Nmap Development: Re: How do YOU use Nmap XML?

["David G. Cheney" <dgc () rocketfiber com>]

I'm a big fan of regex. I've written more trivial perl one liners in 
pcre than I care to admit. Screen scraping and command chaining just 
seem so easy with a few good regular expressions.
Now, that being said, when it comes to representing data in a 
non-ambiguous manner, ensuring data constraints, and processing it 
consistantly in a platform independant way, XML and related parsing 
tools are one of the best ways to go. I believe that there are many data 
formats in the wild which are equivalent to XML, but few of them are 
standard and none of them have the level of adoption needed to ensure 
mature tools and universal utility.
I use a SAX parser in perl to parse the nmap xml in a streaming manner, 
then do a bit of processing before "normalizing" into a database. (I 
know, some people say they "normalize" from databases into XML, but 
database people I've talked to think it goes the other way around). This 
process can be very fast in part due to the uniform representation of 
the data. I also find it very pleasing to work with the XML::Simple 
interface in perl. The representation as a hash tree structure seems 
very natural to me, though I realize it is no as powerful as xpath.
with respect to the attributes vs. data argument, I personally prefer to 
think of attributes containing constrained values and element data 
containing non-constrained or unformatted data, so for instance I might 
prefer to see:
<service portid="22" protocol="ssh">
<product>OpenSSH</product>
<version>3.8.1p1</version>
<extrainfo type="rest-of-banner">MyOwnLinuxDistro, Beware of 
inconsistancies!</extrainfo>
</service>

But fortunately, because of the tools I'm using, I don't really have to 
worry about whether the data is an attribute or the content of an 
element. On another note, XML is eXtensible. This gives me a warm fuzzy 
feeling inside when I think that, in the future, if someone decides to 
add another attribute or element to the current nmap XML DTD, all of my 
scripts and modules will still work without modification, and it will be 
an incremental cost for me to account for anything new. I think anyone 
would be hard pressed to write a regular expression or awk/sed/grep 
script general enough to be able to make this statement about any of the 
other output formats.
In any case, I've been responding to a few threads of conversation which 
are beyond the scope of the topic at hand, but hopefully you will have 
gotten some idea of my rational in using XML in general.
Cheers,

--dgc

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org