avoid SQLi in white-box with no SQL

Author: arcuri82

core/src/main/kotlin/org/evomaster/core/problem/enterprise/service/EnterpriseSampler.kt

@@ -36,6 +36,10 @@ abstract class EnterpriseSampler<T> : Sampler<T>() where T : Individual {
         protected set
 
 
+    fun isSUTUsingASQLDatabase() : Boolean{
+        return sqlInsertBuilder != null
+    }
+
     override fun applyDerivedParamModifications(ind: T) {
 
         val levels = derivedParamHandler.getOrderLevels()

core/src/main/kotlin/org/evomaster/core/problem/rest/service/SecurityRest.kt

@@ -278,7 +278,11 @@ class SecurityRest {
         if (!config.isEnabledFaultCategory(DefinedFaultCategory.SQL_INJECTION)) {
             log.debug("Skipping experimental security test for sql injection as disabled in configuration")
         } else {
-            handleSqlICheck()
+            if(config.blackBox || sampler.isSUTUsingASQLDatabase()) {
+                // in white-box testing, if no that the SUT is not using any SQL database, then no point
+                // in trying any kind of SQLi attack
+                handleSqlICheck()
+            }
         }
 
         if (config.isEnabledFaultCategory(DefinedFaultCategory.SSRF)) {