c08c98415395b76371581432be55381f0f6e2b40,w3af/plugins/audit/format_string.py,format_string,_analyze_result,#format_string#Any#Any#,58

Before Change

        //
        //   I will only report the vulnerability once.
        //
        if self._has_no_bug(mutant):

            for error in self.ERROR_STRINGS:
                // Check if the error string is in the response

                if error in response.body and \
                error not in mutant.get_original_response_body():
                    desc = "A possible (detection is really hard...) format"\
                          " string vulnerability was found at: %s"
                    desc = desc % mutant.found_at()
                    
                    v = Vuln.from_mutant("Format string vulnerability", desc,
                                         severity.MEDIUM, response.id,
                                         self.get_name(), mutant)
                    
                    v.add_to_highlight(error)
                    
                    self.kb_append_uniq(self, "format_string", v)
                    break

    def _get_string_list(self):
        
        :return: This method returns a list of format strings.
        

After Change

        //
        //   I will only report the vulnerability once.
        //
        if self._has_bug(mutant):
            return

        for error in self.ERROR_STRINGS:
            // Check if the error string is in the response
            if error not in response.body:
                continue

            if error in mutant.get_original_response_body():
                continue

            desc = ("A possible (detection is really hard...) format"
                    " string vulnerability was found at: %s")
            desc %= mutant.found_at()

Instances