Re: [Plugins-writers] Nessus Script ID 22033 and 22032: Contain a Bug?

From: Michel Arboi (mikhail@private)
Date: Wed Jul 12 2006 - 01:40:49 PDT

On Wed Jul 12 2006 at 10:11, Renaud Deraison wrote:

>> "cell2bool: converting array to boolean does not make sense!"

> It's a Nessus 2.x message which should be rather harmless.

This is in fact a "pedantic" warning. Maybe we should remove it.

NASL knows this types:
null, integer, string, array
Boolean is an internal type.

Conversion rules are defined for "integer" and "string". 
0 is FALSE, any non zero integer is TRUE.
"" is FALSE, any non empty string is TRUE -- but a bug in older versions
made "0" FALSE too, just like in Perl; now a warning is printed and
TRUE is returned. 
Because of the automatic conversion from string to integer, it is
safer to check the value of a string either with 'int(s) != 0' or
'strlen(s) > 0', according to the wanted semantics.

As we could not design any consistent rule for TRUE/FALSE arrays, they
are always TRUE (even for empty arrays IIRC), and a warning is printed.

However, in contrary to compiled languages like C, no type is
associated to a variable; only the contained value is typed. So a
non initialized variable has the "null" special type (which knows only
one value: NULL). A function may return this in case of error, for
example, or if it cannot send back any meaningful value. NULL is
always converted to FALSE. 
Some functions return an array, or NULL in case of error. 

[those who wonder what's the use of a null value should read "Computer
Data Structures" by John L. Pflatz or any other good book on the
topic. Or  try to guess why getchar() returns an int and not a char]

The lazy way to check if the error occured is:
v = f(...): if (v) { OK...} else { ERROR...}
This triggers the warning.

if (isnull(v)) ...
is cleaner and does not complain.

Both syntax returns the same result.
Plugins-writers mailing list

This archive was generated by hypermail 2.1.3 : Wed Jul 12 2006 - 01:41:29 PDT