Re: [NSE] redirect support in http.lua

[Patrik Karlsson <patrik () cqure net>]

On Fri, Feb 10, 2012 at 12:16 AM, David Fifield <david () bamsoftware com>wrote:

> On Thu, Feb 09, 2012 at 05:08:29PM +0100, Patrik Karlsson wrote:
> > Hi all,
> >
> > I'm attaching a patch that I would like to apply to the http library. It
> > adds support for HTTP redirects to the http.get and http.head functions.
> > The default behavior will be to follow 5 levels of redirects before
> bailing
> > out. The no_follow_redirect can be passed as an option to disable
> redirect
> > support.
>
> How about instead of no_follow_redirect, passing a redirect_ok function
> as an option. The default value of redirect_ok would be the built-in
> sensible default in http.lua. To turn off redirect following, you could
> pass a function that always returns false, but it should also accept
> this as a synonym:
>        redirect_ok = false
>
> (Generally I hate turning off options by saying "no_option = true"
> rather than "option = false".)
>
> The limit of 5 redirects might be done better by making it part of the
> redirect_ok function. It can be a closure that has a variable in its
> environment that it decrements every time it is called. Then your loop
> can be just
>        repeat .. until not redirect_ok
> instead of having to check two conditions.
>
> David Fifield

Ok, I committed the redirect code in r28047 with the changes you suggested.
http.get and http.head should now transparently handle redirects.
Although I've done a bunch of tests, please keep an eye out and report any
bugs related to this change.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/