (self.taskid, status, content_type, jsonize(value))) | ||||||
|                 else: |                 else: | ||||||
|                     new_value = "%s%s" % (dejsonize(output[0][1]), value) |                     new_value = "%s%s" % (dejsonize(output[0][2]), value) | ||||||
|                     conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?", |                     conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?", | ||||||
|                                                  (jsonize(new_value), output[0][0])) |                                                  (jsonize(new_value), output[0][0])) | ||||||
|             else: |  | ||||||
|                 conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", |  | ||||||
|                                              (self.taskid, status, content_type, jsonize(value))) |  | ||||||
|         else: |         else: | ||||||
|             conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", |             conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", | ||||||
|                                          (self.taskid, str(value) if value else "")) |                                          (self.taskid, str(value) if value else "")) | ||||||
|  |  | ||||||
|  | @ -91,13 +91,13 @@ class Fingerprint(GenericFingerprint): | ||||||
|         value = "" |         value = "" | ||||||
|         wsOsFp = Format.getOs("web server", kb.headersFp) |         wsOsFp = Format.getOs("web server", kb.headersFp) | ||||||
| 
 | 
 | ||||||
|         if wsOsFp: |         if wsOsFp and not hasattr(conf, "api"): | ||||||
|             value += "%s\n" % wsOsFp |             value += "%s\n" % wsOsFp | ||||||
| 
 | 
 | ||||||
|         if kb.data.banner: |         if kb.data.banner: | ||||||
|             dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) |             dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) | ||||||
| 
 | 
 | ||||||
|             if dbmsOsFp: |             if dbmsOsFp and not hasattr(conf, "api"): | ||||||
|                 value += "%s\n" % dbmsOsFp |                 value += "%s\n" % dbmsOsFp | ||||||
| 
 | 
 | ||||||
|         value += "back-end DBMS: " |         value += "back-end DBMS: " | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user