RE: URL Vulnerability Checker 06-25-2013, 07:38 PM
#11
(06-25-2013, 06:39 PM)ArkPhaze Wrote: 1. If you turned on Option Strict, you would see a ton of errors and warnings with this code being too implicit.
2. You're using a Function where some methods should really be Subs, becuse they don't return a value at all. The Function, Greetings() for instance only outputs to the console. How is this a proper function that expects a return value?
3. This is VB.net not VB6: In Function URLDecode...
Code:URLDecode = TempAns
You should use a Return here instead
4. You have mixed return values. In the IstekGonder Function for instance, You're returning both a string here and an Integer if an exception is caught.
5. You're not being explicit with your variables:
Code:Dim webResponse = ""
Which leads to my next point...
6. You're not using the As clause in places where it should be used; After function declarations, in variable declarations, etc...
7. You're main "method" of (poor) exception handling is with a Try Catch block. And with that i'll adivse you to read this page: http://msdn.microsoft.com/en-us/library/ms229005.aspx
8. Why are you returning 1's and 0's in places where a Boolean would probably be better?
9. You're not disposing of the underlying streams in some objects, specifically your WebRequests in this case, which is bad practice. If the GC decides to do a clean sweep, that is a computationally expensive process.
10. In your Main() Sub, that last Console.ReadLine() is unreachable code because you're using a goto that always loops back to the label before reading that method. And this leads me to the last of the points that I'll make about this code...
11. You shouldn't be using a goto here...
There are others, but you're not going to understand them if you're making mistakes like this in your code, so I won't post them for now.
Other than that, my criticism here is not intended to be insulting, so take it as feedback and as advice. I wrote this post out while I was looking through your code, so it's a mention of just some of the things I've noticed. If I wrote a program like this, I would probably make it plugin based, because this is only a fraction of the amount of vulnerabilities that could be looked for... And there's no reason to hard code the checking functionality for each and every one of them, because newer exploits and vulnerability methods come out all the time.
That'll actually help me to improve my code thank you for feedback
Also I know the difference between criticism and insulting so I'm not offended don't worry
Fuck You.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
