http cookie and form parsing updates

1. getattr now decodes html entities in attributes (useful for & in href attributes, for instance) 2. Cookie validation allows max-age, httponly, and secure attributes 3. Use table concatenation instead of repeated string concatenation to build cookie string.
2025-12-29 10:59:02 +00:00 · 2015-12-31 15:50:25 +00:00
parent e1cf78d57e
commit 74bd78267a
1 changed files with 11 additions and 5 deletions
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -112,6 +112,7 @@ local coroutine = require "coroutine"
 local nmap = require "nmap"
 local os = require "os"
 local sasl = require "sasl"
+local slaxml = require "slaxml"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
@@ -305,7 +306,12 @@ local function validate_options(options)
                stdnse.debug1("http: options.cookies[i].expires should be a string")
                bad = true
              end
-            else
+            elseif(cookie_key == 'max-age') then
+              if(type(cookie_value) ~= 'string') then
+                stdnse.debug1("http: options.cookies[i].max-age should be a string")
+                bad = true
+              end
+            elseif not (cookie_key == 'httponly' or cookie_key == 'secure') then
              stdnse.debug1("http: Unknown field in cookie table: %s", cookie_key)
              bad = true
            end
@@ -871,8 +877,8 @@ end
 --  @param path If the argument exists, only cookies with this path are included to the request
 --  @return A string to be added to the mod_options table
 local function buildCookies(cookies, path)
-  local cookie = ""
  if type(cookies) == 'string' then return cookies end
+  local cookie = {}
  for _, ck in ipairs(cookies or {}) do
    local ckpath = ck["path"]
    if not path or not ckpath
@@ -880,10 +886,10 @@ local function buildCookies(cookies, path)
      or ckpath:sub(-1) == "/" and ckpath == path:sub(1, ckpath:len())
      or ckpath .. "/" == path:sub(1, ckpath:len()+1)
      then
-        cookie = cookie .. ck["name"] .. "=" .. ck["value"] .. "; "
+        cookie[#cookie+1] = ck["name"] .. "=" .. ck["value"]
      end
    end
-  return cookie:gsub("; $","")
+  return table.concat(cookie, "; ")
 end

 -- HTTP cache.
@@ -2073,7 +2079,7 @@ local function get_attr (html, name)
  if not value then
    value = html:match('^[^%s<>=\'"`]+', pos)
  end
-  return value
+  return slaxml.parser.unescape(value)
 end
 ---
 -- Parses a form, that is, finds its action and fields.