two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)

lib/controller/checks.py

@@ -350,16 +350,13 @@ def checkSqlInjection(place, parameter, value):
                         # time based checks can take awhile
                         socket.setdefaulttimeout(120)
 
-                        # Perform the test's request and check how long
+                        # Perform the test's request
-                        # it takes to get the response back
-                        start = time.time()
                         _ = Request.queryPage(reqPayload, place, noteResponseTime = False)
-                        duration = calculateDeltaSeconds(start)
 
                         # 99.9999999997440% of all non time-based sql injection 
-                        # affected durations should be inside 7*stdev(durations)
+                        # affected durations should be inside +-7*stdev(durations)
                         # (Reference: http://www.answers.com/topic/standard-deviation)
-                        trueResult = (duration >= 7 * stdev(kb.responseTimes))
+                        trueResult = (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * stdev(kb.responseTimes))
 
                         if trueResult:
                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)

lib/core/option.py

@@ -1149,6 +1149,7 @@ def __setKnowledgeBaseAttributes():
     kb.injections      = []
     kb.keywords        = set(getFileItems(paths.SQL_KEYWORDS))
     kb.lastErrorPage   = None
+    kb.lastQueryDuration = 0
     kb.lastRequestUID  = 0
 
     kb.locks           = advancedDict()

lib/request/connect.py

@@ -340,7 +340,6 @@ class Connect:
         uri         = None
         raise404    = place != PLACE.URI if raise404 is None else raise404
         toUrlencode = { PLACE.GET: True, PLACE.POST: True, PLACE.COOKIE: conf.cookieUrlencode, PLACE.UA: True, PLACE.URI: False }
-        start       = time.time()
 
         if not place:
             place = kb.injection.place
@@ -387,6 +386,7 @@ class Connect:
             if kb.queryCounter % conf.saFreq == 0:
                 Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)
 
+        start = time.time()
         if not content and not response and kb.nullConnection:
             if kb.nullConnection == NULLCONNECTION.HEAD:
                 method = HTTPMETHOD.HEAD
@@ -405,6 +405,7 @@ class Connect:
 
         if not pageLength:
             page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404)
+        kb.lastQueryDuration = calculateDeltaSeconds(start)
 
         if conf.textOnly:
             page = getFilteredPageContent(page)
@@ -415,7 +416,7 @@ class Connect:
                 conf.cj.clear()
 
         if noteResponseTime:
-            kb.responseTimes.append(calculateDeltaSeconds(start))
+            kb.responseTimes.append(kb.lastQueryDuration)
 
         if content or response:
             return page, headers