Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4c4cb85

Browse files
bdamelebdamele
committed
minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297 
1 parent 27906f3 commit 4c4cb85

1 file changed

Lines changed: 9 additions & 3 deletions

File tree

lib/utils/restapi.py

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import optparse
99
import os
1010
import sys
11+
import tempfile
1112
import threading
1213

1314
try:
@@ -101,8 +102,10 @@ def task_new():
101102
Create new task ID
102103
"""
103104
global tasks
105+
global options
104106
taskid = hexencode(os.urandom(16))
105107
options[taskid] = AttribDict(cmdLineOptions)
108+
options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
106109
tasks.append(taskid)
107110
return jsonize({"taskid": taskid})
108111

@@ -186,7 +189,7 @@ def option_set(taskid):
186189

187190
return jsonize({"success": True})
188191

189-
@post("/scan/<taskid>")
192+
@post("/scan/<taskid>/start")
190193
def scan(taskid):
191194
"""
192195
Launch a scan
@@ -229,9 +232,10 @@ def scan_output(taskid):
229232
global output
230233
sys.stdout.seek(len(output))
231234
output = sys.stdout.read()
235+
sys.stdout.truncate(0)
232236
return jsonize({"output": output})
233237

234-
@post("/download/<taskid>/<target>/<filename:path>")
238+
@get("/download/<taskid>/<target>/<filename:path>")
235239
def download(taskid, target, filename):
236240
"""
237241
Download a certain file from the file system
@@ -250,9 +254,11 @@ def restAPIsetup(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
250254
Initiate REST-JSON API
251255
"""
252256
global adminid
257+
global options
253258
global tasks
254259
adminid = hexencode(os.urandom(16))
255260
options[adminid] = AttribDict(cmdLineOptions)
261+
options[taskid]["oDir"] = tempfile.mkdtemp(prefix="sqlmap-")
256262
tasks.append(adminid)
257263
logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
258264
logger.info("The admin task ID is: %s" % adminid)
@@ -267,7 +273,7 @@ def client(host, port):
267273
# TODO: write a simple client with urllib2, for now use curl from command line
268274
print "[ERROR] Not yet implemented, use curl from command line instead for now, for example:"
269275
print "\n\t$ curl --proxy http://127.0.0.1:8080 http://127.0.0.1:%s/task/new" % port
270-
print "\t$ curl --proxy http://127.0.0.1:8080 -H \"Content-Type: application/json\" -X POST -d '{\"targetUrl\": \"<target URL>\"}' http://127.0.0.1:%d/scan/<task ID>\n" % port
276+
print "\t$ curl --proxy http://127.0.0.1:8080 -H \"Content-Type: application/json\" -X POST -d '{\"url\": \"<target URL>\"}' http://127.0.0.1:%d/scan/<task ID>/start\n" % port
271277

272278
if __name__ == "__main__":
273279
"""

0 commit comments

Comments
 (0)