Returns True if the last web request resulted in a time-delay
()
| 2794 | return threadData.lastHTTPError and threadData.lastHTTPError[0] == threadData.lastRequestUID |
| 2795 | |
| 2796 | def wasLastResponseDelayed(): |
| 2797 | """ |
| 2798 | Returns True if the last web request resulted in a time-delay |
| 2799 | """ |
| 2800 | |
| 2801 | # 99.9999999997440% of all non time-based SQL injection affected |
| 2802 | # response times should be inside +-7*stdev([normal response times]) |
| 2803 | # Math reference: http://www.answers.com/topic/standard-deviation |
| 2804 | |
| 2805 | deviation = stdev(kb.responseTimes.get(kb.responseTimeMode, [])) |
| 2806 | threadData = getCurrentThreadData() |
| 2807 | |
| 2808 | if deviation and not conf.direct and not conf.disableStats: |
| 2809 | if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: |
| 2810 | warnMsg = "time-based standard deviation method used on a model " |
| 2811 | warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES |
| 2812 | logger.warning(warnMsg) |
| 2813 | |
| 2814 | lowerStdLimit = average(kb.responseTimes[kb.responseTimeMode]) + TIME_STDEV_COEFF * deviation |
| 2815 | retVal = (threadData.lastQueryDuration >= max(MIN_VALID_DELAYED_RESPONSE, lowerStdLimit)) |
| 2816 | |
| 2817 | if not kb.testMode and retVal: |
| 2818 | if kb.adjustTimeDelay is None: |
| 2819 | msg = "do you want sqlmap to try to optimize value(s) " |
| 2820 | msg += "for DBMS delay responses (option '--time-sec')? [Y/n] " |
| 2821 | |
| 2822 | kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if not readInput(msg, default='Y', boolean=True) else ADJUST_TIME_DELAY.YES |
| 2823 | if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES: |
| 2824 | adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit) |
| 2825 | |
| 2826 | return retVal |
| 2827 | else: |
| 2828 | delta = threadData.lastQueryDuration - conf.timeSec |
| 2829 | if Backend.getIdentifiedDbms() in (DBMS.MYSQL,): # MySQL's SLEEP(X) lasts 0.05 seconds shorter on average |
| 2830 | delta += 0.05 |
| 2831 | return delta >= 0 |
| 2832 | |
| 2833 | def adjustTimeDelay(lastQueryDuration, lowerStdLimit): |
| 2834 | """ |
no test coverage detected
searching dependent graphs…