Merge from /nmap-exp/david/nselib-http. This is an overhaul of HTTP

parsing mostly. Response parsing is centralized, and fewer operations
are done on raw HTTP data.

The biggest user-visible change is that http.request goes back to
returning a parsed result table, not raw HTTP data. I believe this is
how the function worked in the past; it's what the NSEDoc for the
function says. The only thing that used http.request was citrixxml.lua,
and this commit alters it to match the new expectations.

The other change is that the http.pipeline function no longer accepts
the "raw" option. The only script that used that was sql-injection.nse,
and this commit modifies that script as well.

nselib/citrixxml.lua

@@ -49,12 +49,6 @@ end
 
 --- Sends the request to the server using the http lib
 -- 
--- NOTE: 
---   At the time of the development (20091128) the http
---   lib does not properly handle text/xml content. It also doesn't 
---   handle HTTP 100 Continue properly. Workarounds are in place, 
---   please consult comments.
---
 -- @param host string, the ip of the remote server
 -- @param port number, the port of the remote server
 -- @param xmldata string, the HTTP data part of the request as XML
@@ -63,38 +57,7 @@ end
 --
 function send_citrix_xml_request(host, port, xmldata)	
 
-	local header = "POST /scripts/WPnBr.dll HTTP/1.1\r\n"
+	local response = http.post( host, port, "/scripts/WPnBr.dll", { header={["Content-Type"]="text/xml"}}, nil, xmldata)
-	  	  header = header .. "Content-type: text/xml\r\n"
-	  	  header = header .. "Host: " .. host .. ":" .. port .. "\r\n"
-  		  header = header .. "Content-Length: " .. xmldata:len() .. "\r\n"
-	      header = header .. "Connection: Close\r\n"
-	  	  header = header .. "\r\n"
-
-	local request = header .. xmldata
-	
-	-- this would have been really great! Unfortunately buildPost substitutes all spaces for plus'
-	-- this ain't all great when the content-type is text/xml
-	-- local response = http.post( host, port, "/scripts/WPnBr.dll", { header={["Content-Type"]="text/xml"}}, nil, xmldata)
-
-	-- let's build the content ourselves and let the http module do the rest
-	local response = http.request(host, port, request)
- 	local parse_options = {method="post"}
-
-	-- we need to handle another bug within the http module
-	-- it doesn't seem to recognize the HTTP/100 Continue correctly
-	-- So, we need to chop that part of from the response
-  	if response and response:match("^HTTP/1.1 100 Continue") and response:match( "\r?\n\r?\n" ) then
-		response = response:match( "\r?\n\r?\n(.*)$" )
-  	end 
-	
-	-- time for next workaround
-	-- The Citrix XML Service returns the header Transfer-Coding, rather than Transfer-Encoding
-	-- Needless to say, this screws things up for the http library
-	if response and response:match("Transfer[-]Coding") then
-		response = response:gsub("Transfer[-]Coding", "Transfer-Encoding")
-	end	
-	
- 	local response = http.parseResult(response, parse_options)
 
 	-- this is *probably* not the right way to do stuff
 	-- decoding should *probably* only be done on XML-values

scripts/sql-injection.nse

@@ -43,15 +43,15 @@ if it is vulnerable
 
 local function check_injection_response(response)
 
-  response = string.lower(response)
+  local body = string.lower(response.body)
 
-  if not (string.find(response, 'http/%d\.%d%s*[25]00')) then
+  if not (response.status == 200 or response.status ~= 500) then
     return false 
   end
 
-  return (string.find(response, "invalid query") or
+  return (string.find(body, "invalid query") or
-	  string.find(response, "sql syntax") or
+	  string.find(body, "sql syntax") or
-	  string.find(response, "odbc drivers error"))
+	  string.find(body, "odbc drivers error"))
 end
 
 --[[
@@ -90,7 +90,6 @@ Creates a pipeline table and returns the result
 local function inject(host, port, injectable)
   local all = {}
   local pOpts = {}
-  pOpts.raw = true
   for k, v in pairs(injectable) do
     all = http.pGet(host, port, v, nil, nil, all)
   end