Strings
NASL provides a rich library for string manipulation. When scanning for vulnerabilities, outgoing requests and incoming responses contain data presented to NASL plug-ins as strings, so it is important to learn how to best utilize the available string API. This section discusses NASL-provided functions for pattern matching, simple string manipulation and conversion, and other miscellaneous string-related functions.
Simple string manipulation functions
The chomp()
function takes in a string as a
parameter and strips away any
carriage returns,
line feeds, tabs, or whitespace at the end of the string. For
example:
mystring='abcd \t\r\n';
display ('BEGIN',chomp(mystring),'END\n');displays BEGINabcdEND on one line.
The crap( )
function is used to fill a
buffer with repeated
occurrences of a specified string. The function takes in two
parameters, length and data.
The length parameter specifies the length of the
string to be returned, while the data parameter
specifies the string that should be used to fill the buffer. For
example, crap(length:10,data:'a') returns
aaaaaaaaaa. If data is not
specified, a default value of X is used.
To perform string concatenation, you can use the
strcat( ) function. This function also converts
given variables to strings when performing concatenation. The
following example causes the value of mystring to
be set to abcdefgh123:
string1="abcd"; string2="efgh"; number1=123; mystring=strcat(string1,string2,number1);
Finding and replacing strings
Many ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
