Nmap Development mailing list archives
[RFC][PATCH] NSE Version Numbering
From: Djalal Harouni <tixxdz () gmail com>
Date: Tue, 14 Dec 2010 15:10:47 +0100
Hi list, Since lot of users have requested an automatic way to update NSE scripts [1], and since lot of new features are added to NSE, updating scripts without updating NSE can introduce incompatibility errors. This is an attempt to introduce version numbering to NSE, in orded to only load and execute supported scripts. The proposed interface (a patch is attached): o Add a new descriptive field to scripts: "require_nse = $VER" This field is a Lua number [2] and it is optional. If this field is specified, and if it's greater than the version of the current NSE, then a warnning will be printed and the script will be dropped, which means that users must update their Nmap/NSE version. If this field is absent then its default value will be the current NSE version, this way scripts can run even if they do not specify this field. o Add a new environment variable to scripts "NSE_VERSION", which contains the current NSE version. This way scripts can run normally and check this variable before requesting an unsupported function or a behaviour. A patch against the Nmap trunk is attached, BTW it modifies some of the xml attributes. The version numbering is very simple e.g: 0.01 (Lua number) this value will be incremented if there are some new NSE features that will have a direct impact on NSE scripts/libraries and will *modify* their behaviour, or a change on the NSE *core* functionalities, anything related to the NSE core. As an example modifying/adding nse_*.cc interfaces must be documented in the luadoc files: file nmap.luadoc: -- @return Some values -- @require_nse 1.01 (script writers must use require_nse = 1.01) function new_function() Also the best way to let script writers to know about this is in the NSEDoc of script libraries, add a new NSEDoc attribute like "@require_nse $VER" to the functions docs. Currently there is no patch for this. Finally: this can be very hard to *maintain*, so please suggestions, comments are welcome. Here is a simple test: NSE compiled with NSE_VERSION = "1.01" and rpcinfo.nse with the field: "require_nse = 1.2" $ ./nmap -p111 -sT -PN --datadir . --script scripts/rpcinfo.nse 192.168.100.1 -n Starting Nmap 5.36TEST2 NSE 1.01 ( http://nmap.org ) at 2010-12-14 13:15 CET NSE: Warning: './scripts/rpcinfo.nse' requires NSE version 1.20 Nmap scan report for 192.168.100.1 Host is up (0.0030s latency). PORT STATE SERVICE 111/tcp open rpcbind Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds [1] http://seclists.org/nmap-dev/2010/q4/420 [2] http://www.lua.org/pil/2.3.html -- tixxdz
Attachment:
nse_version_numbering.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC][PATCH] NSE Version Numbering Djalal Harouni (Dec 14)
- Re: [RFC][PATCH] NSE Version Numbering Patrick Donnelly (Dec 14)
- Re: [RFC][PATCH] NSE Version Numbering Djalal Harouni (Dec 28)
- Re: [RFC][PATCH] NSE Version Numbering Patrick Donnelly (Dec 14)