Nmap Development mailing list archives
Re: [NSE] malicious-ip script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 7 Jul 2011 01:48:57 +0300
I'm sorry, if I sounded too black and white. I took a quick look at this particular script before suggesting anything, and splitting it up seemed like the right way to go. I am also expecting people to stand up against me, if I am suggesting something that does not make sense. I almost wrote "unless there is some particular reason to not split it up", but I thought someone would bring it up anyway if that was the case. "best practices" +1 On Thu, Jul 7, 2011 at 1:40 AM, Fyodor <fyodor () insecure org> wrote:
On Mon, Jul 04, 2011 at 09:59:20AM +0300, Toni Ruottu wrote:I like the idea. However, typically we would want multiple scripts rather than one. This script should probably be split into one for each database.Thanks for your comments, but I wouldn't go quite that far. We really need to decide these on a case by case basis. A combined script is usually: o Easier to maintain (reduces code duplication) o Can produce more elegant output (e.g. if all of the databases say the same thing, it might be able to state that on one line. o Avoids bloating the script lists generated on http://nmap.org/nsedoc/, from Nmap --script-help, in the CHANGELOG, in the book, and other places. On the other hand, a separate scripts can be easier to use (control using --script is often easier than having to specify --script-args). And a separate script is almost always advisable if the split versions need to be in different categories. As for runtime efficiency, that can go either way. Separate scripts are more easily executed in parallel, but combined scripts can sometimes reuse various resources (memory structures, connects sockets, etc.) We did end up going with separate scripts for ip-geolocation-*, but that wasn't really the result of a consensus process and it could have gone either way. Admittedly it did turn out handy when we had to delete one of them for violating an API license, but that is a very unusual case. I can't argue strongly either way on whether ip-geolocation-* should be split or combined. So we will leave it split up for now. What we should really do is create a page on secwiki or docs/scripting.xml giving the "best practices" on deciding whether to combine or separate related scripts. There are many factors to consider. Cheers, Fyodor
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] malicious-ip script Hani Benhabiles (Jul 03)
- Re: [NSE] malicious-ip script Paulino Calderon (Jul 03)
- Re: [NSE] malicious-ip script Toni Ruottu (Jul 03)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 06)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 14)
- Re: [NSE] malicious-ip script Djalal Harouni (Jul 14)
- Re: [NSE] malicious-ip script Hani Benhabiles (Aug 02)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 06)
- Re: [NSE] malicious-ip script Fyodor (Jul 06)
- Re: [NSE] malicious-ip script Toni Ruottu (Jul 06)