展平日志 字段存储修改

EITS403 · EITS403 · commit 7ef06230be37 · 2026-01-06T15:17:55.000+08:00
diff --git a/app/tasks/sqlmap_worker.py b/app/tasks/sqlmap_worker.py
@@ -16,6 +16,47 @@
 AUTH = (os.getenv("SQLMAP_USERNAME"), os.getenv("SQLMAP_PASSWORD"))  # Basic Auth
 
 
+def normalize_sqlmap_result(raw: dict) -> dict:
+    result = {
+        "success": raw.get("success", False),
+        "error": raw.get("error", []),
+        "data": {"target": {}, "injections": {}, "dbms": {}},
+    }
+
+    for entry in raw.get("data", []):
+        entry_type = entry.get("type")
+        value = entry.get("value")
+
+        # type 0 → 目标信息
+        if entry_type == 0 and isinstance(value, dict):
+            result["data"]["target"] = value
+
+        # type 1 → 注入点（一定是 list）
+        elif entry_type == 1 and isinstance(value, list):
+            for item in value:
+                key = f"{item.get('place')}:{item.get('parameter')}"
+
+                result["data"]["injections"][key] = {
+                    "place": item.get("place"),
+                    "parameter": item.get("parameter"),
+                    "ptype": item.get("ptype"),
+                    "prefix": item.get("prefix"),
+                    "suffix": item.get("suffix"),
+                    "clause": item.get("clause"),
+                    "notes": item.get("notes"),
+                    "payloads": item.get("data", {}),
+                }
+
+                # DBMS 信息（只记录一次即可）
+                if not result["data"]["dbms"]:
+                    result["data"]["dbms"] = {
+                        "name": item.get("dbms"),
+                        "version": item.get("dbms_version"),
+                    }
+
+    return result
+
+
 @celery_app.task(
     bind=True,
     autoretry_for=(Exception,),
@@ -63,15 +104,20 @@ def poll_single_sqlmap_task(self, task_id: str):
         result_resp.raise_for_status()
         data = result_resp.json()
 
+        # 展平sqlmap返回日志
+        normalized = normalize_sqlmap_result(data)
+
+        print(normalized)
+
         # 解析 sqlmap 返回
         scan_result = SqlmapScanResult(
-            target_url=task.scan_url,
-            dbms=data.get("dbms"),
-            vulnerable=bool(data.get("data")),
-            injection_points=data.get("data"),
-            dump_data=data.get("dump"),
-            raw_output=data.get("raw"),
-            command=data.get("command", ""),
+            target_url=normalized["data"]["target"]["url"],
+            dbms=normalized["data"]["dbms"].get("name"),
+            vulnerable=bool(normalized["data"]["injections"]),
+            injection_points=normalized["data"]["injections"],
+            dump_data=None,  # 后续支持 sqlmap dump 再填
+            raw_output=normalized,
+            command="",
             started_at=datetime.utcnow(),
             finished_at=datetime.utcnow(),
         )
