Merge branch 'master' of github.com:sqlmapproject/sqlmap

2024-11-25 11:03:47 +03:00 · 2013-01-09 15:22:30 +01:00 · 2013-01-09 15:22:30 +01:00 · bdd2592848
commit bdd2592848
parent 3d4f381ab5 c44a829b9b
5 changed files with 18 additions and 6 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -51,6 +51,7 @@ from lib.core.common import singleTimeWarnMessage
 from lib.core.common import UnicodeRawConfigParser
 from lib.core.common import urldecode
 from lib.core.common import urlencode
+from lib.core.convert import base64unpickle
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -1769,6 +1770,9 @@ def _mergeOptions(inputOptions, overrideOptions):
    @type inputOptions: C{instance}
    """

+    if inputOptions.pickledOptions:
+        inputOptions = base64unpickle(inputOptions.pickledOptions)
+
    if inputOptions.configFile:
        configFileParser(inputOptions.configFile)

@ -2054,9 +2058,9 @@ def init(inputOptions=AttribDict(), overrideOptions=False):

    if not inputOptions.disableColoring:
        coloramainit()
-    else:
-        if hasattr(LOGGER_HANDLER, "disable_coloring"):
-            LOGGER_HANDLER.disable_coloring = True
+    elif hasattr(LOGGER_HANDLER, "disable_coloring"):
+        LOGGER_HANDLER.disable_coloring = True
+
    _setConfAttributes()
    _setKnowledgeBaseAttributes()
    _mergeOptions(inputOptions, overrideOptions)
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -196,6 +196,7 @@ optDict = {
                               "answers":           "string",
                               "beep":              "boolean",
                               "checkPayload":      "boolean",
+                               "checkWaf":          "boolean",
                               "cleanup":           "boolean",
                               "dependencies":      "boolean",
                               "disableColoring":   "boolean",
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@ -14,6 +14,7 @@ import StringIO
 import sys
 import tempfile
 import time
+import traceback

 from extra.beep.beep import beep
 from lib.controller.controller import start
@ -231,6 +232,7 @@ def runCase(switches=None, parse=None):

    if exception:
        logger.error("unhandled exception occurred ('%s')" % str(exception))
+        tback = traceback.format_exc()
        retVal = False
    elif result is False: # if None, ignore
        logger.error("the test did not run")
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -664,6 +664,8 @@ def cmdLineParser():
                                  help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
+        parser.add_option("--pickle", dest="pickledOptions", help=SUPPRESS_HELP)
+
        parser.add_option("--profile", dest="profile", action="store_true",
                          help=SUPPRESS_HELP)

@ -757,7 +759,7 @@ def cmdLineParser():

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
-            args.purgeOutput)):
+            args.purgeOutput, args.pickledOptions)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
            errMsg += "use -h for basic or -hh for advanced help"
            parser.error(errMsg)
--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@ -18,6 +18,7 @@ from subprocess import Popen

 from lib.controller.controller import start
 from lib.core.common import unArrayizeValue
+from lib.core.convert import base64pickle
 from lib.core.convert import hexencode
 from lib.core.convert import stdoutencode
 from lib.core.data import paths
@ -48,6 +49,7 @@ RESTAPI_SERVER_PORT = 8775

 # Local global variables
 adminid = ""
+procs = dict()
 tasks = AttribDict()

 # Generic functions
@ -251,6 +253,7 @@ def scan_start(taskid):
    Launch a scan
    """
    global tasks
+    global procs

    if taskid not in tasks:
        abort(500, "Invalid task ID")
@ -266,8 +269,8 @@ def scan_start(taskid):
    # Launch sqlmap engine in a separate thread
    logger.debug("starting a scan for task ID %s" % taskid)

-    proc = Popen("python sqlmap.py -c %s" % config_file, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
-    stdout, stderr = proc.communicate()
+    procs[taskid] = Popen("python sqlmap.py --pickle %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+    stdout, stderr = procs[taskid].communicate()

    return jsonize({"success": True})