Requests for script dependencies

[David Fifield <david () bamsoftware com>]

On Sun, Nov 08, 2009 at 05:45:19PM -0500, Patrick Donnelly wrote:
> Right now scripts are required to assign a runlevel for their scripts
> to enforce an ordered execution of a group of scripts during an NSE
> scan. As an example, smb-brute.nse uses a runlevel of 0.5 so it runs
> before other smb-* scripts. This allows the other smb-* scripts to
> utilize the results from the smb-brute.nse script. Unfortunately, it
> can be difficult to identify the dependencies between these scripts
> (specified loosely via runlevels) and impossible to enforce a
> dependency (since scripts are not aware of what other scripts are
> running). Enforcing a dependency means that we do not run our script
> if we are missing a dependency (or, we abort scanning altogether
> because a dependency is missing).
>
> I have created a patch to NSE that replaces runlevels with a table of
> dependencies that clearly outlines what other scripts the script
> depends on.

Patrick, please make a branch for this patch. I want it to be merged,
but it should be done all at once with the addition of dependency tables
to the scripts themselves.

Here is what Fyodor and I would like you to do in the branch. First,
remove strong dependencies and make "dependencies" the keyword for weak
dependencies. The idea behind that is that weak dependencies are going
to be the common case, and so should have a shorter name. If a need is
demonstrated for strong dependencies, then they could be re-added with
the keyword strong_dependencies or strict_dependencies or something like
that.

Next, add dependency tables to scripts that need them. Ron, since your
scripts are the biggest users of runlevels, would you figure out their
dependency tables? There are four different runlevels in use now: 0.5,
1.0, 1.01, and 2.0. It will be a matter of, for example, looking at all
the runlevel 1.0 scripts, seeing which ones really depend on the
runlevel 0.5 scripts, and so on.

Finally, replace the description of runlevels in scripting.xml with a
description of how dependencies work. You did such a good job
introducing this patch to the mailing list that you can use your post
and its examples as a model.

What do you think of this plan? Is moving from both strong and weak
dependencies to only weak dependencies a reasonable idea? We just want
to see a script that needs strong dependencies before adding the
feature.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/