Download a certain file from the file system
(taskid, target, filename)
| 649 | # Function to handle files inside the output directory |
| 650 | @get("/download/<taskid>/<target>/<filename:path>") |
| 651 | def download(taskid, target, filename): |
| 652 | """ |
| 653 | Download a certain file from the file system |
| 654 | """ |
| 655 | |
| 656 | if taskid not in DataStore.tasks: |
| 657 | logger.warning("[%s] Invalid task ID provided to download()" % taskid) |
| 658 | return jsonize({"success": False, "message": "Invalid task ID"}) |
| 659 | |
| 660 | path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename)) |
| 661 | # Prevent file path traversal |
| 662 | if not path.startswith(paths.SQLMAP_OUTPUT_PATH): |
| 663 | logger.warning("[%s] Forbidden path (%s)" % (taskid, target)) |
| 664 | return jsonize({"success": False, "message": "Forbidden path"}) |
| 665 | |
| 666 | if os.path.isfile(path): |
| 667 | logger.debug("(%s) Retrieved content of file %s" % (taskid, target)) |
| 668 | content = openFile(path, "rb").read() |
| 669 | return jsonize({"success": True, "file": encodeBase64(content, binary=False)}) |
| 670 | else: |
| 671 | logger.warning("[%s] File does not exist %s" % (taskid, target)) |
| 672 | return jsonize({"success": False, "message": "File does not exist"}) |
| 673 | |
| 674 | @get("/version") |
| 675 | def version(token=None): |
nothing calls this directly
no test coverage detected
searching dependent graphs…