for lib in nselib/*.lua*; do l=${lib#*/}; l=${l%.lua*}; find . -name \
\*.lua -o -name \*.nse | xargs grep -l "require .$l\>" | xargs grep \
-c "\<$l\." | grep ':0$' | awk -F: '{print "'$l'", $1}'; done
Did not remove calls to stdnse.silent_require since these can be used to
abort script execution if OpenSSL is not included, even if the script
does not directly call openssl.* (perhaps it uses comm.tryssl instead,
for instance).
Also did not remove require "strict", since that library is special and
modifies the environment.
If you ran the (fortunately non-default) http-domino-enum-passwords
script with the (fortunately also non-default)
domino-enum-passwords.idpath parameter against a malicious server,
it could cause an arbitrarily named file to to be written to the
client system. Thanks to Trustwave researcher Piotr Duszynski for
discovering and reporting the problem. We've fixed that script, and
also updated several other scripts to use a new
stdnse.filename_escape function for extra safety. This breaks our
record of never having a vulnerability in the 16 years that Nmap has
existed, but that's still a fairly good run. [David, Fyodor]
