Re: [NSE] Script Dependencies Replacement for Runlevels

[Patrick Donnelly <batrick () batbytes com>]

Hi Fyodor,

On Tue, Nov 10, 2009 at 10:20 PM, Fyodor <fyodor () insecure org> wrote:
> > My question is, do we need support for strong dependencies? I'm assuming
> > I'm correct in thinking that strong dependencies are a new future, and
> > that weak dependencies are equivalent to runlevels. If there is a use
> > case for strong dependencies I'm not against them, but I would like to
> > avoid having a --script-autoadd option.
>
> I could be missing something, but I think libraries can easily fill
> the need of a "strong dependency" script with less complication.  The
> first time a library function is called it can (take a mutex to insure
> this isn't happening in parallel and) do the requested work for the
> caller and also save any results for future callers if desired.  This
> allows the script to better communicate what it wants (e.g. it can
> specify parameters) and it also avoids users having to worry about
> specifying scripts which are only needed because some other script
> depends on them.  Users should only have to specify what they want
> done (scripts) and shouldn't need to worry about their internal
> implementation.

It's admittedly difficult (for me) to identify a scenario where a
script (strong) dependency makes more sense than the requiring of a
library. Despite thinking about this a lot, I haven't decided which is
better; however, my instinct is that libraries are inappropriate for
doing the tasks that are better encapsulated in a script (fetching
possible user names for later brute forcing) -- while I am making the
http-spider functionality in a library, there will still be a script
that actually runs the spider. Anyway, whatever you guys decide I'm ok
with.

> > I think people will have trouble with the distinction between "strong"
> > and "weak" dependencies. How about using a name like "run_after" for
> > weak dependencies?
> weak_dependencies is a bit of a mouthful. run_after sounds a bit better.
> If we only support one kind of dependencies, we could use the "deps"
> keyword for them.  It is short and already has an established meaning
> of "dependencies" in some circles.  It might be a bit confusing if
> we're referring to the optional (weak) dependencies.  So I'm fully
> open to other names.

The names (dependencies & weak_dependencies) are long but so are
others (description). These names are written only once and need not
be specified in every script (the default is an empty dependencies
table). Here I think full names are fine. Also, there is no reason for
a script to reference the dependencies table in their code so brevity
doesn't gain us anything.

-- 
-Patrick Donnelly

"Let all men know thee, but no man know thee thoroughly: Men freely
ford that see the shallows."

- Benjamin Franklin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/