diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 7ee0597de..267a903f5 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -440,7 +440,7 @@ def checkSqlInjection(place, parameter, value): if not isinstance(dValue, list): injection.dbms = Backend.setDbms(dValue) else: - Backend.forceDbms(dValue[0]) + Backend.forceDbms(dValue[0], True) elif dKey == "dbms_version" and injection.dbms_version is None: injection.dbms_version = Backend.setVersion(dValue) elif dKey == "os" and injection.os is None: @@ -497,6 +497,8 @@ def checkSqlInjection(place, parameter, value): # Reset forced back-end DBMS value Backend.flushForcedDbms() + Backend.flushForcedDbms(True) + # Return the injection object if injection.place is not None and injection.parameter is not None: injection = checkFalsePositives(injection) diff --git a/lib/core/common.py b/lib/core/common.py index 5dc1bb94a..46d58149e 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -297,12 +297,15 @@ class Backend: logger.error("invalid format of versionsList") @staticmethod - def forceDbms(dbms): - kb.misc.forcedDbms = aliasToDbmsEnum(dbms) + def forceDbms(dbms, sticky=False): + if not kb.misc.stickyFlag: + kb.misc.forcedDbms = aliasToDbmsEnum(dbms) + kb.misc.stickyFlag = sticky @staticmethod - def flushForcedDbms(): - kb.misc.forcedDbms = None + def flushForcedDbms(force=False): + if not kb.misc.stickyFlag or force: + kb.misc.forcedDbms = None @staticmethod def setOs(os): diff --git a/lib/core/option.py b/lib/core/option.py index b06397cf3..67baeff09 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1403,6 +1403,7 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.misc.space = ":%s:" % randomStr(length=1, lowercase=True) kb.misc.dollar = ":%s:" % randomStr(length=1, lowercase=True) kb.misc.forcedDbms = None + kb.misc.stickyFlag = False if flushAll: kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))