[Openvas-discuss] ID/OID scheme for OpenVAS NASL scripts?

Bernhard Herzog bh at intevation.de
Thu Jan 3 21:47:47 CET 2008


On Thursday 03 January 2008 12:00, Jan-Oliver Wagner wrote:
> Using OIDs for NASL scripts:
>
> Could be based on families, e.g.
> 1.3.6.1.4.1.25623.1 = iso.org.dod.internet.private.enterprise.OpenVAS.DSA
> 1.3.6.1.4.1.25623.1.1157 =
> iso.org.dod.internet.private.enterprise.OpenVAS.DSA.1157
> 1.3.6.1.4.1.25623.0 =
> iso.org.dod.internet.private.enterprise.OpenVAS.libraries
> 1.3.6.1.4.1.25623.0.1 =
> iso.org.dod.internet.private.enterprise.OpenVAS.libraries.package-tests
>
> (note: I do not know whether 0 is allowed as number and which characters
> for the name (e.g. "-"))
>
> Please let me know wether I am all wrong with my guesses.
> If not, is the above example to way to go?

Sounds good in principle.  I wonder, though, whether there should be 
additional intermediate levels of OIDs and a way to simply map the old nessus 
plugin ID to an OID during a transition phase:

...25623.1 = OpenVAS.NASL
...25623.1.1 = OpenVAS.NASL.legacy
...25623.1.1.123 = OpenVAS.NASL.legacy.123  (old nessus ID 123 as OID)
...25623.1.2 = OpenVAS.NASL.libraries
...25623.1.3 = OpenVAS.NASL.DSA
...25623.2 = OpenVAS.SomeOtherPluginSpace
...

This would leave the OID space a little cleaner if we ever need OIDs for other 
purposes such as LDAP attributes.


> This would mean in practice to have something like:
> script_id("1.3.6.1.4.1.25623.1.1157");
> instead of
> script_id(57304);
> which apparently will cause trouble (integer vs string),
> as you can see in openvas-libraries/libopenvas/plugutils.c:
> ExtFunc
> void plug_set_id(desc, id)
>  struct arglist * desc;
>  int id;
> {
>  arg_add_value(desc, "ID", ARG_INT, sizeof(int), (void*)id);
> }
>
> So we would have to go through all the code and do changes
> accordingly. It is doable (I will do) if we think it is worth it.

This will need to be done in the client, too, of course.  There's plenty of 
code in openvas-client that assumes the ID is an int.  Also, the protocol 
would need to be changed, too.

> Alternatively it is possible to introduce
> script_oid("1.3.6.1.4.1.25623.1.1157");
> and add corresponding processing though all of the code.
> Also doable, maybe less overall efford than to change int to str for ID.
> Open question is what to do with the old ID, just try to have no conflicts
> among the various contributores via some simple rules? Leave empty?

I'd say we switch to using OIDs.  script_id(1157) would be equivalent to 
script_oid("1.3.6.1.4.1.25623.1.1.1157") using the legacy OIDs from above.

  Bernhard

-- 
Bernhard Herzog                              Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20080103/fe56a0cb/attachment.sig>


More information about the Openvas-discuss mailing list