[patch][RFC] Keep version information from NSE in XML even when -sV not requested

[Daniel Miller <bonsaiviking () gmail com>]

List,

I recently did a scan for 1433/tcp, running ms-sql-info.nse, which sets 
version information. I neglected to put -sV, partially because the scan 
was enormous and I wanted to avoid extra probes (ms-sql-info sends the 
same probe as the version detection engine, anyway). Sadly, when I went 
to parse the XML output, the version information (product, version, 
extrainfo) was missing from the XML, even though the script populates 
those fields.

I understand not outputting the information to Normal output, to avoid 
confusion, or even to Greppable output, since legacy scripts could be 
confused if they don't expect it. But I don't see any reason why the XML 
output can't keep this information. XML parsers should be able to handle 
extra data, and if they are built to the DTD, this is not unexpected 
data, either.

I'm attaching two patches that do this: version_to_XG.patch sends the 
version data to both XML and Grepable streams. version_to_X.patch sends 
it only to the XML stream. The patches contain indentation which makes 
it seem like more changes were actually made. Here's the non-whitespace 
patch (XML only) for easy viewing:
> Index: nse_nmaplib.cc
> ===================================================================
> --- nse_nmaplib.cc    (revision 28355)
> +++ nse_nmaplib.cc    (working copy)
> @@ -603,16 +603,10 @@
>    else
>      luaL_error(L, "port.version 'cpe' field must be a table");
>
> -  if (o.servicescan)
>      target->ports.setServiceProbeResults(p->portno, p->proto,
>          probestate, name, tunnel, product,
>          version, extrainfo, hostname, ostype, devicetype,
>          (cpe.size() > 0) ? &cpe : NULL, NULL);
> -  else
> -    target->ports.setServiceProbeResults(p->portno, p->proto,
> -        probestate, name, tunnel, NULL, NULL,
> -        NULL, NULL, NULL, NULL, NULL, NULL);
> -
>    return 0;
>  }
>
> Index: output.cc
> ===================================================================
> --- output.cc    (revision 28355)
> +++ output.cc    (working copy)
> @@ -739,7 +739,7 @@
>            Tbl->addItem(rowno, reasoncol, true, 
> port_reason_str(current->reason));
>
>          sd.populateFullVersionString(fullversion, sizeof(fullversion));
> -        if (*fullversion)
> +        if (*fullversion && versioncol > 0) {
>            Tbl->addItem(rowno, versioncol, true, fullversion);
>
>          // How should we escape illegal chars in grepable output?
> @@ -763,6 +763,10 @@
>              p++;
>            }
>          }
> +        }
> +        else {
> +          grepvers[0] = '\0';
> +        }
>          log_write(LOG_MACHINE, "%d/%s/%s//%s/%s/%s/", current->portno,
>                    state, protocol, serviceinfo, rpcmachineinfo, 
> grepvers);
Looking forward to hearing your comments on this.

Dan

Attachment: version_to_X.patch
Description:

Attachment: version_to_XG.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/