Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] malicious-ip script

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 7 Jul 2011 01:48:57 +0300
I'm sorry, if I sounded too black and white. I took a quick look at
this particular script before suggesting anything, and splitting it up
seemed like the right way to go. I am also expecting people to stand
up against me, if I am suggesting something that does not make sense.
I almost wrote "unless there is some particular reason to not split it
up", but I thought someone would bring it up anyway if that was the
case.

"best practices" +1

On Thu, Jul 7, 2011 at 1:40 AM, Fyodor <fyodor () insecure org> wrote:

On Mon, Jul 04, 2011 at 09:59:20AM +0300, Toni Ruottu wrote:

I like the idea. However, typically we would want multiple scripts
rather than one. This script should probably be split into one for
each database.


Thanks for your comments, but I wouldn't go quite that far.  We really
need to decide these on a case by case basis.  A combined script is
usually:

o Easier to maintain (reduces code duplication)

o Can produce more elegant output (e.g. if all of the databases say
 the same thing, it might be able to state that on one line.

o Avoids bloating the script lists generated on
 http://nmap.org/nsedoc/, from Nmap
 --script-help, in the CHANGELOG, in the book, and other places.

On the other hand, a separate scripts can be easier to use (control
using --script is often easier than having to specify --script-args).
And a separate script is almost always advisable if the split
versions need to be in different categories.  As for runtime
efficiency, that can go either way.  Separate scripts are more easily
executed in parallel, but combined scripts can sometimes reuse various
resources (memory structures, connects sockets, etc.)

We did end up going with separate scripts for ip-geolocation-*, but
that wasn't really the result of a consensus process and it could have
gone either way.  Admittedly it did turn out handy when we had to
delete one of them for violating an API license, but that is a very
unusual case.  I can't argue strongly either way on whether
ip-geolocation-* should be split or combined.  So we will leave it
split up for now.

What we should really do is create a page on secwiki or
docs/scripting.xml giving the "best practices" on deciding whether to
combine or separate related scripts.  There are many factors to
consider.

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: