[W3af-develop] Small improvement that will reduce our bug fixing time!

Fri, 29 Apr 2011 17:01:04 -0700 

Guys,

    Javier did it once again, today he developed a small improvement
that modified the way exceptions are raised from within a thread. This
might seem something silly, but it changes traceback messages from
something like this, where you know which the exception was but didn't
know where it happen:

"""
  File "/opt/owasp/w3af/core/controllers/basePlugin/baseDiscoveryPlugin.py",
line 48, in discover_wrapper
    return self.discover( fuzzable_request_copy )
  File "/opt/owasp/w3af/plugins/discovery/webSpider.py", line 202, in discover
    self._tm.join( self )
  File "/opt/owasp/w3af/core/controllers/threads/threadManager.py",
line 120, in join
    self._threadPool.wait( ownerObj, joinAll )
  File "/opt/owasp/w3af/core/controllers/threads/threadpool.py", line
263, in wait
    self.poll(block=True, ownerObj=ownerObj, joinAll=joinAll)
  File "/opt/owasp/w3af/core/controllers/threads/threadpool.py", line
248, in poll
    raise result
ValueError: The "url" parameter of setURL @ fuzzableRequest must be of
urlParser.url_object type.
"""

    To something similar to this, where we can really identify the bug:

"""
  File "C:\Program Files\w3af\w3af\core\ui\gtkUi\exploittab.py", line
713, in _launch_exploit_all
    exploit.exploit()
  File "C:\Program
Files\w3af\w3af\core\controllers\basePlugin\baseAttackPlugin.py", line
155, in exploit
    s = self._generateShell(vuln)
  File "C:\Program Files\w3af\w3af\plugins\attack\eval.py", line 98,
in _generateShell
    if self._verifyVuln( vuln_obj ):
  File "C:\Program Files\w3af\w3af\plugins\attack\eval.py", line 116,
in _verifyVuln
    extension = vuln_obj.getURL().getExtension()
AttributeError: 'NoneType' object has no attribute 'getExtension'
"""

    Congrats on a job well done!

[0] http://w3af.svn.sourceforge.net/w3af/?rev=4147&view=rev
-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to