Minor refactoring for an Issue #290

This commit is contained in:
stamparm 2013-02-21 14:39:22 +01:00
parent 8e49872d7c
commit 08f0670aca
5 changed files with 13 additions and 26 deletions

View File

@ -1059,22 +1059,24 @@ def identifyWaf():
retVal = False retVal = False
for function, product, request in kb.wafFunctions: for function, product in kb.wafFunctions:
found = False try:
if not request:
found = function(_) found = function(_)
else: except Exception, ex:
pass errMsg = "exception occured while running "
errMsg += "WAF script for '%s' ('%s')" % (product, ex)
logger.critical(errMsg)
found = False
if found: if found:
retVal = product retVal = product
break break
if retVal: if retVal:
warnMsg = "WAF/IDS/IPS identified ('%s'). Please " % retVal errMsg = "WAF/IDS/IPS identified ('%s'). Please " % retVal
warnMsg += "consider usage of tamper scripts (option '--tamper')" errMsg += "consider usage of tamper scripts (option '--tamper')"
logger.critical(warnMsg) logger.critical(errMsg)
else: else:
warnMsg = "WAF/IDS/IPS product not identified" warnMsg = "WAF/IDS/IPS product not identified"
logger.warn(warnMsg) logger.warn(warnMsg)

View File

@ -925,7 +925,7 @@ def _setWafFunctions():
errMsg += "in WAF script '%s'" % found errMsg += "in WAF script '%s'" % found
raise SqlmapGenericException(errMsg) raise SqlmapGenericException(errMsg)
else: else:
kb.wafFunctions.append((_["detect"], _.get("__product__", filename[:-3]), _.get("__request__"))) kb.wafFunctions.append((_["detect"], _.get("__product__", filename[:-3])))
def _setThreads(): def _setThreads():
if not isinstance(conf.threads, int) or conf.threads <= 0: if not isinstance(conf.threads, int) or conf.threads <= 0:

View File

@ -5,9 +5,6 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
from lib.core.enums import HTTPHEADER
from lib.core.settings import WAF_ATTACK_VECTORS from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)" __product__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)"
@ -18,7 +15,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, headers, code = get_page(get=vector)
if code == 501: if code == 501:
retVal = True retval = True
break break
return retval return retval

View File

@ -5,12 +5,6 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
from lib.core.data import kb
from lib.core.enums import HTTPHEADER
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Proventia Web Application Security (IBM)" __product__ = "Proventia Web Application Security (IBM)"
def detect(get_page): def detect(get_page):

View File

@ -5,12 +5,6 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
from lib.core.data import kb
from lib.core.enums import HTTPHEADER
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "webApp.secure (webScurity)" __product__ = "webApp.secure (webScurity)"
def detect(get_page): def detect(get_page):