Minor refactoring for an Issue #290

2024-11-22 17:46:37 +03:00 · 2013-02-21 14:39:22 +01:00 · 2013-02-21 14:39:22 +01:00 · 08f0670aca
commit 08f0670aca
parent 8e49872d7c
5 changed files with 13 additions and 26 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -1059,22 +1059,24 @@ def identifyWaf():

    retVal = False

-    for function, product, request in kb.wafFunctions:
-        found = False
-
-        if not request:
+    for function, product in kb.wafFunctions:
+        try:
            found = function(_)
-        else:
-            pass
+        except Exception, ex:
+            errMsg = "exception occured while running "
+            errMsg += "WAF script for '%s' ('%s')" % (product, ex)
+            logger.critical(errMsg)
+
+            found = False

        if found:
            retVal = product
            break

    if retVal:
-        warnMsg = "WAF/IDS/IPS identified ('%s'). Please " % retVal
-        warnMsg += "consider usage of tamper scripts (option '--tamper')"
-        logger.critical(warnMsg)
+        errMsg = "WAF/IDS/IPS identified ('%s'). Please " % retVal
+        errMsg += "consider usage of tamper scripts (option '--tamper')"
+        logger.critical(errMsg)
    else:
        warnMsg = "WAF/IDS/IPS product not identified"
        logger.warn(warnMsg)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -925,7 +925,7 @@ def _setWafFunctions():
                errMsg += "in WAF script '%s'" % found
                raise SqlmapGenericException(errMsg)
            else:
-                kb.wafFunctions.append((_["detect"], _.get("__product__", filename[:-3]), _.get("__request__")))
+                kb.wafFunctions.append((_["detect"], _.get("__product__", filename[:-3])))

 def _setThreads():
    if not isinstance(conf.threads, int) or conf.threads <= 0:
--- a/waf/modsecurity.py
+++ b/waf/modsecurity.py
@ -5,9 +5,6 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

-import re
-
-from lib.core.enums import HTTPHEADER
 from lib.core.settings import WAF_ATTACK_VECTORS

 __product__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)"
@ -18,7 +15,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
        if code == 501:
-            retVal = True
+            retval = True
            break

    return retval
--- a/waf/proventia.py
+++ b/waf/proventia.py
@ -5,12 +5,6 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

-import re
-
-from lib.core.data import kb
-from lib.core.enums import HTTPHEADER
-from lib.core.settings import WAF_ATTACK_VECTORS
-
 __product__ = "Proventia Web Application Security (IBM)"

 def detect(get_page):
--- a/waf/webappsecure.py
+++ b/waf/webappsecure.py
@ -5,12 +5,6 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

-import re
-
-from lib.core.data import kb
-from lib.core.enums import HTTPHEADER
-from lib.core.settings import WAF_ATTACK_VECTORS
-
 __product__ = "webApp.secure (webScurity)"

 def detect(get_page):