Some more updates regarding #3140

stamparm · stamparm · commit f2af8861f929 · 2018-11-15T17:13:13.000+01:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.11.8"
+VERSION = "1.2.11.9"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/utils/api.py b/lib/utils/api.py
@@ -437,25 +437,30 @@ def option_list(taskid):
 @post("/option/<taskid>/get")
 def option_get(taskid):
     """
-    Get the value of an option (command line switch) for a certain task ID
+    Get value of option(s) for a certain task ID
     """
     if taskid not in DataStore.tasks:
         logger.warning("[%s] Invalid task ID provided to option_get()" % taskid)
         return jsonize({"success": False, "message": "Invalid task ID"})
 
-    option = request.json.get("option", "")
+    options = request.json or []
+    results = {}
 
-    if option in DataStore.tasks[taskid].options:
-        logger.debug("[%s] Retrieved value for option %s" % (taskid, option))
-        return jsonize({"success": True, option: DataStore.tasks[taskid].get_option(option)})
-    else:
-        logger.debug("[%s] Requested value for unknown option %s" % (taskid, option))
-        return jsonize({"success": False, "message": "Unknown option", option: "not set"})
+    for option in options:
+        if option in DataStore.tasks[taskid].options:
+            results[option] = DataStore.tasks[taskid].options[option]
+        else:
+            logger.debug("[%s] Requested value for unknown option '%s'" % (taskid, option))
+            return jsonize({"success": False, "message": "Unknown option '%s'" % option})
+
+    logger.debug("[%s] Retrieved values for option(s) '%s'" % (taskid, ",".join(options)))
+
+    return jsonize({"success": True, "options": results})
 
 @post("/option/<taskid>/set")
 def option_set(taskid):
     """
-    Set an option (command line switch) for a certain task ID
+    Set value of option(s) for a certain task ID
     """
 
     if taskid not in DataStore.tasks:
@@ -775,11 +780,11 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non
                 logger.error("No task ID in use")
                 continue
             try:
-                command, option = command.split(" ")
+                command, option = command.split(" ", 1)
             except ValueError:
                 raw = _client("%s/option/%s/list" % (addr, taskid))
             else:
-                options = {"option": option}
+                options = re.split(r"\s*,\s*", option.strip())
                 raw = _client("%s/option/%s/get" % (addr, taskid), options)
             res = dejsonize(raw)
             if not res["success"]:
diff --git a/swagger.yaml b/swagger.yaml
@@ -1,8 +1,9 @@
+# Note: written with Swagger Editor (https://editor.swagger.io/)
 swagger: "2.0"
 info:
   description: ""
   version: "1.2"
-  title: "sqlmap API (REST-JSON)"
+  title: "sqlmap API"
   contact:
     email: "dev@sqlmap.org"
   license:
@@ -183,6 +184,277 @@ paths:
               success:
                 type: boolean
                 enum: [true]
+  /option/{taskid}/list:
+    get:
+      tags:
+      - "option"
+      summary: "List task options"
+      description: ""
+      operationId: "optionList"
+      produces:
+      - "application/json"
+      parameters:
+      - name: "taskid"
+        in: "path"
+        description: "ID of an existing task to list it's options"
+        required: true
+        type: "string"
+      responses:
+        200:
+          description: "Task options successfully listed"
+          schema:
+            type: object
+            properties:
+              success:
+                type: boolean
+                enum: [true]
+              options:
+                type: object
+                additionalProperties:
+                  type: string
+                example:
+                  crawlDepth: null 
+                  osShell: false 
+                  getUsers: false 
+                  getPasswordHashes: false 
+                  excludeSysDbs: false 
+                  ignoreTimeouts: false 
+                  regData: null 
+                  fileDest: null 
+                  prefix: null 
+                  code: null 
+                  googlePage: 1 
+                  skip: null 
+                  query: null 
+                  randomAgent: false 
+                  osPwn: false 
+                  authType: null 
+                  safeUrl: null 
+                  requestFile: null 
+                  predictOutput: false 
+                  wizard: false 
+                  stopFail: false 
+                  forms: false 
+                  uChar: null 
+                  secondReq: null 
+                  taskid: d977b0e5f091370e 
+                  pivotColumn: null 
+                  dropSetCookie: false 
+                  smart: false 
+                  paramExclude: null 
+                  risk: 1 
+                  sqlFile: null 
+                  rParam: null 
+                  getCurrentUser: false 
+                  notString: null 
+                  getRoles: false 
+                  getPrivileges: false 
+                  testParameter: null 
+                  tbl: null 
+                  charset: null 
+                  trafficFile: null 
+                  osSmb: false 
+                  level: 1 
+                  dnsDomain: null 
+                  outputDir: null 
+                  encoding: null 
+                  skipWaf: false 
+                  timeout: 30 
+                  firstChar: null 
+                  torPort: null 
+                  getComments: false 
+                  binaryFields: null 
+                  checkTor: false 
+                  commonTables: false 
+                  direct: null 
+                  tmpPath: null 
+                  titles: false 
+                  getSchema: false 
+                  identifyWaf: false 
+                  paramDel: null 
+                  safeReqFile: null 
+                  regKey: null 
+                  murphyRate: null 
+                  limitStart: null 
+                  crawlExclude: null 
+                  flushSession: false 
+                  loadCookies: null 
+                  csvDel:  
+                  offline: false 
+                  method: null 
+                  tmpDir: null 
+                  fileWrite: null 
+                  disablePrecon: false 
+                  osBof: false 
+                  testSkip: null 
+                  invalidLogical: false 
+                  getCurrentDb: false 
+                  hexConvert: false 
+                  proxyFile: null 
+                  answers: null 
+                  host: null 
+                  dependencies: false 
+                  cookie: null 
+                  proxy: null 
+                  regType: null 
+                  optimize: false 
+                  limitStop: null 
+                  search: false 
+                  uFrom: null 
+                  noCast: false 
+                  testFilter: null 
+                  ignoreCode: null 
+                  eta: false 
+                  csrfToken: null 
+                  threads: 1 
+                  logFile: null 
+                  os: null 
+                  col: null 
+                  skipStatic: false 
+                  proxyCred: null 
+                  verbose: 1 
+                  isDba: false 
+                  updateAll: false 
+                  privEsc: false 
+                  forceDns: false 
+                  getAll: false 
+                  api: true 
+                  url: http://www.test.com/index.php?id=1 
+                  invalidBignum: false 
+                  regexp: null 
+                  getDbs: false 
+                  freshQueries: false 
+                  uCols: null 
+                  smokeTest: false 
+                  udfInject: false 
+                  invalidString: false 
+                  tor: false 
+                  forceSSL: false 
+                  beep: false 
+                  noEscape: false 
+                  configFile: null 
+                  scope: null 
+                  authFile: null 
+                  torType: SOCKS5 
+                  regVal: null 
+                  dummy: false 
+                  checkInternet: false 
+                  safePost: null 
+                  safeFreq: null 
+                  skipUrlEncode: false 
+                  referer: null 
+                  liveTest: false 
+                  retries: 3 
+                  extensiveFp: false 
+                  dumpTable: false 
+                  getColumns: false 
+                  batch: true 
+                  purge: false 
+                  headers: null 
+                  authCred: null 
+                  osCmd: null 
+                  suffix: null 
+                  dbmsCred: null 
+                  regDel: false 
+                  shLib: null 
+                  sitemapUrl: null 
+                  timeSec: 5 
+                  msfPath: null 
+                  dumpAll: false 
+                  fileRead: null 
+                  getHostname: false 
+                  sessionFile: null 
+                  disableColoring: true 
+                  getTables: false 
+                  listTampers: false 
+                  agent: null 
+                  webRoot: null 
+                  exclude: null 
+                  lastChar: null 
+                  string: null 
+                  dbms: null 
+                  dumpWhere: null 
+                  tamper: null 
+                  ignoreRedirects: false 
+                  hpp: false 
+                  runCase: null 
+                  delay: 0 
+                  evalCode: null 
+                  cleanup: false 
+                  csrfUrl: null 
+                  secondUrl: null 
+                  getBanner: true 
+                  profile: false 
+                  regRead: false 
+                  bulkFile: null 
+                  db: null 
+                  dumpFormat: CSV 
+                  alert: null 
+                  harFile: null 
+                  nullConnection: false 
+                  user: null 
+                  parseErrors: false 
+                  getCount: false 
+                  data: null 
+                  regAdd: false 
+                  ignoreProxy: false 
+                  database: /tmp/sqlmapipc-jGw6ZY 
+                  mobile: false 
+                  googleDork: null 
+                  saveConfig: null 
+                  sqlShell: false 
+                  tech: BEUSTQ 
+                  textOnly: false 
+                  cookieDel: null 
+                  commonColumns: false 
+                  keepAlive: false
+  /option/{taskid}/get:
+    post:
+      tags:
+      - "option"
+      summary: "Get task option value(s)"
+      description: ""
+      operationId: "optionGet"
+      consumes:
+      - "application/json"
+      produces:
+      - "application/json"
+      parameters:
+      - name: "taskid"
+        in: "path"
+        description: "ID of an existing task"
+        required: true
+        type: "string"
+      - in: body
+        name: options
+        description: ""
+        schema:
+          type: array
+          items:
+            type: string
+          example: ["url", "timeout"]
+      responses:
+        200:
+          description: "Task option value successfully retrieved"
+          schema:
+            type: object
+            properties:
+              success:
+                type: boolean
+              options:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    name:
+                      type: string
+                    value:
+                      type: string
+            example:
+              - success: true
+                options:
+                  url: http://www.test.com/index.php?id=1
+                  timeout: 30
 externalDocs:
   description: "Find out more about sqlmap API (REST-JSON)"
   url: "https://github.com/sqlmapproject/sqlmap/wiki/Usage#api-rest-json"
diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-f6c316b9de14838f5a70072e514c5974  lib/core/settings.py
+b7d7300f745050d9a29bcf30a1ddcc5e  lib/core/settings.py
 a971ce157d04de96ba6e710d3d38a9a8  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 721198b5be72c8015a02acb116532a1f  lib/core/target.py
@@ -101,7 +101,7 @@ db208ab47de010836c6bf044e2357861  lib/techniques/blind/inference.py
 1e5532ede194ac9c083891c2f02bca93  lib/techniques/union/__init__.py
 f7813cdee00df8f98d6f811475e520a1  lib/techniques/union/test.py
 7361338240ecd9d01d1d10ec76bce069  lib/techniques/union/use.py
-dfea8e2ca23c5160b2f57732d8d49023  lib/utils/api.py
+038ec99105c59acc2b1c6cb90e9e4043  lib/utils/api.py
 37dfb641358669f62c2acedff241348b  lib/utils/brute.py
 31b1e7eb489eac837db6a2bc1dcb7da7  lib/utils/crawler.py
 f9867bbfcd6d31916ca73e72e95fd881  lib/utils/deps.py
