Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: xmloutputversion change

Re: xmloutputversion change

From: Max <nmap_at_webwizarddesign.com>
Date: Wed, 28 Nov 2007 15:07:56 -0500

Hi Fyodor,

Thanks for responding. I have not yet seen that the new XML output
broke Nmap::Scanner, my understanding from Lionels' email is that
output changed .. sorry for my wording and for jumping to that
conclusion, Fyodor!

Yes, Nmap::Scanner will and does ignore new tags without problem, ...
just that I do like to keep up to date on the XML tags to keep
Nmap::Scanner as compliant as possible and as useful as possible to
users, which at this point means that every release I would have to
scan the release notes / run scans to make sure something new is not
present that I am missing. As the number of XML parsing projects
continues to grow, it just would be really nice to have some version
element in the XML change when tags are added or removed so that it
would be easy from a programmatic standpoint to detect the changes
quickly or even as a normal user to easily compare two scan outputs
and not have to use an XML diff tool or the like to see that new
elements exist.

Having the DTD just look at the major number so that the minor number
can be incremented would be a fine solution if that is possible :) ..
99 minor revisions between major version updates should be more than
enough to cover any tag changes between major revs, yes? The minor
rev increases in my opinion don't have to mean anything beyond
'something in the XML has changed' .. don't have to increment once per
change or anything like that, just some indication that makes it
extremely obvious that XML output (tags/attributes) have changed.

Does that make sense as a request?

- Max

On Nov 28, 2007 2:28 PM, Fyodor <fyodor_at_insecure.org> wrote:
> Hi Max. What change in the new release breaks Nmap::Scanner? It is
> somewhat rare that we change the existing tags or attributes. What we
> do much more regularly is add new ones. I'm no XML expert, but can
> you structure your system to just ignore unrecognized tags (like html
> does)?
>
> My concern with changing xmloutputversion is that the dtd specifies an
> exact version (1.01) so older Nmap output won't match the newer dtd
> and vice versa. Maybe the DTD could be changed to only look at the
> major version number (e.g. 1) rather than minor (1.01).
>
> If you have suggestions for making things easier for XML parsers, I'm
> happy to hear them.
>
> Cheers,
> -F
>
>

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Nov 28 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]