Merge pull request #2618 from delvelabs/mark-steps-in-har

Mark steps in HAR file

lib/controller/checks.py

@@ -162,6 +162,13 @@ def checkSqlInjection(place, parameter, value):
             unionExtended = False
             trueCode, falseCode = None, None
 
+            if conf.httpCollector is not None:
+                conf.httpCollector.setExtendedArguments({
+                    "_title": title,
+                    "_place": place,
+                    "_parameter": parameter,
+                })
+
             if stype == PAYLOAD.TECHNIQUE.UNION:
                 configUnion(test.request.char)
 

lib/core/threads.py

@@ -38,8 +38,6 @@ class _ThreadData(threading.local):
         Resets thread data model
         """
 
-        self.requestCollector = None
-
         self.disableStdOut = False
         self.hashDBCursor = None
         self.inTransaction = False

lib/utils/har.py

@@ -29,9 +29,15 @@ class HTTPCollectorFactory:
 class HTTPCollector:
     def __init__(self):
         self.messages = BigArray()
+        self.extendedArguments = {}
+
+    def setExtendedArguments(self, arguments):
+        self.extendedArguments = arguments
 
     def collectRequest(self, requestMessage, responseMessage, startTime=None, endTime=None):
-        self.messages.append(RawPair(requestMessage, responseMessage, startTime, endTime))
+        self.messages.append(RawPair(requestMessage, responseMessage,
+                                     startTime=startTime, endTime=endTime,
+                                     extendedArguments=self.extendedArguments))
 
     def obtain(self):
         return {"log": {
@@ -41,31 +47,37 @@ class HTTPCollector:
         }}
 
 class RawPair:
-    def __init__(self, request, response, startTime=None, endTime=None):
+    def __init__(self, request, response, startTime=None, endTime=None, extendedArguments=None):
         self.request = request
         self.response = response
         self.startTime = startTime
         self.endTime = endTime
+        self.extendedArguments = extendedArguments or {}
 
     def toEntry(self):
-        return Entry(request=Request.parse(self.request), response=Response.parse(self.response), startTime=self.startTime, endTime=self.endTime)
+        return Entry(request=Request.parse(self.request), response=Response.parse(self.response),
+                     startTime=self.startTime, endTime=self.endTime,
+                     extendedArguments=self.extendedArguments)
 
 class Entry:
-    def __init__(self, request, response, startTime, endTime):
+    def __init__(self, request, response, startTime, endTime, extendedArguments):
         self.request = request
         self.response = response
         self.startTime = startTime or 0
         self.endTime = endTime or 0
+        self.extendedArguments = extendedArguments
 
     def toDict(self):
-        return {
+        out = {
             "request": self.request.toDict(),
             "response": self.response.toDict(),
             "cache": {},
-            "timings": [],
+            "timings": {},
             "time": int(1000 * (self.endTime - self.startTime)),
             "startedDateTime": "%s%s" % (datetime.datetime.fromtimestamp(self.startTime).isoformat(), time.strftime("%z")) if self.startTime else None
         }
+        out.update(self.extendedArguments)
+        return out
 
 class Request:
     def __init__(self, method, path, httpVersion, headers, postBody=None, raw=None, comment=None):
@@ -130,9 +142,9 @@ class Response:
     @classmethod
     def parse(cls, raw):
         altered = raw
-        comment = None
+        comment = ""
 
-        if altered.startswith("HTTP response ["):
+        if altered.startswith("HTTP response [") or altered.startswith("HTTP redirect ["):
             io = StringIO.StringIO(raw)
             first_line = io.readline()
             parts = cls.extract_status.search(first_line)