Hi folks, Some observations about the breakup of scripts into sub directories...
1) I notice on the CR ( http://openvas.org/openvas-cr-60.html ) that it indicates (paraphrased) that scripts are to be committed into subdirs (beginning with 2013) with exceptions being scripts that are to be a dependency of others. That would lead to the observation that perhaps it is not guaranteed to be able to use script dependenciese on files that reside in subdirectories? If so, then I have specific questions around the following: 2014/gb_dell_sonicwall_email_security_detect.nasl As a detection script, it will possibly have others depending on it (in the future..could not find any today). Shouldn't detection scripts reside then in the base directory? The file 2009/conficker.nasl has a dependency on nmap_nse/gb_nmap_p2p_conficker.nasl, which raises the same question. So is the CR guidance correct and the scripts need to be adjusted? Or are the scripts fine, and the CR is overly restrictive? 2) Are script base filenames intended to be unique? I am noting a number of instances where they are not. Nearly identical (same vuln tested), but with different script IDs: 2012/gb_suse_2012_1637_1.nasl 2013/gb_suse_2012_1637_1.nasl (This looks like a simple duplication issue, one should be removed?) Completely different scripts, CVE, etc, but with same name: 2012/gb_hp_smh_csrf_vuln.nasl 2014/gb_hp_smh_csrf_vuln.nasl 2009/gb_php_display_errors_xss_vuln.nasl 2014/gb_php_display_errors_xss_vuln.nasl 2010/gb_getsimple_cms_mult_vuln.nasl 2014/gb_getsimple_cms_mult_vuln.nasl Finally, a whole series of scripts have non-unique names in the GSHB series (e.g. GSHB_M5_147.nasl has 3 different version): ~/openvas-nvts/scripts$ find . -name GSHB_M5_147.nasl -print ./GSHB/EL11/GSHB_M5_147.nasl ./GSHB/EL10/GSHB_M5_147.nasl ./GSHB/EL12/GSHB_M5_147.nasl Thomas _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
