code refactoring some more

stamparm · stamparm · commit 81c16926c1e6 · 2010-12-08T14:46:07.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -452,7 +452,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
         logger.info(infoMsg)
     else:
         infoMsg += "not be injectable"
-        logger.warning(infoMsg)
+        logger.warn(infoMsg)
 
 def checkDynParam(place, parameter, value):
     """
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -67,6 +67,7 @@
 from lib.core.settings import DUMP_TAB_MARKER
 from lib.core.settings import DUMP_START_MARKER
 from lib.core.settings import DUMP_STOP_MARKER
+from lib.core.settings import MIN_TIME_RESPONSES
 
 class UnicodeRawConfigParser(RawConfigParser):
     """
@@ -1542,7 +1543,15 @@ def wasLastRequestDelayed():
     # 99.9999999997440% of all non time-based sql injection
     # affected response times should be inside +-7*stdev([normal response times])
     # (Math reference: http://www.answers.com/topic/standard-deviation)
-    return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * stdev(kb.responseTimes))
+    deviation = stdev(kb.responseTimes)
+    if deviation:
+        if len(kb.responseTimes) < MIN_TIME_RESPONSES:
+            warnMsg = "time based standard deviation method used "
+            warnMsg += "on a model with less than %d response times" % MIN_TIME_RESPONSES
+            logger.warn(warnMsg)
+        return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * deviation)
+    else:
+        return kb.lastQueryDuration - conf.timeSec
 
 def extractErrorMessage(page):
     """
diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py
@@ -49,7 +49,7 @@ def connect(self):
 
         except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg:
             warnMsg = "unable to connect using SQLite 3 library, trying with SQLite 2"
-            logger.warning(warnMsg)
+            logger.warn(warnMsg)
 
             try:
                 try:
