Re: [NSE][PATCH] only show script errors in verbose mode

[David Fifield <david () bamsoftware com>]

On Thu, Sep 25, 2008 at 11:19:26PM -0600, Patrick Donnelly wrote:
> On Thu, Sep 25, 2008 at 10:52 PM, David Fifield <david () bamsoftware com> wrote:
> > Yes, now we're getting somewhere. Maybe we shouldn't use newproxy if
> > it's not documented, but the technique of using a userdata to represent
> > a unique type sounds perfect. I can't see the rest of the
> > implementation, so maybe you can provide a sketch of it.
>
> Basically, I would see us having a register_error function somewhere
> that would associate a string error identifier with the unique
> userdata object. The package.errors table would have the string
> associated with the userdata and vice versa, literally:
>
> package.errors.MISSING_SYSTEM_DEPENDENCY = newproxy()
> package.errors[package.errors.MISSING_SYSTEM_DEPENDENCY] =
> "MISSING_SYSTEM_DEPENDENCY"
>
> So, when we catch an error in C via pcall we can quickly identify the
> type of error. Internally we may have a "degree of severity" (or
> perhaps simply verbosity) which we use to notify the user.

This is the right idea, but again, I think it's a bad idea to use
newproxy if it's undocumented and unsupported. Plus if we can't set a
metatable on the result of newproxy it limits our flexibility.

How about just creating a new C type, say nmap.error, each instance of
which would be associated with a certain metatable (so we could do
luaL_checkudata on it), and which would allow a custom string for each
instance. I was reading http://www.lua.org/pil/28.2.html and it appears
to be just what we need.

> > Where does the error get raised and how?
>
> The error would be raised by the C module (possibly by a script or Lua
> module, doesn't matter too much). The module could quickly check if a
> dependency is missing (e.g. OpenSSL) and raise the error.

That would be great. So the C module would just check HAVE_OPENSSL at
compile time and either define all the functions or include code to
raise an error. Tell me how you get an error from a C module at
"require" time. Aren't all the C modules loaded all at once in init_lua?
How does a C module know when it has been required?

> > Is there a way to associate a different string with each instance of an error?
>
> Yes, as shown above.

No, I mean there should be a way to associate a different string with
each MISSING_SYSTEM_DEPENDENCY instance, for example. Like the error
message should have "openssl" in it if it was raised by the openssl
module.

> > The more I think about it, the more I think it would be good to display
> > the require errors whenever a script is requested specifically. So
> >
> > nmap --script=default
> >
> > would hide the SSH-hostkey error, while
> >
> > nmap --script=SSH-hostkey.nse
> >
> > would show it. Is there a nice way to differentiate between scripts
> > loaded by name (or directory) and scripts loaded implicitly through a
> > category? We might want to handle warnings for the two cases
> > differently. This isn't urgent, just something to think about.
>
> In the current implementation of the script engine, this is a pretty
> difficult thing to do (or rather, keep track of).

Okay, let's not worry about it then.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org