Open NedkoHristov opened 8 years ago
This change will be particularly useful for testing in a production environment (I'm sure that some of the users using BLNS test directly in a production environment).
What? No, don't do that!
The whole idea of this is to have a list of dangerous strings. That's what BLNS is. There already is a list of problematic strings in an extracted file: blns.txt
.
Status Completed! The potentially dangerous strings have been left in blns.txt
- the non-dangerous strings have been moved to /dev/null
. If you want to test using strings that have no potential to be dangerous, use the strings contained in /dev/null
.
Reading the discussion about removing "DROP" statement from BLNS, I thought that is my be a good idea to separate potentially dangerous strings (as DROP statement, XML fork bomb, etc.) to a separate file different than blns.txt to make sure that testing will be done with no potential data-loss.
This change will be particularly useful for testing in a production environment (I'm sure that some of the users using BLNS test directly in a production environment).