From 44669decf46e70be65722e6c598d848fcd83f870 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Sat, 26 Jan 2019 11:53:17 -0500 Subject: [PATCH] fix[xml parsing]: Bug fix when XML contains tags / character that is not the closing tag Nessus 8.2 can accommodate invalid XML tags. In plugin 86067, it now includes a tag {data}. The forward slashes in the opening tag cause the PHP stream parser to barf. I added a regex to remove tags with forward slashes in the tag that don't appear as the first character after the less than sign. As a result, this will also remove tag items because the tag also includes a "type" attribute that contains the MIME type of the attachment file. Not a big deal though because we are not using the attachments. If we decide to grab those as well, we will have to change this regex to make it work. --- inc/xml_parser.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/xml_parser.inc b/inc/xml_parser.inc index 90a3ffb..18d6702 100644 --- a/inc/xml_parser.inc +++ b/inc/xml_parser.inc @@ -388,6 +388,8 @@ class scan_xml_parser $this->fh = fopen($this->file, "r"); while ($data = fread($this->fh, 4096)) { + $data = preg_replace("/\<[^\/]+\/[^\>]+\>[^\n]+\n/", "", $data); + try { if (!xml_parse($this->parser, $data, feof($this->fh)) && !xml_get_error_code($this->parser)) { $this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_ERROR); @@ -580,6 +582,8 @@ class basic_xml_parser { $fh = fopen($this->file, "r"); while ($data = fread($fh, 4096)) { + $data = preg_replace("\<[^\/]+\/[^\>]+\>[^\n]+\n", "", $data); + if (!xml_parse($this->parser, $data, feof($fh)) && !xml_get_error_code($this->parser)) { print_r($this->stack); $this->log->script_log(xml_error_string(xml_get_error_code($this->parser)), E_WARNING);