1 # http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;bug=719289 |
|
2 # Index: scripts/http-domino-enum-passwords.nse |
|
3 # =================================================================== |
|
4 --- nmap-6.25/scripts/http-domino-enum-passwords.nse (revision 31575) |
|
5 +++ nmap-6.25/scripts/http-domino-enum-passwords.nse (revision 31576) |
|
6 @@ -315,9 +315,10 @@ |
|
7 http_response = http.get( vhost or host, port, u_details.idfile, { auth = { username = user, password = pass }, no_cache = true }) |
|
8 |
|
9 if ( http_response.status == 200 ) then |
|
10 - local status, err = saveIDFile( ("%s/%s.id"):format(download_path, u_details.fullname), http_response.body ) |
|
11 + local filename = download_path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id") |
|
12 + local status, err = saveIDFile( filename, http_response.body ) |
|
13 if ( status ) then |
|
14 - table.insert( id_files, ("%s ID File has been downloaded (%s/%s.id)"):format(u_details.fullname, download_path, u_details.fullname) ) |
|
15 + table.insert( id_files, ("%s ID File has been downloaded (%s)"):format(u_details.fullname, filename) ) |
|
16 else |
|
17 table.insert( id_files, ("%s ID File was not saved (error: %s)"):format(u_details.fullname, err ) ) |
|
18 end |
|
19 # Index: scripts/stuxnet-detect.nse |
|
20 # =================================================================== |
|
21 --- nmap-6.25/scripts/stuxnet-detect.nse (revision 31575) |
|
22 +++ nmap-6.25/scripts/stuxnet-detect.nse (revision 31576) |
|
23 @@ -81,7 +81,7 @@ |
|
24 |
|
25 fmt = save:gsub("%%h", host.ip) |
|
26 fmt = fmt:gsub("%%v", version) |
|
27 - file = io.open(fmt, "w") |
|
28 + file = io.open(stdnse.filename_escape(fmt), "w") |
|
29 if file then |
|
30 stdnse.print_debug(1, "Wrote %d bytes to file %s.", #result.arguments, fmt) |
|
31 file:write(result.arguments) |
|
32 # Index: scripts/http-config-backup.nse |
|
33 # =================================================================== |
|
34 --- nmap-6.25/scripts/http-config-backup.nse (revision 31575) |
|
35 +++ nmap-6.25/scripts/http-config-backup.nse (revision 31576) |
|
36 @@ -209,7 +209,7 @@ |
|
37 if (response.status == 200) then |
|
38 -- check it if is valid before inserting |
|
39 if cfg.check(response.body) then |
|
40 - local filename = ((host.targetname or host.ip) .. url_path):gsub("/", "-"); |
|
41 + local filename = stdnse.escape_filename((host.targetname or host.ip) .. url_path) |
|
42 |
|
43 -- save the content |
|
44 if save then |
|
45 # Index: scripts/hostmap-bfk.nse |
|
46 # =================================================================== |
|
47 --- nmap-6.25/scripts/hostmap-bfk.nse (revision 31575) |
|
48 +++ nmap-6.25/scripts/hostmap-bfk.nse (revision 31576) |
|
49 @@ -68,7 +68,7 @@ |
|
50 |
|
51 local HOSTMAP_SERVER = "www.bfk.de" |
|
52 |
|
53 -local filename_escape, write_file |
|
54 +local write_file |
|
55 |
|
56 hostrule = function(host) |
|
57 return not ipOps.isPrivate(host.ip) |
|
58 @@ -106,7 +106,7 @@ |
|
59 |
|
60 local filename_prefix = stdnse.get_script_args("hostmap-bfk.prefix") |
|
61 if filename_prefix then |
|
62 - local filename = filename_prefix .. filename_escape(host.targetname or host.ip) |
|
63 + local filename = filename_prefix .. stdnse.filename_escape(host.targetname or host.ip) |
|
64 local status, err = write_file(filename, hostnames_str .. "\n") |
|
65 if status then |
|
66 output_tab.filename = filename |
|
67 @@ -118,13 +118,6 @@ |
|
68 return output_tab |
|
69 end |
|
70 |
|
71 --- Escape some potentially unsafe characters in a string meant to be a filename. |
|
72 -function filename_escape(s) |
|
73 - return string.gsub(s, "[\0/=]", function(c) |
|
74 - return string.format("=%02X", string.byte(c)) |
|
75 - end) |
|
76 -end |
|
77 - |
|
78 function write_file(filename, contents) |
|
79 local f, err = io.open(filename, "w") |
|
80 if not f then |
|
81 # Index: scripts/domino-enum-users.nse |
|
82 # =================================================================== |
|
83 --- nmap-6.25/scripts/domino-enum-users.nse (revision 31575) |
|
84 +++ nmap-6.25/scripts/domino-enum-users.nse (revision 31576) |
|
85 @@ -103,7 +103,7 @@ |
|
86 helper:disconnect() |
|
87 |
|
88 if ( status and data and path ) then |
|
89 - local filename = ("%s/%s.id"):format(path, username ) |
|
90 + local filename = path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id") |
|
91 local status, err = saveIDFile( filename, data ) |
|
92 |
|
93 if ( status ) then |
|
94 # Index: scripts/ms-sql-dump-hashes.nse |
|
95 # =================================================================== |
|
96 --- nmap-6.25/scripts/ms-sql-dump-hashes.nse (revision 31575) |
|
97 +++ nmap-6.25/scripts/ms-sql-dump-hashes.nse (revision 31576) |
|
98 @@ -119,7 +119,7 @@ |
|
99 local filename |
|
100 if ( dir ) then |
|
101 local instance = instance:GetName():match("%\\+(.+)$") or instance:GetName() |
|
102 - filename = ("%s/%s_%s_ms-sql_hashes.txt"):format(dir, host.ip, instance) |
|
103 + filename = dir .. "/" .. stdnse.filename_escape(("%s_%s_ms-sql_hashes.txt"):format(host.ip, instance)) |
|
104 saveToFile(filename, instanceOutput[1]) |
|
105 end |
|
106 end |
|
107 # Index: scripts/snmp-ios-config.nse |
|
108 # =================================================================== |
|
109 --- nmap-6.25/scripts/snmp-ios-config.nse (revision 31575) |
|
110 +++ nmap-6.25/scripts/snmp-ios-config.nse (revision 31576) |
|
111 @@ -184,7 +184,7 @@ |
|
112 result = ( infile and infile:getContent() ) |
|
113 |
|
114 if ( tftproot ) then |
|
115 - local fname = tftproot .. host.ip .. "-config" |
|
116 + local fname = tftproot .. stdnse.filename_escape(host.ip .. "-config") |
|
117 local file, err = io.open(fname, "w") |
|
118 if ( file ) then |
|
119 file:write(result) |
|
120 # Index: nselib/stdnse.lua |
|
121 # =================================================================== |
|
122 --- nmap-6.25/nselib/stdnse.lua (revision 31575) |
|
123 +++ nmap-6.25/nselib/stdnse.lua (revision 31576) |
|
124 @@ -1195,4 +1195,36 @@ |
|
125 return aux(obj, "") |
|
126 end |
|
127 |
|
128 +-- This pattern must match the percent sign '%' since it is used in |
|
129 +-- escaping. |
|
130 +local FILESYSTEM_UNSAFE = "[^a-zA-Z0-9._-]" |
|
131 +--- |
|
132 +-- Escape a string to remove bytes and strings that may have meaning to |
|
133 +-- a filesystem, such as slashes. All bytes are escaped, except for: |
|
134 +-- * alphabetic <code>a</code>-<code>z</code> and <code>A</code>-<code>Z</code>, digits 0-9, <code>.</code> <code>_</code> <code>-</code> |
|
135 +-- In addition, the strings <code>"."</code> and <code>".."</code> have |
|
136 +-- their characters escaped. |
|
137 +-- |
|
138 +-- Bytes are escaped by a percent sign followed by the two-digit |
|
139 +-- hexadecimal representation of the byte value. |
|
140 +-- * <code>filename_escape("filename.ext") --> "filename.ext"</code> |
|
141 +-- * <code>filename_escape("input/output") --> "input%2foutput"</code> |
|
142 +-- * <code>filename_escape(".") --> "%2e"</code> |
|
143 +-- * <code>filename_escape("..") --> "%2e%2e"</code> |
|
144 +-- This escaping is somewhat like that of JavaScript |
|
145 +-- <code>encodeURIComponent</code>, except that fewer bytes are |
|
146 +-- whitelisted, and it works on bytes, not Unicode characters or UTF-16 |
|
147 +-- code points. |
|
148 +function filename_escape(s) |
|
149 + if s == "." then |
|
150 + return "%2e" |
|
151 + elseif s == ".." then |
|
152 + return "%2e%2e" |
|
153 + else |
|
154 + return (string.gsub(s, FILESYSTEM_UNSAFE, function (c) |
|
155 + return string.format("%%%02x", string.byte(c)) |
|
156 + end)) |
|
157 + end |
|
158 +end |
|
159 + |
|
160 return _ENV; |
|
161 |
|