Nmap Development mailing list archives
Re: error semantics of faulty dependencies
From: David Fifield <david () bamsoftware com>
Date: Thu, 3 Feb 2011 12:20:10 -0800
On Thu, Feb 03, 2011 at 02:14:50PM -0500, Patrick Donnelly wrote:
On Thu, Feb 3, 2011 at 12:23 PM, Ron <ron () skullsecurity net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 31 Jan 2011 02:31:20 -0800 David Fifield <david () bamsoftware com> wrote:On Thu, Jan 27, 2011 at 04:38:54PM +0200, Toni Ruottu wrote:We just had a case on nmap-dev where a programmer accidentally stated dependencies = {"script-name.nse"} which is wrong. The correct way is to leave out the file extension. So dependencies = {"script-name"} would have been correct. I have done the same error myself, and I can tell you it is really hard to debug. Could nmap be modified to include some sort of check that would catch these errors and give a clear error message when run with debugging flags?I think we could either 1) show a warning when a dependency ends in ".nse", or 2) allow dependencies to end in ".nse". If someone has a patch for either one I'll apply it. David FifieldI think an even better option is to print a warning (or halt with an error) if a dependency doesn't exist.This was part of the initial design for dependencies [1]. We eventually decided to not have strong dependencies because of questionable usefulness. [1] http://seclists.org/nmap-dev/2009/q4/295
I think what Ron is suggesting is something different. The proposal for strong dependencies would either have implicitly selected (existing) scripts, or refused to run unless they were manually selected. What Ron is saying, on the other hand, is that NSE should check that a dependency exists (in script.db or otherwise), just as a guard against typos, but still allow you to run dependent scripts without their dependencies. I can summarize it thus: Strong dependencies: dependencies must exist and be run. Ron: dependencies must exist, whether or not they are run. Current situation: dependencies need not exist nor be run. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- error semantics of faulty dependencies Toni Ruottu (Jan 27)
- Re: error semantics of faulty dependencies David Fifield (Jan 31)
- Re: error semantics of faulty dependencies Ron (Feb 03)
- Re: error semantics of faulty dependencies Patrick Donnelly (Feb 03)
- Re: error semantics of faulty dependencies David Fifield (Feb 03)
- Re: error semantics of faulty dependencies Ron (Feb 03)
- Re: error semantics of faulty dependencies Patrick Donnelly (Feb 21)
- Re: error semantics of faulty dependencies Ron (Feb 03)
- Re: error semantics of faulty dependencies David Fifield (Jan 31)