1 files changed, 342 insertions, 0 deletions

diff --git a/nselib/datafiles.lua b/nselib/datafiles.lua
new file mode 100644
index 0000000..ffe71f1
--- /dev/null
+++ b/nselib/datafiles.lua
@@ -0,0 +1,342 @@
+---
+-- Read and parse some of Nmap's data files: <code>nmap-protocols</code>,
+-- <code>nmap-rpc</code>, <code>nmap-services</code>, and
+-- <code>nmap-mac-prefixes</code>.
+--
+-- The functions in this module return values appropriate for use with exception
+-- handling via <code>nmap.new_try</code>. On success, they return true and
+-- the function result. On failure, they return false and an error message.
+-- @author Kris Katterjohn 03/2008
+-- @author jah 08/2008
+-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
+
+local io = require "io"
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local string = require "string"
+local table = require "table"
+-- mostly undocumented library for direct lookups in Nmap datafiles:
+local nmapdb = require "nmapdb"
+_ENV = stdnse.module("datafiles", stdnse.seeall)
+
+
+---
+-- Capture patterns for common data files, indexed by filename.
+-- @class table
+-- @name common_files
+-- @see parse_file
+local common_files = {
+  ["nmap-rpc"]       = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)" ) ) end] = "^%s*([^%s#]+)%s+%d+" },
+  ["nmap-protocols"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)" ) ) end] = "^%s*([^%s#]+)%s+%d+" },
+  ["nmap-services"]  = { ["tcp"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)/tcp" ) ) end] = "^%s*([^%s#]+)%s+%d+/tcp" },
+    ["udp"] = { [function(ln) return tonumber( ln:match( "^%s*[^%s#]+%s+(%d+)/udp" ) ) end] = "^%s*([^%s#]+)%s+%d+/udp" }
+  },
+  ["nmap-mac-prefixes"] = { [ "^%s*(%w+)%s+[^#]+" ] = "^%s*%w+%s+([^#]+)" }
+
+}
+
+-- Helper for parse_* functions
+local parse_and_cache = function(filename)
+  nmap.registry.datafiles = nmap.registry.datafiles or {}
+  if not nmap.registry.datafiles[filename] then
+    local status
+    status, nmap.registry.datafiles[filename] = parse_file(filename)
+    if not status then
+      return false, string.format("Error parsing %s", filename)
+    end
+  end
+
+  return true, nmap.registry.datafiles[filename]
+end
+
+
+---
+-- Read and parse <code>nmap-protocols</code>.
+--
+-- On success, return true and a table mapping protocol numbers to protocol
+-- names.
+-- @return Status (true or false).
+-- @return Table (if status is true) or error string (if status is false).
+-- @see parse_file
+parse_protocols = function()
+  return parse_and_cache("nmap-protocols")
+end
+
+
+---
+-- Read and parse <code>nmap-rpc</code>.
+--
+-- On success, return true and a table mapping RPC numbers to RPC names.
+-- @return Status (true or false).
+-- @return Table (if status is true) or error string (if status is false).
+-- @see parse_file
+parse_rpc = function()
+  return parse_and_cache("nmap-rpc")
+end
+
+local prohibited = function()
+  error("Invalid function")
+end
+local services_table = {}
+local portlookup_mt = {
+  __index = function(t, port)
+    return nmapdb.getservbyport(port, rawget(t, "proto"))
+  end,
+  __newindex = prohibited,
+}
+for _, proto in ipairs({"tcp", "udp", "sctp"}) do
+  services_table[proto] = setmetatable({proto=proto}, portlookup_mt)
+end
+
+---
+-- Read and parse <code>nmap-services</code>.
+--
+-- On success, return true and a table containing subtables indexed by the
+-- keys "tcp", "udp", and "sctp". You can
+-- pass a protocol name as an argument to <code>parse_services</code> to get
+-- only one of the results tables.
+-- @param protocol Optional: The protocol table to return (e.g. <code>"tcp"</code> or
+-- <code>"udp"</code>).
+-- @return Status (true or false).
+-- @return Table (if status is true) or error string (if status is false).
+-- @see parse_file
+parse_services = function(protocol)
+  local t
+  if protocol then
+    t = services_table[protocol]
+    if not t then
+      return false, "Bad protocol for nmap-services"
+    end
+  else
+    t = services_table
+  end
+
+  return true, t
+end
+
+
+local mac_table = setmetatable({}, {
+  __index = function(t, mac)
+    if #mac < 6 then
+      -- probably binary
+      mac = mac .. ("\0"):rep(6 - #mac)
+    elseif #mac < 12 then
+      -- probably hex
+      mac = mac .. ("0"):rep(12 - #mac)
+    end
+    return nmapdb.mac2corp(mac)
+  end,
+  __newindex = prohibited,
+})
+---
+-- Read and parse <code>nmap-mac-prefixes</code>.
+--
+-- On success, return true and a table mapping MAC prefixes to manufacturer
+-- names. The whole MAC can also be used as a key, since the table calls an
+-- internal Nmap function to do the lookup.
+-- @return Status (true or false).
+-- @return Table (if status is true) or error string (if status is false).
+-- @see parse_file
+parse_mac_prefixes = function()
+  return true, mac_table
+end
+
+
+---
+-- Read and parse a generic data file. The other parse functions are
+-- defined in terms of this one.
+--
+-- If filename is a key in <code>common_files</code>, use the corresponding
+-- capture pattern. Otherwise the second argument must be a table of the kind
+-- taken by <code>parse_lines</code>.
+-- @param filename Name of the file to parse.
+-- @param ... A table of capture patterns.
+-- @return Boolean status, false on failure
+-- @return A table whose structure mirrors that of the capture table,
+-- filled in with captured values.
+function parse_file(filename, ...)
+
+  local data_struct
+
+  -- must have a filename
+  if type( filename ) ~= "string" or filename == "" then
+    return false, "Error in datafiles.parse_file: No file to parse."
+  end
+
+  -- is filename a member of common_files? is second parameter a key in common_files or is it a table?
+  if common_files[filename] and type( (...) ) == "string" and common_files[filename][(...)] then
+    data_struct = { common_files[filename][(...)] }
+  elseif common_files[filename] and select("#", ...) == 0 then
+    data_struct = { common_files[filename] }
+  elseif type( (...) ) == "table" then
+    data_struct = {...}
+  elseif type( (...) ) ~= "table" then
+    return false, "Error in datafiles.parse_file: Expected second parameter as table."
+  end
+
+  if type( data_struct ) == "table" then
+    for i, struc in ipairs( data_struct ) do
+      -- check that all varargs are tables
+      if type( struc ) ~= "table" then return false, "Error in datafiles.parse_file: Bad Parameter." end
+      -- allow empty table as sugar for ^(.+)$ capture the whole line
+      if not next( struc ) and #struc == 0 then data_struct[i] = { "^(.+)$" } end
+    end
+    if #data_struct == 0 then
+      return false, "Error in datafiles.parse_file: I've no idea how you want your data."
+    end
+  end
+
+  -- get a table of lines
+  local status, lines = read_from_file( filename )
+  if not status then
+    return false, ( "Error in datafiles.parse_file: %s could not be read: %s." ):format( filename, lines )
+  end
+
+  -- do the actual parsing
+  local ret = {}
+  for _, ds in ipairs( data_struct ) do
+    status, ret[#ret+1] = parse_lines( lines, ds )
+    -- hmmm should we fail all if there are any failures? yes? ok
+    if not status then return false, ret[#ret] end
+  end
+
+  return true, table.unpack( ret )
+
+end
+
+
+---
+-- Generic parsing of an array of strings.
+-- @param lines An array of strings to operate on.
+-- @param data_struct A table containing capture patterns to be applied
+-- to each string in the array. A capture will be applied to each string
+-- using <code>string.match</code> and may also be enclosed within a table or
+-- a function. If a function, it must accept a string as its parameter and
+-- should return one value derived from that string.
+-- @return A table whose structure mirrors that of the capture table,
+-- filled in with captured values.
+function parse_lines(lines, data_struct)
+
+  if type( lines ) ~= "table" or #lines < 1 then
+    return false, "Error in datafiles.parse_lines: No lines to parse."
+  end
+
+  if type( data_struct ) ~= "table" or not next( data_struct ) then
+    return false, "Error in datafiles.parse_lines: Expected second parameter as a non-empty table."
+  end
+
+  local ret = {}
+
+  -- traverse data_struct and enforce sensible index-value pairs.  Call functions to process the members of lines.
+  for index, value in pairs( data_struct ) do
+    if type(index) == nil then return false, "Error in datafiles.parse_lines: Invalid index." end
+    if type(index) == "number" or type(value) == "table" then
+      if type(value) == "number" then
+        return false, "Error in datafiles.parse_lines: No patterns for data capture."
+      elseif type(value) == "string" or type(value) == "function" then
+        ret = get_array( lines, value )
+      elseif type(value) == "table" then
+        local _
+        _, ret[index] = parse_lines( lines, value )
+      else
+        -- TEMP
+        stdnse.debug1("Error in datafiles.parse_lines: Index with type %s has unexpected value %s", type(index), type(value))
+      end
+    elseif type(index) == "string" or type(index) == "function"  then
+      if type( value ) == "string" or type( value ) == "function" then
+        ret = get_assoc_array( lines, index, value )
+      else
+        return false, ( "Error in datafiles.parse_lines: Invalid value for index %s." ):format( index )
+      end
+    else
+      -- TEMP
+      stdnse.debug1("Error in datafiles.parse_lines: Index with type %s has unexpected value %s", type(index), type(value))
+    end
+  end
+
+  return true, ret
+
+end
+
+
+---
+-- Read a file, line by line, into a table.
+-- @param file String with the name of the file to read.
+-- @return Status (true or false).
+-- @return Array of lines read from the file (if status is true) or error
+-- message (if status is false).
+function read_from_file( file )
+
+  -- get path to file
+  local filepath = nmap.fetchfile( file )
+  if not filepath then
+    return false, ( "Error in nmap.fetchfile: Could not find file %s." ):format( file )
+  end
+
+  local f, err, _ = io.open( filepath, "r" )
+  if not f then
+    return false, ( "Error in datafiles.read_from_file: Cannot open %s for reading: %s" ):format( filepath, err )
+  end
+
+  local ret = {}
+  for line in f:lines() do
+    ret[#ret+1] = line
+  end
+
+  f:close()
+
+  return true, ret
+
+end
+
+
+---
+-- Return an array-like table of values captured from each line.
+-- @param lines Table of strings containing the lines to process.
+-- @param v_pattern Pattern to use on the lines to produce the value for the
+-- array.
+get_array = function(lines, v_pattern)
+  local ret = {}
+  for _, line in ipairs( lines ) do
+    assert( type( line ) == "string" )
+    local captured
+    if type( v_pattern ) == "function" then
+      captured = v_pattern( line )
+    else
+      captured = line:match( v_pattern )
+    end
+    table.insert( ret, captured )
+  end
+  return ret
+end
+
+
+---
+-- Return a table of index-value pairs captured from each line.
+-- @param lines Table of strings containing the lines to process.
+-- @param i_pattern Pattern to use on the lines to produce the key for the
+-- associative array.
+-- @param v_pattern Pattern to use on the lines to produce the value for the
+-- associative array.
+get_assoc_array = function(lines, i_pattern, v_pattern)
+  local ret = {}
+  for _, line in ipairs(lines) do
+    assert( type( line ) == "string" )
+    local index
+    if type(i_pattern) == "function" then
+      index = i_pattern(line)
+    else
+      index = line:match(i_pattern)
+    end
+    if index and type(v_pattern) == "function" then
+      local m = v_pattern(line)
+      if m then ret[index] = m end
+    elseif index then
+      local m = line:match(v_pattern)
+      if m then ret[index] = m end
+    end
+  end
+  return ret
+end
+
+return _ENV;