code review part 3

2025-02-16 19:40:37 +03:00 · 2011-01-15 13:15:10 +00:00 · 2011-01-15 13:15:10 +00:00 · 5bdb50c224
commit 5bdb50c224
parent 1fa8f0cba7
7 changed files with 6 additions and 10 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -301,7 +301,6 @@ def checkSqlInjection(place, parameter, value):
                    boundPayload = agent.suffixQuery(boundPayload, comment, suffix)
                    boundPayload = agent.cleanupPayload(boundPayload, value)
                    reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
-                    unionVector = None

                    # Perform the test's request and check whether or not the
                    # payload was successful
@ -474,7 +473,7 @@ def checkSqlInjection(place, parameter, value):
    else:
        return None

-def heuristicCheckSqlInjection(place, parameter, value):
+def heuristicCheckSqlInjection(place, parameter):
    if kb.nullConnection:
        debugMsg  = "heuristic checking skipped "
        debugMsg += "because NULL connection used"
@ -518,7 +517,6 @@ def simpletonCheckSqlInjection(place, parameter, value):

    result = False
    randInt = randomInt()
-    randStr = randomStr()

    if value.isdigit():
        payload = "%s AND %d=%d" % (value, randInt, randInt)
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -282,7 +282,7 @@ def start():
                        if __paramDict:
                            conf.paramDict[PLACE.COOKIE] = __paramDict
                            # TODO: consider the following line in __setRequestParams()
-                            __testableParameters = True
+                            # __testableParameters = True

            if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \
                and (kb.injection.place is None or kb.injection.parameter is None):
@ -344,7 +344,7 @@ def start():
                        kb.testedParams.add(paramKey)

                        if testSqlInj:
-                            check = heuristicCheckSqlInjection(place, parameter, value)
+                            check = heuristicCheckSqlInjection(place, parameter)
                            if not check and conf.realTest and\
                              not simpletonCheckSqlInjection(place, parameter, value):
                                continue
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1621,7 +1621,7 @@ def beep():
                try:
                    audio = file(dev, 'wb')

-                    for i in xrange(250):
+                    for _ in xrange(250):
                        audio.write(chr(32) * 4)
                        audio.write(chr(0) * 4)

--- a/lib/core/xmldump.py
+++ b/lib/core/xmldump.py
@ -415,7 +415,7 @@ class XMLDump:

        logger.info("Table '%s.%s' dumped to XML file" % (db, table))

-    def dbColumns(self, dbColumns, _, dbs):
+    def dbColumns(self, dbColumns, colConsider, dbs):
        '''
        Adds information about the columns
        '''
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@ -128,7 +128,6 @@ def unionTest(comment, place, parameter, value, prefix, suffix, dbms):
    if conf.direct:
        return

-    oldTechnique = kb.technique
    kb.technique = PAYLOAD.TECHNIQUE.UNION
    validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix, dbms)

--- a/lib/utils/checkpayload.py
+++ b/lib/utils/checkpayload.py
@ -8,7 +8,6 @@ See the file 'doc/COPYING' for copying permission
 """

 import re
-import sre_constants

 from lib.core.common import getCompiledRegex
 from lib.core.common import readXmlFile
--- a/lib/utils/getch.py
+++ b/lib/utils/getch.py
@ -26,7 +26,7 @@ class _Getch:

 class _GetchUnix:
    def __init__(self):
-        import tty, sys
+        import tty

    def __call__(self):
        import sys, tty, termios