This file is indexed.

/usr/share/doc/libwhisker2-perl/KNOWNBUGS is in libwhisker2-perl 2.5-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Known broken stuff as of v2.4:

- HTML parser still screws up on a few corner test cases (particular types
of invalid HTML).  Fortunately these are relatively abnormal and rare.

- XML parser is no where near functional.

- Net::SSL (Crypt::SSLeay) has a bug in version 0.51, when used in proxy mode.
I included a patch in the compat/ directory which temporarily fixes the bug,
but it has the side effect of disabling LWP HTTPS support.  Precompiled
binary users are out of luck until an updated version is available, and I'm
not so sure this is really ever going to be fixed.

- Proxy-auth does not work with Net::SSL; the auth data needs to be set
using %ENV instead of the Proxy-Authenticate header which Libwhisker normally
sends.  Not sure if this will ever be fixed, as it would require significant
architecture changes to accomodate.  Use Net::SSLeay instead.

- NTLM proxy-auth is not supported for SSL connections.

- The combination of Paros HTTP proxy, Net::SSLeay, and SSL connections does
not currently work.  Paros only returns a "Error: 1" message, so I'm not even
sure where to begin on figuring out what's going wrong.  Net::SSL works just
fine (well, assuming you applied the patch referred to above).



Caveats as of v2.4:

- Cookie support does not yet account for expiration via Expires value.

- Various perl warnings when running under -w.  If you send me a copy of
the warnings (warning and line number reported), I can fix them.  Since
warnings are generated at runtime, it's hard to traverse every possible
code path and find the warnings.

- LW2::dump() sometimes messes up on the visual layout of the resulting
code...however, this does not affect the final representation/eval'ing, so
it's merely cosmetic.

- The internal session cache can grow quite big if you scan thousands of
hosts in a row without calling LW2::http_reset() or exiting. In order to
clear out any left over session information (when you're all done with a
host), be sure to call LW2::http_reset() every once in a while.

- Careful on trying to unset/remove various {whisker} request values.  
If it's not defined by default, then you should delete the key, rather 
than setting it to 0, since some libwhisker functions only check to see 
if a key is defined (it doesn't actually look at the value).

- The SSL libraries do not allow persistant connections, so all connections
will be closed at the end.

- NTLM web auth through an NTLM auth'd proxy is a toss-up, largely because
I'm not sure what's the most appropriate route to go.  Libwhisker's
implementation is how it *should* work IMHO, but I couldn't get it to actually
work through MS ISA proxy (although, I couldn't get IE to work correctly
through MS ISA proxy with double-NTLM auth either, so that leaves me to
suspect MS has issues somewhere...).  The general problem is that ISA proxy
doesn't seem to keep-alive the connection between the proxy and web server, 
so persistent requests from the client will have to re-auth to the web 
server. Technically, since everything is kept-alive, once all the NTLM
rigmarole for both proxy and web server are done, I should be able to just
fire requests off like normal (e.g. no auth) until the connection is closed.
So, in short, Microsoft screwed up their own implementation of double-NTLM
auth in ISA Server, and I don't really have another NTLM-capable proxy to test
with to ensure LW2 is perfectly implemented...but it should be. :)