Nmap Development mailing list archives
Re: [RFC] Username/Password NSE library
From: "Patrick Donnelly" <batrick.donnelly () gmail com>
Date: Wed, 25 Jun 2008 12:11:38 -0600
On Wed, Jun 25, 2008 at 10:23 AM, Kris Katterjohn <katterjohn () gmail com> wrote:
Patrick Donnelly wrote:On Wed, Jun 25, 2008 at 12:25 AM, Kris Katterjohn <katterjohn () gmail com> wrote:My initial reactions: * I mentioned the functionality of returning a table of usernames and passwords, and the option of returning a table of only a certain size,Like I said, you can modify usernames and passwords to return smaller tables based on a parameter (e.g. unpwdb.usernames("short")). Alternatively, you can modify the design to operate on an array (and use ipairs()). The user could then break on the number he wants e.g.: for i, user in unpwdb.usernames() do if i > 20 then break; end -- do stuff endI understand this, I was merely pointing out that the closure was the method of choice. I mentioned it initially[1], and nobody seemed to think that returning a table was better[2][3]. But, like I said, if returning a table is now the desired functionality, then your changes seem fine.
It doesn't really return the table with the intent of sharing it with the caller, just so the for loop can iterate over it. The main advantage to this is the memory reaches a steady state; no new closures or tables are made in a call to the library.
I have run into one problem which I didn't test last night: giving the library a non-existent filename. Rather than returning false and giving the caller an error message like mine did, or returning the error message like I assume yours is supposed to do[4], I get this rather nasty looking error message: SCRIPT ENGINE: error while initializing script rules: ./nselib/unpwdb.lua:29: bad argument #1 to 'lines' (none: No such file or directory) stack traceback: [C]: in function 'lines' ./nselib/unpwdb.lua:29: in main chunk [C]: in function 'require' ./scripts/unpwdbtest.nse:7: in main chunk [C]: ? [C]: ?
This was just another design choice I added in. I don't feel the try/catch mechanism is suitable for something like this. The act of requiring the module (ex)(im)plicitly states a level of reliance. If the module cannot get a database it can't do anything useful and should therefore fail immediately. I also would suggest moving the module() call after loading the databases (where the module can error). If we allow the module to error, we do not want the call made before any errors. module() changes package.loaded to the library's table and will cause subsequent calls to require (by other threads) to return an empty library table. Hope that helps, -- -Patrick Donnelly "One of the lessons of history is that nothing is often a good thing to do and always a clever thing to say." -Will Durant _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- RE: [RFC] Username/Password NSE library, (continued)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 24)
- Re: [RFC] Username/Password NSE library Philip Pickering (Jun 18)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 25)