Mailing List Archive

perl-like split() ...

DNS functions like gethostbyaddr(), gethostbyname(), etc. which can be
directed to a "script specified" DNS server. I've been wanting to write a
script to look up an IP in the spammer's domain...this requires a
gethostbyaddr() call to a specific DNS server. Of course, this breaks one
of Renaud's initial design goals (i.e. disallowing traffic initiating to a
non-tested IP)....

John W. Lampe
https://f00dikator.aceryder.com/


----- Original Message -----
From: "Michel Arboi" <arboi@noos.fr>
To: <nessus-devel@list.nessus.org>
Sent: Saturday, January 04, 2003 10:04 AM
Subject: NASL2 wish list


> Any special desire while we are working on a brand new NASL
> interpreter?
> e.g. new operators, syntax, variable types, features...
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.434 / Virus Database: 243 - Release Date: 1/2/2003

I don't know if it is still true, but it used to be the case that nested
if-then-else statements did not work properly.

So, ability to have nested if-then-else. :)

--
---
Nathan Valentine - <nathan@nathanvalentine.org>
http://www.nathanvalentine.org
AIM: NRVesKY

"Nathan R. Valentine" <nathan@nathanvalentine.org> writes:

> I don't know if it is still true, but it used to be the case that nested
> if-then-else statements did not work properly.
>
> So, ability to have nested if-then-else. :)

$ cat /tmp/n.nasl
function f(n)
{
x1 = n % 2; x2 = (n / 2) % 2;
if (x1)
if (x2)
display("Three\n");
else
display("One\n");
else
if (x2)
display("Two\n");
else
display("Zero\n");
}

for (i = 0; i < 4; i=i+1) {
display(i," "); f(n: i);
}

$ /opt/nasl2/bin/nasl -t localhost /tmp/n.nasl
0 Zero
1 One
2 Two
3 Three
$ /opt/nessus/bin/nasl -t localhost /tmp/n.nasl
/tmp/n.nasl : Warning : evaluating unknown variable - (n/2)
0 One
/tmp/n.nasl - Error ! Function "elseif" does not exist
$

On Saturday 04 January 2003 12:04, Michel Arboi wrote:
> Any special desire while we are working on a brand new NASL
> interpreter?
> e.g. new operators, syntax, variable types, features...

* var++, var--, --var, and ++var operators

* variable and function reference type (store function reference in a
array index and be able to call it)

* a reference type would allow functions to return array references, so
user created functions could have multiple return values

* a dereferencing and reference test function to see if a variable
contains a refernece and what type it is

* NULL value - "0" should not the return value for an error response

* defined() function to test for a NULL value

* use of PCRE over EREG regular expressions

* array_pop(), array_push(), array_shift(), array_count() functions

* assign numerical indexes to each array entry keyed by a string, ex:
test["bob"] == test[0]

* KB management functions (that dont fork)
+ kb_enum() - returns all keys under the argument as an array
+ get_kb_list() - non-forking get_kb_item that returns an array

* a select(fd, timeout) function for sockets, to test for pending data

* MD5 function that returns the 32 byte hex string

* Base64 encode and decode functions

... sure there are more, just need a few minutes to look over some code
and see what would have made things less painful ;)

H D Moore <hdm@digitaloffense.net> writes:

> * var++, var--, --var, and ++var operators

No problem for "++x"; in fact, you can already write it (x=x+1)
Do you really need "x++" ? (yes, I am lazy :)

> * variable and function reference type (store function reference in a
> array index and be able to call it)

Something like the & and * C operators?

> * a reference type would allow functions to return array references, so
> user created functions could have multiple return values

As soon as I implement array affectations, this should be easy.

> * a dereferencing and reference test function to see if a variable
> contains a refernece and what type it is

Typeof ? Mmmmhhhh... What do we return? A number?

> * NULL value

It exists. We just have to define the constant for user functions.

> "0" should not the return value for an error response

Internal functions already return NULL when there is an error.

> * defined() function to test for a NULL value

Easy. But is it so useful?

> * use of PCRE over EREG regular expressions

PCRE? The regex that can be matched in exponential time?

> * array_pop(), array_push(), array_shift(), array_count() functions

What would be the effect of array_shift? Rotate the array or drop some
elements?

> * assign numerical indexes to each array entry keyed by a string, ex:
> test["bob"] == test[0]

Do you _really_ insist? Currently, you can do this in NASL2:
test["a"] = "something";
test["0"] = "blah";
test[0] = "Not the same";

Maybe a "keys" or "index" operator that returns an array made of all
the index?

> * KB management functions (that dont fork)
> + kb_enum() - returns all keys under the argument as an array
> + get_kb_list() - non-forking get_kb_item that returns an
> array

I leave all this for Renaud :-)

> * a select(fd, timeout) function for sockets, to test for pending data

OK for TCP connection; not great for SSL/TLS.

> * MD5 function that returns the 32 byte hex string

Easy.

> * Base64 encode and decode functions

They exist in NASL somewhere IIRC.

On Saturday 04 January 2003 17:18, Michel Arboi wrote:

> No problem for "++x"; in fact, you can already write it (x=x+1)
> Do you really need "x++" ? (yes, I am lazy :)

Dont _need_ it, but its annoying not to have when you are used to it ;)

> > * variable and function reference type (store function reference in a
> > array index and be able to call it)
>
> Something like the & and * C operators?

Yup.

> > * a dereferencing and reference test function to see if a variable
> > contains a refernece and what type it is
>
> Typeof ? Mmmmhhhh... What do we return? A number?

A number, but have it mapped to a constant, could use a string too, like
PHP's, "Object", "Scalar", and "Reference".

if (ref_type(myvar) == REF_FUNC)
{
myfunc = *myvar;
myfunc();
}

Being able to deref with -> would be nice, but might be painful to
implement with the parser code (haven't looked at it yet).

> > * defined() function to test for a NULL value
>
> Easy. But is it so useful?

No need as long as there is a NULL value you can compare against.

> > * use of PCRE over EREG regular expressions
>
> PCRE? The regex that can be matched in exponential time?

Yeah yeah, just the ereg syntax of required leading and trailing match
strings annoys the hell out of me ("blah(.*)blah" vs
".*blah(.*)blah.*"), I can live without it, just figured it was worth a
shot :)

> > * array_pop(), array_push(), array_shift(), array_count() functions
>
> What would be the effect of array_shift? Rotate the array or drop some
> elements?

Return and remove the first element, not necessary, but sometimes you may
want to pull each item off in the order it was placed there.

> > * assign numerical indexes to each array entry keyed by a string, ex:
> > test["bob"] == test[0]
>
> Do you _really_ insist? Currently, you can do this in NASL2:
> test["a"] = "something";
> test["0"] = "blah";
> test[0] = "Not the same";

With the old NASL, there is no way to iterate through all of the array
elements when they key is a string. A PHP'ish each()/reset() or a foreach
construct would make this unecessary. Forcing a numeric index would let
people write a for loop for going through all the elements (although they
still wouldnt be able to get the key for the value).

> Maybe a "keys" or "index" operator that returns an array made of all
> the index?

That would be perfect!

> > * a select(fd, timeout) function for sockets, to test for pending
> > data
>
> OK for TCP connection; not great for SSL/TLS.

Ick, true. Nevermind then.

-HD

> Do you _really_ insist? Currently, you can do this in NASL2:
> test["a"] = "something";
> test["0"] = "blah";
> test[0] = "Not the same";

is
test[] = "nextvalue" also supported?

regards,
felix huber

"Felix Huber" <huberfelix@webtopia.de> writes:

> is
> test[] = "nextvalue" also supported?

No. What should it do?

H D Moore <hdm@digitaloffense.net> writes:

> > Do you really need "x++" ? (yes, I am lazy :)
> Dont _need_ it, but its annoying not to have when you are used to it ;)

OK OK. (looks like you are as lazy as me :)

> A number, but have it mapped to a constant, could use a string too

A string is probably better.

> Being able to deref with -> would be nice

Example of syntax?

> With the old NASL, there is no way to iterate through all of the array
> elements when they key is a string.

What about a foreach operator?

> > Maybe a "keys" or "index" operator that returns an array made of all
> > the index?

> That would be perfect!

Then we'll be able to sell NASL back to Larry Wall :-]

Quoting Michel Arboi <arboi@noos.fr>:

> "Felix Huber" <huberfelix@webtopia.de> writes:
>
> > is
> > test[] = "nextvalue" also supported?
>
> No. What should it do?

I think put the next value to the array... just like push() in perl, without
requiring you to know the number. That would have helped me a number of times
writing/testing plugins when I forgot to incrememnt the number...

-Sullo

--
http://www.cirt.net/

sullo@cirt.net wrote:
> Quoting Michel Arboi <arboi@noos.fr>:
>
>
>>"Felix Huber" <huberfelix@webtopia.de> writes:
>>
>>
>>>is
>>>test[] = "nextvalue" also supported?
>>
>>No. What should it do?
>
>
> I think put the next value to the array... just like push() in perl, without
> requiring you to know the number. That would have helped me a number of times
> writing/testing plugins when I forgot to incrememnt the number...
>
> -Sullo
>

As a whole, look at PHP's array/hash handling facilities.
They are pretty decent.

In fact, has anyone considered turning this around the
other way, and taking PHP and linking it into Nessus,
stripping out that which is not wanted, and adding those
function that are???

There would be a number of advantages/disadvantages to
doing this, not the least of which is you get a huge
set of mature capabilities that are maintained by another
group of people for free, once you've built in the necessary
additional support to do the packet type activities and
associated stuff that Nessus needs.

Thomas

> Any special desire while we are working on a brand new NASL
> interpreter?
> e.g. new operators, syntax, variable types, features...
>

move all of the smt_nt.inc functions into native nasl2.

Since 95% of INTERNAL systems usually audited are windows workstations,
and since that means that 95% of the internal security risks are windows
(and 95% of the time is spend on windows stuff) we need to increase
performance of the smb_nt functions

With them being in a stand alone include file, either:
A) we eliminate or null out the include file
or
B) the include file can be edited to port to native _smb functions.

Also multi threaded smb_ functions, encrypted smb functions )so we don't
have to send administrative password in plain text) and smb_mx functions
(multi part readx)

--
Michael Scheidell, CEO
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/

On Sun, Jan 05, 2003 at 11:04:15AM -0500, Michael Scheidell wrote:
> move all of the smt_nt.inc functions into native nasl2.

There's no need to that. NASL2 really is fast enough to handle it
(give it a try yourself) and this would prevent us to be flexible the
day we want to improve SMB.

What would be more interesting would be to merge the code from samba TNG
in libnasl and therefore gain a perfectly reliable set of SMB functions
(which handle multiple connections at the same time). This is a lot of
work though.


-- Renaud

Thomas Reinke <reinke@e-softinc.com> writes:

> As a whole, look at PHP's array/hash handling facilities.
> They are pretty decent.

Do we need them for small attack scripts?
BTW, NASL2 doesn't handle multi-dimensional arrays.

> In fact, has anyone considered turning this around the
> other way, and taking PHP and linking it into Nessus,
> stripping out that which is not wanted, and adding those
> function that are???

NASL has be design from scratch so that no script can contain a logic
bomb. e.g. it is not possible to attack a machine other than the
designated target, run external commands (but a popen function would
be nice for "trusted" scripts), etc.

--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/

Renaud Deraison <deraison@nessus.org> writes:

> There's no need to that. NASL2 really is fast enough to handle it
> (give it a try yourself) and this would prevent us to be flexible the
> day we want to improve SMB.

The way the parser is written, we could read all the .inc files only
once and just parse the .nasl
This could speed the test up.

Currently, I am employed through the Rochester Institute of Technology to
enhance the reporting scheme in Nessus. I have received feedback from
several members of the Nessus community in reguards to what they'd like
to see in the reports.

I have made a compilation of that feedback, along with some of my own
suggestions on how to improve Nessus (inparticularly, the reporting).
Due to the large nature of my wish list, I have put it on a website:
http://www.rit.edu/~wjh3710/plugin_stats.html

There, I analyzed the current Nessus plugins for the type of vulnerability
reported (Security Note/Warning/Hole) and there reported risk. The stats
were surprising and lead me to believe that the vulnerability levels need
defined.
In addition, there are several other small things that can be added to
NASL to produce better reports and results for the end-user. I have
detailed some of the problems with NASL/plugins and some proposals for
improvement.

Some of my suggestions will eliminate any chance of backwards
compatibility with published scripts, but they should be easy to update.

Free to forward me your opinions.

----------------------
William Heinbockel
Information Security Incident Response Assistant
Co-op Risk & Safety Management
Rochester Institute of Technology
E-mail: wjh3710@rit.edu


On Sat, 4 Jan 2003, Michel Arboi wrote:

> Any special desire while we are working on a brand new NASL
> interpreter?
> e.g. new operators, syntax, variable types, features...
>

Hi,

Some practical things I'd like from nasl:

1) Some way to return the contents of brackets from regular expressions
2) Able to expand arrays into variables, like (a, b, c) = array
3) split
4) foreach
5) some library function to help with version number checks

While we're on wish list mode though...

A) The nessus/plugin interface could be much improved, for example so
the "risk" field is a proper separate field, not lost in the decription.

B) This if(description) { ...} setup ain't too hot... what would be
really cool is having an XML DTD for plugins

C) What I'd really like is to write plugins in a language like perl or
python. Both languages have support for restricted code, so network
access can be limited. Also, I think the memory use is no great problem,
because the interpreter is just loaded once, in shared memory. Do we
NEED this for small plugins? No... but thing is both languages serve me
just fine for everything from tiny to massive tasks - I even like perl
one-liners. A lot of NASL scripts do all sorts to hard work to get
around the limited functions... this reminds me of programming my
graphical calculator and there's no need to subject ourselves to this.

Paul

--
Paul Johnston
Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk

Michel Arboi <arboi@noos.fr> writes:
> Any special desire while we are working on a brand new NASL
> interpreter?
> e.g. new operators, syntax, variable types, features...

* the NASL interpretor should be more strict (especially on parsing)
in order to better catch programmers' mistakes

* the NASL interpretor should have a "sh -x" functionality to ease
debugging

* the NASL language should have a more accurate and up-to-date
documentation (reference guide + plugins writers guide or tutorial)
to help plugins writers

* the NASL language should have more builtin functions to be able to
write _all_ plugins in NASL (only NASL plugins can be safely
updated via nessus-update-plugins)

* the old plugins written in NASL should be updated regularly to take
advantage of the new features of the language and also to serve as
examples on how to correctly write plugins

* implement script_require_udp_ports() and script_require_tcp_ports()

Cheers,
__________________________________________________________
Lionel Cons http://cern.ch/lionel.cons
CERN http://www.cern.ch

Murphy's 1st Law:
Nothing is as easy as it looks.

I hacked up Perl plugin support a while back, the problems with it are the
lack of an established API (ie. no libnasl functions available in Perl),
the fact that dynamic loading has to be enabled in the Perl executable to
use the IO::* modules, and the lack of security restrictions in its
current implementation. Last time I brought the subject up, nobody seemed
to care one way or another about it, so I stopped working on it.

http://www.digitaloffense.net/perlisms/nessus/
^- this patches 1.2.6, should work for CVS though

-HD

On Monday 06 January 2003 03:44, Paul Johnston wrote:
> C) What I'd really like is to write plugins in a language like perl or
> python. Both languages have support for restricted code, so network
> access can be limited. Also, I think the memory use is no great
> problem, because the interpreter is just loaded once, in shared memory.
> Do we NEED this for small plugins? No... but thing is both languages
> serve me just fine for everything from tiny to massive tasks - I even
> like perl one-liners. A lot of NASL scripts do all sorts to hard work
> to get around the limited functions... this reminds me of programming
> my graphical calculator and there's no need to subject ourselves to
> this.

Lionel CONS <lionel.cons@cern.ch> writes:

> * the NASL interpretor should be more strict (especially on parsing)
> in order to better catch programmers' mistakes

It is.

> * the NASL interpretor should have a "sh -x" functionality to ease
> debugging

It has now.

> * the NASL language should have a more accurate and up-to-date
> documentation (reference guide + plugins writers guide or tutorial)
> to help plugins writers

TBD

> * the NASL language should have more builtin functions to be able to
> write _all_ plugins in NASL (only NASL plugins can be safely
> updated via nessus-update-plugins)

This means that we need to call external commands from NASL. This is a
security problem.

> * the old plugins written in NASL should be updated regularly to take
> advantage of the new features of the language and also to serve as
> examples on how to correctly write plugins

There are not so many new features.

Anyway, most of the old NASL1 plugins can be correctly parsed and
executed by NASL2. Fixing the few bad ones is easy.
I am afraid that the new NASL2 plugins will not be compatible with
NASL1. So the transition period Nessus 1.2 -> Nessus 1.4 is going to
be painful :-(

> * implement script_require_udp_ports() and script_require_tcp_ports()

Renaud?

This may be stupid, but it would really turn me on if NASL worked a lot more
like expect. It looks to me like most NASLs send something, then they do
somthing based on what came back, of which there may be a multitude of
permutations. Expect is my favorite language for dealing with (ill behaved)
third party programs. Specifically something like this:

spawn nc 25 tcp
expect {
timeout {
puts "Error connecting\n"
}
"250 *"
{
puts "Connected to [fancy_string_trim_function
$exp_out]"
}
}

send "WIZ"
expect {
timeout {
puts "Didn't like that one\n"
exit 0
}
"502 *" {
puts "Recieved proper error response\n"
exit 0

"501 *" {
puts "Recieved bad syntax error response\n"
exit 0
}
"assword:" {
send "\n"
}
}

expect {
timeout {
puts "Error\n"
exit 0
}
"Welcome to Wizard Mode"
{
puts "Security Hole in Sendmail! Sendmail sucks. Use
something else please!"
exit 1
}
"Invalid Password"
{
puts "Potential Security Hole in Sendmail! Wizard
mode is enabled, \
however it is checking for a password."
exit 1
}
}


Another thing about the way Expect works is that it keeps a rolling buffer
that the string matches are done against. This is really handy when sending
text back and forth with a remote host. For example, the Nortel password
NASL false alarms on some nortel routers that have a banner because it
recieves a 1024 byte buffer that gets filled with the banner. The script
only checks that first 1024 bytes, doesn't find "Username" or "Login" in it
and assumes that the device is vulnerable.

Just a thought..

It would be grand also if NASL2 used TCL. I read the whole thing about
playing favorites with languages, however I am sick and tired of learning
automation languages for different applications and TCL is built
specifically for the purpose of embeding into other products to provent the
proliferation of automation languages....

Additionally, while I have some attention, this is more a Nessus feature
than a NASL2 feature, another thought of mine is to do some platform
detection. My vision is that any NASLs that depend on a particular platform
would identify the platform name in the KB and other NASLs could check for
it. This would drastically reduce the time required in a scan and reduce
false positives.

An example would be for a nasl that works on exchange (we KNOW there will
NEVER be exchange for unix) to type a particular node as a Microsoft
product, then none of the UNIX specific NASLs or Cisco NASLs would run.
There would have to be some capacity to enable/disable this feature. It
would be the same sort of choice as using dangerous plugins. For example, a
host might be a firewall that has port forwards to a MS-Exchange server and
an Apache server on solaris apearing on the same address.

I didn't say it would be easy to do, just very helpfull.

P.S. No offence intended to any rabid sendmail fans out there, it's just an
easy target.

-----Original Message-----
From: owner-nessus-devel@list.nessus.org
[mailto:owner-nessus-devel@list.nessus.org]On Behalf Of Michel Arboi
Sent: Saturday, January 04, 2003 12:05 PM
To: nessus-devel@list.nessus.org
Subject: NASL2 wish list


Any special desire while we are working on a brand new NASL
interpreter?
e.g. new operators, syntax, variable types, features...

Hi All,

I wonder if you have considered embedding a Javascript interpreter in
nessus rather than implementing your own interpreter? The existing nasl
language is almost the same so the effort of porting the existing
scripts would be very small, and the advantages of using a more commonly
used language should be obvious.

It is very easy to add custom functions (e.g.. forge_ip_packet) to the
interpreter, so there would be no change in the ease with which scripts
could be written. Using Javascript would also solve problems like the
lack of power of the existing regexp engine, and the ability to use
tools such as a debugger would help script writers. You can see
information about embedding the netscape (SpiderMonkey) JS library at
http://www.mozilla.org/js

Cheers

Rich.

> From: WILLIAM HEINBOCKEL [mailto:wjh3710@osfmail.isc.rit.edu]
> Sent: Sunday, January 05, 2003 4:20 PM

> http://www.rit.edu/~wjh3710/plugin_stats.html
> ... The stats were surprising and lead me to believe that the
> vulnerability levels need defined.

William, thanks for analyzing those risk levels.

I recommend that risk levels be assigned numeric scores from 0
(for low-risk info like traceroute) increasing as vulnerability
worsens. I don't care what the max value is, 6, 9, or 100.
A plugin might indeed kick out two numbers, a risk score which
focuses on the worst case, and a false-alarm fuzz-factor.

This kind of scoring--approximate and faulty though it may be--
helps in situations like mine where I must prioritize attention
to 15,000 plus devices.

I kludged a post-processing script that maps NSR text
risk factor ("None" to "Critical") and selected plugin IDs to a
priority number 0 (info like traceoute) to 9 (already compromised).

I calculate for each system its largest risk score 0-9. I also
find its total score which can be up around 200 or 300.

I modify a plugin risk score based on factors outside the scope
of that one plugin. In my post-processing, Plugin 10350 "Shaft" I
initially assess as level 9, Extreme Badness.

But Shaft is a Unix affliction. If nmap reports an OS guess of
"Windows" or "HP Printer" and that guess is verified by port 139
or 9100 being open, then I reduce the plugin 10350 score to level 5.
Not lower; the OS guess might be wrong, and it really is a Unix box
with Shaft. Thus I avoid losing credibility as a security analyst.

Meanwhile, I feel guilty for not carefully investigating a possible
false alarm and improving plugin 10350.

Some existing categories such as "Security Note" and "Low Risk"
can indeed be combined. In my experience, refining assessments
especially in the "High" range is desirable. In that spirit,
I initially assign "High" risks to a score of 7. I found that
the word "write" in English plugin results, especially for SMB
plugins, indicates a writeable filesystem or writeable registry
in addition to other badness. So I increment the plugin risk
score up by 1. If the plugin mentions a possible "false positive",
the score decrements by 1. This is voodoo, but so far this spread
has helped me statistically attend to the most needy systems first.
In short, a better way would be for plugin writers to carefully
adjust the risk score depending on factors that mitigate or worsen
the exposure.

System scores and other refinements drawing on results of multiple
plugins could be calculated by a final plugin instead of post-processing.

Instead of adjusting plugin score as my post-processing now does, one might
accumulate "false alarm" credits against the total. Or a plugin might
yield a score and a fuzz factor. In any case, if plugins would at least
yield a numeric score, rather than just "Low", "Critical", etc. that
would help those of us dealing with large quantities of systems.

-- Greg Johnson, University of Missouri

On 4 Jan 2003, Michel Arboi wrote:

> Any special desire while we are working on a brand new NASL
> interpreter?

1. local variables

2. null-character safety of all string operations

3. a builtin function to extract a substring

4. builtin functions to marshall and demarshall elementary binary
values (i.e. 4 bytes as unsigned long endian integer), perhaps
some high-level functions for complete binary structures too:
something like configurable forge_*_packet and its (nonexistant)
demarshalling counterpart, plus some utility functions to measure
offsets and sizes within these structures in order to eliminate the
need to count bytes manually (yes, I am lazy)

5. make it possible to terminate a plugin or a part of it when a runtime
error (e.g. out-of-bound array access) occurs...too many plugins tend
to enter an endless loop in such situations

6. identify offending plugins in their error output, esp. when written
to nessusd.messages (perhaps a task for Nessus core?)

7. remove string + from the language because its behaviour is too magical
(cf. the discussion about string concatenation several months ago)

8. builtin functions to print diagnostic info (debugging info, warnings
& errors)...yes, I know we have display() but I want something that
can distinguish between "tracepoints" included for debugging purposes
(sh -x like trace is a good thing but it can be too verbose) and
error messages reporting real problems...in fact, there should probably
be a special kind of report (like security_hole()) for situations
when the plugin fails in an unexpected way (e.g. it fails to parse
received data, it dies due to a runtime error (see #5) etc.

9. something like BSD vis() to make it possible to include untrusted
strings in reports and other outputs in a safe way

--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."