disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code

2025-03-03 11:45:46 +03:00 · 2012-03-29 13:39:12 +00:00 · 2012-03-29 13:39:12 +00:00 · ce4c697bbd
commit ce4c697bbd
parent 772ead8d03
2 changed files with 11 additions and 12 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -329,11 +329,6 @@ def checkSqlInjection(place, parameter, value):
                            kb.matchRatio = None
                            Request.queryPage(genCmpPayload(), place, raise404=False)

-                            # If in the comparing stage there was an error
-                            # then anything non-error will be considered as True
-                            if kb.errorIsNone and kb.matchRatio is None:
-                                kb.matchRatio = LOWER_RATIO_BOUND
-
                            # Perform the test's True request
                            trueResult = Request.queryPage(reqPayload, place, raise404=False)

--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -29,30 +29,34 @@ from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.threads import getCurrentThreadData

 def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
+    #return _checkNegativeLogic(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
+    return _comparison(page, headers, code, getRatioValue, pageLength)
+
+def _checkNegativeLogic(condition, getRatioValue):
+    condition = not (condition or False) if kb.negativeLogic else condition
+    return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
+
+def _comparison(page, headers, code, getRatioValue, pageLength):
    if page is None and pageLength is None:
        return None

    seqMatcher = getCurrentThreadData().seqMatcher
    seqMatcher.set_seq1(kb.pageTemplate)

-    def checkNegativeLogic(condition):
-        condition = not condition if kb.negativeLogic else condition
-        return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
-
    if any([conf.string, conf.regexp]):
        rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)

        # String to match in page when the query is valid
        if conf.string:
-            return checkNegativeLogic(conf.string in rawResponse)
+            return conf.string in rawResponse

        # Regular expression to match in page when the query is valid
        if conf.regexp:
-            return checkNegativeLogic(re.search(conf.regexp, rawResponse, re.I | re.M) is not None)
+            return re.search(conf.regexp, rawResponse, re.I | re.M) is not None

    # HTTP code to match when the query is valid
    if isinstance(code, int) and conf.code:
-        return checkNegativeLogic(conf.code == code)
+        return conf.code == code

    if page:
        # In case of an DBMS error page return None