Nmap Development mailing list archives

Re: [NSE][PATCH] only show script errors in verbose mode

From: Sven Klemm <sven () c3d2 de>
Date: Tue, 23 Sep 2008 10:50:29 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
| On Tue, Sep 23, 2008 at 09:59:46AM +0200, Sven Klemm wrote:
|> Hi everyone,
|>
|> this patch changes nmap to only show script errors that happen while
|> loading scripts when verbose or debugging is set.
|
| Thanks Sven, but this may be painting with too broad a brush.  If a
| script fails to compile due to syntax error or something like that, I
| think we still want to show it.  Ugly error messages for unanticipated
| problems increase the likelyhood that a user will actually report the
| issue.  Also, even script developers could get confused if their
| script doesn't load properly and they don't find out about it because
| they forgot to specify -v.
|
| But that is how we want to treat *unanticipated* errors.  There is
| another class of issues where we *know* that the script won't work,
| and so there is no point printing an ugly message whenever the user
| runs Nmap (which would just teach users to ignore error messages).
| That is the case for OpenSSL-requiring scripts when that library is
| unavailable.  And it may become a general case of missing dependencies
| if we someday have more optional libraries like that.  So I think we
| either need to modify just those scripts to quit gracefully (or not
| run in the first place) if OpenSSL is missing, or we need to modify
| NSE to properly handle that specific error.  Printing the error might
| still be OK in debug mode.
|
| I don't know the best way to implement this, but I know the sort of
| behavior we want, which is the same behavior Nmap has in the other
| ways it uses OpenSSL (such as version detection).  That is that we
| simply don't use the OpenSSL-requiring features when OpenSSL isn't
| present.

The change only affects errors that happen when loading the script not
errors happening when the script runs those are still shown. I think
require-errors are probably the only think affected by this change,
except for maybe glaring syntax errors at the top level, which should
be caught already while developing the script.

Cheers,
Sven

- --
Sven Klemm
http://cthulhu.c3d2.de/~sven/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjYrdUACgkQevlgTHEIT4bBTwCfXX/1rJ1DbckAGNioXwsD3sMW
ISsAn1YoESk6XJdq4qkFrCNG/5JQdR44
=fhZr
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Diman Todorov (Sep 23)
  - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
    - Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 24)
    - Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)

(Thread continues...)