Nmap Development mailing list archives
Patch development advice: better xml output support
From: Till Maas <opensource () till name>
Date: Wed, 13 Jan 2010 01:19:04 +0100
Hiyas, I just starting writing some patches for a bette xml output support. Currently the XML file breaks if nmap is interrupted or killed. I just wrote a POC patch to run printfinaloutput() on SIGINT and SIGTERM. But I would also like to enhance the nmap.dtd with a <interrupted> tag that is used instead of the <finished> tag in case the scan did not complete, to show this in XML. For this I want to pass an argument to printfinaloutput. Do you prefer to use a charstring like "finished" or "interrupted" or to use a int as boolean value or maybe usen enum or constant? Also to sync the other outputs with the XML output, I would change the "nmap done at..." line to "nmap finished at..." or "nmap interrupted at...". How do you like this? It would break the stdout parsing, but according to the documentation, this is not necessarly a bad thing. The next enhancement to the dtd and xml output would be to add a parameter to <nmaprun> that indicates that nmap resumed with a certain host. E.g. <nmaprun ... resume_after="LAST_SCANNED"> or <nmaprun ... resume_with="FIRST_TO_BE_SCANNED">. What's your opinion about this? More far away is a patch to allow to resume using the XML file. I guess it should be work at least as good as the current way, if just the lastentry like <address addr="137.226.139.32" addrtype="ipv4" /> is used to determine which host was scanned last. But I did not really look into the code to do this. Then another idea is to create a new tag like <nmaplog> that is the new most outer xml tag used in the XML file. Then appending to the XML file could be done as follows to ensure a valid xml file: given xml file: <?xml version="1.0" ?> <?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?> <nmaplog> <!-- Nmap 5.00 scan initiated ..--> <nmaprun ...> ... </nmaprun ...> </nmaplog> - Now remove the last line (</nmaplog>) - create only a new <nmaprun ...> - in printfinaloutput end the log again with </nmaplog> I hope it is clear what I mean. The downside of this would be to break all current nmap XML parsers. Last but not least: A kind of related problem is, that the sourcecode is not indented according to the style guide in HACKING. There are several tabs included at some lines. Do you mind to apply a patch to remove them? I would then generate one before creating the other patches. Please comment my ideas and I am happy to send patches. It was a pleasure to look at the code. :-) Regards Till
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Patch development advice: better xml output support Till Maas (Jan 12)
- Re: Patch development advice: better xml output support David Fifield (Feb 26)