Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Libraries and Global Accesses

From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 15 Jul 2009 09:24:19 -0600
On Thu, Jul 9, 2009 at 2:34 AM, Patrick Donnelly<batrick () batbytes com> wrote:

NSE Libraries have had a difficult time lately with inappropriate (and
probably accidental) use of global variables. Besides being much
slower than local access, global variables (within a library) are
shared by all scripts. That is, two or more scripts running some
function in a library may be setting/using globals simultaneously. I
of course use "simultaneously" to mean that while one script is
yielded on some socket operation, another script may be changing the
variables the yielded script intends to use again.


The standard Lua extension library strict.lua has been modified for
our use and added to our group of libraries (r14301). This library is
similar to the bash script above except runtime checking is enforced
so libraries no longer use globals incorrectly. The NSEDoc comment is
descriptive as to how it functions:

"Checks for undeclared global variables during runtime execution. This
module places the 'strict' function in the global environment. The
strict function allows a script to add runtime checking so that
undeclared globals cause an error to be raised. This is useful for
finding accidental use of globals when local was intended. A global
variable is considered 'declared' if the script makes an assignment to
the global name (even nil) in the file scope."

The module function is hooked so that we automatically call the strict
function for each module call. This forces all the NSE libraries to
only use declared globals. We catch most global access accidents at
runtime without the need for the bash script announced in the OP. Of
course, some code paths are not always tested so strict.lua is not a
perfect replacement but definitely helps catch most cases.

The strict function is also usable by scripts so Authors may catch
global access mistakes while debugging scripts. One simply needs to
require "strict" and call the return value like so:

local strict = require "strict"
strict()

-- 
-Patrick Donnelly

"Let all men know thee, but no man know thee thoroughly: Men freely
ford that see the shallows."

- Benjamin Franklin

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: