From b477c56b52257a9db4d28c5c610ba5906e263f2e Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Thu, 7 Feb 2013 00:05:26 +0000 Subject: [PATCH] first steps to allow multiple scans on the same taskid - issue #297 --- lib/core/common.py | 32 ++++++++++++++++++++----------- lib/utils/api.py | 31 ++++++++++++++++++------------ plugins/dbms/mysql/fingerprint.py | 4 ++-- 3 files changed, 42 insertions(+), 25 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index c4d93c5cd54..6cc483189ef 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -245,26 +245,36 @@ def getOs(target, info): """ infoStr = "" + infoApi = {} if info and "type" in info: - infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"])) + if hasattr(conf, "api"): + infoApi["%s operating system" % target] = info + else: + infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"])) - if "distrib" in info: - infoStr += " %s" % Format.humanize(info["distrib"]) + if "distrib" in info: + infoStr += " %s" % Format.humanize(info["distrib"]) - if "release" in info: - infoStr += " %s" % Format.humanize(info["release"]) + if "release" in info: + infoStr += " %s" % Format.humanize(info["release"]) - if "sp" in info: - infoStr += " %s" % Format.humanize(info["sp"]) + if "sp" in info: + infoStr += " %s" % Format.humanize(info["sp"]) - if "codename" in info: - infoStr += " (%s)" % Format.humanize(info["codename"]) + if "codename" in info: + infoStr += " (%s)" % Format.humanize(info["codename"]) if "technology" in info: - infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ") + if hasattr(conf, "api"): + infoApi["web application technology"] = Format.humanize(info["technology"], ", ") + else: + infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ") - return infoStr.lstrip() + if hasattr(conf, "api"): + return infoApi + else: + return infoStr.lstrip() class Backend: # Set methods diff --git a/lib/utils/api.py b/lib/utils/api.py index 27bf7eee1c9..e7a0e96f099 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -129,8 +129,9 @@ def get_options(self): return self.options def set_output_directory(self): - self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-") - self.set_option("oDir", self.output_directory) + if not self.output_directory or not os.path.isdir(self.output_directory): + self.output_directory = tempfile.mkdtemp(prefix="sqlmapoutput-") + self.set_option("oDir", self.output_directory) def clean_filesystem(self): shutil.rmtree(self.output_directory) @@ -180,6 +181,8 @@ def __init__(self, taskid, messagetype="stdout"): def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): if self.messagetype == "stdout": + insert = True + if content_type is None: if kb.partRun is not None: content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) @@ -189,28 +192,32 @@ def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): #print >>sys.__stdout__, "value: %s\nstatus: %d\ncontent_type: %d\nkb.partRun: %s\n--------------" % (value, status, content_type, kb.partRun) - output = conf.database_cursor.execute("SELECT id, value FROM data WHERE taskid = ? AND content_type = ?", + output = conf.database_cursor.execute("SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?", (self.taskid, content_type)) # Delete partial output from IPC database if we have got a complete output - if status == CONTENT_STATUS.COMPLETE and len(output) > 0: - for index in xrange(0, len(output)-1): - conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) - + if status == CONTENT_STATUS.COMPLETE: + if len(output) > 0: + for index in xrange(0, len(output)-1): + if output[index][1] == CONTENT_STATUS.COMPLETE: + insert = False + else: + conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) + + if insert: + conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", + (self.taskid, status, content_type, jsonize(value))) if kb.partRun: kb.partRun = None - if status == CONTENT_STATUS.IN_PROGRESS: + elif status == CONTENT_STATUS.IN_PROGRESS: if len(output) == 0: conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: - new_value = "%s%s" % (dejsonize(output[0][1]), value) + new_value = "%s%s" % (dejsonize(output[0][2]), value) conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?", (jsonize(new_value), output[0][0])) - else: - conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", - (self.taskid, status, content_type, jsonize(value))) else: conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else "")) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index f4cdc1a1140..9c86ed697aa 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -91,13 +91,13 @@ def getFingerprint(self): value = "" wsOsFp = Format.getOs("web server", kb.headersFp) - if wsOsFp: + if wsOsFp and not hasattr(conf, "api"): value += "%s\n" % wsOsFp if kb.data.banner: dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) - if dbmsOsFp: + if dbmsOsFp and not hasattr(conf, "api"): value += "%s\n" % dbmsOsFp value += "back-end DBMS: "