Nmap Development mailing list archives
Re: [NSE][PATCH] only show script errors in verbose mode
From: David Fifield <david () bamsoftware com>
Date: Thu, 25 Sep 2008 19:26:59 -0600
On Thu, Sep 25, 2008 at 05:23:06PM -0600, Patrick Donnelly wrote:
On Wed, Sep 24, 2008 at 2:20 PM, David Fifield <david () bamsoftware com> wrote:You'll have to forgive me, I'm (still) pretty new to Lua. Is there a way to signal a special error code that would mean a module is missing, but it's an error that can be ignored? The error would be raised in the "else" branch of the "if" in Sven's example, or it could even be raised in an alternate compiled openssl module that didn't have any functions, just raised the error. Then this special error could be ignored, and normal require errors could continue to be reported. This approach would mean that the default action would be to report errors, unless they are specifically ignored by a script or a module. Reporting errors by default is a good choice because it will catch unforeseen errors. Raising a real error, instead of just having the portrule return false, is good because then we can display the error at higher verbosity levels ("The optional openssl module is not installed"). (This is a benefit I realized from studying your approach.) loadfile already checks for errors when loading a file ("%s: '%s' threw a run time error and could not be loaded."). So is there a way to indicate that the error is ignorable? I'm fine with creating a new type or whatever to ensure it's different from any other error message. If what I've described is feasible, that's what I'd like to see. Failing that, I slightly prefer checking for openssl in each script that uses it, because that's safer than ignoring all require errors and, importantly, it's easier to change to another technique in the future.So perhaps the best route is ignoring errors in require for just certain modules, such as "openssl". In the same way we have a list of required fields in a script (e.g. "action" and "description"), we can have optional modules. High verbosity or debugging would still show the same messages as in my previous patch/commit. Does this sound like the appropriate functionality then to be implemented?
Yes, but I don't want there to be a list of optional module names that get special treatment. The special handling of openssl should be apparent to anyone either reading the source of the openssl module, or the source of the scripts that use it (one of those two). In other words, the special handling of openssl should be done by openssl itself, not by NSE. NSE shouldn't need to be modified except in a generic way. I tried implementing my idea of raising an ignorable error just by returning a magic constant string if not pcall(require, "openssl") then error("MAGIC_QUIET_REQUIRE_ERROR_CONSTANT") end where the magic string is a stand-in fora generic ignorable error type. I tried checking for the string in loadfile. However that didn't work because the error message got changed somewhere to "/usr/share/nmap/scripts/SSH-hostkey.nse:41: MAGIC_QUIET_REQUIRE_ERROR_CONSTANT" I don't think it was by error_function, because that function didn't seem to be called. The same thing happened when I disabled error_function. Is there a way to avoid the error message getting changed? The eventual solution wouldn't use a magic string, of course, but probably a special C-defined error type distinguishable from other errors. It would have a tostring metamethod so it could be printed like other errors. Anyway, that is my idea, to allow scripts and libraries to raise different kinds of errors, so NSE knows which to ignore and which not to. Then the special logic goes in scripts or modules where it belongs. Who knows, we might want to have other kinds of ignorable errors in the future. For example, a script might need root privileges to send raw packets, and it should fail without a warning when not run as root. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE][PATCH] only show script errors in verbose mode, (continued)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)