Nmap Development mailing list archives

Re: [NSE] New class of scripts -- New Net Rules proposal

From: Patrick Donnelly <batrick () batbytes com>
Date: Sat, 26 Jun 2010 07:26:20 -0400

On Sat, Jun 26, 2010 at 6:42 AM, Djalal Harouni <tixxdz () gmail com> wrote:

7) The Action function:
-----------------------
o Since new NSE scripts can run at different times, the action function
must know when it has been called, because some scripts can have
different behaviours especially when they have multiple netrules.
e.g: A whois script which have a netrule_pre and a netrule_post rules
will run at the beginning and sets a registry value to tell the whois
hostrule script to save the results onto the registry, after that the
first whois script will run at the end (netrule_post) and collects/report
the final results (e.g: unique contact details). Having two different
scripts, a pre-scan one and a post-scan script to do this seems to me
rediculous.

o The action function receives two arguments:
 * A net table argument.
 * Another string argument "netrule_pre" or "netrule_post", in this case
 if there are scripts with more than one netrule the action will know
 when it has been called.

o This feature of a script which can have multiple netrules must not be
abused, if the action code differes a lot from when the script is in the
pre-scan mode and in the post-scan mode, then the best solution is to
have two different scripts each one with a netrule.


An idea we floated around in the NSE meeting was to change a rule
function to return its action function instead of a boolean. This
enables different action functions for each different rule (a script
can have multiple rule functions). A nice aspect of this change is the
ability to keep backwards compatibility: if the rule function returns
the boolean true --> use the global action function. This would remove
the need to make the action function aware of when it runs through an
extra argument.

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 24)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 24)
  - Re: [NSE] New class of scripts -- New Rule proposal Ron (Jun 25)
    - Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
  - Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Daniel Miller (Jun 25)
  - Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
  - Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 28)
    - Re: [NSE] New class of scripts -- New Rule proposal DePriest, Jason R. (Jun 29)
- Re: [NSE] New class of scripts -- New Net Rules proposal Djalal Harouni (Jun 26)
  - Re: [NSE] New class of scripts -- New Net Rules proposal Patrick Donnelly (Jun 26)
  - Re: [NSE] New class of scripts -- New Net Rules proposal Fyodor (Jun 28)