Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b477c56

Browse files
bdamelebdamele
committed
first steps to allow multiple scans on the same taskid - issue #297 
1 parent dd6c73e commit b477c56

3 files changed

Lines changed: 42 additions & 25 deletions

File tree

lib/core/common.py

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -245,26 +245,36 @@ def getOs(target, info):
245245
"""
246246

247247
infoStr = ""
248+
infoApi = {}
248249

249250
if info and "type" in info:
250-
infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"]))
251+
if hasattr(conf, "api"):
252+
infoApi["%s operating system" % target] = info
253+
else:
254+
infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"]))
251255

252-
if "distrib" in info:
253-
infoStr += " %s" % Format.humanize(info["distrib"])
256+
if "distrib" in info:
257+
infoStr += " %s" % Format.humanize(info["distrib"])
254258

255-
if "release" in info:
256-
infoStr += " %s" % Format.humanize(info["release"])
259+
if "release" in info:
260+
infoStr += " %s" % Format.humanize(info["release"])
257261

258-
if "sp" in info:
259-
infoStr += " %s" % Format.humanize(info["sp"])
262+
if "sp" in info:
263+
infoStr += " %s" % Format.humanize(info["sp"])
260264

261-
if "codename" in info:
262-
infoStr += " (%s)" % Format.humanize(info["codename"])
265+
if "codename" in info:
266+
infoStr += " (%s)" % Format.humanize(info["codename"])
263267

264268
if "technology" in info:
265-
infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")
269+
if hasattr(conf, "api"):
270+
infoApi["web application technology"] = Format.humanize(info["technology"], ", ")
271+
else:
272+
infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")
266273

267-
return infoStr.lstrip()
274+
if hasattr(conf, "api"):
275+
return infoApi
276+
else:
277+
return infoStr.lstrip()
268278

269279
class Backend:
270280
# Set methods

lib/utils/api.py

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -129,8 +129,9 @@ def get_options(self):
129129
return self.options
130130

131131
def set_output_directory(self):
132-
self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-")
133-
self.set_option("oDir", self.output_directory)
132+
if not self.output_directory or not os.path.isdir(self.output_directory):
133+
self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-")
134+
self.set_option("oDir", self.output_directory)
134135

135136
def clean_filesystem(self):
136137
shutil.rmtree(self.output_directory)
@@ -180,6 +181,8 @@ def __init__(self, taskid, messagetype="stdout"):
180181

181182
def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None):
182183
if self.messagetype == "stdout":
184+
insert = True
185+
183186
if content_type is None:
184187
if kb.partRun is not None:
185188
content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun)
@@ -189,28 +192,32 @@ def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None):
189192

190193
#print >>sys.__stdout__, "value: %s\nstatus: %d\ncontent_type: %d\nkb.partRun: %s\n--------------" % (value, status, content_type, kb.partRun)
191194

192-
output = conf.database_cursor.execute("SELECT id, value FROM data WHERE taskid = ? AND content_type = ?",
195+
output = conf.database_cursor.execute("SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?",
193196
(self.taskid, content_type))
194197

195198
# Delete partial output from IPC database if we have got a complete output
196-
if status == CONTENT_STATUS.COMPLETE and len(output) > 0:
197-
for index in xrange(0, len(output)-1):
198-
conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],))
199-
199+
if status == CONTENT_STATUS.COMPLETE:
200+
if len(output) > 0:
201+
for index in xrange(0, len(output)-1):
202+
if output[index][1] == CONTENT_STATUS.COMPLETE:
203+
insert = False
204+
else:
205+
conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],))
206+
207+
if insert:
208+
conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)",
209+
(self.taskid, status, content_type, jsonize(value)))
200210
if kb.partRun:
201211
kb.partRun = None
202212

203-
if status == CONTENT_STATUS.IN_PROGRESS:
213+
elif status == CONTENT_STATUS.IN_PROGRESS:
204214
if len(output) == 0:
205215
conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)",
206216
(self.taskid, status, content_type, jsonize(value)))
207217
else:
208-
new_value = "%s%s" % (dejsonize(output[0][1]), value)
218+
new_value = "%s%s" % (dejsonize(output[0][2]), value)
209219
conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?",
210220
(jsonize(new_value), output[0][0]))
211-
else:
212-
conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)",
213-
(self.taskid, status, content_type, jsonize(value)))
214221
else:
215222
conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)",
216223
(self.taskid, str(value) if value else ""))

plugins/dbms/mysql/fingerprint.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,13 +91,13 @@ def getFingerprint(self):
9191
value = ""
9292
wsOsFp = Format.getOs("web server", kb.headersFp)
9393

94-
if wsOsFp:
94+
if wsOsFp and not hasattr(conf, "api"):
9595
value += "%s\n" % wsOsFp
9696

9797
if kb.data.banner:
9898
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
9999

100-
if dbmsOsFp:
100+
if dbmsOsFp and not hasattr(conf, "api"):
101101
value += "%s\n" % dbmsOsFp
102102

103103
value += "back-end DBMS: "

0 commit comments

Comments
 (0)