Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a104de0

Browse files
stamparmstamparm
committed
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2 parents 7e73825 + 0854950 commit a104de0

11 files changed

Lines changed: 361 additions & 193 deletions

File tree

_sqlmap.py

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
from lib.core.testing import smokeTest
3737
from lib.core.testing import liveTest
3838
from lib.parse.cmdline import cmdLineParser
39+
from lib.utils.api import StdDbOut
3940

4041
def modulePath():
4142
"""
@@ -53,16 +54,22 @@ def main():
5354
try:
5455
paths.SQLMAP_ROOT_PATH = modulePath()
5556
setPaths()
56-
banner()
57-
58-
dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
59-
dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True)
6057

6158
# Store original command line options for possible later restoration
6259
cmdLineOptions.update(cmdLineParser().__dict__)
63-
6460
init(cmdLineOptions)
6561

62+
if hasattr(conf, "api"):
63+
# Overwrite system standard output and standard error to write
64+
# to an IPC database
65+
sys.stdout = StdDbOut(conf.taskid, messagetype="stdout")
66+
sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
67+
68+
banner()
69+
70+
dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
71+
dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True)
72+
6673
if conf.profile:
6774
profile()
6875
elif conf.smokeTest:
@@ -115,6 +122,13 @@ def main():
115122
except KeyboardInterrupt:
116123
pass
117124

125+
if hasattr(conf, "api"):
126+
try:
127+
conf.database_cursor.close()
128+
conf.database_connection.close()
129+
except KeyboardInterrupt:
130+
pass
131+
118132
# Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program
119133
if conf.get("threads", 0) > 1 or conf.get("dnsServer"):
120134
os._exit(0)

extra/shutils/regressiontest.py

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,17 +4,19 @@
44
# See the file 'doc/COPYING' for copying permission
55

66
import codecs
7+
import inspect
78
import os
89
import re
910
import smtplib
1011
import subprocess
1112
import sys
1213
import time
14+
import traceback
1315

1416
from email.mime.multipart import MIMEMultipart
1517
from email.mime.text import MIMEText
1618

17-
sys.path.append("../../")
19+
sys.path.append(os.path.normpath("%s/../../" % os.path.dirname(inspect.getfile(inspect.currentframe()))))
1820

1921
from lib.core.revision import getRevisionNumber
2022

@@ -64,7 +66,7 @@ def main():
6466
test_counts = []
6567
attachments = {}
6668

67-
command_line = "cd %s && python sqlmap.py --live-test" % SQLMAP_HOME
69+
command_line = "python /opt/sqlmap/sqlmap.py --live-test"
6870
proc = subprocess.Popen(command_line, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
6971

7072
proc.wait()
@@ -138,4 +140,13 @@ def main():
138140
send_email(msg)
139141

140142
if __name__ == "__main__":
141-
main()
143+
log_fd = open("/tmp/sqlmapregressiontest.log", "wb")
144+
log_fd.write("Regression test started at %s\n" % TIME)
145+
146+
try:
147+
main()
148+
except Exception, e:
149+
log_fd.write("An exception has occurred:\n%s" % str(traceback.format_exc()))
150+
151+
log_fd.write("Regression test finished at %s\n\n" % TIME)
152+
log_fd.close()

extra/shutils/regressiontest_cronjob.sh

Lines changed: 0 additions & 27 deletions
This file was deleted.

lib/core/common.py

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -742,7 +742,7 @@ def setColor(message, bold=False):
742742

743743
return retVal
744744

745-
def dataToStdout(data, forceOutput=False, bold=False):
745+
def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=None):
746746
"""
747747
Writes text to the stdout (console) stream
748748
"""
@@ -754,8 +754,15 @@ def dataToStdout(data, forceOutput=False, bold=False):
754754
if kb.get("multiThreadMode"):
755755
logging._acquireLock()
756756

757-
message = stdoutencode(data)
758-
sys.stdout.write(setColor(message, bold))
757+
if isinstance(data, basestring):
758+
message = stdoutencode(data)
759+
else:
760+
message = data
761+
762+
if hasattr(conf, "api"):
763+
sys.stdout.write(message, status=status, content_type=content_type)
764+
else:
765+
sys.stdout.write(setColor(message, bold))
759766

760767
try:
761768
sys.stdout.flush()

lib/core/convert.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,3 +104,6 @@ def stdoutencode(data):
104104

105105
def jsonize(data):
106106
return json.dumps(data, sort_keys=False, indent=4)
107+
108+
def dejsonize(data):
109+
return json.loads(data)

lib/core/dump.py

Lines changed: 42 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@
2626
from lib.core.data import kb
2727
from lib.core.data import logger
2828
from lib.core.dicts import DUMP_REPLACEMENTS
29+
from lib.core.enums import API_CONTENT_STATUS
30+
from lib.core.enums import API_CONTENT_TYPE
2931
from lib.core.enums import DBMS
3032
from lib.core.enums import DUMP_FORMAT
3133
from lib.core.exception import SqlmapGenericException
@@ -52,8 +54,13 @@ def __init__(self):
5254
self._outputFP = None
5355
self._lock = threading.Lock()
5456

55-
def _write(self, data, newline=True, console=True):
57+
def _write(self, data, newline=True, console=True, content_type=None):
58+
if hasattr(conf, "api"):
59+
dataToStdout(data, content_type=content_type, status=API_CONTENT_STATUS.COMPLETE)
60+
return
61+
5662
text = "%s%s" % (data, "\n" if newline else " ")
63+
5764
if console:
5865
dataToStdout(text)
5966

@@ -81,7 +88,7 @@ def getOutputFile(self):
8188
def singleString(self, data):
8289
self._write(data)
8390

84-
def string(self, header, data, sort=True):
91+
def string(self, header, data, content_type=None, sort=True):
8592
kb.stickyLevel = None
8693

8794
if isListLike(data):
@@ -92,25 +99,33 @@ def string(self, header, data, sort=True):
9299
if _ and _[-1] == '\n':
93100
_ = _[:-1]
94101

95-
if "\n" in _:
102+
if hasattr(conf, "api"):
103+
self._write(data, content_type=content_type)
104+
elif "\n" in _:
96105
self._write("%s:\n---\n%s\n---" % (header, _))
97106
else:
98107
self._write("%s: %s" % (header, ("'%s'" % _) if isinstance(data, basestring) else _))
108+
elif hasattr(conf, "api"):
109+
self._write(data, content_type=content_type)
99110
else:
100111
self._write("%s:\tNone" % header)
101112

102-
def lister(self, header, elements, sort=True):
103-
if elements:
104-
self._write("%s [%d]:" % (header, len(elements)))
105-
106-
if sort:
113+
def lister(self, header, elements, content_type=None, sort=True):
114+
if elements and sort:
107115
try:
108116
elements = set(elements)
109117
elements = list(elements)
110118
elements.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
111119
except:
112120
pass
113121

122+
if hasattr(conf, "api"):
123+
self._write(elements, content_type=content_type)
124+
return
125+
126+
if elements:
127+
self._write("%s [%d]:" % (header, len(elements)))
128+
114129
for element in elements:
115130
if isinstance(element, basestring):
116131
self._write("[*] %s" % element)
@@ -121,29 +136,29 @@ def lister(self, header, elements, sort=True):
121136
self._write("")
122137

123138
def banner(self, data):
124-
self.string("banner", data)
139+
self.string("banner", data, content_type=API_CONTENT_TYPE.BANNER)
125140

126141
def currentUser(self, data):
127-
self.string("current user", data)
142+
self.string("current user", data, content_type=API_CONTENT_TYPE.CURRENT_USER)
128143

129144
def currentDb(self, data):
130145
if Backend.isDbms(DBMS.MAXDB):
131-
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data)
146+
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=API_CONTENT_TYPE.CURRENT_DB)
132147
elif Backend.isDbms(DBMS.ORACLE):
133-
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data)
148+
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=API_CONTENT_TYPE.CURRENT_DB)
134149
else:
135-
self.string("current database", data)
150+
self.string("current database", data, content_type=API_CONTENT_TYPE.CURRENT_DB)
136151

137152
def hostname(self, data):
138-
self.string("hostname", data)
153+
self.string("hostname", data, content_type=API_CONTENT_TYPE.HOSTNAME)
139154

140155
def dba(self, data):
141-
self.string("current user is DBA", data)
156+
self.string("current user is DBA", data, content_type=API_CONTENT_TYPE.IS_DBA)
142157

143158
def users(self, users):
144-
self.lister("database management system users", users)
159+
self.lister("database management system users", users, content_type=API_CONTENT_TYPE.USERS)
145160

146-
def userSettings(self, header, userSettings, subHeader):
161+
def userSettings(self, header, userSettings, subHeader, content_type=None):
147162
self._areAdmins = set()
148163

149164
if userSettings:
@@ -179,9 +194,9 @@ def userSettings(self, header, userSettings, subHeader):
179194
self.singleString("")
180195

181196
def dbs(self, dbs):
182-
self.lister("available databases", dbs)
197+
self.lister("available databases", dbs, content_type=API_CONTENT_TYPE.DBS)
183198

184-
def dbTables(self, dbTables):
199+
def dbTables(self, dbTables, content_type=API_CONTENT_TYPE.TABLES):
185200
if isinstance(dbTables, dict) and len(dbTables) > 0:
186201
maxlength = 0
187202

@@ -219,7 +234,7 @@ def dbTables(self, dbTables):
219234
else:
220235
self.string("tables", dbTables)
221236

222-
def dbTableColumns(self, tableColumns):
237+
def dbTableColumns(self, tableColumns, content_type=API_CONTENT_TYPE.COLUMNS):
223238
if isinstance(tableColumns, dict) and len(tableColumns) > 0:
224239
for db, tables in tableColumns.items():
225240
if not db:
@@ -286,7 +301,7 @@ def dbTableColumns(self, tableColumns):
286301
else:
287302
self._write("+%s+\n" % lines1)
288303

289-
def dbTablesCount(self, dbTables):
304+
def dbTablesCount(self, dbTables, content_type=API_CONTENT_TYPE.COUNT):
290305
if isinstance(dbTables, dict) and len(dbTables) > 0:
291306
maxlength1 = len("Table")
292307
maxlength2 = len("Entries")
@@ -328,7 +343,7 @@ def dbTablesCount(self, dbTables):
328343
else:
329344
logger.error("unable to retrieve the number of entries for any table")
330345

331-
def dbTableValues(self, tableValues):
346+
def dbTableValues(self, tableValues, content_type=API_CONTENT_TYPE.DUMP_TABLE):
332347
replication = None
333348
rtable = None
334349
dumpFP = None
@@ -534,7 +549,7 @@ def dbTableValues(self, tableValues):
534549
dumpFP.close()
535550
logger.info("table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName))
536551

537-
def dbColumns(self, dbColumnsDict, colConsider, dbs):
552+
def dbColumns(self, dbColumnsDict, colConsider, dbs, content_type=API_CONTENT_TYPE.COLUMNS):
538553
for column in dbColumnsDict.keys():
539554
if colConsider == "1":
540555
colConsiderStr = "s like '" + column + "' were"
@@ -565,13 +580,13 @@ def dbColumns(self, dbColumnsDict, colConsider, dbs):
565580
self.dbTableColumns(_)
566581

567582
def query(self, query, queryRes):
568-
self.string(query, queryRes)
583+
self.string(query, queryRes, content_type=API_CONTENT_TYPE.SQL_QUERY)
569584

570585
def rFile(self, fileData):
571-
self.lister("files saved to", fileData, sort=False)
586+
self.lister("files saved to", fileData, sort=False, content_type=API_CONTENT_TYPE.FILE_READ)
572587

573-
def registerValue(self, registerData):
574-
self.string("Registry key value data", registerData, sort=False)
588+
def registerValue(self):
589+
self.string("Registry key value data", registerData, registerData, content_type=API_CONTENT_TYPE.REG_READ, sort=False)
575590

576591
# object to manage how to print the retrieved queries output to
577592
# standard output and sessions file

lib/core/enums.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,3 +243,33 @@ class WEB_API:
243243
ASP = "asp"
244244
ASPX = "aspx"
245245
JSP = "jsp"
246+
247+
class API_CONTENT_TYPE:
248+
TECHNIQUES = 0
249+
BANNER = 1
250+
CURRENT_USER = 2
251+
CURRENT_DB = 3
252+
HOSTNAME = 4
253+
IS_DBA = 5
254+
USERS = 6
255+
PASSWORDS = 7
256+
PRIVILEGES = 8
257+
ROLES = 9
258+
DBS = 10
259+
TABLES = 11
260+
COLUMNS = 12
261+
SCHEMA = 13
262+
COUNT = 14
263+
DUMP_TABLE = 15
264+
SEARCH = 16
265+
SQL_QUERY = 17
266+
COMMON_TABLES = 18
267+
COMMON_COLUMNS = 19
268+
FILE_READ = 20
269+
FILE_WRITE = 21
270+
OS_CMD = 22
271+
REG_READ = 23
272+
273+
class API_CONTENT_STATUS:
274+
IN_PROGRESS = 0
275+
COMPLETE = 1

0 commit comments

Comments
 (0)