diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 14dae93f1..d7b6604d9 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data. 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -78a7197b843f1766159e803ccc5724880bea795ad6bd2e06eddb746db3324129 lib/core/settings.py +82195feebdc5ec2fe764048643061d0769d333f583933d202c99eede64a41e2f lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -490,7 +490,7 @@ cedf45d33461bd7e5400d06611a63c8a4ffae1a4510030c5696b9d46ed6a9883 plugins/generi 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 plugins/__init__.py 5d72f0af46ff3c9e3fe80300e83cb78749132278e8db88915764a94d7130a04c README.md 7ef0d0ea10d4b19283b1e380d521abb0fdd4c6bf1443b88f7b00af7947fc5e27 sqlmapapi.py -5b73370e455ee5d4cfd72db7485223528d3ede2637e74469fac9ba9f8a2b9d13 sqlmapapi.yaml +ca368eb28b653d22adace174fe7925df2dccbae38282c6c4f5c6dd64a8360fb4 sqlmapapi.yaml 627d90f1194335b800cbc9cc78db6697cf9e02e193a83598e0d4d0abb55b63b8 sqlmap.conf 65159b82795604069a2d14ccbd1f66e888a26b05db0401a1ddadb40c665c93dc sqlmap.py eb37a88357522fd7ad00d90cdc5da6b57442b4fec49366aadb2944c4fbf8b804 tamper/0eunion.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 59472dba8..7d6497693 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.79" +VERSION = "1.10.6.80" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmapapi.yaml b/sqlmapapi.yaml index 0fc24e825..54f8778ef 100644 --- a/sqlmapapi.yaml +++ b/sqlmapapi.yaml @@ -232,7 +232,7 @@ paths: parameters: - $ref: "#/components/parameters/TaskId" requestBody: - required: true + required: false content: application/json: schema: @@ -272,13 +272,7 @@ paths: Sets one or more options on a task. Values are persisted in the task option object and are used when the scan is started. - Hardened behavior: options listed in `x-sqlmap-unsupported-options` should be - rejected here with `success: false`, matching `/scan/{taskid}/start`. - x-sqlmap-unsupported-options: - - sqlShell - - wizard - - evalCode - - alert + Unsupported, read-only, and unknown options are rejected with `success: false`. parameters: - $ref: "#/components/parameters/TaskId" requestBody: @@ -315,6 +309,10 @@ paths: value: success: false message: "Unsupported option 'evalCode'" + unknownOption: + value: + success: false + message: "Unknown option 'doesNotExist'" "401": $ref: "#/components/responses/Unauthorized" @@ -327,13 +325,8 @@ paths: Applies the provided options to the task and starts sqlmap in a separate process. The response contains the spawned engine process ID. - Current API behavior rejects options listed in `x-sqlmap-unsupported-options` - when they are supplied in this request body. - x-sqlmap-unsupported-options: - - sqlShell - - wizard - - evalCode - - alert + Unsupported, read-only, and unknown options are rejected with `success: false`. + Starting a scan for an already running task returns `success: false`. parameters: - $ref: "#/components/parameters/TaskId" requestBody: @@ -364,6 +357,14 @@ paths: value: success: false message: "Unsupported option 'evalCode'" + unknownOption: + value: + success: false + message: "Unknown option 'doesNotExist'" + scanAlreadyRunning: + value: + success: false + message: Scan already running invalidJson: value: success: false @@ -647,10 +648,6 @@ components: message: Invalid start or end value, must be digits schemas: - SuccessFlag: - type: boolean - description: Indicates whether the API action succeeded. - ErrorResponse: type: object required: [success, message] @@ -726,7 +723,7 @@ components: OptionValue: description: Value accepted by sqlmap options. The exact type depends on the option. - oneOf: + anyOf: - type: string nullable: true - type: boolean @@ -741,8 +738,8 @@ components: type: object description: | Dynamic object containing sqlmap option names and values. Option names map to - sqlmap's internal option dictionary. Unsupported REST API options should be - rejected by endpoints that accept this object. + sqlmap's internal option dictionary. Unsupported, read-only, and unknown + options are rejected by endpoints that accept this object. additionalProperties: $ref: "#/components/schemas/OptionValue" example: @@ -764,8 +761,7 @@ components: OptionGetRequest: type: array - description: List of option names to return. - minItems: 1 + description: List of option names to return. Empty or missing input returns an empty options object. items: type: string minLength: 1 @@ -826,7 +822,7 @@ components: description: Numeric content type stored by sqlmap. example: 0 value: - oneOf: + anyOf: - type: string nullable: true - type: boolean