Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> writes:
> 1. local variables
Done.
> 2. null-character safety of all string operations
I have to double check.
> 3. a builtin function to extract a substring
Done: substr(s, start [,end])
See also insstr()
> 4. builtin functions to marshall and demarshall elementary binary
> values (i.e. 4 bytes as unsigned long endian integer), perhaps
> some high-level functions for complete binary structures too:
> something like configurable forge_*_packet and its (nonexistant)
> demarshalling counterpart, plus some utility functions to measure
> offsets and sizes within these structures in order to eliminate the
> need to count bytes manually (yes, I am lazy)
> 5. make it possible to terminate a plugin or a part of it when a runtime
> error (e.g. out-of-bound array access) occurs...too many plugins tend
> to enter an endless loop in such situations
The NASL2 interpreter could detect such condition but I hesitated...
> 6. identify offending plugins in their error output, esp. when written
> to nessusd.messages (perhaps a task for Nessus core?)
> 7. remove string + from the language because its behaviour is too magical
> (cf. the discussion about string concatenation several months
> ago)
I was re-reading the NASL2 code and I realized it need some fixing...
> 8. builtin functions to print diagnostic info (debugging info, warnings
> & errors)...yes, I know we have display() but I want something that
> can distinguish between "tracepoints" included for debugging purposes
> (sh -x like trace is a good thing but it can be too verbose) and
> error messages reporting real problems...
IIRC Renaud implemented a debug() function
> 9. something like BSD vis() to make it possible to include untrusted
> strings in reports and other outputs in a safe way
You mean "properly escaped"?
> 1. local variables
Done.
> 2. null-character safety of all string operations
I have to double check.
> 3. a builtin function to extract a substring
Done: substr(s, start [,end])
See also insstr()
> 4. builtin functions to marshall and demarshall elementary binary
> values (i.e. 4 bytes as unsigned long endian integer), perhaps
> some high-level functions for complete binary structures too:
> something like configurable forge_*_packet and its (nonexistant)
> demarshalling counterpart, plus some utility functions to measure
> offsets and sizes within these structures in order to eliminate the
> need to count bytes manually (yes, I am lazy)
> 5. make it possible to terminate a plugin or a part of it when a runtime
> error (e.g. out-of-bound array access) occurs...too many plugins tend
> to enter an endless loop in such situations
The NASL2 interpreter could detect such condition but I hesitated...
> 6. identify offending plugins in their error output, esp. when written
> to nessusd.messages (perhaps a task for Nessus core?)
> 7. remove string + from the language because its behaviour is too magical
> (cf. the discussion about string concatenation several months
> ago)
I was re-reading the NASL2 code and I realized it need some fixing...
> 8. builtin functions to print diagnostic info (debugging info, warnings
> & errors)...yes, I know we have display() but I want something that
> can distinguish between "tracepoints" included for debugging purposes
> (sh -x like trace is a good thing but it can be too verbose) and
> error messages reporting real problems...
IIRC Renaud implemented a debug() function
> 9. something like BSD vis() to make it possible to include untrusted
> strings in reports and other outputs in a safe way
You mean "properly escaped"?