From 74bd78267ac966710549b71ba0967c736d049c95 Mon Sep 17 00:00:00 2001 From: dmiller Date: Thu, 31 Dec 2015 15:50:25 +0000 Subject: [PATCH] http cookie and form parsing updates 1. getattr now decodes html entities in attributes (useful for & in href attributes, for instance) 2. Cookie validation allows max-age, httponly, and secure attributes 3. Use table concatenation instead of repeated string concatenation to build cookie string. --- nselib/http.lua | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/nselib/http.lua b/nselib/http.lua index a2c13e637..e6ad05a24 100644 --- a/nselib/http.lua +++ b/nselib/http.lua @@ -112,6 +112,7 @@ local coroutine = require "coroutine" local nmap = require "nmap" local os = require "os" local sasl = require "sasl" +local slaxml = require "slaxml" local stdnse = require "stdnse" local string = require "string" local table = require "table" @@ -305,7 +306,12 @@ local function validate_options(options) stdnse.debug1("http: options.cookies[i].expires should be a string") bad = true end - else + elseif(cookie_key == 'max-age') then + if(type(cookie_value) ~= 'string') then + stdnse.debug1("http: options.cookies[i].max-age should be a string") + bad = true + end + elseif not (cookie_key == 'httponly' or cookie_key == 'secure') then stdnse.debug1("http: Unknown field in cookie table: %s", cookie_key) bad = true end @@ -871,8 +877,8 @@ end -- @param path If the argument exists, only cookies with this path are included to the request -- @return A string to be added to the mod_options table local function buildCookies(cookies, path) - local cookie = "" if type(cookies) == 'string' then return cookies end + local cookie = {} for _, ck in ipairs(cookies or {}) do local ckpath = ck["path"] if not path or not ckpath @@ -880,10 +886,10 @@ local function buildCookies(cookies, path) or ckpath:sub(-1) == "/" and ckpath == path:sub(1, ckpath:len()) or ckpath .. "/" == path:sub(1, ckpath:len()+1) then - cookie = cookie .. ck["name"] .. "=" .. ck["value"] .. "; " + cookie[#cookie+1] = ck["name"] .. "=" .. ck["value"] end end - return cookie:gsub("; $","") + return table.concat(cookie, "; ") end -- HTTP cache. @@ -2073,7 +2079,7 @@ local function get_attr (html, name) if not value then value = html:match('^[^%s<>=\'"`]+', pos) end - return value + return slaxml.parser.unescape(value) end --- -- Parses a form, that is, finds its action and fields.