[openvas-discuss] Future enhancements: plugins in perl??
oxdeadbeef at pit-of-despair.com
Wed Nov 23 17:53:18 CET 2005
On Wed, 23 Nov 2005, Brian Weaver wrote:
> This thread has all the necessary trappings for becoming a flame war,
> yet it didn't. I'm impressed.
> Instead of focusing on replacing NASL with language X, it might be
> better to work on a framework that would allow language X, Y, and Z to
> co-exists with NASL. This way we don't punish people who have already
> invested in learning NASL, nor run off potential contributions because
> OpenVAS only supports a language they dislike.
That is the way it has to be. We cannot just get rid of NASL. We all have
to play nicely in the sandbox. =)
> Jan-Oliver Wagner [jan at intevation.de] wrote on Wed, Nov 23, 2005 at 10:11:43AM +0100:
>> On Wed, Nov 23, 2005 at 12:35:20AM -0500, oxdeadbeef <oxdeadbeef at pit-of-despair.com> wrote:
>>> On Tue, 22 Nov 2005, stripes wrote:
>>>> On Wed, Nov 23, 2005 at 04:14:53AM +0100, Jan-Oliver Wagner wrote:
>>>> I agree, something like SecurePerl (stripped down for
>>>> security purposes) would be very cool.
>>> I dont see the point of actually stripping it down. That then would limit
>>> the use of the language. The application is testing for security
>>> vulnerabilities by *any* means. Sure certain places in the core *have* to
>>> be secure code. But limiting a language would just defeat the
>>> purpose of using it in the first place. NASL is limited and lacks alot of
>>> functionality, but yet it still can be used maliciously.
>> the plugin scripts should have a stripped environment.
>> The Server of course not.
>> The example I am having in mind is Zope - they solved
>> this quite nicely.
More information about the Openvas-discuss