class Rex::Parser::NetSparkerXMLStreamParser

Attributes

on_found_vuln[RW]

Public Class Methods

new(on_found_vuln = nil) click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 9
def initialize(on_found_vuln = nil)
  self.on_found_vuln = on_found_vuln if on_found_vuln
  reset_state
end

Public Instance Methods

attlist() click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 102
def attlist; end
cdata(data) click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 86
def cdata(data)
  puts "cdata for #{@state} (#{data.length})"
  case @state
  when :in_rawresponse
    @vuln["response"] = data
  when :in_rawrequest
    @vuln["request"] = data
  when :in_info
    if not data.to_s.strip.empty?
      @vuln['info'] << [@attr['name'] || "Information", data]
    end
  end
end
comment(str) click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 100
def comment(str); end
instruction(name, instruction) click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 101
def instruction(name, instruction); end
reset_state() click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 14
def reset_state
  @state = :generic_state
  @vuln  = {'info' => []}
  @attr  = {}
end
tag_end(name) click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 73
def tag_end(name)
  case name
  when "vulnerability"
    @vuln.keys.each do |k|
      @vuln[k] = @vuln[k].strip if @vuln[k].kind_of?(::String)
    end
    on_found_vuln.call(@vuln) if on_found_vuln
    reset_state
  end
end
tag_start(name, attributes) click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 20
def tag_start(name, attributes)
  @state = "in_#{name.downcase}".intern
  @attr  = attributes

  case name
  when "vulnerability"
    @vuln = { 'info' => [] }
    @vuln['confirmed'] = attributes['confirmed']
  end
end
text(str) click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 31
def text(str)
  case @state
  when :in_url
    @vuln['url'] ||= ""
    @vuln['url']  += str
  when :in_type
    @vuln['type'] ||= ""
    @vuln['type']  += str
  when :in_severity
    @vuln['severity'] ||= ""
    @vuln['severity']  += str
  when :in_vulnerableparametertype
    @vuln["vparam_type"] ||= ""
    @vuln["vparam_type"]  += str
  when :in_vulnerableparameter
    @vuln["vparam_name"] ||= ""
    @vuln["vparam_name"]  += str
  when :in_vulnerableparametervalue
    @vuln["vparam_value"] ||= ""
    @vuln["vparam_value"]  += str
  when :in_rawrequest
    @vuln["request"] ||= ""
    @vuln["request"]  += str
  when :in_rawresponse
    @vuln["response"] ||= ""
    @vuln["response"]  += str
  when :in_info
    # <info name="Identified Internal Path(s)">C:\AppServ\www\test-apps\dokeos\main\inc\banner.inc.php</info>
    if not str.to_s.strip.empty?
      @vuln['info'] << [@attr['name'] || "Information", str]
    end
  when :in_netsparker
  when :in_target
  when :in_scantime
  when :generic_state
  when :in_vulnerability
  when :in_extrainformation
  else
    # $stderr.puts "unknown state: #{@state}"
  end
end
xmldecl(version, encoding, standalone) click to toggle source

We don't need these methods, but they're necessary to keep REXML happy

# File lib/rex/parser/netsparker_xml.rb, line 85
def xmldecl(version, encoding, standalone); end