Nmap Development mailing list archives
Re: Upgrades to the NSE http library
From: Patrik Karlsson <patrik () labb1 com>
Date: Wed, 13 Jan 2010 18:15:41 +0100
On 13 jan 2010, at 04.16, David Fifield wrote:
Hi all, I've just committed a change to the NSE http library aimed at making parsing more robust. There were some places in the code where operations were done on raw unparsed HTTP, like checking header values using Lua patterns. This is mostly gone now, and all the external functions now return parsed response tables instead of strings. I tried to be careful about compatibility with this change. All function interfaces should be the same, with a couple of modest exceptions. The first is that http.request now returns a parsed table instead of a raw string, as it is documented to. I think that the function used to work this way but got changed somewhere along the way. The only outside caller of this function was citrixxml.lua, and I've already updated it to use the new interface. The second change is that the http.pipeline function no longer has a "raw" option to get a table of string instead of a table of tables. The only script that used this feature was sql-injection.nse, and I've just updated it not to need it. I would appreciate testing of any scripts that use the http library, especially the citrix and sql-injection scripts. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
I've tested the Citrix scripts against my environment and they work as expected. //Patrik -- Patrik Karlsson http://www.cqure.net _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Upgrades to the NSE http library David Fifield (Jan 12)
- Re: Upgrades to the NSE http library Patrik Karlsson (Jan 13)