Nmap Development mailing list archives
Re: [NSE][PATCH] only show script errors in verbose mode
From: David Fifield <david () bamsoftware com>
Date: Wed, 24 Sep 2008 14:20:29 -0600
On Wed, Sep 24, 2008 at 12:29:00PM -0600, Patrick Donnelly wrote:
On Wed, Sep 24, 2008 at 11:48 AM, David Fifield <david () bamsoftware com> wrote:Sven, is there a way to check if require("openssl") failed by actually trying it, rather than predicting it will fail with nmap.have_ssl?pcall(require, "openssl")I mean, run require("openssl") and somehow catch any error. That would make the technique more general and it could become the recommended way to handle scripts which use any optional modules.What you guys are proposing doesn't sound any different from what I did except the way it is handled. The alternate methods proposed, particularly: -portrule = shortport.port_or_service(22, "ssh") +if nmap.have_ssl() then + require("openssl") + portrule = shortport.port_or_service(22, "ssh") +else + portrule = function() return false end +end makes the script not run. The patch I made does the same thing _and_ tells the user the script failed due to X dependency provided the verbosity is high enough. I'm not sure what you guys are really looking for.
The difference is that checking for the openssl module in the script affects only the openssl module, while catching all require errors affects every module. This is a new situation because openssl would be our first "optional" module, one that can't automaically be assumed to be installed. It's going to be a serious error if, say, shortport, is missing, but openssl is one we expect sometimes to be unavailable. Don't get me wrong, I think your solution of hooking the require function is a good one. I keep equivocating as to which approach is the best. We do want most require errors to be shown by default, except those that come from openssl. You'll have to forgive me, I'm (still) pretty new to Lua. Is there a way to signal a special error code that would mean a module is missing, but it's an error that can be ignored? The error would be raised in the "else" branch of the "if" in Sven's example, or it could even be raised in an alternate compiled openssl module that didn't have any functions, just raised the error. Then this special error could be ignored, and normal require errors could continue to be reported. This approach would mean that the default action would be to report errors, unless they are specifically ignored by a script or a module. Reporting errors by default is a good choice because it will catch unforeseen errors. Raising a real error, instead of just having the portrule return false, is good because then we can display the error at higher verbosity levels ("The optional openssl module is not installed"). (This is a benefit I realized from studying your approach.) loadfile already checks for errors when loading a file ("%s: '%s' threw a run time error and could not be loaded."). So is there a way to indicate that the error is ignorable? I'm fine with creating a new type or whatever to ensure it's different from any other error message. If what I've described is feasible, that's what I'd like to see. Failing that, I slightly prefer checking for openssl in each script that uses it, because that's safer than ignoring all require errors and, importantly, it's easier to change to another technique in the future. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE][PATCH] only show script errors in verbose mode, (continued)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Diman Todorov (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 26)