Nmap Development mailing list archives
Re: [RFC][NSE] Incomplete HTTP response body
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 27 Mar 2017 21:04:44 -0500
nnposter, On further review, this patch looks good. I would be happy with it as-is, but here are my comments on your questions: it would be trivial to store the
fragment in the "body" member.
I don't think this is necessary, and would require more extensive checking of existing scripts to make sure they aren't relying on some aspect of the "error" body=nil condition.
* The body fragment does process chunked encoding. It concatenates all processed chunks up to the point of failure.
This makes sense, I don't see a reason for it to be the other way. If a script cares about chunks as separate entities, then it probably doesn't want the higher-level http.lua library anyway.
* The patch does not try to preserve received headers or the status line, only the body itself. This functionality could be added. (If yes, then the follow-up topic would be how to store them in the response object. My proposal would be to repurpose "fragment" to contain an incomplete response object, i.e. the headers or the body would be in resp.fragment.header and resp.fragment.body, respectively.)
I don't think we need to do this now, but if you copy and paste this suggestion into a comment at the place where the code would have to go, it will leave a clue as to a smart way to go about it if someone finds the need to do so in the future. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC][NSE] Incomplete HTTP response body nnposter (Mar 17)
- Re: [RFC][NSE] Incomplete HTTP response body Daniel Miller (Mar 19)
- Re: [RFC][NSE] Incomplete HTTP response body nnposter (Mar 19)
- Re: [RFC][NSE] Incomplete HTTP response body Daniel Miller (Mar 27)
- Re: [RFC][NSE] Incomplete HTTP response body nnposter (Mar 29)
- Re: [RFC][NSE] Incomplete HTTP response body nnposter (Mar 19)
- Re: [RFC][NSE] Incomplete HTTP response body Daniel Miller (Mar 19)