Nmap Development mailing list archives

Re: [RFC][patch] XML structured script output (Nmap-script-XML as of 15 July)

From: David Fifield <david () bamsoftware com>
Date: Thu, 19 Jul 2012 16:08:37 -0700

I made a new output sample based on Daniel's latest code. This uses a
version of ssl-cert.nse that is modified to return a certificate table.

https://secwiki.org/w/Nmap/Structured_Script_Output#Nmap-script-XML_c9c97295_2012-07-15

I think this is looking pretty much like how we want it. An exception is
the dates; instead of

<table key="notBefore">
  <elem key="day">15</elem>
  <elem key="sec">12</elem>
  <elem key="min">22</elem>
  <elem key="hour">19</elem>
  <elem key="month">11</elem>
  <elem key="year">2010</elem>
</table>

I think they should look like this:

<table key="notBefore">2010-11-15T19:22:12Z</table>

One downside is that dictionary tables don't preserve ordering of
elements. Scripts that just return a table won't be able to control the
ordering of their output. I propose that we ignore this for simplicity.
The alternative of making an array containing tiny name-value tables,
while reasonable, is so cumbersome that I can't see people actually
doing it.


(Replying to myself.) I think we're going to have face the issue of
field ordering in normal output, at least if we are serious about
automatic serialization for normal output being a realistic choice for
some scripts. The normal output produced by the above code is

| ssl-cert:
| issuer:
|   organizationName: Equifax
|   countryName: US
|   organizationalUnitName: Equifax Secure Certificate Authority
| md5: c729827b89419bdc20b043b49d9d1595
| pubkey:
|   type: rsa
|   bits: 1024
| sha1: 157b440e3df429947a8213d418565da6f10f3063
| subject:
|   serialNumber: UGigzK-7j79pxB7xW3MZMfPeYWY/gJnJ
|   organizationName: secwiki.org
|   countryName: US
|   organizationalUnitName: Domain Control Validated - RapidSSL(R)
|   commonName: secwiki.org
| validity:
|   notAfter:
|     sec: 45
|     hour: 5
|     min: 18
|     month: 11
|     day: 17
|     year: 2012
|   notBefore:
|     sec: 12
|     hour: 19
|     min: 22
|     month: 11
|     day: 15
|_    year: 2010

I can deal with the field names being lower-case and identifier-like;
maybe people will even prefer them that way. But the fact that "md5" and
"sha1" are not on adjacent lines is galling. Maybe a special kind of
table format that keeps order (i.e., an array of name-value pairs)? That
would seem to require a higher-level function with which to set output
values.

Another alternative is to abandon the idea that a script can
realistically return only a table, and require them to give us a string
as well if they must control the order.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [RFC][patch] XML structured script output (Nmap-script-XML as of 15 July) David Fifield (Jul 19)
- Re: [RFC][patch] XML structured script output (Nmap-script-XML as of 15 July) David Fifield (Jul 19)
- Re: [RFC][patch] XML structured script output (Nmap-script-XML as of 15 July) Patrick Donnelly (Jul 20)
  - Re: [RFC][patch] XML structured script output (Nmap-script-XML as of 15 July) David Fifield (Jul 20)
    - Re: [RFC][patch] XML structured script output (Nmap-script-XML as of 15 July) Patrick Donnelly (Jul 20)
    - Re: [RFC][patch] XML structured script output (Nmap-script-XML as of 15 July) David Fifield (Jul 20)
- Re: XML structured script output (storing results per script instance) David Fifield (Jul 31)
  - Re: XML structured script output (storing results per script instance) Patrick Donnelly (Jul 31)
    - Re: XML structured script output (storing results per script instance) David Fifield (Jul 31)
    - Re: XML structured script output (storing results per script instance) Patrick Donnelly (Aug 01)
    - Re: XML structured script output (storing results per script instance) Daniel Miller (Aug 01)

(Thread continues...)