ignore false positive results.

michael1026 · Jul 31, 2022 · 2bccfc7 · 2bccfc7
1 parent 070462b
commit 2bccfc7
Showing 1 changed file with 4 additions and 20 deletions.
diff --git a/reflectedscanner/reflectedscanner.go b/reflectedscanner/reflectedscanner.go
@@ -17,36 +17,20 @@ func CheckStability(canary *string, body string, urlInfo *scan.URLInfo) {
 
 func CheckDocForReflections(body string, urlInfo *scan.URLInfo) []string {
 	var foundParameters []string
-
-	// if CountReflections(body, urlInfo.CanaryValue) != urlInfo.CanaryCount {
-	// 	// something happened with the response to cause the canary count to not be correct
-	// 	// this is probably caused by a parameter included in the request
-	// 	// for now, we are going to ignore this URL, but in the future, I'd like to find the parameter that caused this
-
-	// 	return foundParameters
-	// }
-
 	canaryCount := CountReflections(body, urlInfo.CanaryValue)
 
 	for param, value := range urlInfo.PotentialParameters {
 		counted := CountReflections(body, value)
 
 		if counted > canaryCount {
 			foundParameters = util.AppendIfMissing(foundParameters, param)
+			if len(foundParameters) > 50 {
+				// Going to assume these are false positives. 50+ parameters should not exist on one URL
+				return []string{}
+			}
 		}
 	}
 
-	// Check to make sure 50 / 100 / 1000 etc parameters weren't "found" in a single request. This could be caused by
-	// multiple things affecting the entire response (one parameter, site going down, etc).
-	//
-	// Another solution to this might be to use a canary for every request, then compare other parameters against the
-	// query.
-	//
-	// Another solution might be to detect the page being much different, then find what caused that.
-	if len(foundParameters) == urlInfo.MaxParams {
-		return []string{}
-	}
-
 	return foundParameters
 }