Class: Rex::Parser::NetSparkerXMLStreamParser

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/parser/netsparker_xml.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(on_found_vuln = nil) ⇒ NetSparkerXMLStreamParser


10
11
12
13
# File 'lib/rex/parser/netsparker_xml.rb', line 10

def initialize(on_found_vuln = nil)
  self.on_found_vuln = on_found_vuln if on_found_vuln
  reset_state
end

Instance Attribute Details

#on_found_vulnObject

Returns the value of attribute on_found_vuln


8
9
10
# File 'lib/rex/parser/netsparker_xml.rb', line 8

def on_found_vuln
  @on_found_vuln
end

Instance Method Details

#attlistObject


103
# File 'lib/rex/parser/netsparker_xml.rb', line 103

def attlist; end

#cdata(data) ⇒ Object


87
88
89
90
91
92
93
94
95
96
97
98
99
# File 'lib/rex/parser/netsparker_xml.rb', line 87

def cdata(data)
  puts "cdata for #{@state} (#{data.length})"
  case @state
  when :in_rawresponse
    @vuln["response"] = data
  when :in_rawrequest
    @vuln["request"] = data
  when :in_info
    if not data.to_s.strip.empty?
      @vuln['info'] << [@attr['name'] || "Information", data]
    end
  end
end

#comment(str) ⇒ Object


101
# File 'lib/rex/parser/netsparker_xml.rb', line 101

def comment(str); end

#instruction(name, instruction) ⇒ Object


102
# File 'lib/rex/parser/netsparker_xml.rb', line 102

def instruction(name, instruction); end

#reset_stateObject


15
16
17
18
19
# File 'lib/rex/parser/netsparker_xml.rb', line 15

def reset_state
  @state = :generic_state
  @vuln  = {'info' => []}
  @attr  = {}
end

#tag_end(name) ⇒ Object


74
75
76
77
78
79
80
81
82
83
# File 'lib/rex/parser/netsparker_xml.rb', line 74

def tag_end(name)
  case name
  when "vulnerability"
    @vuln.keys.each do |k|
      @vuln[k] = @vuln[k].strip if @vuln[k].kind_of?(::String)
    end
    on_found_vuln.call(@vuln) if on_found_vuln
    reset_state
  end
end

#tag_start(name, attributes) ⇒ Object


21
22
23
24
25
26
27
28
29
30
# File 'lib/rex/parser/netsparker_xml.rb', line 21

def tag_start(name, attributes)
  @state = "in_#{name.downcase}".intern
  @attr  = attributes

  case name
  when "vulnerability"
    @vuln = { 'info' => [] }
    @vuln['confirmed'] = attributes['confirmed']
  end
end

#text(str) ⇒ Object


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'lib/rex/parser/netsparker_xml.rb', line 32

def text(str)
  case @state
  when :in_url
    @vuln['url'] ||= ""
    @vuln['url']  += str
  when :in_type
    @vuln['type'] ||= ""
    @vuln['type']  += str
  when :in_severity
    @vuln['severity'] ||= ""
    @vuln['severity']  += str
  when :in_vulnerableparametertype
    @vuln["vparam_type"] ||= ""
    @vuln["vparam_type"]  += str
  when :in_vulnerableparameter
    @vuln["vparam_name"] ||= ""
    @vuln["vparam_name"]  += str
  when :in_vulnerableparametervalue
    @vuln["vparam_value"] ||= ""
    @vuln["vparam_value"]  += str
  when :in_rawrequest
    @vuln["request"] ||= ""
    @vuln["request"]  += str
  when :in_rawresponse
    @vuln["response"] ||= ""
    @vuln["response"]  += str
  when :in_info
    # <info name="Identified Internal Path(s)">C:\AppServ\www\test-apps\dokeos\main\inc\banner.inc.php</info>
    if not str.to_s.strip.empty?
      @vuln['info'] << [@attr['name'] || "Information", str]
    end
  when :in_netsparker
  when :in_target
  when :in_scantime
  when :generic_state
  when :in_vulnerability
  when :in_extrainformation
  else
    # $stderr.puts "unknown state: #{@state}"
  end
end

#xmldecl(version, encoding, standalone) ⇒ Object

We don't need these methods, but they're necessary to keep REXML happy


86
# File 'lib/rex/parser/netsparker_xml.rb', line 86

def xmldecl(version, encoding, standalone); end