Taras,
I'm trying to fix bug #163143, "ValueError: insecure string
pickle" and I found a piece of code that I don't fully understand:
#
# Save raw data to file
#
f = StringIO()
p = Pickler(f)
p.dump((self.request, self.response))
with open(os.path.join(self._sessionDir, str(self.response.id)
+ self._ext), 'wb') as rrfile:
rrfile.write(f.getvalue())
rrfile.flush()
Why are you doing that, instead of something like:
f = open(os.path.join(self._sessionDir, str(self.response.id)
+ self._ext), 'wb')
p = Pickler(f)
p.dump( (self.request, self.response) )
rrfile.close()
In other words... why the StringIO? Doesn't it consume more memory
without any need? Why the flush instead of a close? I'm guessing that
the bug might be that a .trace file is being read at a point where it
hasn't been fully written to disk yet, so the close() might help (I
know flush is very similar in this case, but close() sounds better to
me, as we won't use this file anymore anyways)
Sorry if I'm missing something big here, I haven't been around
this piece of code in a while.
[0] https://sourceforge.net/apps/trac/w3af/ticket/163143
Regards,
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
