Merge branch 'master' of github.com:sqlmapproject/sqlmap

This commit is contained in:
Miroslav Stampar 2013-01-09 15:22:30 +01:00
commit bdd2592848
5 changed files with 18 additions and 6 deletions

View File

@ -51,6 +51,7 @@ from lib.core.common import singleTimeWarnMessage
from lib.core.common import UnicodeRawConfigParser from lib.core.common import UnicodeRawConfigParser
from lib.core.common import urldecode from lib.core.common import urldecode
from lib.core.common import urlencode from lib.core.common import urlencode
from lib.core.convert import base64unpickle
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -1769,6 +1770,9 @@ def _mergeOptions(inputOptions, overrideOptions):
@type inputOptions: C{instance} @type inputOptions: C{instance}
""" """
if inputOptions.pickledOptions:
inputOptions = base64unpickle(inputOptions.pickledOptions)
if inputOptions.configFile: if inputOptions.configFile:
configFileParser(inputOptions.configFile) configFileParser(inputOptions.configFile)
@ -2054,9 +2058,9 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
if not inputOptions.disableColoring: if not inputOptions.disableColoring:
coloramainit() coloramainit()
else: elif hasattr(LOGGER_HANDLER, "disable_coloring"):
if hasattr(LOGGER_HANDLER, "disable_coloring"):
LOGGER_HANDLER.disable_coloring = True LOGGER_HANDLER.disable_coloring = True
_setConfAttributes() _setConfAttributes()
_setKnowledgeBaseAttributes() _setKnowledgeBaseAttributes()
_mergeOptions(inputOptions, overrideOptions) _mergeOptions(inputOptions, overrideOptions)

View File

@ -196,6 +196,7 @@ optDict = {
"answers": "string", "answers": "string",
"beep": "boolean", "beep": "boolean",
"checkPayload": "boolean", "checkPayload": "boolean",
"checkWaf": "boolean",
"cleanup": "boolean", "cleanup": "boolean",
"dependencies": "boolean", "dependencies": "boolean",
"disableColoring": "boolean", "disableColoring": "boolean",

View File

@ -14,6 +14,7 @@ import StringIO
import sys import sys
import tempfile import tempfile
import time import time
import traceback
from extra.beep.beep import beep from extra.beep.beep import beep
from lib.controller.controller import start from lib.controller.controller import start
@ -231,6 +232,7 @@ def runCase(switches=None, parse=None):
if exception: if exception:
logger.error("unhandled exception occurred ('%s')" % str(exception)) logger.error("unhandled exception occurred ('%s')" % str(exception))
tback = traceback.format_exc()
retVal = False retVal = False
elif result is False: # if None, ignore elif result is False: # if None, ignore
logger.error("the test did not run") logger.error("the test did not run")

View File

@ -664,6 +664,8 @@ def cmdLineParser():
help="Simple wizard interface for beginner users") help="Simple wizard interface for beginner users")
# Hidden and/or experimental options # Hidden and/or experimental options
parser.add_option("--pickle", dest="pickledOptions", help=SUPPRESS_HELP)
parser.add_option("--profile", dest="profile", action="store_true", parser.add_option("--profile", dest="profile", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
@ -757,7 +759,7 @@ def cmdLineParser():
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \ args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
args.purgeOutput)): args.purgeOutput, args.pickledOptions)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), " errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
errMsg += "use -h for basic or -hh for advanced help" errMsg += "use -h for basic or -hh for advanced help"
parser.error(errMsg) parser.error(errMsg)

View File

@ -18,6 +18,7 @@ from subprocess import Popen
from lib.controller.controller import start from lib.controller.controller import start
from lib.core.common import unArrayizeValue from lib.core.common import unArrayizeValue
from lib.core.convert import base64pickle
from lib.core.convert import hexencode from lib.core.convert import hexencode
from lib.core.convert import stdoutencode from lib.core.convert import stdoutencode
from lib.core.data import paths from lib.core.data import paths
@ -48,6 +49,7 @@ RESTAPI_SERVER_PORT = 8775
# Local global variables # Local global variables
adminid = "" adminid = ""
procs = dict()
tasks = AttribDict() tasks = AttribDict()
# Generic functions # Generic functions
@ -251,6 +253,7 @@ def scan_start(taskid):
Launch a scan Launch a scan
""" """
global tasks global tasks
global procs
if taskid not in tasks: if taskid not in tasks:
abort(500, "Invalid task ID") abort(500, "Invalid task ID")
@ -266,8 +269,8 @@ def scan_start(taskid):
# Launch sqlmap engine in a separate thread # Launch sqlmap engine in a separate thread
logger.debug("starting a scan for task ID %s" % taskid) logger.debug("starting a scan for task ID %s" % taskid)
proc = Popen("python sqlmap.py -c %s" % config_file, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) procs[taskid] = Popen("python sqlmap.py --pickle %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
stdout, stderr = proc.communicate() stdout, stderr = procs[taskid].communicate()
return jsonize({"success": True}) return jsonize({"success": True})