Re: [NSE] A Lua implementation of NSE

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Jan 2009 23:06:50 -0700 or thereabouts "Patrick Donnelly"
<batrick.donnelly () gmail com> wrote:

> Looking forward to hearing people's thoughts!

I'm pretty positive about your nse-lua branch because of the testing
I did with in testing Ron's scripts.  Since most of the testing was via
private emails I'll reproduce a very abbreviated rundown of my
experience with nse-lua here.

The back story is that I was testing all of Ron's very complicated SMB
scripts and Ron and I were having major trouble tracking down all of
the problems.  There were a number of features we thought NSE should
offer that it didn't -- most importantly stack traces on error.

Patrick cooked up up a basic backtrace script for us but it just didn't
work in enough situations with the current Nmap branch.  Patrick
suggested using nse-lua to debug.  Personally I wasn't thrilled with
combining the testing of a bunch of complicated script with the testing
of a all new NSE.

My initial tests with nse-lua went pretty bad.  There were a few
show-stopping bugs that prevented the script engine from running
(properly, it would run and do very strange things).  nse-lua seemed
very broken and I thought it would take a lot of work to fix.  The
actual issue turned out to be a series of very small, very easy to fix
bugs.  I was very surprised at the speed at which Patrick was able to
locate the bugs, the overall simplicity of the bugs, and the very small
patches (generally just one line) that were needed to get nse-lua
working.

I ended up testing with the current nmap branch and nse-lua in
parallel.  Invariably though, when Ron and I would run into a strange
error, we were able to make nse-lua spit out the right information to
help us track it down.  We were mostly lost as to how to troubleshoot
with the current NSE implementation.

I stopped testing Ron's script with the current NSE and switched to
nse-lua entirely because it seemed more stable, provided better data,
and was easier for Patrick to help us produce useful data.  Admittedly,
some of the problems with the current NSE implementation have been
fixed by properly handling script timeouts.

Overall I'm pretty impressed with nse-lua.  It seems like good design
and it seems to address some of the complexity and limitations of
trying to mesh a C++ NSE with Lua scripts.  I haven't looked at the
code so I can't comment on the overall quality, maintainability, or
understandability.  I get the impression though that in the long run,
nse-lua will be more flexible, fixable, and extensible.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklkdBwACgkQqaGPzAsl94IB0QCfdHhcZGQxGwg+Dnz7PqAMAwWU
RW4AnApN95UqTdXqL3pwsQgRC2rtGCdS
=cyYm
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org