On Thu, 30 Apr 2009, Andres Riancho wrote:
!! Achim,
!!
!! On Thu, Apr 30, 2009 at 5:26 AM, Achim Hoffmann <a...@securenet.de> wrote:
!! > How about following enhancements.
!! >
!! > why do we need spaces there?
!! > id=42
!! > should be good enough for any DB
!!
!! hehe, yes, good finding, it was stupid to request that to the user.
!! When I tried to fix it, I saw:
!!
!! #FIXME: This re is buggy
!! self._match = re.match('^(?:((?:id|uri)) (=|>|>=|<=|<|<>|like)
([\w\'\" /:\.]+)( (and|or) )?)*$', text )
!!
!! (The comment was added by me months ago)
!! Which... makes sense =)
!! Could you please help me fix this regular expression? It is in the
!! reqResDBHandler.py file.
ok, just a suggestion out of my fingertips:
self._match =
re.match('^(?:((?:id|uri))\s*((?:[<>]?=|<|>|<>|like)\s+([\w\'\"
/:.]+)(\s+(and|or)\s+)?)*$',text)
(Note: not sure if the \ infront of " is really necessary)
Keep in mind that (my experiance):
id like 42
is the same as
id=42
so the regex at all is a lazy aproach in this context.
!! > Also, is it possible to use regex there?
!! > At least simple regex would be more intuitive than SQLish like (at least
to me:)
!! > id=4[23]
!! > id=4[2-4]
!! > url/(foo|bar).html?/
!!
!! hmmm, It seems to be something supported by the sqlite module [0],
!! maybe if you modify the regular expression a little bit to let
!! something like this "SELECT * FROM Foo WHERE Foo.Name REGEXP '$bar'"
!! be valid, then we could test it.
!!
!! [0] http://www.sqlite.org/lang_expr.html
"expr" and "expression" here has nothing to do with regex, correct me if I'm
wrong.
Using regex in w3af here would be a feature, additional to learn SQL syntax
(which is already broken, somehow, due to the match see above).
If others are with me that regex make sense in w3af's search, then I'll have
a look at the source and try to implement it.
Achim------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
