Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[RFC][PATCH] NSE Version Numbering

From: Djalal Harouni <tixxdz () gmail com>
Date: Tue, 14 Dec 2010 15:10:47 +0100
Hi list,

Since lot of users have requested an automatic way to update NSE
scripts [1], and since lot of new features are added to NSE, updating
scripts without updating NSE can introduce incompatibility errors. This
is an attempt to introduce version numbering to NSE, in orded to only
load and execute supported scripts.


The proposed interface (a patch is attached):
o Add a new descriptive field to scripts: "require_nse = $VER"
  This field is a Lua number [2] and it is optional. 
  If this field is specified, and if it's greater than the version
  of the current NSE, then a warnning will be printed and the script
  will be dropped, which means that users must update their Nmap/NSE
  version.
  If this field is absent then its default value will be the current
  NSE version, this way scripts can run even if they do not specify this
  field.

o Add a new environment variable to scripts "NSE_VERSION", which
  contains the current NSE version. This way scripts can run normally
  and check this variable before requesting an unsupported function or
  a behaviour.

A patch against the Nmap trunk is attached, BTW it modifies some of
the xml attributes.


The version numbering is very simple e.g: 0.01 (Lua number) this value
will be incremented if there are some new NSE features that will have
a direct impact on NSE scripts/libraries and will *modify* their
behaviour, or a change on the NSE *core* functionalities, anything
related to the NSE core. As an example modifying/adding nse_*.cc
interfaces must be documented in the luadoc files:
file nmap.luadoc:

-- @return Some values
-- @require_nse 1.01  (script writers must use require_nse = 1.01)
function new_function()


Also the best way to let script writers to know about this is in
the NSEDoc of script libraries, add a new NSEDoc attribute like
"@require_nse $VER" to the functions docs. Currently there is no
patch for this.

Finally: this can be very hard to *maintain*, so please suggestions,
comments are welcome.


Here is a simple test:
NSE compiled with NSE_VERSION = "1.01" and
rpcinfo.nse with the field: "require_nse = 1.2"

$ ./nmap -p111 -sT -PN --datadir . --script scripts/rpcinfo.nse
192.168.100.1 -n

Starting Nmap 5.36TEST2 NSE 1.01 ( http://nmap.org ) at 2010-12-14 13:15
CET
NSE: Warning: './scripts/rpcinfo.nse' requires NSE version 1.20
Nmap scan report for 192.168.100.1
Host is up (0.0030s latency).
PORT    STATE SERVICE
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds


[1] http://seclists.org/nmap-dev/2010/q4/420
[2] http://www.lua.org/pil/2.3.html

-- 
tixxdz

Attachment: nse_version_numbering.diff
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: