Building a string with var = var .. "something" has miserable time
complexities. This commit cleans up a lot of that in scripts, focusing
on packing of data with bin.pack and concatenations within loops.
Additionally, a few instances were replaced with string.rep
Mostly in documentation (the description field, for instance), but also
some long literal strings. Lua 5.2 introduces a string escape, "\z",
which escapes any amount of subsequent whitespace, including newlines.
This can be used to wrap string literals without upsetting indentation.
http://www.lua.org/manual/5.2/manual.html#3.1
Mostly found with:
for i in nselib/*.lua scripts/*.nse; do
echo $(perl -lne 'BEGIN{$a=$p=0}next unless $_;/^(\s*)/;' \
-e '$l=length$1;next if$l==$p;$a+=(abs($l-$p)-$a)/$.;' \
-e '$p=$l;END{print$a}' $i) $i
done | sort -nr
And indented with: https://gist.github.com/bonsaiviking/8845871
whois-ip.nse was particularly mangled (probably my fault due to using
vim's built-in indentation script, but it could be structured better)
These implementations were all functionally identical. The replacement
has an extra feature of returning the index where the value was found,
currently unused.
Not all SSH key formats use base64 encoding, for example SSH1 keys looks
different. So we can't blindly base64-encode the raw strings that we
receive. Attempt to return keys in the same format as is used by the
known_hosts file.
"algorithm" seems to be a mapping computed by our ssh2 library:
ssh-rsa → RSA
ssh-dss → DSA
"type" is just the string "ssh-rsa" or "ssh-dss". "Type" seems to be the
terminology used in the ssh-keygen man page.
The wsdd library incorrectly assumed OpenSSL to always be available and the
ssh-hostkey used the undeclared SCRIPT_NAME in message when evaluating SSL
support. The bug was reported by Michael Pattrick on nmap-dev:
http://seclists.org/nmap-dev/2011/q1/312
[Patrik]
o Add two new Script scan phases:
Script Pre-scanning phase: before any Nmap scan operation, activated by the new "prerule".
Script Post-scanning phase: after all Nmap scan operations, activated by the new "postrule".
o New environment variables:
SCRIPT_PATH
SCRIPT_NAME
SCRIPT_TYPE: the type of the rule that activated the script.
may not exist (and thus triggers an error from strict.lua). We instead
setup dummy portrule/action functions, print the debug error for why the script
will not run, and return.
