More fix for --technique resume

bdamele · bdamele · commit 2d8408c88598 · 2011-05-05T16:38:46.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -80,6 +80,7 @@ def checkSqlInjection(place, parameter, value):
             if kb.endDetection:
                 break
 
+            proceed = True
             title = test.title
             stype = test.stype
             clause = test.clause
@@ -202,6 +203,21 @@ def checkSqlInjection(place, parameter, value):
                 logger.debug(debugMsg)
                 continue
 
+            if len(kb.injections) > 0:
+                for resumedInj in kb.injections:
+                    if resumedInj.place == place and resumedInj.parameter \
+                       == parameter and stype in resumedInj.data:
+                        debugMsg = "skipping test '%s' because this " % title
+                        debugMsg += "technique has already been detected "
+                        debugMsg += "in a previous run"
+                        logger.debug(debugMsg)
+
+                        proceed = False
+                        break
+
+            if not proceed:
+                continue
+
             infoMsg = "testing '%s'" % title
             logger.info(infoMsg)
 
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -317,9 +317,18 @@ def start():
                             # TODO: consider the following line in __setRequestParams()
                             # __testableParameters = True
 
-            if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \
-                and (kb.injection.place is None or kb.injection.parameter is None):
+            proceed = False
 
+            if len(kb.injections) > 0:
+                for resumedInj in kb.injections:
+                    for tech in conf.tech:
+                        if tech not in resumedInj.data:
+                            proceed = True
+                            break
+            else:
+                proceed = True
+
+            if proceed:
                 if not conf.string and not conf.regexp:
                     # NOTE: this is not needed anymore, leaving only to display
                     # a warning message to the user in case the page is not stable
