From 2e5c11e4277b61f66ee98e82efa2603ee8148e05 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 13 Feb 2015 10:59:03 +0100
Subject: [PATCH] Closes #1163

---
 lib/controller/checks.py | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 589ed8a86..7df1d862a 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -196,25 +196,6 @@ def checkSqlInjection(place, parameter, value):
                     logger.debug(debugMsg)
                     continue
 
-            elif not (kb.extendTests and intersect(dbms, kb.extendTests)):
-                # Skip test if the risk is higher than the provided (or default)
-                # value
-                # Parse test's <risk>
-                if test.risk > conf.risk:
-                    debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
-                    debugMsg += "is higher than the provided (%d)" % conf.risk
-                    logger.debug(debugMsg)
-                    continue
-
-                # Skip test if the level is higher than the provided (or default)
-                # value
-                # Parse test's <level>
-                if test.level > conf.level:
-                    debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
-                    debugMsg += "is higher than the provided (%d)" % conf.level
-                    logger.debug(debugMsg)
-                    continue
-
             if dbms is not None:
                 if injection.dbms is not None and not intersect(injection.dbms, dbms):
                     debugMsg = "skipping test '%s' because " % title
@@ -237,6 +218,25 @@ def checkSqlInjection(place, parameter, value):
                     logger.debug(debugMsg)
                     continue
 
+            if not (kb.extendTests and intersect(dbms, kb.extendTests)):
+                # Skip test if the risk is higher than the provided (or default)
+                # value
+                # Parse test's <risk>
+                if test.risk > conf.risk:
+                    debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
+                    debugMsg += "is higher than the provided (%d)" % conf.risk
+                    logger.debug(debugMsg)
+                    continue
+
+                # Skip test if the level is higher than the provided (or default)
+                # value
+                # Parse test's <level>
+                if test.level > conf.level:
+                    debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
+                    debugMsg += "is higher than the provided (%d)" % conf.level
+                    logger.debug(debugMsg)
+                    continue
+
             # Skip test if it does not match the same SQL injection clause
             # already identified by another test
             clauseMatch = False