Leading newlines in script output

[David Fifield <david () bamsoftware com>]

On Fri, Sep 17, 2010 at 04:02:43PM -0700, David Fifield wrote:
> Hi,
>
> I found a bug in script output. If the output contains a legitimate "| "
> sequence, the code in formatScriptOutput thinks that it is the beginning
> mark of the last line and replaces it with "|_". I found it in this
> scan:
>
> # nmap --script=html-title www.mscd.edu -p80
>
> Starting Nmap 5.35DC18 ( http://nmap.org ) at 2010-09-17 15:58 PDT
> Nmap scan report for www.mscd.edu (147.153.45.41)
> Host is up (0.063s latency).
> PORT   STATE SERVICE
> 80/tcp open  http
> | html-title: Where Success Begins With You |_Metropolitan State College of ...
>
> Nmap done: 1 IP address (1 host up) scanned in 0.89 seconds
>
> The pipe is supposed to be part of the title, as you can see by going to
> the web page.

I fixed this. I want to bring up a related topic.

The code in formatScriptOutput strips leading newlines from the output
(and my fix keeps it this way). I'm sure many script writers have been
annoyed by this. To force the first line of output to be on a line after
the script id, we have things like this:

scripts/asn-query.nse:  return (" \n%s"):format( table.concat( output, "\n" ) )
scripts/citrix-brute-xml.nse:   return " \n" .. result
scripts/qscan.nse:      return " \n" .. report(stats)

This trick of starting the output with whitespace to fool the newline
remover is also used in stdnse.format_output. I can't think of a reason
why we want newlines removed. Let's get rid of it?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/