Mailing List Archive: working with nulls :)

working with nulls :)

Sep 27, 2006, 7:59 AM

Post #1 of 4 (2375 views)

So, on to my next "make the scans cleaner" project.

How would one deal with snmp coming back with something like:

9.1.1.13.0 = Hex-STRING: 00 00 00 00 00 00 00 00 00 00 00

It's not a null, from near as I can tell... that is, isnull(var[1])
and isnull(string(var[1])) both are not true. doing a string(var[1])
gives:
..........

it displays 10 periods which are not the ascii values (an artifact of
the terminal perhaps?). I can get the length of the string (yay!) but
am leery of just matching on a length (although, honestly, in this
case, it's probably not gong to return any false negatives). How
might one go about matching that? Forgive me, while I have a CS
degree, my programming is kinda rusty (like 7 years since I was
programming every day) and the documentation I can find is complete
on what it covers, but I don't think it covers this :)

Doug Nordwall
Unix Administrator
EMSL Computer and Network Support
Unclassified Computer Security
Phone: (509)372-6776; Fax: (509)376-0420
The best book on programming for the layman is "Alice in Wonderland";
but that's because it's the best book on anything for the layman.

Re: working with nulls :) [ In reply to ]

deraison at nessus

Sep 27, 2006, 8:04 AM

Post #2 of 4 (2289 views)

Permalink

On Sep 27, 2006, at 10:59 AM, Douglas Nordwall wrote:

> So, on to my next "make the scans cleaner" project.
>
> How would one deal with snmp coming back with something like:
>
> 9.1.1.13.0 = Hex-STRING: 00 00 00 00 00 00 00 00 00 00 00
>
> It's not a null, from near as I can tell... that is, isnull(var[1])
> and isnull(string(var[1])) both are not true. doing a string(var
> [1]) gives:
> ..........
>

> it displays 10 periods which are not the ascii values (an artifact
> of the terminal perhaps?). I can get the length of the string
> (yay!) but am leery of just matching on a length (although,
> honestly, in this case, it's probably not gong to return any false
> negatives). How might one go about matching that?

The easiest way would be to convert it to an hex string :

str = hexstr(data);
if ( str == "0000000000000000000000" ) do_stuff();

Alternatively, you can also do :

if ( data == raw_string(0,0,0,0,0,0,0,0,0,0,0) ) do_stuff();

I tend to find the former a bit more readable.

-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: working with nulls :) [ In reply to ]

doug at pnl

Sep 27, 2006, 8:08 AM

Post #3 of 4 (2268 views)

Permalink

On Sep 27, 2006, at 8:04 AM, Renaud Deraison wrote:
>
>
> The easiest way would be to convert it to an hex string :
>
>
>
> str = hexstr(data);
> if ( str == "0000000000000000000000" ) do_stuff();
>
>
> Alternatively, you can also do :
>
> if ( data == raw_string(0,0,0,0,0,0,0,0,0,0,0) ) do_stuff();
>
>
> I tend to find the former a bit more readable.
>
>

and I would agree with you. I didn't see hexstr in the documentation,
but was wondering if it was there :)

> -- Renaud
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers
>

Doug Nordwall
Unix Administrator
EMSL Computer and Network Support
Unclassified Computer Security
Phone: (509)372-6776; Fax: (509)376-0420
The best book on programming for the layman is "Alice in Wonderland";
but that's because it's the best book on anything for the layman.

Re: working with nulls :) [ In reply to ]

mikhail at nessus

Sep 27, 2006, 8:14 AM

Post #4 of 4 (2278 views)

Permalink

On Wed Sep 27 2006 at 17:04, Renaud Deraison wrote:

> if ( data == raw_string(0,0,0,0,0,0,0,0,0,0,0) ) do_stuff();

Or data == '\0\0\0...'
or data == '\x00\x00\x00....'

(single quotes, *not* double quotes)
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers