Re: [NSE] malicious-ip script

[Fyodor <fyodor () insecure org>]

On Mon, Jul 04, 2011 at 09:59:20AM +0300, Toni Ruottu wrote:
> I like the idea. However, typically we would want multiple scripts
> rather than one. This script should probably be split into one for
> each database.

Thanks for your comments, but I wouldn't go quite that far.  We really
need to decide these on a case by case basis.  A combined script is
usually:

o Easier to maintain (reduces code duplication)

o Can produce more elegant output (e.g. if all of the databases say
  the same thing, it might be able to state that on one line.

o Avoids bloating the script lists generated on
  http://nmap.org/nsedoc/, from Nmap
  --script-help, in the CHANGELOG, in the book, and other places.

On the other hand, a separate scripts can be easier to use (control
using --script is often easier than having to specify --script-args).
And a separate script is almost always advisable if the split
versions need to be in different categories.  As for runtime
efficiency, that can go either way.  Separate scripts are more easily
executed in parallel, but combined scripts can sometimes reuse various
resources (memory structures, connects sockets, etc.)

We did end up going with separate scripts for ip-geolocation-*, but
that wasn't really the result of a consensus process and it could have
gone either way.  Admittedly it did turn out handy when we had to
delete one of them for violating an API license, but that is a very
unusual case.  I can't argue strongly either way on whether
ip-geolocation-* should be split or combined.  So we will leave it
split up for now.

What we should really do is create a page on secwiki or
docs/scripting.xml giving the "best practices" on deciding whether to
combine or separate related scripts.  There are many factors to
consider.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/