Nmap Development mailing list archives
Re: [NSE][PATCH] only show script errors in verbose mode
From: Sven Klemm <sven () c3d2 de>
Date: Tue, 23 Sep 2008 11:27:10 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fyodor wrote: | On Tue, Sep 23, 2008 at 09:59:46AM +0200, Sven Klemm wrote: |> Hi everyone, |> |> this patch changes nmap to only show script errors that happen while |> loading scripts when verbose or debugging is set. | | Thanks Sven, but this may be painting with too broad a brush. If a | script fails to compile due to syntax error or something like that, I | think we still want to show it. Ugly error messages for unanticipated | problems increase the likelyhood that a user will actually report the | issue. Also, even script developers could get confused if their | script doesn't load properly and they don't find out about it because | they forgot to specify -v. | | But that is how we want to treat *unanticipated* errors. There is | another class of issues where we *know* that the script won't work, | and so there is no point printing an ugly message whenever the user | runs Nmap (which would just teach users to ignore error messages). | That is the case for OpenSSL-requiring scripts when that library is | unavailable. And it may become a general case of missing dependencies | if we someday have more optional libraries like that. So I think we | either need to modify just those scripts to quit gracefully (or not | run in the first place) if OpenSSL is missing, or we need to modify | NSE to properly handle that specific error. Printing the error might | still be OK in debug mode. | | I don't know the best way to implement this, but I know the sort of | behavior we want, which is the same behavior Nmap has in the other | ways it uses OpenSSL (such as version detection). That is that we | simply don't use the OpenSSL-requiring features when OpenSSL isn't | present. I was hoping to find a solution that wouldn't require modifying the NSE scripts but you are right that my patch is probably a bad thing and might mask errors that should get displayed. I've modified the SSH-hostkey script to catch cases where openssl is not available. Cheers, Sven - -- Sven Klemm http://cthulhu.c3d2.de/~sven/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjYtmMACgkQevlgTHEIT4abEgCeJsBa2SIZwkFPN3cdOOp7R0Ov DzoAn1x+IrMdN8ASEhBIhGzdKqNT85B4 =cQ+k -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Diman Todorov (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)