mailing list archives
Jacek's status report - #13 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Mon, 2 Sep 2013 23:59:13 +0200
This is the report 13/16 for the Google Summer of Code project
“Bringing Lua to Ncat”.
This week was mostly about testing, bugfixing and cosmetic stuff. I
made hardly any big changes to the socket abstraction engine (though
there are a few planned). I wrote some test cases though, tried to
secure the Lua API and finally got closer to finishing httpd.lua
(solved the final bug).
* Organized all the current TODO tasks on a secwiki page. This took a
while, since my last meeting with David was three hours long. It paid
off though; with that many things to take care of, it would be really
easy to miss something.
* Did quite a lot of research on NSE socket interface. This involved
reading code, documentation and experimenting with the API.
* Wrote some more --lua-exec documentation. This includes another
example, reference to “Programming in Lua” book and a note about
* Reverted the “forward compatibility” patches. David made a good
point about preparing for something not really defined and I have to
admit he convinced me.
* Finally got the Unicode validation code working in httpd.lua. I
ported the routine from Go language and solved a bug that was related
to pre-setting one variable to a wrong value in my port.
* Re-ran some --lua-exec tests and found a bug related to handling
newlines on Windows.
* Wrote three simple test cases for socket abstractions. They test all
the protocols for connect and listen mode and also test proxy
functionality. I already found (and fixed) one bug thanks to the
tests. I'll probably add more tests to make sure all events fire
* Changed socket abstractions error behavior:
* Replaced most assertions with non-critical errors
* Made the functions report about whether they succeeded or not
* Moved “connections” global variable to registry and made the
global variable read-only
* “connection_roots” and “socket” are accessible via registry only
- they aren't globals anymore
* Wrote a thread to nmap-dev in which I discuss the options we
have for securing the API
* Added two connect() arguments - hostname and port number.
* Fixed a bug related to using the same lua_State for both --lua-exec
and socket abstractions.
* Updated the documentation on socket abstractions, hopefully making
it a bit more readable.
* Redesign recv() and connect() for connect-mode
* Keep on testing and bugfixing
* Merge httpd.lua?
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/
- Jacek's status report - #13 of 16 Jacek Wielemborek (Sep 02)