From c74c58c47e5a455103c83b95d4748e4d5eec435b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 10 Jan 2019 14:27:19 +0100
Subject: [PATCH] Varnish Cache is not a proof of Varnish WAF usage

---
 lib/core/settings.py | 2 +-
 txt/checksum.md5     | 4 ++--
 waf/varnish.py       | 5 ++---
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 8ec5e503f..c5a986af1 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.1.35"
+VERSION = "1.3.1.36"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index d6301a7be..d0440e320 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3  lib/core/patch.py
 9a7d68d5fa01561500423791f15cc676  lib/core/replication.py
 3179d34f371e0295dd4604568fb30bcd  lib/core/revision.py
 d6269c55789f78cf707e09a0f5b45443  lib/core/session.py
-ea3015b1f6bd7e4f462818ce2c11f6eb  lib/core/settings.py
+361ca22d9a342cf10e107b123f990733  lib/core/settings.py
 a8a7501d1e6b21669b858a62e921d191  lib/core/shell.py
 5dc606fdf0afefd4b305169c21ab2612  lib/core/subprocessng.py
 eec3080ba5baca44c6de4595f1c92a0d  lib/core/target.py
@@ -463,7 +463,7 @@ ef6f83952ce6b5a7bbb19f9b903af2b6  waf/teros.py
 ba0fb1e6b815446b9d6f30950900fc80  waf/trafficshield.py
 876c746d96193071271cb8b7e00e1422  waf/urlscan.py
 45f28286ffd89200d4c9b6d88a7a518f  waf/uspses.py
-2d9d9fa8359a9f721e4b977d3da52410  waf/varnish.py
+879315dc70deadc55b345c9bc65fa1d5  waf/varnish.py
 455bb16f552e7943e0a5cf35e83a74ea  waf/virusdie.py
 67df54343a85fe053226e2a5483b2c64  waf/wallarm.py
 114000c53115fa8f4dd9b1b9122ec32a  waf/watchguard.py
diff --git a/waf/varnish.py b/waf/varnish.py
index 946e12713..50263fe69 100644
--- a/waf/varnish.py
+++ b/waf/varnish.py
@@ -15,9 +15,8 @@ def detect(get_page):
     retval = False
 
     for vector in WAF_ATTACK_VECTORS:
-        page, headers, code = get_page(get=vector)
-        retval = code == 404 and re.search(r"\bXID: \d+", page or "") is not None
-        retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
+        page, _, code = get_page(get=vector)
+        retval = code >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
         if retval:
             break