Validate_length now checks status code

Change-Id: I99d43ef1a07191abe9a9adb8d8606c2518433da3
2016-05-24 11:22:03 -05:00 · 2016-05-24 11:22:03 -05:00 · cc89c7da39
parent c26d914992
commit cc89c7da39
1 changed files with 8 additions and 7 deletions
--- a/syntribos/tests/fuzz/base_fuzz.py
+++ b/syntribos/tests/fuzz/base_fuzz.py
@ -141,22 +141,23 @@ class BaseFuzzTestCase(base.BaseTestCase):
                      severity="Low",
                      confidence="High",
                      text=("This request returns an error with status code "
-                            "{0}, which might indicate some server-side fault"
+                            "{0}, which might indicate some server-side fault "
                            "that could lead to further vulnerabilities"
                            ).format(self.resp.status_code)
                      )
            )

-        if not self.validate_length():
+        if (not self.validate_length() and
+                self.resp.status_code == self.init_response.status_code):
            self.register_issue(
                Issue(test="length_diff",
                      severity="Low",
                      confidence="Low",
-                      text=("The difference in length between the response to"
-                            "the baseline request and the request returned"
-                            "when sending an attack string exceeds {0}"
-                            "percent, which could indicate a vulnerability to"
-                            "injection attacks")
+                      text=("The difference in length between the response to "
+                            "the baseline request and the request returned "
+                            "when sending an attack string exceeds {0} "
+                            "percent, which could indicate a vulnerability "
+                            "to injection attacks")
                      .format(self.config.percent)
                      )
            )