PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Minor optimization (avoiding unnecessary deepcopies)

Browse Source
This commit is contained in:
Miroslav Stampar
2016-09-20 09:56:08 +02:00
parent e519484230
commit bcd62ecc5b
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/controller/checks.py
View File

@@ -94,6 +94,12 @@ def checkSqlInjection(place, parameter, value):
# Localized thread data needed for some methods
threadData = getCurrentThreadData()
# Favoring non-string specific boundaries in case of digit-like parameter values
if value.isdigit():
boundaries = sorted(copy.deepcopy(conf.boundaries), key=lambda boundary: any(_ in (boundary.prefix or "") or _ in (boundary.suffix or "") for _ in ('"', '\'')))
else:
boundaries = conf.boundaries
# Set the flag for SQL injection test mode
kb.testMode = True
@@ -311,12 +317,6 @@ def checkSqlInjection(place, parameter, value):
comment = agent.getComment(test.request) if len(conf.boundaries) > 1 else None
fstPayload = agent.cleanupPayload(test.request.payload, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) else None)
# Favoring non-string specific boundaries in case of digit-like parameter values
if value.isdigit():
boundaries = sorted(copy.deepcopy(conf.boundaries), key=lambda x: any(_ in (x.prefix or "") or _ in (x.suffix or "") for _ in ('"', '\'')))
else:
boundaries = conf.boundaries
for boundary in boundaries:
injectable = False