Nmap Development mailing list archives
Re: parsing of script-args is broken
From: Patrick Donnelly <batrick () batbytes com>
Date: Sun, 10 May 2009 07:23:17 -0600
On Fri, May 1, 2009 at 6:02 AM, Patrick Donnelly <batrick () batbytes com> wrote:
Hi David, On Thu, Apr 30, 2009 at 6:16 PM, David Fifield <david () bamsoftware com> wrote:On Mon, Apr 27, 2009 at 04:38:20PM -0600, Patrick Donnelly wrote:On Mon, Apr 27, 2009 at 7:53 AM, jah <jah () zadkiel plus com> wrote:This patch looks good to me. Do you think we should allow lists too: vhost={domain.co.uk,domain.com}? Your patch will pass that example to loadstring() as: ["vhost"]={domain.co.uk,domain.com} whereas it is intented as: ["vhost"]={"domain.co.uk", "domain.com"} supplying the arguments with quoted list-members works fine by the way: --script-args vhost={'domain.co.uk','domain.com'} => ["vhost"]={'domain.co.uk','domain.com'} A list seems to me to be a reasonable thing to be able to supply to a script and with this patch, the user will have to quote the list items themselves which isn't very intuitive given that we can quote key/value pairs on their behalf.I don't think array were originally intended but I have updated the patch to allow this. Correctly implementing this with Lua's limited regular expressions can be tricky to get correct so if you find any more bugs (or have suggestions) let us know.This patch looks fine to me too. Check it in, just please be sure to give examples of any new syntax in scripting.xml. (Something like the "domain.co.uk" above is fine.)I'm not yet convinced this patch is ready to be merged. Because we eventually have Lua compile these rules so we can obtain the argument table, strings are thus subject to escape sequences. I believe this may be a bad "gotcha" in the future; I would like to remove the possibility for future problems. What should happen if the user passes these arguments: --script-args "script-tag=C:\Nmap\SomeFile" This won't do what is expected. We get the table: nmap.registry.args = { [script-tag] = C:NmapSomeFile } I'm fairly certain we can expect files to be used in --script-args sometime in the future. To correct this, we could escape each backslash; however, this would also limit adding arbitrary byte sequences (without the help of something like the UNIX command echo). What do you guys think the policy should be? Also, neither patch works with illegal characters (e.g. commas) in quoted values: --script-args "smbpass=\"P455,0rd\"" will error for both patches. I had though this was right but it does not work. This patch does need some more development. What are your guys' thoughts on the appropriate policy for the above problems?
Ok I've taken another attempt at getting this correct. This patch is unfortunately much larger than previously. Alas, Lua's pattern matching facilities are far too weak to come up with an appropriate grammar. I have created a semi-complex state machine to work instead. Here are the rules for --script-args definitively: --script-args <string> <string> may contain a sequence of key=value pairs and array entries separated by commas. All whitespace except where noted below is ignored. A key, value, or array value may be a sequence of characters except '{', '}', ',', '=', and all space characters. You may overcome this restriction by using quotes (single or double) to allow all characters within the quotation marks. You may also use the quote delimiter inside the sequence so long as it is escaped by a backslash. A value is allowed to be a nested table delimited by '{' and '}'. A string (for a key, value, or array value) may have arbitrary byte sequences using "\ddd" where ddd is a decimal number up to 255 signifying its corresponding byte. You may avoid this translation by escaping the backslash with another (e.g. \\123). -- -Patrick Donnelly "Let all men know thee, but no man know thee thoroughly: Men freely ford that see the shallows." - Benjamin Franklin
Attachment:
sargs3.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- parsing of script-args is broken jah (Apr 26)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)
- Re: parsing of script-args is broken jah (Apr 27)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)
- patch looks good jah (Apr 27)
- Re: parsing of script-args is broken David Fifield (Apr 30)
- Re: parsing of script-args is broken Patrick Donnelly (May 01)
- Re: parsing of script-args is broken Patrick Donnelly (May 10)
- Re: parsing of script-args is broken Patrick Donnelly (May 15)
- Re: parsing of script-args is broken Ron (May 17)
- Re: parsing of script-args is broken jah (May 17)
- Re: parsing of script-args is broken Patrick Donnelly (May 17)
- Re: parsing of script-args is broken jah (May 18)
- Re: parsing of script-args is broken jah (Apr 27)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)