Nmap Development mailing list archives
Re: [NSE][PATCH] only show script errors in verbose mode
From: "Patrick Donnelly" <batrick.donnelly () gmail com>
Date: Thu, 25 Sep 2008 17:23:06 -0600
On Wed, Sep 24, 2008 at 2:20 PM, David Fifield <david () bamsoftware com> wrote:
What you guys are proposing doesn't sound any different from what I did except the way it is handled. The alternate methods proposed, particularly: -portrule = shortport.port_or_service(22, "ssh") +if nmap.have_ssl() then + require("openssl") + portrule = shortport.port_or_service(22, "ssh") +else + portrule = function() return false end +end makes the script not run. The patch I made does the same thing _and_ tells the user the script failed due to X dependency provided the verbosity is high enough. I'm not sure what you guys are really looking for.The difference is that checking for the openssl module in the script affects only the openssl module, while catching all require errors affects every module. This is a new situation because openssl would be our first "optional" module, one that can't automaically be assumed to be installed. It's going to be a serious error if, say, shortport, is missing, but openssl is one we expect sometimes to be unavailable. Don't get me wrong, I think your solution of hooking the require function is a good one. I keep equivocating as to which approach is the best. We do want most require errors to be shown by default, except those that come from openssl. You'll have to forgive me, I'm (still) pretty new to Lua. Is there a way to signal a special error code that would mean a module is missing, but it's an error that can be ignored? The error would be raised in the "else" branch of the "if" in Sven's example, or it could even be raised in an alternate compiled openssl module that didn't have any functions, just raised the error. Then this special error could be ignored, and normal require errors could continue to be reported. This approach would mean that the default action would be to report errors, unless they are specifically ignored by a script or a module. Reporting errors by default is a good choice because it will catch unforeseen errors. Raising a real error, instead of just having the portrule return false, is good because then we can display the error at higher verbosity levels ("The optional openssl module is not installed"). (This is a benefit I realized from studying your approach.) loadfile already checks for errors when loading a file ("%s: '%s' threw a run time error and could not be loaded."). So is there a way to indicate that the error is ignorable? I'm fine with creating a new type or whatever to ensure it's different from any other error message. If what I've described is feasible, that's what I'd like to see. Failing that, I slightly prefer checking for openssl in each script that uses it, because that's safer than ignoring all require errors and, importantly, it's easier to change to another technique in the future.
So perhaps the best route is ignoring errors in require for just certain modules, such as "openssl". In the same way we have a list of required fields in a script (e.g. "action" and "description"), we can have optional modules. High verbosity or debugging would still show the same messages as in my previous patch/commit. Does this sound like the appropriate functionality then to be implemented? -- -Patrick Donnelly "One of the lessons of history is that nothing is often a good thing to do and always a clever thing to say." -Will Durant _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE][PATCH] only show script errors in verbose mode, (continued)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Fyodor (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 25)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode David Fifield (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Patrick Donnelly (Sep 26)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 23)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)
- Re: [NSE][PATCH] only show script errors in verbose mode Sven Klemm (Sep 24)