[Openvas-devel] Idea: Detector for silent exit's

Jan-Oliver Wagner jan-oliver.wagner at intevation.de
Wed Apr 15 08:28:24 CEST 2009


On Mittwoch, 15. April 2009, Chandrashekhar B wrote:
> > we have several scripts that do a silent exit() due to some reason.
> > This makes user believe the NVT ran without identifying a vulnerability,
> > though it simply ran across an internal problem and not even tried
> > to identify anything.
> > In such cases, at least a log_message() should be applied.
> 
> > However, wouldn't it make sense to extend the exit command
> > with a check whether any report message has been created and
> > issue a log_message() on its own in case the counter was 0?
> > (The counter can be increased with any report message command).
> 
> Nice idea! We could do this or instead of a counter, we can extend exit() to
> accept a optional log string and internally issue a log_message()?

I was more having in mind to catch all the "exit()'s without telling why".
If we extend the syntax of exit, then we need to touch all the scripts.

Best

	Jan

-- 
Dr. Jan-Oliver Wagner | ++49-541-335083-0  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner



More information about the Openvas-devel mailing list