On Thu, 13 Feb 2003, Renaud Deraison wrote: > > data like versions or names (and this is a good thing) and you cannot use > > plugin id either because one plugin can generate multiple different > > reports (and this is unavoidable because one test may discover different > > things, and it would be silly to duplicate code (and runtime effort) in > > No, it would be silly to have one test perform N completely different > actions.
Yes, it would be silly to perform different actions in one plugin. I talked about a single action having multiple different results. Repeating a single test multiple times just to be able to report every possible result does not look like a good idea to me. One could create one primary "test" plugin putting the result into the KB for multiple auxilliary "report" plugins...hmm...some tests do it but is it a good general approach? > Generally, you can identify a vulnerability by the couple > (plugin_id, risk_level). This appears to work in most cases where risk_level >= warning. Nevertheless, the nature of the hole might be different from the nature of the warning. Let's look at X.nasl: it tests CVE-1999-0526 "An X server's access control is disabled (e.g. through an "xhost +" command" and allows anyone to connect to the server." (reported as a hole) but its natural side effect is the test of CVE-1999-0623 "The X Window service is running" (reported as a warning). You cannot test whether the X server is wide-open without testing whether it works at all (and is willing to talk to you) and vice versa. Should X.nasl be split into two plugins? If yes, should they both talk over the network (and grok the protocol)? Here are some other scripts reporting (read: appearing to report when I spent a few seconds looking at them) different kinds of information (well, it is a matter of personal taste whether the information being reported is the "same vulnerability" or not): asip-status.nasl gnutella_detect.nasl http_trace.nasl nntp_info.nasl oracle_tnslsnr_security.nasl realserverg2.nasl rusers_output.nasl showmount.nasl smtp_AV_42zip_DoS.nasl smtp_antivirus.nasl snmp_detect.nasl webserver_robot.nasl --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
