Tomas,
On Mon, Oct 29, 2012 at 10:35 PM, Tomas Velazquez
<tomas.velazqu...@gmail.com> wrote:
> Andres,
>
> Sorry for the delay, but I was developing other plugins more interesting,
> let me a few weeks and you'll see. :>
Nice, I would like to see that :)
> I don't like the word find in the plugin and maybe it is wrong to call it
> dvcs as it supports svn and cvs. I don't know what would be the correct
> name.
Some ideas:
code_repository
source_repository
code_repo
source_repo
code_leak
source_leak
The last two names are mostly related with the fact that based on the
metadata one could steal the code using
https://github.com/evilpacket/DVCS-Pillage which was written by the
original author from find_dvcs.py, Adam Baldwin.
> These new files used are more correct than the others and ensure the
> existence of a repository.
>
> http://code.google.com/p/tvelazquez/source/browse/pentest/w3af-plugins/crawl/find_dvcs.py
Great, reviewing right now. Will write some unittests and let you know
if there is anything else that needs to be done,
> Regards,
>
> PD: I would love a w3af stable version :>
That will be achieved when I finish my TODO
https://sourceforge.net/apps/trac/w3af/wiki/andres%27-TODO
It shouldn't be long before I finish it, the only problem is that it
seems to grow in number items instead of getting smaller ;) Now for
real, it shouldn't be long and it will be a great way to start over
with the project since it is a huge rewrite.
> Is there a roadmap?
At one point in time I created one, but it is outdated now :( You can
see a part of it here:
https://sourceforge.net/apps/trac/w3af/query?status=new&status=accepted&status=reopened&group=milestone&component=w3af-plugins&order=priority
But be aware! Most of those tickets are outdated: code already written
or the ticket was replaced by something else, etc. Before starting to
write anything send me an email and I'll let you know.
> I think the
> short development cycles would be good idea.
> http://zaproxy.blogspot.com.es/2012/10/zap-weekly-releases.html
At this moment it is impossible to achieve that. We could do it once
the threading2 branch is done... but it doesn't make much sense
either. Weekly releases mean one of two things: unstable or tons of
work. And the tons of work required to make a weekly release stable
make no sense for me.
Regards,
>
>
> On Mon, Oct 29, 2012 at 11:34 PM, Andres Riancho <andres.rian...@gmail.com>
> wrote:
>>
>> Tomas,
>>
>> On Fri, Oct 12, 2012 at 12:02 PM, Andres Riancho
>> <andres.rian...@gmail.com> wrote:
>> > Tomas,
>> >
>> > On Sun, Oct 7, 2012 at 2:55 PM, Tomas Velazquez
>> > <tomas.velazqu...@gmail.com> wrote:
>> >> Andres,
>> >>
>> >> I don't touch find_dvcs because it's a code of Adam Baldwin and I don't
>> >> know
>> >> if he let me change your code ... ok I will add my code to find_dvcs :)
>> >
>> > It is open source, and if you're improving it... nobody will complain.
>> >
>> > I'm not saying that you HAVE to use find_dvcs, I was just mentioning
>> > that the plugins look alike and that before replacing one with the
>> > other (or something similar) we should understand what each provides.
>> > Note that we shouldn't leave both, that would only confuse users.
>> >
>> >> find_dvcs uses this strings to check existence of repositories:
>> >> .git/HEAD
>> >> .hg/requires
>> >> .bzr/README
>> >>
>> >> I use the repository index files to check this. Should I keep these
>> >> files
>> >> previously mentioned?
>> >
>> > You should use the files you think are more convenient to reduce the
>> > amount of HTTP requests and increase the quality of the detection. For
>> > example, could .bzr/README be removed and the bzr repository still
>> > work? Could the content be edited manually and make the detection fail
>> > for that? In the case of the "repository index files" it sounds like
>> > if you remove/edit those the repository will not work.
>>
>> Did you have the time to merge these two plugins? I would love to
>> review that code, add it to the threading2 branch and remove this from
>> my TODO list :)
>>
>> Regards,
>>
>> >> Regards
>> >>
>> >>
>> >> On Fri, Oct 5, 2012 at 9:44 PM, Andres Riancho
>> >> <andres.rian...@gmail.com>
>> >> wrote:
>> >>>
>> >>> List, Tomas,
>> >>>
>> >>> > -
>> >>> >
>> >>> > https://code.google.com/p/tvelazquez/source/browse/pentest/w3af-plugins/crawl/rcs.py
>> >>>
>> >>> I noticed that this is an improvement for find_dvcs [0], which adds
>> >>> features for detecting SVN, CVS, etc. and also parsing some of the
>> >>> identified files; neat! What else is in this file? Why a rewrite
>> >>> instead of just adding stuff to find_dvcs?
>> >>>
>> >>> [0]
>> >>>
>> >>> https://sourceforge.net/apps/trac/w3af/browser/branches/threading2/plugins/crawl/find_dvcs.py
>> >>>
>> >>> Regards,
>> >>> --
>> >>> Andrés Riancho
>> >>> Project Leader at w3af - http://w3af.org/
>> >>> Web Application Attack and Audit Framework
>> >>> Twitter: @w3af
>> >>> GPG: 0x93C344F3
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Andrés Riancho
>> > Project Leader at w3af - http://w3af.org/
>> > Web Application Attack and Audit Framework
>> > Twitter: @w3af
>> > GPG: 0x93C344F3
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
