keyboard Interrupt Exception Handling

owtf / owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

https://medium.com/@owtf

BSD 3-Clause "New" or "Revised" License

1.81k stars 470 forks source link

keyboard Interrupt Exception Handling #637

Closed RahulPratapSingh closed 8 years ago

RahulPratapSingh commented 8 years ago

Expected Behavior

Framework should terminate without leaving traceback on terminal.

Current Behavior

Program leaves a long traceback

Possible Solution

Exit the program gracefully on getting KeyboardInterrupt Exception.

Proper exception handling of function "LoadResourceDBFromFile" and "LoadConfigDBFromFile" in resource_manager.py and config_manager.py respectively.

Steps to Reproduce (for bugs)

Start OWTF from terminal.
Press CTRL+C quickly.

screenshot from 2016-03-26 22 46 46

Your Environment

Installation method used: Automatic
Version/branch used: Develop
Operating System and version (like Kali, Debian, ArchLinux, etc): Parrot OS
pip/setuptools version: 8.1.1
sudo access: Yes

viyatb commented 8 years ago

@RahulPratapSingh what you did was kill the sqlalchemy process midway when it was trying to load the data in the DB. This may corrupt the DB. Plus the traceback is needed so that the developer may know what went wrong with the component initialization.

RahulPratapSingh commented 8 years ago

@delta24 yes, from developer perspective, traceback is required. But in my opinion, end user might not be developer, who just came to use OWTF framework. ;)

pwnfoo commented 8 years ago

@RahulPratapSingh I disagree. All the users need traceback. If any end-user faces difficulty during the runtime or installation, Traceback is the only thing that will help us to pin-point the problem. Without it, debugging will be very difficulty. And I believe end-users of OWTF are pen-testers / atleast people who have knowledge of security, and hence Linux.

RahulPratapSingh commented 8 years ago

@sachinkamath Well, It's ur opinion. Traceback will help us to pin-point problem, I agree with it but you will find pentesters (often) without much knowledge of programming. For example, people often use metasploit but very few have knowledge of ruby. Just wanted to highlight the issue, let's OWTF crew members decide. :)

DePierre commented 8 years ago

Hi @RahulPratapSingh and thank you for your report.

However, I believe that this is a won't fix issue since it is an expected behavior. As pointed out by @delta24, the stack trace you see is from sqlalchemy that you killed when it was loading the database.

In that case, we have two users:

A tech-savvy user who will have the information he needs in the stack trace to pin-point the problem
A non tech-savvy user who will only use the last line of the stack trace to google the problem if he wishes to.

I agree, in the case of the KeyboardInterrupt, it's useless. But it's more often useful than useless. How often did I google the last line of an error message to find a quick fix when I didn't want to fix the software myself? And how often did I use the information in the stack trace to try to fix the bug myself? I would say often for both option.

@delta24 If you agree, I would label the issue as won't fix and close it.