Fix format string argument mismatches

Cases where the format string does not contain any placeholders, but
values are given anyway. Cases where string.format is used without any
placeholders or arguments.

scripts/afp-ls.nse

@@ -135,7 +135,7 @@ action = function(host, port)
     end
 
     if ( not status ) then
-      stdnse.debug1("Login failed", response)
+      stdnse.debug1("Login failed")
       stdnse.debug3("Login error: %s", response)
       return
     end

scripts/afp-path-vuln.nse

@@ -176,7 +176,7 @@ Directory traversal vulnerability in AFP Server in Apple Mac OS X before
       status, response = afp_helper:Login(nil, nil)
     end
     if ( not(status) ) then
-      stdnse.debug1("Login failed", response)
+      stdnse.debug1("Login failed")
       stdnse.debug3("Login error: %s", response)
       return
     end

scripts/afp-showmount.nse

@@ -73,7 +73,7 @@ action = function(host, port)
     end
 
     if ( not status ) then
-      stdnse.debug1("Login failed", response)
+      stdnse.debug1("Login failed")
       stdnse.debug3("Login error: %s", response)
       return
     end

scripts/http-form-brute.nse

@@ -324,7 +324,7 @@ action = function (host, port)
     return stdnse.format_output(false, string.format("Failed to submit the form to path %q", path))
   end
   if success then
-    return stdnse.format_output(false, string.format("Failed to recognize failed authentication. See http-form-brute.onsuccess and http-form-brute.onfailure"))
+    return stdnse.format_output(false, "Failed to recognize failed authentication. See http-form-brute.onsuccess and http-form-brute.onfailure")
   end
 
   local engine = brute.Engine:new(Driver, host, port, options)

scripts/http-tplink-dir-traversal.nse

@@ -98,7 +98,7 @@ local function check_vuln(host, port)
   stdnse.debug1("HTTP GET %s", evil_uri)
   local response = http.get(host, port, evil_uri)
   if response.body and response.status==200 and response.body:match("root:") then
-    stdnse.debug1("Pattern 'root:' found.", response.body)
+    stdnse.debug1("Pattern 'root:' found.")
     return true
   end
   return false

scripts/http-vuln-cve2011-3368.nse

@@ -152,7 +152,7 @@ servers to remote users who send carefully crafted requests.]],
   end
 
   -- TEST 3: The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway.
-  local external = http.get(host,port, ("@scanme.nmap.org"):format(prefix))
+  local external = http.get(host,port, ("%s@scanme.nmap.org"):format(prefix))
   if ( external.status == 200 and string.match(external.body,"Go ahead and ScanMe") ) then
     vuln.extra_info = "Proxy allows requests to external websites"
   end

scripts/http-wordpress-enum.nse

@@ -125,7 +125,7 @@ local function get_version(path, typeof, host, port)
   if versioncheck.body then
     version = versioncheck.body:match(pattern)
   end
-  stdnse.debug1("Version found:", version)
+  stdnse.debug1("Version found: %s", version)
   return version
 end
 

scripts/ipv6-ra-flood.nse

@@ -61,7 +61,7 @@ prerule = function()
   end
 
   if not stdnse.get_script_args(SCRIPT_NAME .. ".interface") and not nmap.get_interface() then
-    stdnse.debug1("No interface was selected, aborting...", SCRIPT_NAME)
+    stdnse.debug1("No interface was selected, aborting...")
     return false
   end
 

scripts/ms-sql-empty-password.nse

@@ -81,7 +81,7 @@ local function test_credentials( instance, helper, username, password )
     if ( loginErrorCode == mssql.LoginErrorType.PasswordMustChange ) then passwordIsGood = true end
     if ( loginErrorCode == mssql.LoginErrorType.AccountLockedOut ) then
       stdnse.debug1("Account %s locked out on %s", username, instance:GetName() )
-      table.insert( instance.ms_sql_empty, string.format("'sa' account is locked out.", result ) )
+      table.insert( instance.ms_sql_empty, "'sa' account is locked out." )
     end
     if ( mssql.LoginErrorMessage[ loginErrorCode ] == nil ) then
       stdnse.debug2("Attemping login to %s: Unknown login error number: %s", instance:GetName(), loginErrorCode )

scripts/p2p-conficker.nse

@@ -605,7 +605,7 @@ action = function(host)
   udp_ports[generated_ports[2]] = true
   udp_ports[generated_ports[4]] = true
 
-  table.insert(response, string.format("Checking for Conficker.C or higher..."))
+  table.insert(response, "Checking for Conficker.C or higher...")
 
   -- Check the TCP ports
   for port in pairs(tcp_ports) do

scripts/rtsp-url-brute.nse

@@ -115,7 +115,7 @@ action = function(host, port)
 
   local url_iter = urlIterator(f)
   if ( not(url_iter) ) then
-    return stdnse.format_output(false, ("Could not open the URL dictionary: "):format(f))
+    return stdnse.format_output(false, ("Could not open the URL dictionary: %s"):format(f))
   end
 
   local threads = {}

scripts/smb-enum-domains.nse

@@ -84,13 +84,13 @@ action = function(host)
       if(#data.groups > 0) then
         table.insert(piece, string.format("Groups: %s", stdnse.strjoin(", ", data.groups)))
       else
-        table.insert(piece, string.format("Groups: n/a"))
+        table.insert(piece, "Groups: n/a")
       end
 
       if(#data.users > 0) then
         table.insert(piece, string.format("Users: %s", stdnse.strjoin(", ", data.users)))
       else
-        table.insert(piece, string.format("Users: n/a"))
+        table.insert(piece, "Users: n/a")
       end
 
       -- Floor data.max_password_age, if possible
@@ -111,7 +111,7 @@ action = function(host)
       if(data.lockout_threshold) then
         table.insert(piece, string.format("Account lockout: %s attempts in %s minutes will lock out the account for %s minutes", data.lockout_threshold, data.lockout_window or "unlimited", data.lockout_duration or "unlimited"))
       else
-        table.insert(piece, string.format("Account lockout disabled"))
+        table.insert(piece, "Account lockout disabled")
       end
 
       table.insert(response, piece)

scripts/smb-psexec.nse

@@ -948,7 +948,7 @@ local function get_config(host, config)
         enabled = false
         mod.disabled_message = {}
         table.insert(mod.disabled_message, string.format("Configuration error: Required argument(s) ('%s') weren't given.", stdnse.strjoin("', '", missing_args)))
-        table.insert(mod.disabled_message, string.format("Please add --script-args=[arg]=[value] to your commandline to run this module"))
+        table.insert(mod.disabled_message, "Please add --script-args=[arg]=[value] to your commandline to run this module")
         if(#missing_args == 1) then
           table.insert(mod.disabled_message, string.format("For example: --script-args=%s=123", missing_args[1]))
         else
@@ -1188,7 +1188,7 @@ local function create_service(host, config)
     cleanup(host, config)
 
     if(string.find(err, "MARKED_FOR_DELETE")) then
-      return false, string.format("Service is stuck in 'being deleted' phase on remote machine; try setting script-args=randomseed=abc for now", err)
+      return false, "Service is stuck in 'being deleted' phase on remote machine; try setting script-args=randomseed=abc for now"
     else
       return false, string.format("Couldn't create the service on the remote machine: %s", err)
     end
@@ -1278,7 +1278,7 @@ local function get_output_file(host, config)
         stdnse.debug1("Error in remote service: output file was never created!")
         cleanup(host, config)
 
-        return false, string.format("Error in remote service: output file was never created")
+        return false, "Error in remote service: output file was never created"
       end
 
       stdnse.debug1("Output file %s doesn't exist yet, waiting for %d more seconds", config.output_file, i)