Jan,
thanks for the comments.
We will upload our SSH2 public key to have the SVN write access and we
will read the SVN rules. We are familiar with the use of SVN.
I agree. We can submit one NVT at a time in the mailing list.
As for the testing, we actually had a work around: we developed a patch
for openvassd that will print a detailed log on what the scanner is
doing when is executing each NVT. With that we can also test the use of
the KB. Let me know if you are interested and we will submit the patch.
Thanks.
Michelangelo
On 06/28/2012 11:12 AM, Jan-Oliver Wagner wrote:
> Hi,
>
> sorry for the delayed answer.
>
> On Dienstag, 19. Juni 2012, Songhan Yu wrote:
>> We have modified our plugins submitted yesterday based on the advice
>> from Jan, and added three new plugins.
> in the first phase of your contributions I think it would be nice to
> handle the NVTs one by one.
>
> So, perhaps just start with asterisk NVTs and here with
> nopsec_asterisk_ast_2012_006.nasl.
>
> (note, however, that I am not a NVT developer myself, so other expert
> comments are welcome).
>
> I think you can soon commit this script. Have you already requested to join
> OpenVAS on
> Wald development platform? This way you can be provided with SVN write
> access, provided you
> upload your sshv2 public key in your Wald profile.
>
> Are you experienced in using SVN?
>
> Are you familiar with our SVN commit rules like that we add always a detailed
> ChangeLog
> entry manually for with each commit?
>
> As for this NVT:
>
> * You don't need the "Description:" text inside the description attribute.
>
> * You don't need the "This script is " in the copyright attribute.
>
> * This sline looks a bit strange:
> port = get_kb_item("Services/udp/sip");port = 4569;
> Maybe a copy & paste error?
>
> * You should use the product detecion in a better way.
> This wasn't documented until a few minutes ago, but I took this
> occasion to write down a quick howto:
> http://www.openvas.org/nvt-dev.html
>
> * One of the exit(0) seems unnecessary to me.
>
> * script_category: is ACT_GATHER_INFO suitable?
>
>
> About testing:
>
> I know it is not too easy currently to test the NVTs. In fact
> you need to place them into a OpenVAS-5 installation, restart
> scanner, rebuild openvasmd database and then run a task to see whether
> it works for the non-vul case and then again run the task for the vul-case.
> (or have dual scenarios to do that in one go).
>
> Do you have such a test/stage ennvironment in place?
>
> All the best
>
> Jan
>
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
