Andres, I didn't use noSQL databases but it can be interesting research =) But for the first lets simply fix this bug with files.
> Do we know about any noSQL database that's "file based" like sqlite? > Maybe we could use this small rewrite to compare the performance of > those backends. > > Regards, > > On Mon, Jan 31, 2011 at 6:38 PM, Andres Riancho > <andres.rian...@gmail.com> wrote: > > Taras, > > > > On Mon, Jan 31, 2011 at 6:08 PM, Taras <ox...@oxdef.info> wrote: > >> Andres, > >> > >> Oh, it is bad and good bug in same time =) > >> Bad side is that bug is not trivial to reproduce and it occurs > >> "suddenly". But it looks like I found the problem. It is because of > >> mistiming of db file and transactions files (*.trace) when target is > >> changed. DB file is initialized in start of application and then it is > >> bypassed through KB global object. But transactions files stores in > >> 'get_home_dir() + 'sessions' + 'db_' + sessionName' dir > >> This dir can be changed from start! Steps to reproduce: > >> 1. run ./w3af_gui > >> 2. launch proxy tool and test some site like > >> http://pentagon.afis.osd.mil ;) > >> 3. close proxy tool and try to scan some *different* site e.g. > >> http://www.defense.gov > >> 4. launch proxy tool again > >> > >> Current result: > >> you must see this cruel exception > > > > Good to see that we know how to reproduce this vulnerability! I've > > assigned it to you to fix at your earliest convenience :) > > https://sourceforge.net/apps/trac/w3af/ticket/161417 > > > >> So the solution is to use single dir to transactions files with name > >> similar to DB file and do not use sessionName in it to generate path > >> every time. > > > > Agreed. > > > >> The good side in this bug is opportunity to make one more improvement in > >> deal with this *big* number of session transactions files. We need to > >> delete it in the end of session (when w3af is being closed). > > > > Yep, we should use only one file there. > > > >> I can fix it in the nearest days or you of course can assign it to > >> another person if we need to fix it e.g. tomorrow =) > > > > Thanks! > > > >> On Mon, 2011-01-31 at 09:49 -0300, Andres Riancho wrote: > >>> Oxdef, > >>> > >>> We've been getting a lot [0] of automatic bug reports that look like > >>> this: > >>> > >>> w3afException: An internal error ocurred while searching for id "246". > >>> Original exception: "[Errno 2] No such file or directory: > >>> '/root/.w3af/sessions/some-site.com-2011-Jan-31_12-56-05/246.trace'" > >>> > >>> The only location where ".trace" files are created is in > >>> "core/data/db/history.py". Do you have any idea on why this might > >>> happen? How can we fix it? Thanks! > >>> > >>> [0] https://sourceforge.net/apps/trac/w3af/search?q=.trace > >>> > >>> Regards, > >> > >> -- > >> Taras > >> http://oxdef.info > >> ---- > >> "Software is like sex: it's better when it's free." - Linus Torvalds > >> > >> > >> > > > > > > > > -- > > Andrés Riancho > > Director of Web Security at Rapid7 LLC > > Founder at Bonsai Information Security > > Project Leader at w3af > > > > > -- Taras http://oxdef.info ---- "Software is like sex: it's better when it's free." - Linus Torvalds ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
