Re: [NSE][PATCH] only show script errors in verbose mode

["Diman Todorov" <diman.todorov () gmail com>]

Hello,

On Tue, Sep 23, 2008 at 10:32 AM, Fyodor <fyodor () insecure org> wrote:
> On Tue, Sep 23, 2008 at 09:59:46AM +0200, Sven Klemm wrote:
> > Hi everyone,
> >
> > this patch changes nmap to only show script errors that happen while
> > loading scripts when verbose or debugging is set.
>
> Thanks Sven, but this may be painting with too broad a brush.  If a
> script fails to compile due to syntax error or something like that, I
> think we still want to show it.  Ugly error messages for unanticipated
> problems increase the likelyhood that a user will actually report the
> issue.  Also, even script developers could get confused if their
> script doesn't load properly and they don't find out about it because
> they forgot to specify -v.
thanks Sven for the Patch and thanks Fyodor for covering what I was
about to write myself. By the way, I think that errors at the loading
phase are not only require and syntax errors --  it is easy to imagine
someone committing a script without committing (forgetting to commit)
her newly developed library. I would much rather like a patch which
handles specifically require failures and does so in a slightly more
sophisticated way.

> I don't know the best way to implement this, but I know the sort of
> behavior we want, which is the same behavior Nmap has in the other
> ways it uses OpenSSL (such as version detection).  That is that we
> simply don't use the OpenSSL-requiring features when OpenSSL isn't
> present.
I think the best way is to analyze which scripts require SSL during
the loading phase. If OpenSSL is not present, scripts requiring SSL
can be simply exempted from the loading procedure.

cheers,
Diman

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org