Merge branch 'master' of github.com:sqlmapproject/sqlmap

stamparm · stamparm · commit 95b922309cc6 · 2013-01-29T20:50:40.000+01:00
diff --git a/_sqlmap.py b/_sqlmap.py
@@ -30,12 +30,14 @@
 from lib.core.exception import SqlmapBaseException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapUserQuitException
+from lib.core.option import initOptions
 from lib.core.option import init
 from lib.core.profiling import profile
 from lib.core.settings import LEGAL_DISCLAIMER
 from lib.core.testing import smokeTest
 from lib.core.testing import liveTest
 from lib.parse.cmdline import cmdLineParser
+from lib.utils.api import setRestAPILog
 from lib.utils.api import StdDbOut
 
 def modulePath():
@@ -57,19 +59,22 @@ def main():
 
         # Store original command line options for possible later restoration
         cmdLineOptions.update(cmdLineParser().__dict__)
-        init(cmdLineOptions)
+        initOptions(cmdLineOptions)
 
         if hasattr(conf, "api"):
             # Overwrite system standard output and standard error to write
             # to an IPC database
             sys.stdout = StdDbOut(conf.taskid, messagetype="stdout")
             sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
+            setRestAPILog()
 
         banner()
 
         dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
         dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True)
 
+        init()
+
         if conf.profile:
             profile()
         elif conf.smokeTest:
diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py
@@ -66,9 +66,10 @@ def main():
     test_counts = []
     attachments = {}
 
-    command_line = "python /opt/sqlmap/sqlmap.py --live-test"
-    proc = subprocess.Popen(command_line, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    proc = subprocess.Popen("python /opt/sqlmap/sqlmap.py --update", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    proc.wait()
 
+    proc = subprocess.Popen("python /opt/sqlmap/sqlmap.py --live-test", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     proc.wait()
     stdout, stderr = proc.communicate()
 
diff --git a/lib/controller/action.py b/lib/controller/action.py
@@ -12,6 +12,7 @@
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
+from lib.core.enums import API_CONTENT_TYPE
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapUnsupportedDBMSException
 from lib.core.settings import SUPPORTED_DBMS
@@ -77,7 +78,7 @@ def action():
     if conf.getPasswordHashes:
         try:
             conf.dumper.userSettings("database management system users password hashes",
-                                    conf.dbmsHandler.getPasswordHashes(), "password hash")
+                                    conf.dbmsHandler.getPasswordHashes(), "password hash", API_CONTENT_TYPE.PASSWORDS)
         except SqlmapNoneDataException, ex:
             logger.critical(ex)
         except:
@@ -86,7 +87,7 @@ def action():
     if conf.getPrivileges:
         try:
             conf.dumper.userSettings("database management system users privileges",
-                                    conf.dbmsHandler.getPrivileges(), "privilege")
+                                    conf.dbmsHandler.getPrivileges(), "privilege", API_CONTENT_TYPE.PRIVILEGES)
         except SqlmapNoneDataException, ex:
             logger.critical(ex)
         except:
@@ -95,7 +96,7 @@ def action():
     if conf.getRoles:
         try:
             conf.dumper.userSettings("database management system users roles",
-                                    conf.dbmsHandler.getRoles(), "role")
+                                    conf.dbmsHandler.getRoles(), "role", API_CONTENT_TYPE.ROLES)
         except SqlmapNoneDataException, ex:
             logger.critical(ex)
         except:
@@ -111,10 +112,10 @@ def action():
         conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
 
     if conf.getSchema:
-        conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema())
+        conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), API_CONTENT_TYPE.SCHEMA)
 
     if conf.getColumns:
-        conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
+        conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), API_CONTENT_TYPE.COLUMNS)
 
     if conf.getCount:
         conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -36,6 +36,7 @@
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.enums import API_CONTENT_TYPE
 from lib.core.enums import HASHDB_KEYS
 from lib.core.enums import HEURISTIC_TEST
 from lib.core.enums import HTTPMETHOD
@@ -151,9 +152,11 @@ def _showInjections():
     header = "sqlmap identified the following injection points with "
     header += "a total of %d HTTP(s) requests" % kb.testQueryCount
 
-    data = "".join(set(map(lambda x: _formatInjection(x), kb.injections))).rstrip("\n")
-
-    conf.dumper.string(header, data)
+    if hasattr(conf, "api"):
+        conf.dumper.string("", kb.injections, content_type=API_CONTENT_TYPE.TECHNIQUES)
+    else:
+        data = "".join(set(map(lambda x: _formatInjection(x), kb.injections))).rstrip("\n")
+        conf.dumper.string(header, data)
 
     if conf.tamper:
         warnMsg = "changes made by tampering scripts are not "
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -760,7 +760,8 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
                 message = data
 
             if hasattr(conf, "api"):
-                sys.stdout.write(message, status=status, content_type=content_type)
+                if content_type and status:
+                    sys.stdout.write(message, status, content_type)
             else:
                 sys.stdout.write(setColor(message, bold))
 
@@ -772,7 +773,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
             if kb.get("multiThreadMode"):
                 logging._releaseLock()
 
-            kb.prependFlag = len(data) == 1 and data not in ('\n', '\r') or len(data) > 2 and data[0] == '\r' and data[-1] != '\n'
+            kb.prependFlag = isinstance(data, basestring) and (len(data) == 1 and data not in ('\n', '\r') or len(data) > 2 and data[0] == '\r' and data[-1] != '\n')
 
 def dataToTrafficFile(data):
     if not conf.trafficFile:
diff --git a/lib/core/dump.py b/lib/core/dump.py
@@ -46,7 +46,6 @@ class Dump(object):
     """
     This class defines methods used to parse and output the results
     of SQL injection actions
-
     """
 
     def __init__(self):
@@ -85,8 +84,8 @@ def setOutputFile(self):
     def getOutputFile(self):
         return self._outputFile
 
-    def singleString(self, data):
-        self._write(data)
+    def singleString(self, data, content_type=None):
+        self._write(data, content_type=content_type)
 
     def string(self, header, data, content_type=None, sort=True):
         kb.stickyLevel = None
@@ -161,16 +160,20 @@ def users(self, users):
     def userSettings(self, header, userSettings, subHeader, content_type=None):
         self._areAdmins = set()
 
-        if userSettings:
-            self._write("%s:" % header)
-
         if isinstance(userSettings, (tuple, list, set)):
             self._areAdmins = userSettings[1]
             userSettings = userSettings[0]
 
         users = userSettings.keys()
         users.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
 
+        if hasattr(conf, "api"):
+            self._write(userSettings, content_type=content_type)
+            return
+
+        if userSettings:
+            self._write("%s:" % header)
+
         for user in users:
             settings = userSettings[user]
 
@@ -196,8 +199,12 @@ def userSettings(self, header, userSettings, subHeader, content_type=None):
     def dbs(self, dbs):
         self.lister("available databases", dbs, content_type=API_CONTENT_TYPE.DBS)
 
-    def dbTables(self, dbTables, content_type=API_CONTENT_TYPE.TABLES):
+    def dbTables(self, dbTables):
         if isinstance(dbTables, dict) and len(dbTables) > 0:
+            if hasattr(conf, "api"):
+                self._write(dbTables, content_type=API_CONTENT_TYPE.TABLES)
+                return
+
             maxlength = 0
 
             for tables in dbTables.values():
@@ -230,12 +237,16 @@ def dbTables(self, dbTables, content_type=API_CONTENT_TYPE.TABLES):
 
                 self._write("+%s+\n" % lines)
         elif dbTables is None or len(dbTables) == 0:
-            self.singleString("No tables found")
+            self.singleString("No tables found", content_type=API_CONTENT_TYPE.TABLES)
         else:
-            self.string("tables", dbTables)
+            self.string("tables", dbTables, content_type=API_CONTENT_TYPE.TABLES)
 
-    def dbTableColumns(self, tableColumns, content_type=API_CONTENT_TYPE.COLUMNS):
+    def dbTableColumns(self, tableColumns, content_type=None):
         if isinstance(tableColumns, dict) and len(tableColumns) > 0:
+            if hasattr(conf, "api"):
+                self._write(tableColumns, content_type=content_type)
+                return
+
             for db, tables in tableColumns.items():
                 if not db:
                     db = "All"
@@ -301,8 +312,12 @@ def dbTableColumns(self, tableColumns, content_type=API_CONTENT_TYPE.COLUMNS):
                     else:
                         self._write("+%s+\n" % lines1)
 
-    def dbTablesCount(self, dbTables, content_type=API_CONTENT_TYPE.COUNT):
+    def dbTablesCount(self, dbTables):
         if isinstance(dbTables, dict) and len(dbTables) > 0:
+            if hasattr(conf, "api"):
+                self._write(dbTables, content_type=API_CONTENT_TYPE.COUNT)
+                return
+
             maxlength1 = len("Table")
             maxlength2 = len("Entries")
 
@@ -343,7 +358,7 @@ def dbTablesCount(self, dbTables, content_type=API_CONTENT_TYPE.COUNT):
         else:
             logger.error("unable to retrieve the number of entries for any table")
 
-    def dbTableValues(self, tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE):
+    def dbTableValues(self, tableValues):
         replication = None
         rtable = None
         dumpFP = None
@@ -356,6 +371,10 @@ def dbTableValues(self, tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE):
             db = "All"
         table = tableValues["__infos__"]["table"]
 
+        if hasattr(conf, "api"):
+            self._write(tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE)
+            return
+
         if conf.dumpFormat == DUMP_FORMAT.SQLITE:
             replication = Replication("%s%s%s.sqlite3" % (conf.dumpPath, os.sep, unsafeSQLIdentificatorNaming(db)))
         elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):
@@ -549,7 +568,11 @@ def dbTableValues(self, tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE):
             dumpFP.close()
             logger.info("table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName))
 
-    def dbColumns(self, dbColumnsDict, colConsider, dbs, content_type=API_CONTENT_TYPE.COLUMNS):
+    def dbColumns(self, dbColumnsDict, colConsider, dbs):
+        if hasattr(conf, "api"):
+            self._write(dbColumnsDict, content_type=API_CONTENT_TYPE.COLUMNS)
+            return
+
         for column in dbColumnsDict.keys():
             if colConsider == "1":
                 colConsiderStr = "s like '" + column + "' were"
diff --git a/lib/core/enums.py b/lib/core/enums.py
@@ -246,29 +246,30 @@ class WEB_API:
 
 class API_CONTENT_TYPE:
     TECHNIQUES = 0
-    BANNER = 1
-    CURRENT_USER = 2
-    CURRENT_DB = 3
-    HOSTNAME = 4
-    IS_DBA = 5
-    USERS = 6
-    PASSWORDS = 7
-    PRIVILEGES = 8
-    ROLES = 9
-    DBS = 10
-    TABLES = 11
-    COLUMNS = 12
-    SCHEMA = 13
-    COUNT = 14
-    DUMP_TABLE = 15
-    SEARCH = 16
-    SQL_QUERY = 17
-    COMMON_TABLES = 18
-    COMMON_COLUMNS = 19
-    FILE_READ = 20
-    FILE_WRITE = 21
-    OS_CMD = 22
-    REG_READ = 23
+    DBMS_FINGERPRINT = 1
+    BANNER = 2
+    CURRENT_USER = 3
+    CURRENT_DB = 4
+    HOSTNAME = 5
+    IS_DBA = 6
+    USERS = 7
+    PASSWORDS = 8
+    PRIVILEGES = 9
+    ROLES = 10
+    DBS = 11
+    TABLES = 12
+    COLUMNS = 13
+    SCHEMA = 14
+    COUNT = 15
+    DUMP_TABLE = 16
+    SEARCH = 17
+    SQL_QUERY = 18
+    COMMON_TABLES = 19
+    COMMON_COLUMNS = 20
+    FILE_READ = 21
+    FILE_WRITE = 22
+    OS_CMD = 23
+    REG_READ = 24
 
 class API_CONTENT_STATUS:
     IN_PROGRESS = 0
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -136,7 +136,6 @@
 from lib.request.rangehandler import HTTPRangeHandler
 from lib.request.redirecthandler import SmartRedirectHandler
 from lib.request.templates import getPageTemplate
-from lib.utils.api import setRestAPILog
 from lib.utils.crawler import crawl
 from lib.utils.deps import checkDependencies
 from lib.utils.google import Google
@@ -2052,21 +2051,22 @@ def _resolveCrossReferences():
     lib.core.common.getPageTemplate = getPageTemplate
     lib.core.convert.singleTimeWarnMessage = singleTimeWarnMessage
 
-def init(inputOptions=AttribDict(), overrideOptions=False):
-    """
-    Set attributes into both configuration and knowledge base singletons
-    based upon command line and configuration file options.
-    """
-
+def initOptions(inputOptions=AttribDict(), overrideOptions=False):
     if not inputOptions.disableColoring:
         coloramainit()
 
     _setConfAttributes()
     _setKnowledgeBaseAttributes()
     _mergeOptions(inputOptions, overrideOptions)
+
+def init():
+    """
+    Set attributes into both configuration and knowledge base singletons
+    based upon command line and configuration file options.
+    """
+
     _useWizardInterface()
     setVerbosity()
-    setRestAPILog()
     _saveCmdline()
     _setRequestFromFile()
     _cleanupOptions()
diff --git a/lib/core/testing.py b/lib/core/testing.py
@@ -29,6 +29,7 @@
 from lib.core.exception import SqlmapNotVulnerableException
 from lib.core.log import LOGGER_HANDLER
 from lib.core.option import init
+from lib.core.option import initOptions
 from lib.core.optiondict import optDict
 from lib.core.settings import UNICODE_ENCODING
 from lib.parse.cmdline import cmdLineParser
@@ -243,7 +244,8 @@ def initCase(switches=None):
             if key in cmdLineOptions.__dict__:
                 cmdLineOptions.__dict__[key] = value
 
-    init(cmdLineOptions, True)
+    initOptions(cmdLineOptions, True)
+    init()
 
 def cleanCase():
     shutil.rmtree(paths.SQLMAP_OUTPUT_PATH, True)
diff --git a/lib/utils/api.py b/lib/utils/api.py
