Re: [RFC][PATCH] NSE Version Numbering

[Patrick Donnelly <batrick () batbytes com>]

Hi Djalal,

On Tue, Dec 14, 2010 at 9:10 AM, Djalal Harouni <tixxdz () gmail com> wrote:
> Hi list,
>
> Since lot of users have requested an automatic way to update NSE
> scripts [1], and since lot of new features are added to NSE, updating
> scripts without updating NSE can introduce incompatibility errors. This
> is an attempt to introduce version numbering to NSE, in orded to only
> load and execute supported scripts.

It's good you've taken an interest in this! It's a long standing problem.

> The proposed interface (a patch is attached):
> o Add a new descriptive field to scripts: "require_nse = $VER"
>  This field is a Lua number [2] and it is optional.
>  If this field is specified, and if it's greater than the version
>  of the current NSE, then a warnning will be printed and the script
>  will be dropped, which means that users must update their Nmap/NSE
>  version.
>  If this field is absent then its default value will be the current
>  NSE version, this way scripts can run even if they do not specify this
>  field.

This seems reasonable. I'd like a one word field though instead of
"require_nse". I can't think of a better one right now though...

> o Add a new environment variable to scripts "NSE_VERSION", which
>  contains the current NSE version. This way scripts can run normally
>  and check this variable before requesting an unsupported function or
>  a behaviour.

This should just be a value in stdnse I think. There's no need to make
it an environment variable since it is constant for all scripts.

> The version numbering is very simple e.g: 0.01 (Lua number) this value
> will be incremented if there are some new NSE features that will have
> a direct impact on NSE scripts/libraries and will *modify* their
> behaviour, or a change on the NSE *core* functionalities, anything
> related to the NSE core. As an example modifying/adding nse_*.cc
> interfaces must be documented in the luadoc files:
> file nmap.luadoc:

I've given this some thought and my take is that version numbers
should probably be the revision number in the repository. So long as
Nmap remains on subversion, this makes sense and is automatic. It
should be trivial to make adding (updating) this field automatic in
the build process.

> Finally: this can be very hard to *maintain*, so please suggestions,
> comments are welcome.

There's a strong desire for automatic updating of scripts too. That
is, it'd be great if scripts could update (so long as Nmap itself
doesn't also need to update) whenever Nmap is run to correct simple
bugs in the scripts. Unfortunately, "upgrading" the scripts is
difficult if Nmap is installed on the system.

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/