fix for Feature #187 (Skip duplicates parameters in -g)

2024-11-22 09:36:35 +03:00 · 2010-07-29 20:01:04 +00:00 · 2010-07-29 20:01:04 +00:00 · 28d9115373
commit 28d9115373
parent 6a6ff09c9a
2 changed files with 23 additions and 17 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -199,21 +199,26 @@ def start():

                    for parameter, value in paramDict.items():
                        testSqlInj = True
+                        paramKey = (conf.hostname, place, parameter)

+                        if paramKey in kb.testedParams:
+                            warnMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
+                            logger.warn(warnMsg)
+                            testSqlInj = False
                        # Avoid dinamicity test if the user provided the
                        # parameter manually
-                        if parameter in conf.testParameter:
+                        elif parameter in conf.testParameter:
                            pass
-
                        elif not checkDynParam(place, parameter, value):
                            warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
                            logger.warn(warnMsg)
                            testSqlInj = False
-
                        else:
                            logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
                            logger.info(logMsg)

+                        kb.testedParams.add(paramKey)
+
                        if testSqlInj:
                            for parenthesis in range(0, 4):
                                logMsg  = "testing sql injection on %s " % place
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1011,6 +1011,7 @@ def __setKnowledgeBaseAttributes():
    kb.resumedQueries = {}
    kb.stackedTest    = None
    kb.targetUrls     = set()
+    kb.testedParams   = set()
    kb.timeTest       = None
    kb.unionComment   = ""
    kb.unionCount     = None