Re: [NSE][PATCH] only show script errors in verbose mode

[Fyodor <fyodor () insecure org>]

On Tue, Sep 23, 2008 at 09:59:46AM +0200, Sven Klemm wrote:
> Hi everyone,
>
> this patch changes nmap to only show script errors that happen while 
> loading scripts when verbose or debugging is set.

Thanks Sven, but this may be painting with too broad a brush.  If a
script fails to compile due to syntax error or something like that, I
think we still want to show it.  Ugly error messages for unanticipated
problems increase the likelyhood that a user will actually report the
issue.  Also, even script developers could get confused if their
script doesn't load properly and they don't find out about it because
they forgot to specify -v.

But that is how we want to treat *unanticipated* errors.  There is
another class of issues where we *know* that the script won't work,
and so there is no point printing an ugly message whenever the user
runs Nmap (which would just teach users to ignore error messages).
That is the case for OpenSSL-requiring scripts when that library is
unavailable.  And it may become a general case of missing dependencies
if we someday have more optional libraries like that.  So I think we
either need to modify just those scripts to quit gracefully (or not
run in the first place) if OpenSSL is missing, or we need to modify
NSE to properly handle that specific error.  Printing the error might
still be OK in debug mode.

I don't know the best way to implement this, but I know the sort of
behavior we want, which is the same behavior Nmap has in the other
ways it uses OpenSSL (such as version detection).  That is that we
simply don't use the OpenSSL-requiring features when OpenSSL isn't
present.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org