From c1c65a7167e07e8cf4ac1d86521bd7b9b326165c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 29 Aug 2012 20:21:45 +0200
Subject: [PATCH] Fix for an Issue #166

---
 lib/controller/checks.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 3e3e31044..b5c9be321 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -659,6 +659,8 @@ def heuristicCheckSqlInjection(place, parameter):
             payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
             casting = Request.queryPage(payload, place, raise404=False)
 
+    kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE
+
     if casting:
         errMsg = "possible %s casting " % ("integer" if origValue.isdigit() else "type")
         errMsg += "detected (e.g. %s=(int)$_REQUEST('%s')) " % (parameter, parameter)
@@ -677,8 +679,6 @@ def heuristicCheckSqlInjection(place, parameter):
         infoMsg += "not be injectable"
         logger.warn(infoMsg)
 
-    kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE
-
     return kb.heuristicTest
 
 def checkDynParam(place, parameter, value):