NSE Script Arguments (Was: Script selection - Gsoc)

[Patrick Donnelly <batrick () batbytes com>]

On Fri, Apr 2, 2010 at 6:52 PM, David Fifield <david () bamsoftware com> wrote:
> Making script arguments defined by code not comments--as we do for
> description and categories--is a sensible design decision. There would
> have to be a way to get arguments from included libraries too.
>
> I don't like adding an extra parameter to action; isn't the pretty much
> the same as nmap.registry.args? Also it puts args at a different
> parameter index for portrule and hostrule scripts, which is a little
> awkward but maybe it doesn't bother people. But the overall idea is
> something I can support. --script-updatedb could then put args in
> script.db and Zenmap could parse it.

Another option is to make the args globally available via an 'arg'
table for each script (each script has its own args). This is kinda
similar to how Lua gives args to a script on the CLI [1].

A script could specify its arguments using code like this:

arg["user"] = arg["user"] or "foo"
arg["password"] = arg["password"] or "bar"

nse_main.lua could easily figure out what arguments are used simply
using __index and/or __newindex metamethods and generate entries in
the script database without parsing the file's NSEDoc comments.

I'm undecided on whether we should strip some "identifier" for script
arguments in the above code snippet. Something like this:

arg["ldap-brute.username"] = arg["ldap-brute.username"] or "foo"

versus

arg["username"] = arg["username"] or "foo" -- the ldap-brute prefix is
inferred by nse_main.lua

I think I prefer the former because many scripts "share" the same argument.

[1] http://www.lua.org/manual/5.1/manual.html#6

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/