Nmap Development mailing list archives

Re: [NSE][PATCH] only show script errors in verbose mode

From: Sven Klemm <sven () c3d2 de>
Date: Tue, 23 Sep 2008 11:27:10 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
| On Tue, Sep 23, 2008 at 09:59:46AM +0200, Sven Klemm wrote:
|> Hi everyone,
|>
|> this patch changes nmap to only show script errors that happen while
|> loading scripts when verbose or debugging is set.
|
| Thanks Sven, but this may be painting with too broad a brush.  If a
| script fails to compile due to syntax error or something like that, I
| think we still want to show it.  Ugly error messages for unanticipated
| problems increase the likelyhood that a user will actually report the
| issue.  Also, even script developers could get confused if their
| script doesn't load properly and they don't find out about it because
| they forgot to specify -v.
|
| But that is how we want to treat *unanticipated* errors.  There is
| another class of issues where we *know* that the script won't work,
| and so there is no point printing an ugly message whenever the user
| runs Nmap (which would just teach users to ignore error messages).
| That is the case for OpenSSL-requiring scripts when that library is
| unavailable.  And it may become a general case of missing dependencies
| if we someday have more optional libraries like that.  So I think we
| either need to modify just those scripts to quit gracefully (or not
| run in the first place) if OpenSSL is missing, or we need to modify
| NSE to properly handle that specific error.  Printing the error might
| still be OK in debug mode.
|
| I don't know the best way to implement this, but I know the sort of
| behavior we want, which is the same behavior Nmap has in the other
| ways it uses OpenSSL (such as version detection).  That is that we
| simply don't use the OpenSSL-requiring features when OpenSSL isn't
| present.

I was hoping to find a solution that wouldn't require modifying the
NSE scripts but you are right that my patch is probably a bad thing
and might mask errors that should get displayed. I've modified the
SSH-hostkey script to catch cases where openssl is not available.

Cheers,
Sven


- --
Sven Klemm
http://cthulhu.c3d2.de/~sven/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjYtmMACgkQevlgTHEIT4abEgCeJsBa2SIZwkFPN3cdOOp7R0Ov
DzoAn1x+IrMdN8ASEhBIhGzdKqNT85B4
=cQ+k
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Diman Todorov (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)

(Thread continues...)