From 412a97b7fe6f1a77397c89abe5029b36dd25db4d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 5 Feb 2011 14:17:28 +0000
Subject: [PATCH] fix for a bug reported by ahmed@isecur1ty.org (TypeError:
 unsupported operand type(s) for -: 'float' and 'NoneType')

---
 doc/THANKS                          | 1 +
 lib/techniques/inband/union/test.py | 8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/doc/THANKS b/doc/THANKS
index fcc0e097b..8b912e5bf 100644
--- a/doc/THANKS
+++ b/doc/THANKS
@@ -343,6 +343,7 @@ Uemit Seren <uemit.seren@gmail.com>
 
 Ahmed Shawky <ahmed@isecur1ty.org>
     for reporting a major bug with improper handling of parameter values
+    for reporting a bug
 
 Brian Shura <bshura@appsecconsulting.com>
     for reporting a bug
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
index ca2a27c48..df9b05abd 100644
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -31,6 +31,8 @@ from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
 from lib.core.settings import FROM_TABLE
 from lib.core.settings import UNION_STDEV_COEFF
+from lib.core.settings import MIN_RATIO
+from lib.core.settings import MAX_RATIO
 from lib.core.settings import MIN_STATISTICAL_RANGE
 from lib.core.settings import MIN_UNION_RESPONSES
 from lib.core.unescaper import unescaper
@@ -52,14 +54,14 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
     if abs(upperCount - lowerCount) < MIN_UNION_RESPONSES:
         upperCount = lowerCount + MIN_UNION_RESPONSES
 
-    min_, max_ = None, None
+    min_, max_ = MAX_RATIO, MIN_RATIO
     for count in range(lowerCount, upperCount+1):
         query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, conf.uChar)
         payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
         page, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
-        ratio = comparison(page, True)
+        ratio = comparison(page, True) or MIN_RATIO
         ratios.append(ratio)
-        min_, max_ = min(min_ or ratio, ratio), max(max_ or ratio, ratio)
+        min_, max_ = min(min_, ratio), max(max_, ratio)
         items.append((count, ratio))
 
     ratios.pop(ratios.index(min_))