Taras, On Wed, Dec 21, 2011 at 6:07 AM, Taras <ox...@oxdef.info> wrote: > Andres, > > >> I was reading through the whole rewritten-urls branch patch before >> I merged into the trunk and realized that there are still a couple of >> pending things and questions and we need to think about. Please read >> the lines that start with "#APR" in the attached patch file. Thanks >> and sorry to review this for the third time and still find new things >> :( > > > Misprint fixed :)
Great, >> #APR: Are we sure about this? Shouldn't we have a real getURI that >> returns the URI and a real getURL that only returns the URL? > > The code with getURL/getURI is similar with mutantFileName ones. > Do we really want to change this everywhere? > By the way as I remember some time ago we had discussion about difference > between URI and URL. In our cases URL == URI [0] Ok, let's keep URL == URI for now. >> #APR: Do we use this? How? >> + def dynamicURL( self ): >> + ''' >> + > Strange method and it is only found in base mutant class and mutantFileName. > Let's remove it from these places? Let's remove it! I think we don't use it anywhere! > >> #APR: Do we want to call _createUrlPartsMutants for all freq? Does it make >> sense to fuzz the URL when >> there are query string parameters? Hmmm... we should think about this. > > Why not? For example, http://exmaple.com/foo/bar/5?sort=desc My point is that if the URL has parameters it is VERY UNLIKELY that it will also use url-rewrites. Correct? > About doctest strings. How do you run it? http://sourceforge.net/apps/trac/w3af/wiki/developers-guide > [0] > http://en.wikipedia.org/wiki/Uniform_resource_identifier#Relationship_to_URL_and_URN > > > -- > Taras > http://oxdef.info -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
