Nmap Development mailing list archives

Re: [NSE][PATCH] only show script errors in verbose mode

From: Fyodor <fyodor () insecure org>
Date: Tue, 23 Sep 2008 18:07:32 -0700

On Tue, Sep 23, 2008 at 06:28:36PM -0600, David Fifield wrote:

On Tue, Sep 23, 2008 at 05:16:05AM -0600, Patrick Donnelly wrote:

I've been thinking about this problem for a while and have formed a
fix that should be perfect. I've already committed it after thorough
testing (r10335). Attached is the svn diff. The patch hooks the
require function and uses some fancy error handling to check if
require threw the error.


This looks good. The error messages are accessible enough with -d. In
the case of a catastrophic failure, like the nselib directory not being
present, you get a different, exceptional error message.

I think this is an acceptable solution, though of course others are
welcome to share their opinion. I do think that this needs to be
documented in scripting.xml, that require errors are a special case of
errors that are silently ignored.


Hi David.  I agree that this patch looks promising.  Though I have a
concern which as expressed in a post by Diman last night related to a
different proposed solution.  If someone tries to run a script, and
the required libraries can't be found (like bit, or shortport, or
maybe a more specific one like pop3 related to their script), they
probably won't notice the problem.  Ignoring errors is a bit
dangerous, so I think we should tailor the ignore rule pretty closely.

Yesterday Sven checked in some code to his nmap-exp which modified
SSH-hostkey like this:

-portrule = shortport.port_or_service(22, "ssh")
+if nmap.have_ssl() then
+  require("openssl")
+  portrule = shortport.port_or_service(22, "ssh")
+else
+  portrule = function() return false end
+end

I think this approach warrants some consideration since it is
specifically targetted, and does not rely on special case "magic"
behavior.  On the other hand, it puts more of a burden on script
writers than Patrick's patch.  So I'm fine with whatever solution
David decides on.  I agree that the ignore-require-errors approach
needs to be documented if we use that.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Diman Todorov (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)

(Thread continues...)