Re: [NSE] Script Pre-scanning and Post-scanning example

[Patrick Donnelly <batrick () batbytes com>]

Hi Kris,

On Tue, Aug 10, 2010 at 8:19 PM, Kris Katterjohn <katterjohn () gmail com> wrote:
> Notes in general:
>
> * It started bothering me working on this patch that scripts could get quickly
> cluttered with different branches for prerule, postrule, etc. when script
> functionality may only be slightly related amongst phases.
>
> A thought I had would be to check if a script offers functions named things
> like postaction() and execute these hooks instead of action() in the post-scan
> phase (for example)-- this way script authors have control on clutter and can
> separate it with NSE easily obliging.  Scripts which don't have these hooks
> are just called with action() like normal.
>
> A counter-argument to this could be to just add more code to libraries and
> have separate script to prerule and postrule if they are substantially
> different enough to warrant things like postaction().  But the latter could
> mean very specific things added to libraries which only these scripts would
> use, which then just needlessly clutters libraries.
>
> If all multiphase scripts are simple enough (it wouldn't make sense to use
> postaction or something like that in my patch, for example) then this won't be
> a problem, but some forethought may save future headaches.  Who knows, maybe
> simply breaking up action() will always be best if the phases make it too messy.

We've discussed a variety of solutions to this problem including the
one you brought up. I think the one we chose ended up being the most
flexible while adding extremely little complexity to the engine
(literally 1 or 2 lines of code added for SCRIPT_TYPE). If you dislike
the if statements and would prefer something like a "postaction"
function to help separate the logic, may I suggest this:

function preaction (...)
end

function scanaction (...)
end

function postaction (...)
end

local actions = {
  prerule = preaction,
  hostrule = scanaction,
  portrule = scanaction,
  postrule = postaction,
}

function action (...) return actions[SCRIPT_TYPE](...) end

> * Djalal's work on these different phases seems to work well.  I've only
> really tested with this patch (prerule), but I didn't have any problems.

Thanks for testing! It's shaping up to be an exciting change!

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/