From: George A. Theall (thealltenablesecurity.com)
Date: Fri Dec 09 2005 - 09:39:49 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 07, 2005 at 01:13:30PM -0500, Matt Van Mater wrote:

> I was updating a nbe file parser I wrote in perl and noticed a few
> plugins do not output the various fields in the 'normal' order. For
> example, there are some plugins where the "Risk factor" is printed
> before the "Solution" (nasl #10399), when in most other plugin output
> the solution is printed before the risk factor.

What about iterating over the description and pulling out key/value
pairs matching, like this:

  # $line is a line of input from an NBE file.
  fields = split(/\|/, $line);
  if ($fields[0] eq 'results') {
    $desc = $fields[6];
    $keypat = qr/(Synopsis|Description|See also|Solution|Risk
factor|Plugin output|BID|CVE|Other references)/i;

    while ($desc =~ /($keypat)\s*:\s*(.+?)(?=($keypat|$))/gm) {
      print $1, " = ", $3, "\n\n";
    }
  }

[NB: Perl mongers can probably suggest another alternative involving
some module from CPAN.] You'll probably need to tweak $keypat somewhat
more as the descriptions are, as you note, currently unstandardized.

> However, as a long term fix, I'd love to see a truly well formed way
> of parsing all possible fields from a NBE file. It could be as simple
> as extending the pipe | delimiter to the nasl output fields as well,
> or something more complicated.

We've been using a standard format for all new plugins since October or
so; eg, take a look at mailenable_imap_rename_dos.nasl. This will almost
certainly, though, be a long-term rather than short-term solution given
the number of existing plugins that must be revised.

George
--
thealltenablesecurity.com
_______________________________________________
Nessus-devel mailing list
Nessus-devellist.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]