code review part 3

stamparm · stamparm · commit 5bdb50c22442 · 2011-01-15T13:15:10.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -301,7 +301,6 @@ def checkSqlInjection(place, parameter, value):
                     boundPayload = agent.suffixQuery(boundPayload, comment, suffix)
                     boundPayload = agent.cleanupPayload(boundPayload, value)
                     reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
-                    unionVector = None
 
                     # Perform the test's request and check whether or not the
                     # payload was successful
@@ -474,7 +473,7 @@ def checkSqlInjection(place, parameter, value):
     else:
         return None
 
-def heuristicCheckSqlInjection(place, parameter, value):
+def heuristicCheckSqlInjection(place, parameter):
     if kb.nullConnection:
         debugMsg  = "heuristic checking skipped "
         debugMsg += "because NULL connection used"
@@ -518,7 +517,6 @@ def simpletonCheckSqlInjection(place, parameter, value):
 
     result = False
     randInt = randomInt()
-    randStr = randomStr()
 
     if value.isdigit():
         payload = "%s AND %d=%d" % (value, randInt, randInt)
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -282,7 +282,7 @@ def start():
                         if __paramDict:
                             conf.paramDict[PLACE.COOKIE] = __paramDict
                             # TODO: consider the following line in __setRequestParams()
-                            __testableParameters = True
+                            # __testableParameters = True
 
             if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \
                 and (kb.injection.place is None or kb.injection.parameter is None):
@@ -344,7 +344,7 @@ def start():
                         kb.testedParams.add(paramKey)
 
                         if testSqlInj:
-                            check = heuristicCheckSqlInjection(place, parameter, value)
+                            check = heuristicCheckSqlInjection(place, parameter)
                             if not check and conf.realTest and\
                               not simpletonCheckSqlInjection(place, parameter, value):
                                 continue
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -1621,7 +1621,7 @@ def beep():
                 try:
                     audio = file(dev, 'wb')
 
-                    for i in xrange(250):
+                    for _ in xrange(250):
                         audio.write(chr(32) * 4)
                         audio.write(chr(0) * 4)
 
diff --git a/lib/core/xmldump.py b/lib/core/xmldump.py
@@ -415,7 +415,7 @@ def dbTableValues(self, tableValues):
 
         logger.info("Table '%s.%s' dumped to XML file" % (db, table))
 
-    def dbColumns(self, dbColumns, _, dbs):
+    def dbColumns(self, dbColumns, colConsider, dbs):
         '''
         Adds information about the columns
         '''
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
@@ -128,7 +128,6 @@ def unionTest(comment, place, parameter, value, prefix, suffix, dbms):
     if conf.direct:
         return
 
-    oldTechnique = kb.technique
     kb.technique = PAYLOAD.TECHNIQUE.UNION
     validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix, dbms)
 
diff --git a/lib/utils/checkpayload.py b/lib/utils/checkpayload.py
@@ -8,7 +8,6 @@
 """
 
 import re
-import sre_constants
 
 from lib.core.common import getCompiledRegex
 from lib.core.common import readXmlFile
diff --git a/lib/utils/getch.py b/lib/utils/getch.py
@@ -26,7 +26,7 @@ def __call__(self): return self.impl()
 
 class _GetchUnix:
     def __init__(self):
-        import tty, sys
+        import tty
 
     def __call__(self):
         import sys, tty, termios
