Checks for existence of Suhosin-patch (and alike) protection mechanism(s)
(injection)
| 974 | |
| 975 | @stackedmethod |
| 976 | def checkSuhosinPatch(injection): |
| 977 | """ |
| 978 | Checks for existence of Suhosin-patch (and alike) protection mechanism(s) |
| 979 | """ |
| 980 | |
| 981 | if injection.place in (PLACE.GET, PLACE.URI): |
| 982 | debugMsg = "checking for parameter length " |
| 983 | debugMsg += "constraining mechanisms" |
| 984 | logger.debug(debugMsg) |
| 985 | |
| 986 | pushValue(kb.injection) |
| 987 | |
| 988 | kb.injection = injection |
| 989 | randInt = randomInt() |
| 990 | |
| 991 | if not checkBooleanExpression("%d=%s%d" % (randInt, ' ' * SUHOSIN_MAX_VALUE_LENGTH, randInt)): |
| 992 | warnMsg = "parameter length constraining " |
| 993 | warnMsg += "mechanism detected (e.g. Suhosin patch). " |
| 994 | warnMsg += "Potential problems in enumeration phase can be expected" |
| 995 | logger.warning(warnMsg) |
| 996 | |
| 997 | kb.injection = popValue() |
| 998 | |
| 999 | @stackedmethod |
| 1000 | def checkFilteredChars(injection): |
no test coverage detected
searching dependent graphs…