Nmap Development mailing list archives
Jacek's status report - #13 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Mon, 2 Sep 2013 23:59:13 +0200
Hi guys, This is the report 13/16 for the Google Summer of Code project “Bringing Lua to Ncat”. This week was mostly about testing, bugfixing and cosmetic stuff. I made hardly any big changes to the socket abstraction engine (though there are a few planned). I wrote some test cases though, tried to secure the Lua API and finally got closer to finishing httpd.lua (solved the final bug). Accomplishments: * Organized all the current TODO tasks on a secwiki page. This took a while, since my last meeting with David was three hours long. It paid off though; with that many things to take care of, it would be really easy to miss something. * Did quite a lot of research on NSE socket interface. This involved reading code, documentation and experimenting with the API. * Wrote some more --lua-exec documentation. This includes another example, reference to “Programming in Lua” book and a note about portability. * Reverted the “forward compatibility” patches. David made a good point about preparing for something not really defined and I have to admit he convinced me. * Finally got the Unicode validation code working in httpd.lua. I ported the routine from Go language and solved a bug that was related to pre-setting one variable to a wrong value in my port. * Re-ran some --lua-exec tests and found a bug related to handling newlines on Windows. * Wrote three simple test cases for socket abstractions. They test all the protocols for connect and listen mode and also test proxy functionality. I already found (and fixed) one bug thanks to the tests. I'll probably add more tests to make sure all events fire properly. * Changed socket abstractions error behavior: * Replaced most assertions with non-critical errors * Made the functions report about whether they succeeded or not * Moved “connections” global variable to registry and made the global variable read-only * “connection_roots” and “socket” are accessible via registry only - they aren't globals anymore * Wrote a thread to nmap-dev in which I discuss the options we have for securing the API * Added two connect() arguments - hostname and port number. * Fixed a bug related to using the same lua_State for both --lua-exec and socket abstractions. * Updated the documentation on socket abstractions, hopefully making it a bit more readable. Priorities: * Redesign recv() and connect() for connect-mode * Keep on testing and bugfixing * Merge httpd.lua? Yours, Jacek Wielemborek _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Jacek's status report - #13 of 16 Jacek Wielemborek (Sep 02)