Hi Thomas,
On Donnerstag, 19. November 2009, Thomas Reinke wrote:
>
> > + if(defined_func("script_mandatory_keys"))
> > + script_mandatory_keys("Tools/Present/nmap");
> > +
> > exit(0);
> > }
>
>
> I had looked at this originally and decided against it.
>
> The way the toolcheck nasl runs, if the "Perform tool
> check" preference is set to no, none of the Tools/*
> keys will be set, having the effect of disabling
> scripts relying on these tools. I'm not convinced
> that this is correct behaviour.
>
> I believe (although I might be mistaken) that
> toolcheck is an advisory report, by default enabled,
> to let one know that there are additional tools
> that one could install to improve scanner functionality.
> I don't think it was intended as a setting to turn off
> all supplementary tools.
the original idea is that it is not only advisory.
The concept of mandatory keys allows to
prevent launch of scripts that can not at all
return anything useful if the precondition is not met.
Like a nmap scan of no nmap available.
Why is this important? We want only a single check
for the nmap binary and version. Not 4000 in case
4000 IPs are scanned. This is to be multiplied with the
number of tools/versions and with the scripts using them.
A positive side effect is also that the reports have
the single statement that e.g. no nmap scripts
are executed instead of 4000 entries that nmap
was not found.
> In other words, if we want to rely on Tools/* keys,
> we need to change the toolcheck nasl script to
> check for tools, ALWAYS populate keys, and only report
> based on the preference setting. Then, and only
> then, is it ok to make various scripts dependent on the
> tools/* keys.
the mandatory keys feature can only consider presence,
not values. If toolcheck.nasl would set values we are back
to 4000 nmap trials.
What exactly is the harm done by toolcheck and mandatory_keys?
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
