class Rex::Parser::NetSparkerXMLStreamParser
Attributes
on_found_vuln[RW]
Public Class Methods
new(on_found_vuln = nil)
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 9 def initialize(on_found_vuln = nil) self.on_found_vuln = on_found_vuln if on_found_vuln reset_state end
Public Instance Methods
attlist()
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 102 def attlist; end
cdata(data)
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 86 def cdata(data) puts "cdata for #{@state} (#{data.length})" case @state when :in_rawresponse @vuln["response"] = data when :in_rawrequest @vuln["request"] = data when :in_info if not data.to_s.strip.empty? @vuln['info'] << [@attr['name'] || "Information", data] end end end
comment(str)
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 100 def comment(str); end
instruction(name, instruction)
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 101 def instruction(name, instruction); end
reset_state()
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 14 def reset_state @state = :generic_state @vuln = {'info' => []} @attr = {} end
tag_end(name)
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 73 def tag_end(name) case name when "vulnerability" @vuln.keys.each do |k| @vuln[k] = @vuln[k].strip if @vuln[k].kind_of?(::String) end on_found_vuln.call(@vuln) if on_found_vuln reset_state end end
tag_start(name, attributes)
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 20 def tag_start(name, attributes) @state = "in_#{name.downcase}".intern @attr = attributes case name when "vulnerability" @vuln = { 'info' => [] } @vuln['confirmed'] = attributes['confirmed'] end end
text(str)
click to toggle source
# File lib/rex/parser/netsparker_xml.rb, line 31 def text(str) case @state when :in_url @vuln['url'] ||= "" @vuln['url'] += str when :in_type @vuln['type'] ||= "" @vuln['type'] += str when :in_severity @vuln['severity'] ||= "" @vuln['severity'] += str when :in_vulnerableparametertype @vuln["vparam_type"] ||= "" @vuln["vparam_type"] += str when :in_vulnerableparameter @vuln["vparam_name"] ||= "" @vuln["vparam_name"] += str when :in_vulnerableparametervalue @vuln["vparam_value"] ||= "" @vuln["vparam_value"] += str when :in_rawrequest @vuln["request"] ||= "" @vuln["request"] += str when :in_rawresponse @vuln["response"] ||= "" @vuln["response"] += str when :in_info # <info name="Identified Internal Path(s)">C:\AppServ\www\test-apps\dokeos\main\inc\banner.inc.php</info> if not str.to_s.strip.empty? @vuln['info'] << [@attr['name'] || "Information", str] end when :in_netsparker when :in_target when :in_scantime when :generic_state when :in_vulnerability when :in_extrainformation else # $stderr.puts "unknown state: #{@state}" end end
xmldecl(version, encoding, standalone)
click to toggle source
We don't need these methods, but they're necessary to keep REXML happy
# File lib/rex/parser/netsparker_xml.rb, line 85 def xmldecl(version, encoding, standalone); end