diff --git a/lib/core/data.py b/lib/core/data.py index dcc3fc020..9a967aee6 100644 --- a/lib/core/data.py +++ b/lib/core/data.py @@ -14,6 +14,9 @@ paths = AttribDict() # object to store original command line options cmdLineOptions = AttribDict() +# object to store merged options (command line, configuration file and default options) +mergedOptions = AttribDict() + # object to share within function and classes command # line options and settings conf = AttribDict() diff --git a/lib/core/option.py b/lib/core/option.py index 8aef58d63..622214d19 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -57,6 +57,7 @@ from lib.core.convert import base64unpickle from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.data import mergedOptions from lib.core.data import queries from lib.core.datatype import AttribDict from lib.core.datatype import InjectionDict @@ -1854,6 +1855,8 @@ def _mergeOptions(inputOptions, overrideOptions): if hasattr(conf, key) and conf[key] is None: conf[key] = value + mergedOptions.update(conf) + def _setTrafficOutputFP(): if conf.trafficFile: infoMsg = "setting file for logging HTTP traffic" diff --git a/lib/core/settings.py b/lib/core/settings.py index dfe869dc6..292e8545e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -319,6 +319,9 @@ HASH_MOD_ITEM_DISPLAY = 11 # Maximum integer value MAX_INT = sys.maxint +# Options that need to be restored in multiple targets run mode +RESTORE_MERGED_OPTIONS = ("col", "db", "dnsName", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user") + # Parameters to be ignored in detection phase (upper case) IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") diff --git a/lib/core/target.py b/lib/core/target.py index a07a3878b..465489cee 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -20,10 +20,10 @@ from lib.core.common import paramToDict from lib.core.common import readInput from lib.core.common import resetCookieJar from lib.core.common import urldecode -from lib.core.data import cmdLineOptions from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.data import mergedOptions from lib.core.data import paths from lib.core.dicts import DBMS_DICT from lib.core.dump import dumper @@ -47,6 +47,7 @@ from lib.core.settings import JSON_RECOGNITION_REGEX from lib.core.settings import MULTIPART_RECOGNITION_REGEX from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS from lib.core.settings import REFERER_ALIASES +from lib.core.settings import RESTORE_MERGED_OPTIONS from lib.core.settings import RESULTS_FILE_FORMAT from lib.core.settings import SOAP_RECOGNITION_REGEX from lib.core.settings import SUPPORTED_DBMS @@ -511,25 +512,14 @@ def _createTargetDirs(): _createFilesDir() _configureDumper() -def _restoreCmdLineOptions(): +def _restoreMergedOptions(): """ - Restore command line options that could be possibly - changed during the testing of previous target. + Restore merged options (command line, configuration file and default values) + that could be possibly changed during the testing of previous target. """ - conf.col = cmdLineOptions.col - conf.db = cmdLineOptions.db - conf.dnsName = cmdLineOptions.dnsName - conf.privEsc = cmdLineOptions.privEsc - conf.tbl = cmdLineOptions.tbl - conf.regexp = cmdLineOptions.regexp - conf.string = cmdLineOptions.string - conf.textOnly = cmdLineOptions.textOnly - conf.threads = cmdLineOptions.threads - conf.timeSec = cmdLineOptions.timeSec - conf.tmpPath = cmdLineOptions.tmpPath - conf.uChar = cmdLineOptions.uChar - conf.user = cmdLineOptions.user + for option in RESTORE_MERGED_OPTIONS: + conf[option] = mergedOptions[option] def initTargetEnv(): """ @@ -548,7 +538,7 @@ def initTargetEnv(): conf.hashDBFile = None _setKnowledgeBaseAttributes(False) - _restoreCmdLineOptions() + _restoreMergedOptions() _setDBMS() if conf.data: