Removing reflective warning for parsing heuristic test

2025-01-23 15:54:24 +03:00 · 2013-07-08 11:48:33 +02:00 · 2013-07-08 11:48:33 +02:00 · 8d3435ab0b
commit 8d3435ab0b
parent 27bf37e741
3 changed files with 6 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -744,10 +744,14 @@ def heuristicCheckSqlInjection(place, parameter):
    while '\'' not in randStr:
        randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)

+    kb.heuristicMode = True
+
    payload = "%s%s%s" % (prefix, randStr, suffix)
    payload = agent.payload(place, parameter, newValue=payload)
    page, _ = Request.queryPage(payload, place, content=True, raise404=False)

+    kb.heuristicMode = False
+
    parseFilePaths(page)
    result = wasLastResponseDBMSError()

--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2880,7 +2880,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
                    regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
                    retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)

-            if retVal != content:
+            if retVal != content and not kb.heuristicMode:
                kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
                if not suppressWarning:
                    warnMsg = "reflective value(s) found and filtering out"
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1599,6 +1599,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.forcedDbms = None
    kb.headersFp = {}
    kb.heuristicDbms = None
+    kb.heuristicMode = False
    kb.heuristicTest = None
    kb.hintValue = None
    kb.htmlFp = []