Fix format string argument mismatches

Cases where the format string does not contain any placeholders, but
values are given anyway. Cases where string.format is used without any
placeholders or arguments.

nselib/http.lua

@@ -201,7 +201,7 @@ local function get_quoted_string(s, offset, crlf)
       c = s:sub(i, i)
       if c == "" then
         -- No character following.
-        error(string.format("\\ escape at end of input while parsing quoted-string."))
+        error("\\ escape at end of input while parsing quoted-string.")
       end
       -- Only CHAR may follow a backslash.
       if c:byte(1) > 127 then
@@ -2543,13 +2543,13 @@ function identify_404(host, port)
       if(clean_body ~= clean_body2) then
         stdnse.debug1("HTTP: Two known 404 pages returned valid and different pages; unable to identify valid response.")
         stdnse.debug1("HTTP: If you investigate the server and it's possible to clean up the pages, please post to nmap-dev mailing list.")
-        return false, string.format("Two known 404 pages returned valid and different pages; unable to identify valid response.")
+        return false, "Two known 404 pages returned valid and different pages; unable to identify valid response."
       end
 
       if(clean_body ~= clean_body3) then
         stdnse.debug1("HTTP: Two known 404 pages returned valid and different pages; unable to identify valid response (happened when checking a folder).")
         stdnse.debug1("HTTP: If you investigate the server and it's possible to clean up the pages, please post to nmap-dev mailing list.")
-        return false, string.format("Two known 404 pages returned valid and different pages; unable to identify valid response (happened when checking a folder).")
+        return false, "Two known 404 pages returned valid and different pages; unable to identify valid response (happened when checking a folder)."
       end
 
       return true, 200, clean_body

nselib/jdwp.lua

@@ -170,7 +170,7 @@ JDWPReplyPacket = {
     if flags == 0x80 then
       return true, JDWPReplyPacket:new(length,id,error_code,data)
     end
-    stdnse.debug2("JDWP error parsing reply. Wrong reply packet flag. Raw data: ", stdnse.tohex(reply_packet))
+    stdnse.debug2("JDWP error parsing reply. Wrong reply packet flag. Raw data: %s", stdnse.tohex(reply_packet))
     return false, "JDWP error parsing reply."
   end
 

nselib/msrpc.lua

@@ -1659,7 +1659,7 @@ function samr_querydisplayinfo(smbstate, domain_handle, index, count)
     return false, result
   end
 
-  stdnse.debug3("MSRPC: QueryDisplayInfo() returned successfully", i)
+  stdnse.debug3("MSRPC: QueryDisplayInfo() returned successfully")
 
   -- Make arguments easier to use
   arguments = result['arguments']
@@ -4313,7 +4313,7 @@ function service_create(host, servicename, path)
   end
 
   -- Create the service
-  stdnse.debug2("Creating the service", servicename)
+  stdnse.debug2("Creating the service")
   status, create_result = svcctl_createservicew(smbstate, open_result['handle'], servicename, servicename, path)
   if(status == false) then
     smb.stop(smbstate)

nselib/rpc.lua

@@ -374,8 +374,7 @@ Comm = {
       local tmp
       status, tmp = self:GetAdditionalBytes( data, pos, HEADER_LEN - ( data:len() - pos ) )
       if not status then
-        stdnse.debug4(
+        stdnse.debug4("Comm.DecodeHeader: failed to call GetAdditionalBytes")
-          string.format("Comm.DecodeHeader: failed to call GetAdditionalBytes"))
         return -1, nil
       end
       data = data .. tmp
@@ -394,8 +393,7 @@ Comm = {
     if header.verifier.length - 8 > 0 then
       status, data = self:GetAdditionalBytes( data, pos, header.verifier.length - 8 )
       if not status then
-        stdnse.debug4(
+        stdnse.debug4("Comm.DecodeHeader: failed to call GetAdditionalBytes")
-          string.format("Comm.DecodeHeader: failed to call GetAdditionalBytes"))
         return -1, nil
       end
       pos, header.verifier.data = bin.unpack("A" .. header.verifier.length - 8, data, pos )

scripts/afp-ls.nse

@@ -135,7 +135,7 @@ action = function(host, port)
     end
 
     if ( not status ) then
-      stdnse.debug1("Login failed", response)
+      stdnse.debug1("Login failed")
       stdnse.debug3("Login error: %s", response)
       return
     end

scripts/afp-path-vuln.nse

@@ -176,7 +176,7 @@ Directory traversal vulnerability in AFP Server in Apple Mac OS X before
       status, response = afp_helper:Login(nil, nil)
     end
     if ( not(status) ) then
-      stdnse.debug1("Login failed", response)
+      stdnse.debug1("Login failed")
       stdnse.debug3("Login error: %s", response)
       return
     end

scripts/afp-showmount.nse

@@ -73,7 +73,7 @@ action = function(host, port)
     end
 
     if ( not status ) then
-      stdnse.debug1("Login failed", response)
+      stdnse.debug1("Login failed")
       stdnse.debug3("Login error: %s", response)
       return
     end

scripts/http-form-brute.nse

@@ -324,7 +324,7 @@ action = function (host, port)
     return stdnse.format_output(false, string.format("Failed to submit the form to path %q", path))
   end
   if success then
-    return stdnse.format_output(false, string.format("Failed to recognize failed authentication. See http-form-brute.onsuccess and http-form-brute.onfailure"))
+    return stdnse.format_output(false, "Failed to recognize failed authentication. See http-form-brute.onsuccess and http-form-brute.onfailure")
   end
 
   local engine = brute.Engine:new(Driver, host, port, options)

scripts/http-tplink-dir-traversal.nse

@@ -98,7 +98,7 @@ local function check_vuln(host, port)
   stdnse.debug1("HTTP GET %s", evil_uri)
   local response = http.get(host, port, evil_uri)
   if response.body and response.status==200 and response.body:match("root:") then
-    stdnse.debug1("Pattern 'root:' found.", response.body)
+    stdnse.debug1("Pattern 'root:' found.")
     return true
   end
   return false

scripts/http-vuln-cve2011-3368.nse

@@ -152,7 +152,7 @@ servers to remote users who send carefully crafted requests.]],
   end
 
   -- TEST 3: The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway.
-  local external = http.get(host,port, ("@scanme.nmap.org"):format(prefix))
+  local external = http.get(host,port, ("%s@scanme.nmap.org"):format(prefix))
   if ( external.status == 200 and string.match(external.body,"Go ahead and ScanMe") ) then
     vuln.extra_info = "Proxy allows requests to external websites"
   end

scripts/http-wordpress-enum.nse

@@ -125,7 +125,7 @@ local function get_version(path, typeof, host, port)
   if versioncheck.body then
     version = versioncheck.body:match(pattern)
   end
-  stdnse.debug1("Version found:", version)
+  stdnse.debug1("Version found: %s", version)
   return version
 end
 

scripts/ipv6-ra-flood.nse

@@ -61,7 +61,7 @@ prerule = function()
   end
 
   if not stdnse.get_script_args(SCRIPT_NAME .. ".interface") and not nmap.get_interface() then
-    stdnse.debug1("No interface was selected, aborting...", SCRIPT_NAME)
+    stdnse.debug1("No interface was selected, aborting...")
     return false
   end
 

scripts/ms-sql-empty-password.nse

@@ -81,7 +81,7 @@ local function test_credentials( instance, helper, username, password )
     if ( loginErrorCode == mssql.LoginErrorType.PasswordMustChange ) then passwordIsGood = true end
     if ( loginErrorCode == mssql.LoginErrorType.AccountLockedOut ) then
       stdnse.debug1("Account %s locked out on %s", username, instance:GetName() )
-      table.insert( instance.ms_sql_empty, string.format("'sa' account is locked out.", result ) )
+      table.insert( instance.ms_sql_empty, "'sa' account is locked out." )
     end
     if ( mssql.LoginErrorMessage[ loginErrorCode ] == nil ) then
       stdnse.debug2("Attemping login to %s: Unknown login error number: %s", instance:GetName(), loginErrorCode )

scripts/p2p-conficker.nse

@@ -605,7 +605,7 @@ action = function(host)
   udp_ports[generated_ports[2]] = true
   udp_ports[generated_ports[4]] = true
 
-  table.insert(response, string.format("Checking for Conficker.C or higher..."))
+  table.insert(response, "Checking for Conficker.C or higher...")
 
   -- Check the TCP ports
   for port in pairs(tcp_ports) do

scripts/rtsp-url-brute.nse

@@ -115,7 +115,7 @@ action = function(host, port)
 
   local url_iter = urlIterator(f)
   if ( not(url_iter) ) then
-    return stdnse.format_output(false, ("Could not open the URL dictionary: "):format(f))
+    return stdnse.format_output(false, ("Could not open the URL dictionary: %s"):format(f))
   end
 
   local threads = {}

scripts/smb-enum-domains.nse

@@ -84,13 +84,13 @@ action = function(host)
       if(#data.groups > 0) then
         table.insert(piece, string.format("Groups: %s", stdnse.strjoin(", ", data.groups)))
       else
-        table.insert(piece, string.format("Groups: n/a"))
+        table.insert(piece, "Groups: n/a")
       end
 
       if(#data.users > 0) then
         table.insert(piece, string.format("Users: %s", stdnse.strjoin(", ", data.users)))
       else
-        table.insert(piece, string.format("Users: n/a"))
+        table.insert(piece, "Users: n/a")
       end
 
       -- Floor data.max_password_age, if possible
@@ -111,7 +111,7 @@ action = function(host)
       if(data.lockout_threshold) then
         table.insert(piece, string.format("Account lockout: %s attempts in %s minutes will lock out the account for %s minutes", data.lockout_threshold, data.lockout_window or "unlimited", data.lockout_duration or "unlimited"))
       else
-        table.insert(piece, string.format("Account lockout disabled"))
+        table.insert(piece, "Account lockout disabled")
       end
 
       table.insert(response, piece)

scripts/smb-psexec.nse

@@ -948,7 +948,7 @@ local function get_config(host, config)
         enabled = false
         mod.disabled_message = {}
         table.insert(mod.disabled_message, string.format("Configuration error: Required argument(s) ('%s') weren't given.", stdnse.strjoin("', '", missing_args)))
-        table.insert(mod.disabled_message, string.format("Please add --script-args=[arg]=[value] to your commandline to run this module"))
+        table.insert(mod.disabled_message, "Please add --script-args=[arg]=[value] to your commandline to run this module")
         if(#missing_args == 1) then
           table.insert(mod.disabled_message, string.format("For example: --script-args=%s=123", missing_args[1]))
         else
@@ -1188,7 +1188,7 @@ local function create_service(host, config)
     cleanup(host, config)
 
     if(string.find(err, "MARKED_FOR_DELETE")) then
-      return false, string.format("Service is stuck in 'being deleted' phase on remote machine; try setting script-args=randomseed=abc for now", err)
+      return false, "Service is stuck in 'being deleted' phase on remote machine; try setting script-args=randomseed=abc for now"
     else
       return false, string.format("Couldn't create the service on the remote machine: %s", err)
     end
@@ -1278,7 +1278,7 @@ local function get_output_file(host, config)
         stdnse.debug1("Error in remote service: output file was never created!")
         cleanup(host, config)
 
-        return false, string.format("Error in remote service: output file was never created")
+        return false, "Error in remote service: output file was never created"
       end
 
       stdnse.debug1("Output file %s doesn't exist yet, waiting for %d more seconds", config.output_file, i)