[W3af-develop] Error handling strategies

Thu, 04 Sep 2014 16:39:07 -0700 

List,

    I'm currently working on (the much needed) error handling
"feature" for w3af [0], the user story says:

"""
I would like to have better handling for the case in which:

* My network connection died for a couple of seconds
* The server went offline for a couple of seconds

Currently w3af doesn't support this and will return an error, as a
user I would like w3af to auto-pause testing for some seconds and
auto-resume. This auto-pause feature should enable itself at most
three times in a row, if the server is still down w3af should return
an error.
"""

    Now that I have to code it, I'm wondering... what's the best
strategy for doing this? My initial ideas are:

Assumptions
-----------------
Define fail as connection timeout, connection reset, host not
reachable, etc. (most socket errors)

Naive strategy
-------------------
 * Define a MAX_CONSECUTIVE_ERRORS constant. If we reach it, stop the
whole scan.
 * When one of the HTTP requests fails, delay all the following ones
for a couple of seconds
 * If the next requests succeed, just continue as if nothing happen
 * If they failed, keep delaying for a couple of seconds until we
recover OR reach MAX_CONSECUTIVE_ERRORS limit and stop the scan

% of MAX_CONSECUTIVE_ERRORS
---------------------------------------------------
 * Define a MAX_CONSECUTIVE_ERRORS constant. If we reach it, stop the
whole scan.
 * When one HTTP request fails, increase a counter (Only increase it
if the previous one also failed)
 * When we reach 30% of MAX_CONSECUTIVE_ERRORS we delay all the
following HTTP requests hoping that the server/connection will recover
 * If MAX_CONSECUTIVE_ERRORS is reached, then stop the scan

    Anyone knows if there are papers on error network error handling
for cases like this? What's the best algorithm?

[0] https://github.com/andresriancho/w3af/issues/4811

Regards,
-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to