ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix[xml parsing]: Bug fix when XML contains tags / character that is not the closing tag

Browse Source 
Nessus 8.2 can accommodate invalid XML tags.  In plugin 86067, it now includes a tag <ssl/chain/sha-1>{data}</ssl/chain/sha-1>.  The forward slashes in the opening tag cause the PHP stream parser to barf.  I added a regex to remove tags with forward slashes in the tag that don't appear as the first character after the less than sign.  As a result, this will also remove <attachment> tag items because the <attachment> tag also includes a "type" attribute that contains the MIME type of the attachment file.  Not a big deal though because we are not using the attachments.  If we decide to grab those as well, we will have to change this regex to make it work.
This commit is contained in:
Ryan Prather 2019-01-26 11:53:17 -05:00
parent 55dd61f462
commit 44669decf4
No known key found for this signature in database
GPG Key ID: 66FDE2B4E8AB87A7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
inc/xml_parser.inc
View File

@ -388,6 +388,8 @@ class scan_xml_parser
$this->fh = fopen($this->file, "r");
while ($data = fread($this->fh, 4096)) {
$data = preg_replace("/\<[^\/]+\/[^\>]+\>[^\n]+\n/", "", $data);
try {
if (!xml_parse($this->parser, $data, feof($this->fh)) && !xml_get_error_code($this->parser)) {
$this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_ERROR);
@ -580,6 +582,8 @@ class basic_xml_parser
{
$fh = fopen($this->file, "r");
while ($data = fread($fh, 4096)) {
$data = preg_replace("\<[^\/]+\/[^\>]+\>[^\n]+\n", "", $data);
if (!xml_parse($this->parser, $data, feof($fh)) && !xml_get_error_code($this->parser)) {
print_r($this->stack);
$this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_WARNING);