Do we know about any noSQL database that's "file based" like sqlite? Maybe we could use this small rewrite to compare the performance of those backends.
Regards, On Mon, Jan 31, 2011 at 6:38 PM, Andres Riancho <andres.rian...@gmail.com> wrote: > Taras, > > On Mon, Jan 31, 2011 at 6:08 PM, Taras <ox...@oxdef.info> wrote: >> Andres, >> >> Oh, it is bad and good bug in same time =) >> Bad side is that bug is not trivial to reproduce and it occurs >> "suddenly". But it looks like I found the problem. It is because of >> mistiming of db file and transactions files (*.trace) when target is >> changed. DB file is initialized in start of application and then it is >> bypassed through KB global object. But transactions files stores in >> 'get_home_dir() + 'sessions' + 'db_' + sessionName' dir >> This dir can be changed from start! Steps to reproduce: >> 1. run ./w3af_gui >> 2. launch proxy tool and test some site like >> http://pentagon.afis.osd.mil ;) >> 3. close proxy tool and try to scan some *different* site e.g. >> http://www.defense.gov >> 4. launch proxy tool again >> >> Current result: >> you must see this cruel exception > > Good to see that we know how to reproduce this vulnerability! I've > assigned it to you to fix at your earliest convenience :) > https://sourceforge.net/apps/trac/w3af/ticket/161417 > >> So the solution is to use single dir to transactions files with name >> similar to DB file and do not use sessionName in it to generate path >> every time. > > Agreed. > >> The good side in this bug is opportunity to make one more improvement in >> deal with this *big* number of session transactions files. We need to >> delete it in the end of session (when w3af is being closed). > > Yep, we should use only one file there. > >> I can fix it in the nearest days or you of course can assign it to >> another person if we need to fix it e.g. tomorrow =) > > Thanks! > >> On Mon, 2011-01-31 at 09:49 -0300, Andres Riancho wrote: >>> Oxdef, >>> >>> We've been getting a lot [0] of automatic bug reports that look like >>> this: >>> >>> w3afException: An internal error ocurred while searching for id "246". >>> Original exception: "[Errno 2] No such file or directory: >>> '/root/.w3af/sessions/some-site.com-2011-Jan-31_12-56-05/246.trace'" >>> >>> The only location where ".trace" files are created is in >>> "core/data/db/history.py". Do you have any idea on why this might >>> happen? How can we fix it? Thanks! >>> >>> [0] https://sourceforge.net/apps/trac/w3af/search?q=.trace >>> >>> Regards, >> >> -- >> Taras >> http://oxdef.info >> ---- >> "Software is like sex: it's better when it's free." - Linus Torvalds >> >> >> > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
