MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / download

Function download

lib/utils/api.py:651–672  ·  view source on GitHub ↗

Download a certain file from the file system

(taskid, target, filename)

Source from the content-addressed store, hash-verified

649# Function to handle files inside the output directory
650@get("/download/<taskid>/<target>/<filename:path>")
651def download(taskid, target, filename):
652 """
653 Download a certain file from the file system
654 """
655
656 if taskid not in DataStore.tasks:
657 logger.warning("[%s] Invalid task ID provided to download()" % taskid)
658 return jsonize({"success": False, "message": "Invalid task ID"})
659
660 path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename))
661 # Prevent file path traversal
662 if not path.startswith(paths.SQLMAP_OUTPUT_PATH):
663 logger.warning("[%s] Forbidden path (%s)" % (taskid, target))
664 return jsonize({"success": False, "message": "Forbidden path"})
665
666 if os.path.isfile(path):
667 logger.debug("(%s) Retrieved content of file %s" % (taskid, target))
668 content = openFile(path, "rb").read()
669 return jsonize({"success": True, "file": encodeBase64(content, binary=False)})
670 else:
671 logger.warning("[%s] File does not exist %s" % (taskid, target))
672 return jsonize({"success": False, "message": "File does not exist"})
673
674@get("/version")
675def version(token=None):

Callers

nothing calls this directly

Calls 5

jsonizeFunction · 0.90
openFileFunction · 0.90
encodeBase64Function · 0.90
debugMethod · 0.80
readMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…