Moved the includes for Lua headers to the .cc files so they are
not needlessly, repeatedly included.
Similarly, moved some standard headers to the .cc files and reorganized
includes to be uniform for all nse_* source files.
Fixed whitespace (removed tabs).
specially. This was to hide the any errors raised by scripts using an openssl
module when OpenSSL itself wasn't available. For now this will be handled by
having each script check for openssl.
time errors are not affected by this change). If verbose is 4 or greater than
a simple message is output saying what file could not be loaded due to X
library missing. If debugging is set, then the previous error message is
used.
Something like it should remain a part of NSE, because it helped me to see what
was in the Lua stack inside GDB. I got the function from
http://www.lua.org/pil/24.2.3.html.
file name is already in the table. Previously duplicates were only checked for
in a table that was an upvalue of the entry function, allowing duplicates to
sneak in elsewhere.
This prevents a script from being loaded twice when it is given by name, and is
in the "version" category and version detection is used.
nse_init.cc. Because that directory isn't created on installation any longer it
was causing an NSE error: "SCRIPT ENGINE: error while initializing Lua State:
'nselib-bin/' not a directory"
nse_main and nse_nsock. nse_main now uses Lua to create printable output
while a cleaner hexify procedure has been placed in nsock.
nse_string is removed as a result.
Now does most of it's work through Lua:
From Nmap-dev: "Many of the changes consist of changing how Nmap interfaces
with Lua that were sometimes awkward or inflexible. Most of the functions
have been made to be callable directly by Lua which offers many technical
advantages: stack management is alleviated, errors are handled cleanly and
are more descriptive, and there is increased reusability."
Additionally:
-- Moved all lua_State * symbols from "l" to "L". This is to maintain
consistency with other Lua libraries (convention) and to make our macros portable.
-- Moved file system manipulation over to nse_fs.cc (from nse_init.cc)
of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).
On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.
The new list is very similar to the previous "safe,intrusive" list:
Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd
Here are the 21 scripts in this new category:
anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans
o Fix cases of std::string() being used in ways which wrongly parse
the data for escape sequences such as \n. For an example, see
log message of r6474 in svn.
(note that this was a Lua escaping bug, not std::string)
