Do not parse element if empty

MS-255
bug/bundler_fix
dmohanty-r7 2016-04-26 11:05:27 -05:00
parent 050061762b
commit 56fd5a745e
2 changed files with 30 additions and 36 deletions

View File

@ -228,13 +228,11 @@ module Msf::DBManager::Import::MetasploitFramework::XML
# them. # them.
# TODO: loot, tasks, and reports # TODO: loot, tasks, and reports
def import_msf_xml(args={}, &block) def import_msf_xml(args={}, &block)
data = args[:data] data = args[:data]
wspace = args[:wspace] || workspace wspace = args[:wspace] || workspace
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : [] bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
doc = Nokogiri::XML::Reader.from_memory(data) doc = Nokogiri::XML::Reader.from_memory(data)
metadata = check_msf_xml_version!(doc.first.name) metadata = check_msf_xml_version!(doc.first.name)
allow_yaml = metadata[:allow_yaml] allow_yaml = metadata[:allow_yaml]
btag = metadata[:root_tag] btag = metadata[:root_tag]
@ -627,7 +625,6 @@ module Msf::DBManager::Import::MetasploitFramework::XML
info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false
specialized_info = specialization.call(element, options) specialized_info = specialization.call(element, options)
info.merge!(specialized_info) info.merge!(specialized_info)
self.send("report_web_#{type}", info) self.send("report_web_#{type}", info)

View File

@ -11,27 +11,26 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
btag = nil btag = nil
doc = Nokogiri::XML::Reader.from_memory(data) doc = Nokogiri::XML::Reader.from_memory(data)
case doc.first.name case doc.first.name
when "MetasploitExpressV1" when "MetasploitExpressV1"
m_ver = 1 m_ver = 1
allow_yaml = true allow_yaml = true
btag = "MetasploitExpressV1" btag = "MetasploitExpressV1"
when "MetasploitExpressV2" when "MetasploitExpressV2"
m_ver = 2 m_ver = 2
allow_yaml = true allow_yaml = true
btag = "MetasploitExpressV2" btag = "MetasploitExpressV2"
when "MetasploitExpressV3" when "MetasploitExpressV3"
m_ver = 3 m_ver = 3
btag = "MetasploitExpressV3" btag = "MetasploitExpressV3"
when "MetasploitExpressV4" when "MetasploitExpressV4"
m_ver = 4 m_ver = 4
btag = "MetasploitExpressV4" btag = "MetasploitExpressV4"
when "MetasploitV4" when "MetasploitV4"
m_ver = 4 m_ver = 4
btag = "MetasploitV4" btag = "MetasploitV4"
else else
m_ver = nil m_ver = nil
end end
unless m_ver and btag unless m_ver and btag
raise Msf::DBImportError.new("Unsupported Metasploit XML document format") raise Msf::DBImportError.new("Unsupported Metasploit XML document format")
@ -40,23 +39,22 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
host_info = {} host_info = {}
doc.each do |node| doc.each do |node|
case node.name if ['host', 'loot', 'task', 'report'].include?(node.name)
when 'host', 'loot', 'task', 'report' unless node.inner_xml.empty?
send("parse_zip_#{node.name}", Nokogiri::XML(node.outer_xml).at("./#{node.name}"), wspace, bl, allow_yaml, btag, args, basedir, host_info, &block) send("parse_zip_#{node.name}", Nokogiri::XML(node.outer_xml).at("./#{node.name}"), wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
end
end end
end end
end end
# Parses host Nokogiri::XML::Element # Parses host Nokogiri::XML::Element
def parse_zip_host(host, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block) def parse_zip_host(host, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
if host.at("id") host_info[host.at("id").text.to_s.strip] = nils_for_nulls(host.at("address").text.to_s.strip)
host_info[host.at("id").text.to_s.strip] = nils_for_nulls(host.at("address").text.to_s.strip)
end
end end
# Parses loot Nokogiri::XML::Element # Parses loot Nokogiri::XML::Element
def parse_zip_loot(loot, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block) def parse_zip_loot(loot, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
return 0 if loot.at("host-id").nil? || bl.include?(host_info[loot.at("host-id").text.to_s.strip]) return 0 if bl.include? host_info[loot.at("host-id").text.to_s.strip]
loot_info = {} loot_info = {}
loot_info[:host] = host_info[loot.at("host-id").text.to_s.strip] loot_info[:host] = host_info[loot.at("host-id").text.to_s.strip]
loot_info[:workspace] = args[:wspace] loot_info[:workspace] = args[:wspace]
@ -79,10 +77,10 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
# Only report loot if we actually have it. # Only report loot if we actually have it.
# TODO: Copypasta. Separate this out. # TODO: Copypasta. Separate this out.
if ::File.exists? loot_info[:orig_path] if ::File.exist? loot_info[:orig_path]
loot_dir = ::File.join(basedir,"loot") loot_dir = ::File.join(basedir,"loot")
loot_file = ::File.split(loot_info[:orig_path]).last loot_file = ::File.split(loot_info[:orig_path]).last
if ::File.exists? loot_dir if ::File.exist? loot_dir
unless (::File.directory?(loot_dir) && ::File.writable?(loot_dir)) unless (::File.directory?(loot_dir) && ::File.writable?(loot_dir))
raise Msf::DBImportError.new("Could not move files to #{loot_dir}") raise Msf::DBImportError.new("Could not move files to #{loot_dir}")
end end
@ -91,7 +89,7 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
end end
new_loot = ::File.join(loot_dir,loot_file) new_loot = ::File.join(loot_dir,loot_file)
loot_info[:path] = new_loot loot_info[:path] = new_loot
if ::File.exists?(new_loot) if ::File.exist?(new_loot)
::File.unlink new_loot # Delete it, and don't report it. ::File.unlink new_loot # Delete it, and don't report it.
else else
report_loot(loot_info) # It's new, so report it. report_loot(loot_info) # It's new, so report it.
@ -105,7 +103,6 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
def parse_zip_task(task, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block) def parse_zip_task(task, wspace, bl, allow_yaml, btag, args, basedir, host_info, &block)
task_info = {} task_info = {}
task_info[:workspace] = args[:wspace] task_info[:workspace] = args[:wspace]
return 0 unless task.at("path")
# Should user be imported (original) or declared (the importing user)? # Should user be imported (original) or declared (the importing user)?
task_info[:user] = nils_for_nulls(task.at("created-by").text.to_s.strip) task_info[:user] = nils_for_nulls(task.at("created-by").text.to_s.strip)
task_info[:desc] = nils_for_nulls(task.at("description").text.to_s.strip) task_info[:desc] = nils_for_nulls(task.at("description").text.to_s.strip)
@ -130,10 +127,10 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
# Only report a task if we actually have it. # Only report a task if we actually have it.
# TODO: Copypasta. Separate this out. # TODO: Copypasta. Separate this out.
if ::File.exists? task_info[:orig_path] if ::File.exist? task_info[:orig_path]
tasks_dir = ::File.join(basedir,"tasks") tasks_dir = ::File.join(basedir,"tasks")
task_file = ::File.split(task_info[:orig_path]).last task_file = ::File.split(task_info[:orig_path]).last
if ::File.exists? tasks_dir if ::File.exist? tasks_dir
unless (::File.directory?(tasks_dir) && ::File.writable?(tasks_dir)) unless (::File.directory?(tasks_dir) && ::File.writable?(tasks_dir))
raise Msf::DBImportError.new("Could not move files to #{tasks_dir}") raise Msf::DBImportError.new("Could not move files to #{tasks_dir}")
end end
@ -142,7 +139,7 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
end end
new_task = ::File.join(tasks_dir,task_file) new_task = ::File.join(tasks_dir,task_file)
task_info[:path] = new_task task_info[:path] = new_task
if ::File.exists?(new_task) if ::File.exist?(new_task)
::File.unlink new_task # Delete it, and don't report it. ::File.unlink new_task # Delete it, and don't report it.
else else
report_task(task_info) # It's new, so report it. report_task(task_info) # It's new, so report it.