Class: Rex::Parser::NexposeXMLStreamParser

Inherits:

Object

• Object
• Rex::Parser::NexposeXMLStreamParser

Defined in:

lib/rex/parser/nexpose_xml.rb

Overview

XXX doesn’t tie services to vulns

Instance Attribute Summary

• #callback ⇒ Object

  Returns the value of attribute callback.

Instance Method Summary

• #attlist ⇒ Object

  :nodoc:.

• #cdata ⇒ Object

  :nodoc:.

• #comment(str) ⇒ Object

  :nodoc:.

• #initialize(callback = nil) ⇒ NexposeXMLStreamParser constructor

  A new instance of NexposeXMLStreamParser.

• #instruction(name, instruction) ⇒ Object

  :nodoc:.

• #parse_vulnerable_states_only(only_vuln_states_needed) ⇒ Object

  If all vuln states are required set this to false.

• #reset_state ⇒ Object
• #tag_end(name) ⇒ Object
• #tag_start(name, attributes) ⇒ Object
• #text(str) ⇒ Object
• #xmldecl(version, encoding, standalone) ⇒ Object

  We don’t need these methods, but they’re necessary to keep REXML happy.

Constructor Details

#initialize(callback = nil) ⇒ NexposeXMLStreamParser

Returns a new instance of NexposeXMLStreamParser.

# File 'lib/rex/parser/nexpose_xml.rb', line 10

def initialize(callback = nil)
  reset_state
  self.callback = callback if callback
end

Instance Attribute Details

#callback ⇒ Object

Returns the value of attribute callback.

# File 'lib/rex/parser/nexpose_xml.rb', line 8

def callback
  @callback
end

Instance Method Details

#attlist ⇒ Object

:nodoc:

# File 'lib/rex/parser/nexpose_xml.rb', line 129

def attlist # :nodoc:
end

#cdata ⇒ Object

:nodoc:

# File 'lib/rex/parser/nexpose_xml.rb', line 123

def cdata # :nodoc:
end

#comment(str) ⇒ Object

:nodoc:

# File 'lib/rex/parser/nexpose_xml.rb', line 125

def comment(str) # :nodoc:
end

#instruction(name, instruction) ⇒ Object

:nodoc:

# File 'lib/rex/parser/nexpose_xml.rb', line 127

def instruction(name, instruction) # :nodoc:
end

#parse_vulnerable_states_only(only_vuln_states_needed) ⇒ Object

If all vuln states are required set this to false

# File 'lib/rex/parser/nexpose_xml.rb', line 25

def parse_vulnerable_states_only only_vuln_states_needed
  @only_vuln_states_needed = only_vuln_states_needed
end

#reset_state ⇒ Object

# File 'lib/rex/parser/nexpose_xml.rb', line 15

def reset_state
  @state = :generic_state
  @only_vuln_states_needed = true
  @current_vuln_id = nil
  @vulnerable_markers = ['vulnerable-exploited', 'vulnerable-version', 'potential']
  @host = {"status" => nil, "endpoints" => [], "names" => [], "vulns" => {}}
  @vuln = {"refs" => [], "description" => [], "solution" => []}
end

#tag_end(name) ⇒ Object

# File 'lib/rex/parser/nexpose_xml.rb', line 107

def tag_end(name)
  case name
  when "node"
    callback.call(:host, @host) if callback
    reset_state
  when "vulnerability"
    callback.call(:vuln, @vuln) if callback
    reset_state
  when "service","reference","names"
    @state = :generic_state
  end
end

#tag_start(name, attributes) ⇒ Object

# File 'lib/rex/parser/nexpose_xml.rb', line 29

def tag_start(name, attributes)
  case name
  when "node"
    @host["hardware-address"] = attributes["hardware-address"]
    @host["addr"] = attributes["address"]
    @host["status"] = attributes["status"]
  when "os"
    # Take only the highest certainty
    if not @host["os_certainty"] or (@host["os_certainty"].to_f < attributes["certainty"].to_f)
      @host["os_vendor"]    = attributes["vendor"]
      @host["os_family"]    = attributes["family"]
      @host["os_product"]   = attributes["product"]
      @host["os_version"]   = attributes["version"]
      @host["arch"]         = attributes["arch"]
      @host["os_certainty"] = attributes["certainty"]
    end
  when "name"
    #@host["names"].push attributes["name"]
    @state = :in_name
  when "endpoint"
    # This is a port in NeXpose parlance
    @host["endpoints"].push(attributes)
  when "service"
    @state = :in_service
    # Store any service info with the associated port.  There shouldn't
    # be any collisions on attribute names here, so just merge them.
    @host["endpoints"].last.merge!(attributes)
  when "fingerprint"
    if @state == :in_service
      @host["endpoints"].last.merge!(attributes)
    end
    when "test"
      if (not @only_vuln_states_needed) or (@vulnerable_markers.include? attributes["status"].to_s.chomp and @only_vuln_states_needed)
        @state = :in_test
        @current_vuln_id = attributes["id"]
        @host["vulns"][@current_vuln_id] = attributes.dup
        # Append the endpoint info for how the vuln was discovered
        unless @host["endpoints"].empty?
          @host["vulns"][@current_vuln_id].merge!("endpoint_data" => @host["endpoints"].last)
        end
        if attributes["key"]
          @host["notes"] ||= []
          @host["notes"] << [@current_vuln_id, attributes["key"]]
        end
      end
    when "vulnerability"
      @vuln.merge! attributes
    when "reference"
      @state = :in_reference
      @vuln["refs"].push attributes
    when "solution"
      @state = :in_solution
    when "description"
      @state = :in_description
    when "URLLink"
      @vuln["solution"] << attributes
  end
end

#text(str) ⇒ Object

# File 'lib/rex/parser/nexpose_xml.rb', line 88

def text(str)
  case @state
  when :in_name
    @host["names"].push str
  when :in_reference
    @vuln["refs"].last["value"] = str
  when :in_solution
    @vuln["solution"] << str
  when :in_description
    @vuln["description"] << str
  when :in_test
    if @host["vulns"][@current_vuln_id]
       proof = @host["vulns"][@current_vuln_id]["proof"] || []
       proof << str
       @host["vulns"][@current_vuln_id]["proof"] = proof
    end
  end
end

#xmldecl(version, encoding, standalone) ⇒ Object

We don’t need these methods, but they’re necessary to keep REXML happy

# File 'lib/rex/parser/nexpose_xml.rb', line 121

def xmldecl(version, encoding, standalone) # :nodoc:
end