Re: [W3af-develop] Request/Result navigator: search

Thu, 30 Apr 2009 05:33:54 -0700 

Achim,

On Thu, Apr 30, 2009 at 5:26 AM, Achim Hoffmann <a...@securenet.de> wrote:
> How about following enhancements.
>
> why do we need spaces there?
>   id=42
> should be good enough for any DB

hehe, yes, good finding, it was stupid to request that to the user.
When I tried to fix it, I saw:

        #FIXME: This re is buggy
        self._match = re.match('^(?:((?:id|uri)) (=|>|>=|<=|<|<>|like)
([\w\'\" /:\.]+)( (and|or) )?)*$', text )

(The comment was added by me months ago)
Which... makes sense =)
Could you please help me fix this regular expression? It is in the
reqResDBHandler.py file.

> Also, is it possible to use regex there?
> At least simple regex would be more intuitive than SQLish like (at least to 
> me:)
>   id=4[23]
>   id=4[2-4]
>   url/(foo|bar).html?/

hmmm, It seems to be something supported by the sqlite module [0],
maybe if you modify the regular expression a little bit to let
something like this "SELECT * FROM Foo WHERE Foo.Name REGEXP '$bar'"
be valid, then we could test it.

[0] http://www.sqlite.org/lang_expr.html


> Achim
>
>
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
Andrés Riancho
http://www.bonsai-sec.com/
http://w3af.sourceforge.net/

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to