minor usability enhancement regarding warning for --text-only switch

stamparm · stamparm · commit 4f46a5ab6357 · 2011-05-26T20:48:18.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -502,7 +502,7 @@ def genCmpPayload():
 
 def checkFalsePositives(injection):
     """
-    Checks for false positives
+    Checks for false positives (only in single special cases)
     """
 
     retVal = injection
@@ -521,7 +521,8 @@ def checkFalsePositives(injection):
         while randInt1 == randInt2:
             randInt2 = int(randomInt(2)) + 1
 
-        # simple arithmetic operations like in Turing tests
+        # simple arithmetic operations which should show basic
+        # arithmetic ability of the backend if it's really injectable
         if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)):
             retVal = None
         elif checkBooleanExpression("%d=%d" % (randInt1, randInt2)):
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -48,6 +48,7 @@
 from lib.core.session import setInjection
 from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
 from lib.core.settings import IGNORE_PARAMETERS
+from lib.core.settings import LOW_TEXT_PERCENT
 from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
@@ -424,6 +425,8 @@ def start():
                             logger.warn(warnMsg)
 
                         else:
+                            kb.foundDynamicParameter = True
+
                             infoMsg = "%s parameter '%s' is dynamic" % (place, parameter)
                             logger.info(infoMsg)
 
@@ -469,7 +472,7 @@ def start():
                     errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
                     raise sqlmapNoneDataException, errMsg
                 elif not conf.realTest:
-                    errMsg = "all parameters are not injectable."
+                    errMsg = "all parameters appear to be not injectable."
 
                     if conf.level < 5 or conf.risk < 3:
                         errMsg += " Try to increase --level/--risk values "
@@ -480,10 +483,19 @@ def start():
 
                     if not conf.textOnly and kb.originalPage:
                         percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))
-                        errMsg += " Give it a go with the --text-only switch "
-                        errMsg += "if the target page has a low percentage of "
-                        errMsg += "textual content (~%.2f%% of " % percent
-                        errMsg += "page content is text)."
+
+                        if kb.dynamicParameters:
+                            errMsg += " Give it a go with the --text-only switch "
+                            errMsg += "if the target page has a low percentage of "
+                            errMsg += "textual content (~%.2f%% of " % percent
+                            errMsg += "page content is text)."
+                        elif percent < LOW_TEXT_PERCENT:
+                            errMsg = " Please retry with the --text-only switch "
+                            errMsg += "as this case looks like a perfect candidate "
+                            errMsg += "(low textual content along with inability "
+                            errMsg += "of comparison engine to detect at least "
+                            errMsg += "one dynamic parameter)."
+                            raise sqlmapNoneDataException, errMsg
 
                     if not conf.string and not conf.regexp:
                         errMsg += " Rerun by providing either a valid --string "
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1341,6 +1341,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     kb.dep = None
     kb.docRoot = None
     kb.dynamicMarkings = []
+    kb.dynamicParameters = False
     kb.endDetection = False
     kb.httpErrorCodes = {}
     kb.errorIsNone = True
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -339,3 +339,6 @@
 
 # Default ports used in Tor proxy bundles
 DEFAULT_TOR_PORTS = (8118, 8123)
+
+# Percentage below which comparison engine could have problems
+LOW_TEXT_PERCENT = 20
