Upgrades to the NSE http library

[David Fifield <david () bamsoftware com>]

Hi all,

I've just committed a change to the NSE http library aimed at making
parsing more robust. There were some places in the code where operations
were done on raw unparsed HTTP, like checking header values using Lua
patterns. This is mostly gone now, and all the external functions now
return parsed response tables instead of strings.

I tried to be careful about compatibility with this change. All function
interfaces should be the same, with a couple of modest exceptions.

The first is that http.request now returns a parsed table instead of a
raw string, as it is documented to. I think that the function used to
work this way but got changed somewhere along the way. The only outside
caller of this function was citrixxml.lua, and I've already updated it
to use the new interface.

The second change is that the http.pipeline function no longer has a
"raw" option to get a table of string instead of a table of tables. The
only script that used this feature was sql-injection.nse, and I've just
updated it not to need it.

I would appreciate testing of any scripts that use the http library,
especially the citrix and sql-injection scripts.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/