Home page logo

nmap-dev logo Nmap Development mailing list archives

Jacek's status report - #13 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Mon, 2 Sep 2013 23:59:13 +0200

Hi guys,

This is the report 13/16 for the Google Summer of Code project
“Bringing Lua to Ncat”.

This week was mostly about testing, bugfixing and cosmetic stuff. I
made hardly any big changes to the socket abstraction engine (though
there are a few planned). I wrote some test cases though, tried to
secure the Lua API and finally got closer to finishing httpd.lua
(solved the final bug).


* Organized all the current TODO tasks on a secwiki page. This took a
while, since my last meeting with David was three hours long. It paid
off though; with that many things to take care of, it would be really
easy to miss something.

* Did quite a lot of research on NSE socket interface. This involved
reading code, documentation and experimenting with the API.

* Wrote some more --lua-exec documentation. This includes another
example, reference to “Programming in Lua” book and a note about

* Reverted the “forward compatibility” patches. David made a good
point about preparing for something not really defined and I have to
admit he convinced me.

* Finally got the Unicode validation code working in httpd.lua. I
ported the routine from Go language and solved a bug that was related
to pre-setting one variable to a wrong value in my port.

* Re-ran some --lua-exec tests and found a bug related to handling
newlines on Windows.

* Wrote three simple test cases for socket abstractions. They test all
the protocols for connect and listen mode and also test proxy
functionality. I already found (and fixed) one bug thanks to the
tests. I'll probably add more tests to make sure all events fire

* Changed socket abstractions error behavior:

    * Replaced most assertions with non-critical errors

    * Made the functions report about whether they succeeded or not

    * Moved “connections” global variable to registry and made the
global variable read-only

    * “connection_roots” and “socket” are accessible via registry only
- they aren't globals anymore

    * Wrote a thread to nmap-dev in which I discuss the options we
have for securing the API

* Added two connect() arguments - hostname and port number.

* Fixed a bug related to using the same lua_State for both --lua-exec
and socket abstractions.

* Updated the documentation on socket abstractions, hopefully making
it a bit more readable.


* Redesign recv() and connect() for connect-mode
* Keep on testing and bugfixing
* Merge httpd.lua?


Jacek Wielemborek
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Jacek's status report - #13 of 16 Jacek Wielemborek (Sep 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]