Nmap Development mailing list archives
Re: CouchDB scripts
From: Martin Holst Swende <martin () swende se>
Date: Sun, 31 Jan 2010 21:21:28 +0100
David Fifield wrote:
On Wed, Jan 27, 2010 at 09:17:41PM +0100, Martin Holst Swende wrote:A Couchdb library and scripts is now finished(at least in alpha). It consists of : * json.lua - library for parsing json * couchdb-databases.nse - script which get database info * couchdb-get-stats.nse - script which get some runtime statistics from the database. Sample output is below (the bottom one may be a bit verbose - perhaps I should compact that a bit. The scripts can be found at the same place (or via hg pull ; hg update). For future reference : would you rather I send files via email ?Thanks. These scripts will be good ones to have. I tested it against CouchDB installed fresh from MacPorts. The first time running after starting the server I see PORT STATE SERVICE 5984/tcp open unknown |_couchdb-get-stats: |_couchdb-databases: The second and every following time I run the script, I get [snip]
No, I have no idea. I don't suppose you kept the -d3 log showing the traffic ?
I like that you have split JSON into a separate library. The library is too verbose with -d. The very low level parsing debug messages like NSE: Json:Parsed key a
[snip]
should be pushed up to -d4, or removed altogether if they are no longer needed.
Sure.
I would like json.qtrim to handle backslash escapes, and signal an error if it doesn't get a valid quoted string. It looks like fromJson can silently return bad data in the case of an error. I added these to your test cases: '() test ()', '1 / 2', '"gaz\\"onk"', '{foo:"gaz\\"onk", pi:3.14159,hello:{ wo:"rld"}}', They decode and flatten to, respectively, () test (), 1 / 2, gaz\, {hello={wo=rld,},pi=3.14159,foo=gaz\,} I would expect an error in the first two cases and gaz"onk {hello={wo=rld,},pi=3.14159,foo=gaz"onk,} for the last two.
This is where things start getting tricky. Regarding keys, which the qtrim is used for, we have some rules : they must be valid javascript object attribute names. This is valid: a={"fo\"o":"bar",vax:"boork"}; So, I will implement unescape for keys, but they do not have to be quoted in the first place (like a.vax), so it should not give errors in those cases. For values, however, it is more tricky, since they can be pretty much anything : a={a:1/2, b:alert, c:alert(1), d:{}+1, e:""|''|""} a.a => 0.5 (number) a.b => the window.alert function (native function) a.c => the return of alert, (undefined) a.d => "[object Object]1" (string) a.e => Three empty strings, OR:ed into 0 (number) So it is a bit of a mess going to deep into validating values. However, some basic checks could be done : 1. The top-level data should be on the form {...} or [...], just sanity-check that it probably is json data. 2. Values that are 'probably' strings (ends with and starts with the same quoting-character), should be escaped as keys (which would probably mess up cases like a.e). Any other ideas ?
I like the flatten functionality, but you should make it return JSON so that the library can be used to encode as well as decode. If you just want a quick look at a Lua table, use nsedebug.tostr.
It was just a quick look I wanted, so far there's no need for me to encode json. Perhaps save that for later? Thanks for the input. /Martin
http://nmap.org/nsedoc/lib/nsedebug.html#tostr David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- MongoDB scripts Martin Holst Swende (Jan 19)
- Re: MongoDB scripts David Fifield (Jan 25)
- Re: MongoDB scripts Martin Holst Swende (Jan 25)
- Re: MongoDB scripts Martin Holst Swende (Jan 27)
- Re: MongoDB scripts David Fifield (Jan 29)
- Re: CouchDB scripts David Fifield (Jan 29)
- Re: CouchDB scripts Martin Holst Swende (Jan 31)
- Re: CouchDB scripts David Fifield (Feb 01)
- Re: CouchDB scripts David Fifield (Feb 01)
- CouchDB and MongoDB Martin Holst Swende (Feb 03)
- Re: CouchDB and MongoDB David Fifield (Feb 15)
- Re: CouchDB and MongoDB Martin Holst Swende (Feb 22)
- Re: CouchDB and MongoDB David Fifield (Feb 23)
- Re: CouchDB and MongoDB Martin Holst Swende (Feb 27)
- Re: CouchDB and MongoDB David Fifield (Feb 28)
- Re: MongoDB scripts Martin Holst Swende (Jan 25)
- Re: MongoDB scripts David Fifield (Jan 25)
- Re: CouchDB and MongoDB Patrick Donnelly (Feb 28)
- Re: CouchDB and MongoDB Martin Holst Swende (Mar 01)