From 2bbbc9a41e7d89533e8f2fe0c87b21f851db0a10 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 25 Feb 2011 09:35:24 +0000
Subject: [PATCH] few updates
---
extra/keepalive/keepalive.py | 7 ++-----
lib/core/common.py | 15 +++++++++------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/extra/keepalive/keepalive.py b/extra/keepalive/keepalive.py
index 705e4702f..5702559b5 100644
--- a/extra/keepalive/keepalive.py
+++ b/extra/keepalive/keepalive.py
@@ -325,18 +325,15 @@ class HTTPConnection(httplib.HTTPConnection):
else:
raise CannotSendHeader()
- for header in self._headers:
- self._headers[header] = unicodeToSafeHTMLValue(self._headers[header])
-
for header in ['Host', 'Accept-Encoding']:
if header in self._headers:
str = '%s: %s' % (header, self._headers[header])
- self._output(str)
+ self._output(unicodeToSafeHTMLValue(str))
del self._headers[header]
for header, value in self._headers.items():
str = '%s: %s' % (header, value)
- self._output(str)
+ self._output(unicodeToSafeHTMLValue(str))
self._send_output()
diff --git a/lib/core/common.py b/lib/core/common.py
index 28cd66408..c75274a64 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2395,13 +2395,16 @@ def removeReflectiveValues(content, payload):
(e.g. ?search=sql injection ---> ...value="sql%20injection")
"""
- payload = payload.replace(PAYLOAD_DELIMITER, '')
+ retVal = content
- regex = filterStringValue(payload, r'[A-Za-z0-9]', r'[^\s]+')
- retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content)
+ if all([content, payload]):
+ payload = payload.replace(PAYLOAD_DELIMITER, '')
- if retVal != content:
- warnMsg = "reflective value found and filtered out"
- logger.warn(warnMsg)
+ regex = filterStringValue(payload, r'[A-Za-z0-9]', r'[^\s]+')
+ retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content)
+
+ if retVal != content:
+ debugMsg = "reflective value found and filtered out"
+ logger.debug(debugMsg)
return retVal