upstream/oracle/userland-gate: components/nmap/patches/nmap-6.25-cve-2013-4885.patch@3288b0639de6 (annotated)

1448 3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	1	# http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;bug=719289
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	2	# Index: scripts/http-domino-enum-passwords.nse
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	3	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	4	--- nmap-6.25/scripts/http-domino-enum-passwords.nse (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	5	+++ nmap-6.25/scripts/http-domino-enum-passwords.nse (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	6	@@ -315,9 +315,10 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	7	http_response = http.get( vhost or host, port, u_details.idfile, { auth = { username = user, password = pass }, no_cache = true })
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	8
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	9	if ( http_response.status == 200 ) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	10	- local status, err = saveIDFile( ("%s/%s.id"):format(download_path, u_details.fullname), http_response.body )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	11	+ local filename = download_path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	12	+ local status, err = saveIDFile( filename, http_response.body )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	13	if ( status ) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	14	- table.insert( id_files, ("%s ID File has been downloaded (%s/%s.id)"):format(u_details.fullname, download_path, u_details.fullname) )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	15	+ table.insert( id_files, ("%s ID File has been downloaded (%s)"):format(u_details.fullname, filename) )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	16	else
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	17	table.insert( id_files, ("%s ID File was not saved (error: %s)"):format(u_details.fullname, err ) )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	18	end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	19	# Index: scripts/stuxnet-detect.nse
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	20	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	21	--- nmap-6.25/scripts/stuxnet-detect.nse (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	22	+++ nmap-6.25/scripts/stuxnet-detect.nse (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	23	@@ -81,7 +81,7 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	24
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	25	fmt = save:gsub("%%h", host.ip)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	26	fmt = fmt:gsub("%%v", version)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	27	- file = io.open(fmt, "w")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	28	+ file = io.open(stdnse.filename_escape(fmt), "w")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	29	if file then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	30	stdnse.print_debug(1, "Wrote %d bytes to file %s.", #result.arguments, fmt)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	31	file:write(result.arguments)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	32	# Index: scripts/http-config-backup.nse
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	33	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	34	--- nmap-6.25/scripts/http-config-backup.nse (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	35	+++ nmap-6.25/scripts/http-config-backup.nse (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	36	@@ -209,7 +209,7 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	37	if (response.status == 200) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	38	-- check it if is valid before inserting
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	39	if cfg.check(response.body) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	40	- local filename = ((host.targetname or host.ip) .. url_path):gsub("/", "-");
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	41	+ local filename = stdnse.escape_filename((host.targetname or host.ip) .. url_path)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	42
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	43	-- save the content
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	44	if save then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	45	# Index: scripts/hostmap-bfk.nse
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	46	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	47	--- nmap-6.25/scripts/hostmap-bfk.nse (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	48	+++ nmap-6.25/scripts/hostmap-bfk.nse (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	49	@@ -68,7 +68,7 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	50
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	51	local HOSTMAP_SERVER = "www.bfk.de"
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	52
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	53	-local filename_escape, write_file
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	54	+local write_file
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	55
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	56	hostrule = function(host)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	57	return not ipOps.isPrivate(host.ip)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	58	@@ -106,7 +106,7 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	59
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	60	local filename_prefix = stdnse.get_script_args("hostmap-bfk.prefix")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	61	if filename_prefix then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	62	- local filename = filename_prefix .. filename_escape(host.targetname or host.ip)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	63	+ local filename = filename_prefix .. stdnse.filename_escape(host.targetname or host.ip)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	64	local status, err = write_file(filename, hostnames_str .. "\n")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	65	if status then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	66	output_tab.filename = filename
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	67	@@ -118,13 +118,6 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	68	return output_tab
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	69	end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	70
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	71	--- Escape some potentially unsafe characters in a string meant to be a filename.
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	72	-function filename_escape(s)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	73	- return string.gsub(s, "[\0/=]", function(c)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	74	- return string.format("=%02X", string.byte(c))
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	75	- end)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	76	-end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	77	-
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	78	function write_file(filename, contents)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	79	local f, err = io.open(filename, "w")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	80	if not f then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	81	# Index: scripts/domino-enum-users.nse
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	82	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	83	--- nmap-6.25/scripts/domino-enum-users.nse (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	84	+++ nmap-6.25/scripts/domino-enum-users.nse (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	85	@@ -103,7 +103,7 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	86	helper:disconnect()
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	87
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	88	if ( status and data and path ) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	89	- local filename = ("%s/%s.id"):format(path, username )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	90	+ local filename = path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	91	local status, err = saveIDFile( filename, data )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	92
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	93	if ( status ) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	94	# Index: scripts/ms-sql-dump-hashes.nse
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	95	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	96	--- nmap-6.25/scripts/ms-sql-dump-hashes.nse (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	97	+++ nmap-6.25/scripts/ms-sql-dump-hashes.nse (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	98	@@ -119,7 +119,7 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	99	local filename
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	100	if ( dir ) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	101	local instance = instance:GetName():match("%\\+(.+)$") or instance:GetName()
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	102	- filename = ("%s/%s_%s_ms-sql_hashes.txt"):format(dir, host.ip, instance)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	103	+ filename = dir .. "/" .. stdnse.filename_escape(("%s_%s_ms-sql_hashes.txt"):format(host.ip, instance))
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	104	saveToFile(filename, instanceOutput[1])
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	105	end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	106	end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	107	# Index: scripts/snmp-ios-config.nse
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	108	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	109	--- nmap-6.25/scripts/snmp-ios-config.nse (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	110	+++ nmap-6.25/scripts/snmp-ios-config.nse (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	111	@@ -184,7 +184,7 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	112	result = ( infile and infile:getContent() )
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	113
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	114	if ( tftproot ) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	115	- local fname = tftproot .. host.ip .. "-config"
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	116	+ local fname = tftproot .. stdnse.filename_escape(host.ip .. "-config")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	117	local file, err = io.open(fname, "w")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	118	if ( file ) then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	119	file:write(result)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	120	# Index: nselib/stdnse.lua
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	121	# ===================================================================
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	122	--- nmap-6.25/nselib/stdnse.lua (revision 31575)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	123	+++ nmap-6.25/nselib/stdnse.lua (revision 31576)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	124	@@ -1195,4 +1195,36 @@
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	125	return aux(obj, "")
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	126	end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	127
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	128	+-- This pattern must match the percent sign '%' since it is used in
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	129	+-- escaping.
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	130	+local FILESYSTEM_UNSAFE = "[^a-zA-Z0-9._-]"
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	131	+---
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	132	+-- Escape a string to remove bytes and strings that may have meaning to
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	133	+-- a filesystem, such as slashes. All bytes are escaped, except for:
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	134	+-- * alphabetic <code>a</code>-<code>z</code> and <code>A</code>-<code>Z</code>, digits 0-9, <code>.</code> <code>_</code> <code>-</code>
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	135	+-- In addition, the strings <code>"."</code> and <code>".."</code> have
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	136	+-- their characters escaped.
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	137	+--
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	138	+-- Bytes are escaped by a percent sign followed by the two-digit
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	139	+-- hexadecimal representation of the byte value.
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	140	+-- * <code>filename_escape("filename.ext") --> "filename.ext"</code>
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	141	+-- * <code>filename_escape("input/output") --> "input%2foutput"</code>
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	142	+-- * <code>filename_escape(".") --> "%2e"</code>
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	143	+-- * <code>filename_escape("..") --> "%2e%2e"</code>
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	144	+-- This escaping is somewhat like that of JavaScript
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	145	+-- <code>encodeURIComponent</code>, except that fewer bytes are
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	146	+-- whitelisted, and it works on bytes, not Unicode characters or UTF-16
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	147	+-- code points.
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	148	+function filename_escape(s)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	149	+ if s == "." then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	150	+ return "%2e"
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	151	+ elseif s == ".." then
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	152	+ return "%2e%2e"
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	153	+ else
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	154	+ return (string.gsub(s, FILESYSTEM_UNSAFE, function (c)
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	155	+ return string.format("%%%02x", string.byte(c))
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	156	+ end))
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	157	+ end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	158	+end
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	159	+
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	160	return _ENV;
3288b0639de6 17328869 problem in UTILITY/NMAP Stefan Teleman <stefan.teleman@oracle.com> parents: diff changeset	161

author	Stefan Teleman <stefan.teleman@oracle.com>
	Wed, 21 Aug 2013 00:01:40 -0700
changeset 1448	3288b0639de6
permissions	-rw-r--r--