Merge pull request #2618 from delvelabs/mark-steps-in-har

stamparm · web-flow · commit bf40526785ba · 2017-07-20T02:52:57.000+02:00
Mark steps in HAR file
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -162,6 +162,13 @@ def checkSqlInjection(place, parameter, value):
             unionExtended = False
             trueCode, falseCode = None, None
 
+            if conf.httpCollector is not None:
+                conf.httpCollector.setExtendedArguments({
+                    "_title": title,
+                    "_place": place,
+                    "_parameter": parameter,
+                })
+
             if stype == PAYLOAD.TECHNIQUE.UNION:
                 configUnion(test.request.char)
 
diff --git a/lib/core/threads.py b/lib/core/threads.py
@@ -38,8 +38,6 @@ def reset(self):
         Resets thread data model
         """
 
-        self.requestCollector = None
-
         self.disableStdOut = False
         self.hashDBCursor = None
         self.inTransaction = False
diff --git a/lib/utils/har.py b/lib/utils/har.py
@@ -29,9 +29,15 @@ def create(self):
 class HTTPCollector:
     def __init__(self):
         self.messages = BigArray()
+        self.extendedArguments = {}
+
+    def setExtendedArguments(self, arguments):
+        self.extendedArguments = arguments
 
     def collectRequest(self, requestMessage, responseMessage, startTime=None, endTime=None):
-        self.messages.append(RawPair(requestMessage, responseMessage, startTime, endTime))
+        self.messages.append(RawPair(requestMessage, responseMessage,
+                                     startTime=startTime, endTime=endTime,
+                                     extendedArguments=self.extendedArguments))
 
     def obtain(self):
         return {"log": {
@@ -41,31 +47,37 @@ def obtain(self):
         }}
 
 class RawPair:
-    def __init__(self, request, response, startTime=None, endTime=None):
+    def __init__(self, request, response, startTime=None, endTime=None, extendedArguments=None):
         self.request = request
         self.response = response
         self.startTime = startTime
         self.endTime = endTime
+        self.extendedArguments = extendedArguments or {}
 
     def toEntry(self):
-        return Entry(request=Request.parse(self.request), response=Response.parse(self.response), startTime=self.startTime, endTime=self.endTime)
+        return Entry(request=Request.parse(self.request), response=Response.parse(self.response),
+                     startTime=self.startTime, endTime=self.endTime,
+                     extendedArguments=self.extendedArguments)
 
 class Entry:
-    def __init__(self, request, response, startTime, endTime):
+    def __init__(self, request, response, startTime, endTime, extendedArguments):
         self.request = request
         self.response = response
         self.startTime = startTime or 0
         self.endTime = endTime or 0
+        self.extendedArguments = extendedArguments
 
     def toDict(self):
-        return {
+        out = {
             "request": self.request.toDict(),
             "response": self.response.toDict(),
             "cache": {},
-            "timings": [],
+            "timings": {},
             "time": int(1000 * (self.endTime - self.startTime)),
             "startedDateTime": "%s%s" % (datetime.datetime.fromtimestamp(self.startTime).isoformat(), time.strftime("%z")) if self.startTime else None
         }
+        out.update(self.extendedArguments)
+        return out
 
 class Request:
     def __init__(self, method, path, httpVersion, headers, postBody=None, raw=None, comment=None):
@@ -130,9 +142,9 @@ def __init__(self, httpVersion, status, statusText, headers, content, raw=None,
     @classmethod
     def parse(cls, raw):
         altered = raw
-        comment = None
+        comment = ""
 
-        if altered.startswith("HTTP response ["):
+        if altered.startswith("HTTP response [") or altered.startswith("HTTP redirect ["):
             io = StringIO.StringIO(raw)
             first_line = io.readline()
             parts = cls.extract_status.search(first_line)
