Cosmetics

2025-02-02 20:54:13 +03:00 · 2010-12-09 00:26:06 +00:00 · 2010-12-09 00:26:06 +00:00 · 9c61adb21d
commit 9c61adb21d
parent b5c6527c72
4 changed files with 16 additions and 10 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -308,12 +308,13 @@ def checkSqlInjection(place, parameter, value):
                        conf.matchRatio = None
                        _ = Request.queryPage(cmpPayload, place)

-                        # Compare True and False response contents
+                        # Perform the test's True request
                        trueResult = Request.queryPage(reqPayload, place)

                        if trueResult:
                            falseResult = Request.queryPage(cmpPayload, place)

+                            # Perform the test's False request
                            if not falseResult:
                                infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
                                logger.info(infoMsg)
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1273,9 +1273,12 @@ def readCachedFileContent(filename, mode='rb'):

 def readXmlFile(xmlFile):
    checkFile(xmlFile)  
+
    xfile = codecs.open(xmlFile, 'r', conf.dataEncoding)
    retVal = minidom.parse(xfile).documentElement
+
    xfile.close()
+
    return retVal

 def stdev(values):
@ -1283,16 +1286,17 @@ def stdev(values):
    Computes standard deviation of a list of numbers.
    Reference: http://www.goldb.org/corestats.html
    """
+
    if not values or len(values) < 2:
        return None

-    sum = 0.0
+    summa = 0.0
    avg = average(values)

    for value in values:
-        sum += pow(value - avg, 2)
+        summa += pow(value - avg, 2)

-    return sqrt(sum/(len(values) - 1))
+    return sqrt(summa/(len(values) - 1))

 def average(values):
    """
@ -1544,11 +1548,13 @@ def wasLastRequestDelayed():
    # affected response times should be inside +-7*stdev([normal response times])
    # (Math reference: http://www.answers.com/topic/standard-deviation)
    deviation = stdev(kb.responseTimes)
+
    if deviation:
        if len(kb.responseTimes) < MIN_TIME_RESPONSES:
-            warnMsg = "time based standard deviation method used "
-            warnMsg += "on a model with less than %d response times" % MIN_TIME_RESPONSES
+            warnMsg = "time-based standard deviation method used on a model "
+            warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES
            logger.warn(warnMsg)
+
        return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * deviation)
    else:
        return kb.lastQueryDuration - conf.timeSec
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -91,9 +91,9 @@ class PAYLOAD:
             }

    class METHOD:
-        COMPARISON  = "comparison"
-        GREP        = "grep"
-        TIME        = "time"
+        COMPARISON = "comparison"
+        GREP = "grep"
+        TIME = "time"

    class TECHNIQUE:
        HEURISTIC = 0
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -21,7 +21,6 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.request import inject
-from lib.request.connect import Connect as Request

 def tableExists(tableFile):
    tables = getFileItems(tableFile)