@@ -232,7 +232,7 @@ paths:
232232 parameters :
233233 - $ref : " #/components/parameters/TaskId"
234234 requestBody :
235- required : true
235+ required : false
236236 content :
237237 application/json :
238238 schema :
@@ -272,13 +272,7 @@ paths:
272272 Sets one or more options on a task. Values are persisted in the task option
273273 object and are used when the scan is started.
274274
275- Hardened behavior: options listed in `x-sqlmap-unsupported-options` should be
276- rejected here with `success: false`, matching `/scan/{taskid}/start`.
277- x-sqlmap-unsupported-options :
278- - sqlShell
279- - wizard
280- - evalCode
281- - alert
275+ Unsupported, read-only, and unknown options are rejected with `success: false`.
282276parameters :
283277 - $ref : " #/components/parameters/TaskId"
284278 requestBody :
@@ -315,6 +309,10 @@ paths:
315309 value :
316310 success : false
317311 message : " Unsupported option 'evalCode'"
312+ unknownOption :
313+ value :
314+ success : false
315+ message : " Unknown option 'doesNotExist'"
318316 " 401 "
319317 $ref : " #/components/responses/Unauthorized"
320318
@@ -327,13 +325,8 @@ paths:
327325 Applies the provided options to the task and starts sqlmap in a separate process.
328326 The response contains the spawned engine process ID.
329327
330- Current API behavior rejects options listed in `x-sqlmap-unsupported-options`
331- when they are supplied in this request body.
332- x-sqlmap-unsupported-options :
333- - sqlShell
334- - wizard
335- - evalCode
336- - alert
328+ Unsupported, read-only, and unknown options are rejected with `success: false`.
329+ Starting a scan for an already running task returns `success: false`.
337330parameters :
338331 - $ref : " #/components/parameters/TaskId"
339332 requestBody :
@@ -364,6 +357,14 @@ paths:
364357 value :
365358 success : false
366359 message : " Unsupported option 'evalCode'"
360+ unknownOption :
361+ value :
362+ success : false
363+ message : " Unknown option 'doesNotExist'"
364+ scanAlreadyRunning :
365+ value :
366+ success : false
367+ message : Scan already running
367368 invalidJson :
368369 value :
369370 success : false
@@ -647,10 +648,6 @@ components:
647648 message : Invalid start or end value, must be digits
648649
649650 schemas :
650- SuccessFlag :
651- type : boolean
652- description : Indicates whether the API action succeeded.
653-
654651 ErrorResponse :
655652 type : object
656653 required : [success, message]
@@ -726,7 +723,7 @@ components:
726723
727724 OptionValue :
728725 description : Value accepted by sqlmap options. The exact type depends on the option.
729- oneOf :
726+ anyOf :
730727 - type : string
731728 nullable : true
732729 - type : boolean
@@ -741,8 +738,8 @@ components:
741738 type : object
742739 description : |
743740 Dynamic object containing sqlmap option names and values. Option names map to
744- sqlmap's internal option dictionary. Unsupported REST API options should be
745- rejected by endpoints that accept this object.
741+ sqlmap's internal option dictionary. Unsupported, read-only, and unknown
742+ options are rejected by endpoints that accept this object.
746743additionalProperties :
747744 $ref : " #/components/schemas/OptionValue"
748745 example :
@@ -764,8 +761,7 @@ components:
764761
765762 OptionGetRequest :
766763 type : array
767- description : List of option names to return.
768- minItems : 1
764+ description : List of option names to return. Empty or missing input returns an empty options object.
769765 items :
770766 type : string
771767 minLength : 1
@@ -826,7 +822,7 @@ components:
826822 description : Numeric content type stored by sqlmap.
827823 example : 0
828824 value :
829- oneOf :
825+ anyOf :
830826 - type : string
831827 nullable : true
832828 - type : boolean
0 commit comments