MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / checkFalsePositives

Function checkFalsePositives

lib/controller/checks.py:909–973  ·  view source on GitHub ↗

Checks for false positives (only in single special cases)

(injection)

Source from the content-addressed store, hash-verified

907
908@stackedmethod
909def checkFalsePositives(injection):
910 """
911 Checks for false positives (only in single special cases)
912 """
913
914 retVal = True
915
916 if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data) or (len(injection.data) == 1 and PAYLOAD.TECHNIQUE.UNION in injection.data and "Generic" in injection.data[PAYLOAD.TECHNIQUE.UNION].title):
917 pushValue(kb.injection)
918
919 infoMsg = "checking if the injection point on %s " % injection.place
920 infoMsg += "parameter '%s' is a false positive" % injection.parameter
921 logger.info(infoMsg)
922
923 def _():
924 return int(randomInt(2)) + 1
925
926 kb.injection = injection
927
928 for level in xrange(conf.level):
929 while True:
930 randInt1, randInt2, randInt3 = (_() for j in xrange(3))
931
932 randInt1 = min(randInt1, randInt2, randInt3)
933 randInt3 = max(randInt1, randInt2, randInt3)
934
935 if conf.string and any(conf.string in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):
936 continue
937
938 if conf.notString and any(conf.notString in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):
939 continue
940
941 if randInt3 > randInt2 > randInt1:
942 break
943
944 if not checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt1)):
945 retVal = False
946 break
947
948 if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data:
949 checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt2)) # just in case if DBMS hasn't properly recovered from previous delayed request
950
951 if checkBooleanExpression("%d%s%d" % (randInt1, INFERENCE_EQUALS_CHAR, randInt3)): # this must not be evaluated to True
952 retVal = False
953 break
954
955 elif checkBooleanExpression("%d%s%d" % (randInt3, INFERENCE_EQUALS_CHAR, randInt2)): # this must not be evaluated to True
956 retVal = False
957 break
958
959 elif not checkBooleanExpression("%d%s%d" % (randInt2, INFERENCE_EQUALS_CHAR, randInt2)): # this must be evaluated to True
960 retVal = False
961 break
962
963 elif checkBooleanExpression("%d %d" % (randInt3, randInt2)): # this must not be evaluated to True (invalid statement)
964 retVal = False
965 break
966

Callers 1

checkSqlInjectionFunction · 0.85

Calls 7

pushValueFunction · 0.90
getUnicodeFunction · 0.90
checkBooleanExpressionFunction · 0.90
popValueFunction · 0.90
xrangeClass · 0.85
infoMethod · 0.80
_Function · 0.70

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…