fix[xml parsing]: Bug fix when XML contains tags / character that is not the closing tag
Nessus 8.2 can accommodate invalid XML tags. In plugin 86067, it now includes a tag <ssl/chain/sha-1>{data}</ssl/chain/sha-1>. The forward slashes in the opening tag cause the PHP stream parser to barf. I added a regex to remove tags with forward slashes in the tag that don't appear as the first character after the less than sign. As a result, this will also remove <attachment> tag items because the <attachment> tag also includes a "type" attribute that contains the MIME type of the attachment file. Not a big deal though because we are not using the attachments. If we decide to grab those as well, we will have to change this regex to make it work.
This commit is contained in:
parent
55dd61f462
commit
44669decf4
@ -388,6 +388,8 @@ class scan_xml_parser
|
||||
|
||||
$this->fh = fopen($this->file, "r");
|
||||
while ($data = fread($this->fh, 4096)) {
|
||||
$data = preg_replace("/\<[^\/]+\/[^\>]+\>[^\n]+\n/", "", $data);
|
||||
|
||||
try {
|
||||
if (!xml_parse($this->parser, $data, feof($this->fh)) && !xml_get_error_code($this->parser)) {
|
||||
$this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_ERROR);
|
||||
@ -580,6 +582,8 @@ class basic_xml_parser
|
||||
{
|
||||
$fh = fopen($this->file, "r");
|
||||
while ($data = fread($fh, 4096)) {
|
||||
$data = preg_replace("\<[^\/]+\/[^\>]+\>[^\n]+\n", "", $data);
|
||||
|
||||
if (!xml_parse($this->parser, $data, feof($fh)) && !xml_get_error_code($this->parser)) {
|
||||
print_r($this->stack);
|
||||
$this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_WARNING);
|
||||
|
Loading…
Reference in New Issue
Block a user