Nmap Development mailing list archives
Re: [nmap-svn] r36162 - nmap/nselib/data
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 22 Aug 2016 14:26:53 -0500
On Mon, Aug 22, 2016 at 12:33 PM, nnposter <nnposter () users sourceforge net> wrote:
The other option you mentioned directly to me was: local _, openssl = pcall(require, "openssl"); This option should not be used, since "_" is considered a throwaway variable name; It could easily be overwritten, and code that tests it doesn't make sense. So it would open us up to crashes when someone writes unconditional code that tries to index the nonexistent openssl library.I do not believe that my example... local _, openssl = pcall(require, 'openssl') ... if openssl and openssl.md5 then ...had any dependency on "_", namely there was no explicit or implicit "code that tests it", so I am not quite sure that I understand your point. To satisfy my curiosity, could you please point out what specifically would be wrong with the example? (To make it clear, I am not opposed to option #3; I have used it in the original commit after all. I am just trying to understand the pitfalls with option #4.)
Sure. Since any of these will work if openssl is present, we'll ignore that case. If it is *not* present, pcall will hide any error, instead returning false and an error message, so that _ is false and openssl is a string. The code will happily cruise along, executing requests or otherwise using resources until it reaches a line containing openssl.somefunction(), at which it will give the error "attempt to call a nil value (field 'somefunction')". Our intention in writing the script should either be to fail early and produce no output, or to skip some portion of execution and produce some usable output. If the first is what we want, stdnse.silent_require fits the bill. If the second, we need some way to know whether openssl is actually present. Beyond just good identifier naming practices, we should specifically avoid the single underscore variable name, because there is a convention in Lua that that variable name may be used in any code as a throwaway. So you get things like: for _, item in ipairs(list_of_items) do end when the index of the item does not matter. Within that loop's scope, you cannot meaningfully test _ to determine if you have openssl or not. Even worse, it can be used other places like discarding the position after an unpack operation: local _, value = bin.unpack("I", data) So from this point forward, _ contains some number, not a boolean value related to the presence of openssl. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data Patrick Donnelly (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)