Nmap Development mailing list archives
Upgrades to the NSE http library
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 Jan 2010 20:16:34 -0700
Hi all, I've just committed a change to the NSE http library aimed at making parsing more robust. There were some places in the code where operations were done on raw unparsed HTTP, like checking header values using Lua patterns. This is mostly gone now, and all the external functions now return parsed response tables instead of strings. I tried to be careful about compatibility with this change. All function interfaces should be the same, with a couple of modest exceptions. The first is that http.request now returns a parsed table instead of a raw string, as it is documented to. I think that the function used to work this way but got changed somewhere along the way. The only outside caller of this function was citrixxml.lua, and I've already updated it to use the new interface. The second change is that the http.pipeline function no longer has a "raw" option to get a table of string instead of a table of tables. The only script that used this feature was sql-injection.nse, and I've just updated it not to need it. I would appreciate testing of any scripts that use the http library, especially the citrix and sql-injection scripts. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Upgrades to the NSE http library David Fifield (Jan 12)
- Re: Upgrades to the NSE http library Patrik Karlsson (Jan 13)