Skip to content

Use swagger as the source for targets #4833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
donnd-t wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Use swagger as the source for targets #4833

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
9a34282
get operations with query parameters
donnd-t Sep 14, 2021
caaf7c4
path injections
donnd-t Sep 15, 2021
f6201da
extra swagger validations
donnd-t Sep 15, 2021
4aeed81
support operations that have a request body
donnd-t Sep 17, 2021
8f13e35
refactor swagger code to separate module
donnd-t Sep 17, 2021
59e8bb9
refactor
donnd-t Sep 17, 2021
f031e00
show warning when example is missing
donnd-t Sep 17, 2021
65187de
show warning when example is missing
donnd-t Sep 17, 2021
1141f21
added support for headers
donnd-t Nov 2, 2021
5ab5f58
support for nested payloads
donnd-t Nov 3, 2021
35cb10f
support for swagger 2.0 metadata
donnd-t Nov 12, 2021
051eb12
support for swagger v2 body specs
donnd-t Nov 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
support for nested payloads
  • Loading branch information
@donnd-t
donnd-t committed Nov 3, 2021
commit 5ab5f5811f2d1ae8c87fb1a82bed891211ee6a3f
30 changes: 21 additions & 9 deletions lib/core/swagger.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
from lib.core.data import logger
from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import SqlmapSkipTargetException
from typing import Dict

class Operation:

Expand Down Expand Up @@ -70,28 +71,39 @@ def headers(self):
hdrs.append((hp["name"], "%s*" %hp["example"]))
return hdrs

def _ref(swagger, refPath):
paths = refPath.replace("#/", "", 1).split('/')
def _obj(swagger, objOrRefPath):
if isinstance(objOrRefPath, Dict):
return objOrRefPath
paths = objOrRefPath.replace("#/", "", 1).split('/')
r = swagger
for p in paths:
r = r[p]
return r

def _example(swagger, refPath):
def _example(swagger, objOrRefPath):
example = {}
ref = _ref(swagger, refPath)
if "type" in ref and ref["type"] == "object" and "properties" in ref:
properties = ref["properties"]
obj = _obj(swagger, objOrRefPath)

if "type" in obj and obj["type"] == "object" and "properties" in obj:
properties = obj["properties"]
for prop in properties:
if "example" in properties[prop]:
value = properties[prop]["example"]
example[prop] = value
if properties[prop]["type"] == "object":
example[prop] = {}
for objectProp in properties[prop]["properties"]:
example[prop][objectProp] = _example(swagger, properties[prop]["properties"][objectProp])
elif "$ref" in properties[prop]:
example[prop] = _example(swagger, properties[prop]["$ref"])
elif properties[prop]["type"] == "array" and "$ref" in properties[prop]["items"]:
example[prop] = [ _example(swagger, properties[prop]["items"]["$ref"]) ]
elif "example" in properties[prop]:
value = properties[prop]["example"]
example[prop] = value
else:
raise SqlmapSkipTargetException("missing example for parameter '%s'" %prop)
elif "example" in obj:
return obj["example"]
else:
raise SqlmapSkipTargetException("missing example for object '%s'" %obj)


return example
Expand Down