[pkg] brutespray - review
Stéphane Neveu
stefneveu at gmail.com
Sat Jul 22 19:12:11 UTC 2017
Hi Lukas,
2017-07-22 20:24 GMT+02:00 Lukas Schwaighofer <lukas at schwaighofer.name>:
> Hi,
>
> On Sat, 22 Jul 2017 09:03:17 +0200
> Stéphane Neveu <stefneveu at gmail.com> wrote:
>
>> Thank you, it's updated. Tell me if it looks better now :)
>
> Looks good to me; if you want to make the commands listing more
> beautiful, add a colon after the first line if each bullet point, i.e.
> (diff style)
>
> - * `-f` FILE, `--file` FILE
> + * `-f` FILE, `--file` FILE:
> GNMAP or XML file to parse
>
> - * `-s` SERVICE, `--service` SERVICE
> + * `-s` SERVICE, `--service` SERVICE:
> Specify service to attack
>
> and so on. From ronn-format(7), DEFINITIONS LIST section:
>
> The definition list syntax is compatible with markdown´s
> unordered list syntax but requires that the first line of each
> list item be terminated with a colon
>
> But that's really a nit-pick, otherwise everything looks fine to me.
>
Great, ok I'll add those colons to make it look better.
>
> However I read a bit of the python code and brutespray.py does some
> things which will lead to unexpected results (e.g. it will basically
> perform the equivalent of `rm tmp/*` on each startup, which is
> something quite unexpected to do for a program that I start.
>
> Actually, I think that before we can improve on that behavior
> (preferably by submitting a pull request upstream patching brutespray
> to use a proper temporary directory), I think the program is unsuitable
> for Debian. (I feel a bit personally affected by this as I usually keep
> a ~/tmp dir with some stuff that I am temporarily working on, so using
> this script could cause some things I'm working on to be lost.)
>
> Maybe ask a DD here for advise? I also CCd Sophie, maybe she has an
> advise or opinion as well.
>
if not os.path.exists("tmp/"):
os.mkdir("tmp/")
tmppath = "tmp/"
filelist = os.listdir(tmppath)
for filename in filelist:
os.remove(tmppath+filename)
Yes, that not really clean, I have to agree. No hope to fix that with
simple patch that replaces tmp/ by /tmp/brutespray ?
Nevertheless, I agree with you, it would be sane to submit a patch upstream.
>> > PS: I just noticed that we also uploaded curvedns with a priority
>> > standard, that should also be corrected to optional or extra
>> > with a subsequent upload.
>>
>> Yes, I also need to update Vcs-* as I told you yesterday.
>
> Good that you noticed and fixed it in git!
>
Regards
Stephane
More information about the Pkg-security-team
mailing list