Re: [W3af-develop] history.py question related to bug #163143

Sun, 08 May 2011 10:24:12 -0700 

Taras,

On Sun, May 8, 2011 at 6:31 AM, Taras <ox...@oxdef.info> wrote:
> Andres,
>
> Hmmm, I think you are totally right!
> There is no really needing for stringIO and flush() so you are free to
> remove it. Don't forget also fix _loadFromFile() method.

    Changes applied in r4203, lets see if this helps a little bit with
the memory usage of w3af and fixes the bug :)

>>     I'm trying to fix bug #163143, "ValueError: insecure string
>> pickle" and I found a piece of code that I don't fully understand:
>>
>>         #
>>         # Save raw data to file
>>         #
>>         f = StringIO()
>>         p = Pickler(f)
>>         p.dump((self.request, self.response))
>>         with open(os.path.join(self._sessionDir, str(self.response.id)
>> + self._ext), 'wb') as rrfile:
>>             rrfile.write(f.getvalue())
>>             rrfile.flush()
>>
>>     Why are you doing that, instead of something like:
>>
>>         f = open(os.path.join(self._sessionDir, str(self.response.id)
>> + self._ext), 'wb')
>>         p = Pickler(f)
>>         p.dump( (self.request, self.response) )
>>         rrfile.close()
>>
>>     In other words... why the StringIO? Doesn't it consume more memory
>> without any need? Why the flush instead of a close? I'm guessing that
>> the bug might be that a .trace file is being read at a point where it
>> hasn't been fully written to disk yet, so the close() might help (I
>> know flush is very similar in this case, but close() sounds better to
>> me, as we won't use this file anymore anyways)
>>
>>     Sorry if I'm missing something big here, I haven't been around
>> this piece of code in a while.
>>
>> [0] https://sourceforge.net/apps/trac/w3af/ticket/163143
>>
>> Regards,
>
> --
> Taras
> http://oxdef.info
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>
>
>



-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to