sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed list command

Browse Source
This commit is contained in:
daremon 2015-09-16 00:01:57 +03:00
commit ff7be9d0eb
4 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/common.py
View File

@ -3979,7 +3979,7 @@ def pollProcess(process, suppress_errors=False):
break break
def getSafeExString(ex): def getSafeExString(ex, encoding=None):
""" """
Safe way how to get the proper exception represtation as a string Safe way how to get the proper exception represtation as a string
(Note: errors to be avoided: 1) "%s" % Exception(u'\u0161') and 2) "%s" % str(Exception(u'\u0161')) (Note: errors to be avoided: 1) "%s" % Exception(u'\u0161') and 2) "%s" % str(Exception(u'\u0161'))
@ -3992,4 +3992,4 @@ def getSafeExString(ex):
elif getattr(ex, "msg", None): elif getattr(ex, "msg", None):
retVal = ex.msg retVal = ex.msg
return getUnicode(retVal) return getUnicode(retVal, encoding=encoding)

9
lib/core/replication.py
View File

@ -8,9 +8,11 @@ See the file 'doc/COPYING' for copying permission
import sqlite3 import sqlite3
from extra.safe2bin.safe2bin import safechardecode from extra.safe2bin.safe2bin import safechardecode
from lib.core.common import getSafeExString
from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.exception import SqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.exception import SqlmapValueException from lib.core.exception import SqlmapValueException
from lib.core.settings import UNICODE_ENCODING
class Replication(object): class Replication(object):
""" """
@ -49,11 +51,16 @@ class Replication(object):
self.name = unsafeSQLIdentificatorNaming(name) self.name = unsafeSQLIdentificatorNaming(name)
self.columns = columns self.columns = columns
if create: if create:
try:
self.execute('DROP TABLE IF EXISTS "%s"' % self.name) self.execute('DROP TABLE IF EXISTS "%s"' % self.name)
if not typeless: if not typeless:
self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s" %s' % (unsafeSQLIdentificatorNaming(colname), coltype) for colname, coltype in self.columns))) self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s" %s' % (unsafeSQLIdentificatorNaming(colname), coltype) for colname, coltype in self.columns)))
else: else:
self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s"' % unsafeSQLIdentificatorNaming(colname) for colname in self.columns))) self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s"' % unsafeSQLIdentificatorNaming(colname) for colname in self.columns)))
except Exception, ex:
errMsg = "problem occurred ('%s') while initializing the sqlite database " % getSafeExString(ex, UNICODE_ENCODING)
errMsg += "located at '%s'" % self.parent.dbpath
raise SqlmapGenericException(errMsg)
def insert(self, values): def insert(self, values):
""" """
@ -70,7 +77,7 @@ class Replication(object):
try: try:
self.parent.cursor.execute(sql, parameters) self.parent.cursor.execute(sql, parameters)
except sqlite3.OperationalError, ex: except sqlite3.OperationalError, ex:
errMsg = "problem occurred ('%s') while accessing sqlite database " % unicode(ex) errMsg = "problem occurred ('%s') while accessing sqlite database " % getSafeExString(ex, UNICODE_ENCODING)
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
errMsg += "it's not used by some other program" errMsg += "it's not used by some other program"
raise SqlmapGenericException(errMsg) raise SqlmapGenericException(errMsg)

2
lib/request/connect.py
View File

@ -630,7 +630,7 @@ class Connect(object):
raise SqlmapConnectionException(warnMsg) raise SqlmapConnectionException(warnMsg)
finally: finally:
if not isinstance(page, unicode): if isinstance(page, basestring) and not isinstance(page, unicode):
if HTTP_HEADER.CONTENT_TYPE in (responseHeaders or {}) and not re.search(TEXT_CONTENT_TYPE_REGEX, responseHeaders[HTTP_HEADER.CONTENT_TYPE]): if HTTP_HEADER.CONTENT_TYPE in (responseHeaders or {}) and not re.search(TEXT_CONTENT_TYPE_REGEX, responseHeaders[HTTP_HEADER.CONTENT_TYPE]):
page = unicode(page, errors="ignore") page = unicode(page, errors="ignore")
else: else:

33
lib/utils/api.py
View File

@ -116,7 +116,8 @@ class Database(object):
class Task(object): class Task(object):
def __init__(self, taskid): def __init__(self, taskid, remote_addr):
self.remote_addr = remote_addr
self.process = None self.process = None
self.output_directory = None self.output_directory = None
self.options = None self.options = None
@ -343,7 +344,9 @@ def task_new():
Create new task ID Create new task ID
""" """
taskid = hexencode(os.urandom(8)) taskid = hexencode(os.urandom(8))
DataStore.tasks[taskid] = Task(taskid) remote_addr = request.remote_addr
DataStore.tasks[taskid] = Task(taskid, remote_addr)
logger.debug("Created new task: '%s'" % taskid) logger.debug("Created new task: '%s'" % taskid)
return jsonize({"success": True, "taskid": taskid}) return jsonize({"success": True, "taskid": taskid})
@ -368,21 +371,23 @@ def task_delete(taskid):
################### ###################
@get("/admin/list")
@get("/admin/<taskid>/list") @get("/admin/<taskid>/list")
def task_list(taskid=None): def task_list(taskid=None):
""" """
List task pull List task pull
""" """
logger.debug("[%s] Listed task pool") if is_admin(taskid):
if taskid is not None:
tasks = list(DataStore.tasks) tasks = list(DataStore.tasks)
else: else:
tasks = []
for key in DataStore.tasks:
if DataStore.tasks[key].remote_addr == request.remote_addr:
tasks.append(key)
tasks = {x: dejsonize(scan_status(x))['status'] tasks = {x: dejsonize(scan_status(x))['status']
for x in list(DataStore.tasks)} for x in list(DataStore.tasks)}
logger.debug("[%s] Listed task pool (%s)" % (taskid, "admin" if is_admin(taskid) else request.remote_addr))
return jsonize({"success": True, "tasks": tasks, "tasks_num": len(tasks)}) return jsonize({"success": True, "tasks": tasks, "tasks_num": len(tasks)})
@get("/admin/<taskid>/flush") @get("/admin/<taskid>/flush")
def task_flush(taskid): def task_flush(taskid):
""" """
@ -390,11 +395,13 @@ def task_flush(taskid):
""" """
if is_admin(taskid): if is_admin(taskid):
DataStore.tasks = dict() DataStore.tasks = dict()
logger.debug("[%s] Flushed task pool" % taskid)
return jsonize({"success": True})
else: else:
logger.warning("[%s] Unauthorized call to task_flush()" % taskid) for key in list(DataStore.tasks):
return jsonize({"success": False, "message": "Unauthorized"}) if DataStore.tasks[key].remote_addr == request.remote_addr:
del DataStore.tasks[key]
logger.debug("[%s] Flushed task pool (%s)" % (taskid, "admin" if is_admin(taskid) else request.remote_addr))
return jsonize({"success": True})
################################## ##################################
# sqlmap core interact functions # # sqlmap core interact functions #
@ -719,7 +726,9 @@ def client(host=RESTAPI_SERVER_HOST, port=RESTAPI_SERVER_PORT):
taskid = None taskid = None
continue continue
cmdLineOptions = { k: v for k, v in cmdLineOptions.iteritems() if v is not None } for key in list(cmdLineOptions):
if cmdLineOptions[key] is None:
del cmdLineOptions[key]
raw = _client(addr + "/task/new") raw = _client(addr + "/task/new")
res = dejsonize(raw) res = dejsonize(raw)
@ -749,7 +758,7 @@ def client(host=RESTAPI_SERVER_HOST, port=RESTAPI_SERVER_PORT):
logger.info("Switching to task ID '%s' " % taskid) logger.info("Switching to task ID '%s' " % taskid)
elif command.lower() == "list": elif command.lower() == "list":
raw = _client(addr + "/admin/list") raw = _client(addr + "/admin/0/list")
res = dejsonize(raw) res = dejsonize(raw)
if not res["success"]: if not res["success"]:
logger.error("Failed to execute command " + command) logger.error("Failed to execute command " + command)