Checks for false positives (only in single special cases)
(injection)
| 907 | |
| 908 | @stackedmethod |
| 909 | def checkFalsePositives(injection): |
| 910 | """ |
| 911 | Checks for false positives (only in single special cases) |
| 912 | """ |
| 913 | |
| 914 | retVal = True |
| 915 | |
| 916 | if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data) or (len(injection.data) == 1 and PAYLOAD.TECHNIQUE.UNION in injection.data and "Generic" in injection.data[PAYLOAD.TECHNIQUE.UNION].title): |
| 917 | pushValue(kb.injection) |
| 918 | |
| 919 | infoMsg = "checking if the injection point on %s " % injection.place |
| 920 | infoMsg += "parameter '%s' is a false positive" % injection.parameter |
| 921 | logger.info(infoMsg) |
| 922 | |
| 923 | def _(): |
| 924 | return int(randomInt(2)) + 1 |
| 925 | |
| 926 | kb.injection = injection |
| 927 | |
| 928 | for level in xrange(conf.level): |
| 929 | while True: |
| 930 | randInt1, randInt2, randInt3 = (_() for j in xrange(3)) |
| 931 | |
| 932 | randInt1 = min(randInt1, randInt2, randInt3) |
| 933 | randInt3 = max(randInt1, randInt2, randInt3) |
| 934 | |
| 935 | if conf.string and any(conf.string in getUnicode(_) for _ in (randInt1, randInt2, randInt3)): |
| 936 | continue |
| 937 | |
| 938 | if conf.notString and any(conf.notString in getUnicode(_) for _ in (randInt1, randInt2, randInt3)): |
| 939 | continue |
| 940 | |
| 941 | if randInt3 > randInt2 > randInt1: |
| 942 | break |
| 943 | |
| 944 | if not checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt1)): |
| 945 | retVal = False |
| 946 | break |
| 947 | |
| 948 | if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data: |
| 949 | checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt2)) # just in case if DBMS hasn't properly recovered from previous delayed request |
| 950 | |
| 951 | if checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt3)): # this must not be evaluated to True |
| 952 | retVal = False |
| 953 | break |
| 954 | |
| 955 | elif checkBooleanExpression("%d%s%d" % (randInt3, INFERENCE_EQUALS_CHAR, randInt2)): # this must not be evaluated to True |
| 956 | retVal = False |
| 957 | break |
| 958 | |
| 959 | elif not checkBooleanExpression("%d%s%d" % (randInt2, INFERENCE_EQUALS_CHAR, randInt2)): # this must be evaluated to True |
| 960 | retVal = False |
| 961 | break |
| 962 | |
| 963 | elif checkBooleanExpression("%d %d" % (randInt3, randInt2)): # this must not be evaluated to True (invalid statement) |
| 964 | retVal = False |
| 965 | break |
| 966 |
no test coverage detected
searching dependent graphs…