full rescans do not make you not vuln anymore (due to shaky scans)

Author: ic0ns

src/main/java/de/rub/nds/tlsscanner/probe/PaddingOracleProbe.java

@@ -63,7 +63,7 @@ public ProbeResult executeTest() {
         List<PaddingOracleTestResult> testResultList = new LinkedList<>();
         PaddingRecordGeneratorType recordGeneratorType;
         if (scannerConfig.getScanDetail() == ScannerDetail.NORMAL) {
-            recordGeneratorType = PaddingRecordGeneratorType.VERY_SHORT;
+            recordGeneratorType = PaddingRecordGeneratorType.SHORT;
         } else {
             recordGeneratorType = PaddingRecordGeneratorType.SHORT;
         }
@@ -164,7 +164,7 @@ public ProbeResult executeTest() {
                 }
             }
         }
-        return new PaddingOracleResult(testResultList);
+        return new PaddingOracleResult(testResultList, vulnerable);
     }
 
     private PaddingOracleTestResult createTestResult(ProtocolVersion version, CipherSuite suite, PaddingOracleCommandConfig paddingOracleConfig) {
@@ -221,7 +221,7 @@ public void adjustConfig(SiteReport report) {
 
     @Override
     public ProbeResult getNotExecutedResult() {
-        return new PaddingOracleResult(new LinkedList<PaddingOracleTestResult>());
+        return new PaddingOracleResult(new LinkedList<PaddingOracleTestResult>(), null);
     }
 
     private void filterSuite(Set<CipherSuite> set) {

src/main/java/de/rub/nds/tlsscanner/report/result/PaddingOracleResult.java

@@ -18,24 +18,20 @@ public class PaddingOracleResult extends ProbeResult {
 
     private List<PaddingOracleTestResult> resultList;
 
-    public PaddingOracleResult(List<PaddingOracleTestResult> resultList) {
+    private Boolean vulnerable;
+
+    public PaddingOracleResult(List<PaddingOracleTestResult> resultList, Boolean vulnerable) {
         super(ProbeType.PADDING_ORACLE);
         this.resultList = resultList;
+        this.vulnerable = vulnerable;
     }
 
     @Override
     public void mergeData(SiteReport report) {
-        Boolean vulnerable = null;
-        if (resultList.isEmpty()) {
+        if (resultList.isEmpty() && vulnerable == null) {
             vulnerable = false;
         }
-        for (PaddingOracleTestResult result : resultList) {
-            if (result.getVulnerable() == Boolean.TRUE) {
-                vulnerable = true;
-            } else if (result.getVulnerable() == Boolean.FALSE && vulnerable == null) {
-                vulnerable = false;
-            }
-        }
+
         report.setPaddingOracleTestResultList(resultList);
         report.setPaddingOracleVulnerable(vulnerable);
     }