Review fix, part 1

CERT-Polska · Nov 2, 2023 · e74d877 · e74d877
1 parent f01513f
commit e74d877
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/karton_sqlmap/karton_sqlmap.py b/karton_sqlmap/karton_sqlmap.py
@@ -157,11 +157,11 @@ def _expand_query_parameters_for_scanning(url: str) -> List[str]:
                 new_query[key] = item
 
                 # We replace token with * after building the URL, so that the asterisk is passwd to sqlmap unescaped
-                results.append(
-                    urllib.parse.urlunparse(url_parsed._replace(query=urllib.parse.urlencode(new_query))).replace(
-                        token, "*"
-                    )
-                )
+                new_query_encoded = urllib.parse.urlencode(new_query)
+                new_url_parsed = url_parsed._replace(query=new_query_encoded)
+                new_url = urllib.parse.urlunparse(new_url_parsed)
+                new_url_with_injection_point = new_url.replace(token, "*")
+                results.append(new_url_with_injection_point)
         return results
 
     @staticmethod