mirror of
https://github.com/nmap/nmap.git
synced 2025-12-07 21:21:31 +00:00
Fix format string argument mismatches
Cases where the format string does not contain any placeholders, but values are given anyway. Cases where string.format is used without any placeholders or arguments.
This commit is contained in:
dmiller
@@ -201,7 +201,7 @@ local function get_quoted_string(s, offset, crlf)
|
||||
c = s:sub(i, i)
|
||||
if c == "" then
|
||||
-- No character following.
|
||||
error(string.format("\\ escape at end of input while parsing quoted-string."))
|
||||
error("\\ escape at end of input while parsing quoted-string.")
|
||||
end
|
||||
-- Only CHAR may follow a backslash.
|
||||
if c:byte(1) > 127 then
|
||||
@@ -2543,13 +2543,13 @@ function identify_404(host, port)
|
||||
if(clean_body ~= clean_body2) then
|
||||
stdnse.debug1("HTTP: Two known 404 pages returned valid and different pages; unable to identify valid response.")
|
||||
stdnse.debug1("HTTP: If you investigate the server and it's possible to clean up the pages, please post to nmap-dev mailing list.")
|
||||
return false, string.format("Two known 404 pages returned valid and different pages; unable to identify valid response.")
|
||||
return false, "Two known 404 pages returned valid and different pages; unable to identify valid response."
|
||||
end
|
||||
|
||||
if(clean_body ~= clean_body3) then
|
||||
stdnse.debug1("HTTP: Two known 404 pages returned valid and different pages; unable to identify valid response (happened when checking a folder).")
|
||||
stdnse.debug1("HTTP: If you investigate the server and it's possible to clean up the pages, please post to nmap-dev mailing list.")
|
||||
return false, string.format("Two known 404 pages returned valid and different pages; unable to identify valid response (happened when checking a folder).")
|
||||
return false, "Two known 404 pages returned valid and different pages; unable to identify valid response (happened when checking a folder)."
|
||||
end
|
||||
|
||||
return true, 200, clean_body
|
||||
|
||||
@@ -170,7 +170,7 @@ JDWPReplyPacket = {
|
||||
if flags == 0x80 then
|
||||
return true, JDWPReplyPacket:new(length,id,error_code,data)
|
||||
end
|
||||
stdnse.debug2("JDWP error parsing reply. Wrong reply packet flag. Raw data: ", stdnse.tohex(reply_packet))
|
||||
stdnse.debug2("JDWP error parsing reply. Wrong reply packet flag. Raw data: %s", stdnse.tohex(reply_packet))
|
||||
return false, "JDWP error parsing reply."
|
||||
end
|
||||
|
||||
|
||||
@@ -1659,7 +1659,7 @@ function samr_querydisplayinfo(smbstate, domain_handle, index, count)
|
||||
return false, result
|
||||
end
|
||||
|
||||
stdnse.debug3("MSRPC: QueryDisplayInfo() returned successfully", i)
|
||||
stdnse.debug3("MSRPC: QueryDisplayInfo() returned successfully")
|
||||
|
||||
-- Make arguments easier to use
|
||||
arguments = result['arguments']
|
||||
@@ -4313,7 +4313,7 @@ function service_create(host, servicename, path)
|
||||
end
|
||||
|
||||
-- Create the service
|
||||
stdnse.debug2("Creating the service", servicename)
|
||||
stdnse.debug2("Creating the service")
|
||||
status, create_result = svcctl_createservicew(smbstate, open_result['handle'], servicename, servicename, path)
|
||||
if(status == false) then
|
||||
smb.stop(smbstate)
|
||||
|
||||
@@ -374,8 +374,7 @@ Comm = {
|
||||
local tmp
|
||||
status, tmp = self:GetAdditionalBytes( data, pos, HEADER_LEN - ( data:len() - pos ) )
|
||||
if not status then
|
||||
stdnse.debug4(
|
||||
string.format("Comm.DecodeHeader: failed to call GetAdditionalBytes"))
|
||||
stdnse.debug4("Comm.DecodeHeader: failed to call GetAdditionalBytes")
|
||||
return -1, nil
|
||||
end
|
||||
data = data .. tmp
|
||||
@@ -394,8 +393,7 @@ Comm = {
|
||||
if header.verifier.length - 8 > 0 then
|
||||
status, data = self:GetAdditionalBytes( data, pos, header.verifier.length - 8 )
|
||||
if not status then
|
||||
stdnse.debug4(
|
||||
string.format("Comm.DecodeHeader: failed to call GetAdditionalBytes"))
|
||||
stdnse.debug4("Comm.DecodeHeader: failed to call GetAdditionalBytes")
|
||||
return -1, nil
|
||||
end
|
||||
pos, header.verifier.data = bin.unpack("A" .. header.verifier.length - 8, data, pos )
|
||||
|
||||
@@ -135,7 +135,7 @@ action = function(host, port)
|
||||
end
|
||||
|
||||
if ( not status ) then
|
||||
stdnse.debug1("Login failed", response)
|
||||
stdnse.debug1("Login failed")
|
||||
stdnse.debug3("Login error: %s", response)
|
||||
return
|
||||
end
|
||||
|
||||
@@ -176,7 +176,7 @@ Directory traversal vulnerability in AFP Server in Apple Mac OS X before
|
||||
status, response = afp_helper:Login(nil, nil)
|
||||
end
|
||||
if ( not(status) ) then
|
||||
stdnse.debug1("Login failed", response)
|
||||
stdnse.debug1("Login failed")
|
||||
stdnse.debug3("Login error: %s", response)
|
||||
return
|
||||
end
|
||||
|
||||
@@ -73,7 +73,7 @@ action = function(host, port)
|
||||
end
|
||||
|
||||
if ( not status ) then
|
||||
stdnse.debug1("Login failed", response)
|
||||
stdnse.debug1("Login failed")
|
||||
stdnse.debug3("Login error: %s", response)
|
||||
return
|
||||
end
|
||||
|
||||
@@ -324,7 +324,7 @@ action = function (host, port)
|
||||
return stdnse.format_output(false, string.format("Failed to submit the form to path %q", path))
|
||||
end
|
||||
if success then
|
||||
return stdnse.format_output(false, string.format("Failed to recognize failed authentication. See http-form-brute.onsuccess and http-form-brute.onfailure"))
|
||||
return stdnse.format_output(false, "Failed to recognize failed authentication. See http-form-brute.onsuccess and http-form-brute.onfailure")
|
||||
end
|
||||
|
||||
local engine = brute.Engine:new(Driver, host, port, options)
|
||||
|
||||
@@ -98,7 +98,7 @@ local function check_vuln(host, port)
|
||||
stdnse.debug1("HTTP GET %s", evil_uri)
|
||||
local response = http.get(host, port, evil_uri)
|
||||
if response.body and response.status==200 and response.body:match("root:") then
|
||||
stdnse.debug1("Pattern 'root:' found.", response.body)
|
||||
stdnse.debug1("Pattern 'root:' found.")
|
||||
return true
|
||||
end
|
||||
return false
|
||||
|
||||
@@ -152,7 +152,7 @@ servers to remote users who send carefully crafted requests.]],
|
||||
end
|
||||
|
||||
-- TEST 3: The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway.
|
||||
local external = http.get(host,port, ("@scanme.nmap.org"):format(prefix))
|
||||
local external = http.get(host,port, ("%s@scanme.nmap.org"):format(prefix))
|
||||
if ( external.status == 200 and string.match(external.body,"Go ahead and ScanMe") ) then
|
||||
vuln.extra_info = "Proxy allows requests to external websites"
|
||||
end
|
||||
|
||||
@@ -125,7 +125,7 @@ local function get_version(path, typeof, host, port)
|
||||
if versioncheck.body then
|
||||
version = versioncheck.body:match(pattern)
|
||||
end
|
||||
stdnse.debug1("Version found:", version)
|
||||
stdnse.debug1("Version found: %s", version)
|
||||
return version
|
||||
end
|
||||
|
||||
|
||||
@@ -61,7 +61,7 @@ prerule = function()
|
||||
end
|
||||
|
||||
if not stdnse.get_script_args(SCRIPT_NAME .. ".interface") and not nmap.get_interface() then
|
||||
stdnse.debug1("No interface was selected, aborting...", SCRIPT_NAME)
|
||||
stdnse.debug1("No interface was selected, aborting...")
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
@@ -81,7 +81,7 @@ local function test_credentials( instance, helper, username, password )
|
||||
if ( loginErrorCode == mssql.LoginErrorType.PasswordMustChange ) then passwordIsGood = true end
|
||||
if ( loginErrorCode == mssql.LoginErrorType.AccountLockedOut ) then
|
||||
stdnse.debug1("Account %s locked out on %s", username, instance:GetName() )
|
||||
table.insert( instance.ms_sql_empty, string.format("'sa' account is locked out.", result ) )
|
||||
table.insert( instance.ms_sql_empty, "'sa' account is locked out." )
|
||||
end
|
||||
if ( mssql.LoginErrorMessage[ loginErrorCode ] == nil ) then
|
||||
stdnse.debug2("Attemping login to %s: Unknown login error number: %s", instance:GetName(), loginErrorCode )
|
||||
|
||||
@@ -605,7 +605,7 @@ action = function(host)
|
||||
udp_ports[generated_ports[2]] = true
|
||||
udp_ports[generated_ports[4]] = true
|
||||
|
||||
table.insert(response, string.format("Checking for Conficker.C or higher..."))
|
||||
table.insert(response, "Checking for Conficker.C or higher...")
|
||||
|
||||
-- Check the TCP ports
|
||||
for port in pairs(tcp_ports) do
|
||||
|
||||
@@ -115,7 +115,7 @@ action = function(host, port)
|
||||
|
||||
local url_iter = urlIterator(f)
|
||||
if ( not(url_iter) ) then
|
||||
return stdnse.format_output(false, ("Could not open the URL dictionary: "):format(f))
|
||||
return stdnse.format_output(false, ("Could not open the URL dictionary: %s"):format(f))
|
||||
end
|
||||
|
||||
local threads = {}
|
||||
|
||||
@@ -84,13 +84,13 @@ action = function(host)
|
||||
if(#data.groups > 0) then
|
||||
table.insert(piece, string.format("Groups: %s", stdnse.strjoin(", ", data.groups)))
|
||||
else
|
||||
table.insert(piece, string.format("Groups: n/a"))
|
||||
table.insert(piece, "Groups: n/a")
|
||||
end
|
||||
|
||||
if(#data.users > 0) then
|
||||
table.insert(piece, string.format("Users: %s", stdnse.strjoin(", ", data.users)))
|
||||
else
|
||||
table.insert(piece, string.format("Users: n/a"))
|
||||
table.insert(piece, "Users: n/a")
|
||||
end
|
||||
|
||||
-- Floor data.max_password_age, if possible
|
||||
@@ -111,7 +111,7 @@ action = function(host)
|
||||
if(data.lockout_threshold) then
|
||||
table.insert(piece, string.format("Account lockout: %s attempts in %s minutes will lock out the account for %s minutes", data.lockout_threshold, data.lockout_window or "unlimited", data.lockout_duration or "unlimited"))
|
||||
else
|
||||
table.insert(piece, string.format("Account lockout disabled"))
|
||||
table.insert(piece, "Account lockout disabled")
|
||||
end
|
||||
|
||||
table.insert(response, piece)
|
||||
|
||||
@@ -948,7 +948,7 @@ local function get_config(host, config)
|
||||
enabled = false
|
||||
mod.disabled_message = {}
|
||||
table.insert(mod.disabled_message, string.format("Configuration error: Required argument(s) ('%s') weren't given.", stdnse.strjoin("', '", missing_args)))
|
||||
table.insert(mod.disabled_message, string.format("Please add --script-args=[arg]=[value] to your commandline to run this module"))
|
||||
table.insert(mod.disabled_message, "Please add --script-args=[arg]=[value] to your commandline to run this module")
|
||||
if(#missing_args == 1) then
|
||||
table.insert(mod.disabled_message, string.format("For example: --script-args=%s=123", missing_args[1]))
|
||||
else
|
||||
@@ -1188,7 +1188,7 @@ local function create_service(host, config)
|
||||
cleanup(host, config)
|
||||
|
||||
if(string.find(err, "MARKED_FOR_DELETE")) then
|
||||
return false, string.format("Service is stuck in 'being deleted' phase on remote machine; try setting script-args=randomseed=abc for now", err)
|
||||
return false, "Service is stuck in 'being deleted' phase on remote machine; try setting script-args=randomseed=abc for now"
|
||||
else
|
||||
return false, string.format("Couldn't create the service on the remote machine: %s", err)
|
||||
end
|
||||
@@ -1278,7 +1278,7 @@ local function get_output_file(host, config)
|
||||
stdnse.debug1("Error in remote service: output file was never created!")
|
||||
cleanup(host, config)
|
||||
|
||||
return false, string.format("Error in remote service: output file was never created")
|
||||
return false, "Error in remote service: output file was never created"
|
||||
end
|
||||
|
||||
stdnse.debug1("Output file %s doesn't exist yet, waiting for %d more seconds", config.output_file, i)
|
||||
|
||||
Reference in New Issue
Block a user