Fix #4227 by improving parsing of nested elements

2015-08-31 11:47:43 -05:00 · 2015-08-31 11:47:43 -05:00 · 80f21b50c9
parent 0c7d2af6bc
commit 80f21b50c9
1 changed files with 45 additions and 49 deletions
--- a/lib/rex/parser/openvas_nokogiri.rb
+++ b/lib/rex/parser/openvas_nokogiri.rb
@ -15,6 +15,12 @@ module Parser
    attrs = normalize_attrs(attrs)
    block = @block
    @state[:current_tag][name] = true
+
+    unless @text.nil?
+      @state[:text_backup] = @text
+      @text = nil
+    end
+
    case name
    when "host"
      @state[:has_text] = true
@ -29,93 +35,85 @@ module Parser
      return if not in_tag("result")
      @state[:has_text] = true
      @state[:vuln_name] = @text.strip if @text
-      @text = nil
    when "description"
      @state[:has_text] = true
      @state[:vuln_desc] = @text.strip if @text
-      @text = nil
    when "bid"
-      return if not in_tag("result")
-      return if not in_tag("nvt")
+      return unless in_tag("result")
+      return unless in_tag("nvt")
      @state[:has_text] = true
      @state[:bid] = @text.strip if @text
-      @text = nil
    when "cve"
-      return if not in_tag("result")
-      return if not in_tag("nvt")
+      return unless in_tag("result")
+      return unless in_tag("nvt")
      @state[:has_text] = true
      @state[:cves] = @text.strip if @text
-      @text = nil
    when "risk_factor"
-      return if not in_tag("result")
-      return if not in_tag("nvt")
-
+      return unless in_tag("result")
+      return unless in_tag("nvt")
      #we do this to clean out the buffer so to speak
      #if we don't set text to nil now, the text will show up later
      @state[:has_text] = true
-      @text = nil
    when "cvss_base"
-      return if not in_tag("result")
-      return if not in_tag("nvt")
+      return unless in_tag("result")
+      return unless in_tag("nvt")
      @state[:has_text] = true
-      @text = nil
    when "subnet"
      @state[:has_text] = true
-      @text = nil
    when "result"
-      return if not in_tag("results")
-      record_vuln
+      record_vuln if in_tag("results")
    when "threat"
-      return if not in_tag("ports")
-      return if not in_tag("port")
-      @state[:has_text] = true
-
-      if not @text.index('(')
-        @state[:name] = nil
-        @state[:port] = nil
-        @state[:proto] = nil
-        @text = nil
-        return
-      end
-
-      @state[:name] = @text.split(' ')[0] if @text
-      @state[:port] = @text.split('(')[1].split('/')[0] if @text
-      @state[:proto] = @text.split('(')[1].split('/')[1].split(')')[0] if @text
-
-      @text = nil
+      @state[:has_text] = true if in_tag("ports") && in_tag("port")
    when "host"
      if in_tag('result')
        @state[:has_text] = true
        @state[:host] = @text.strip if @text
-        @text = nil
-      elsif in_tag('ports')
-        return if not in_tag('port')
+      elsif in_tag('ports') && in_tag('port')
        @state[:has_text] = true
        @state[:host] = @text.strip if @text
-        @text = nil
      end
    when "port"
      if in_tag('result')
        @state[:has_text] = true
-        if not @text.index('(')
+        if @text && @text.index('(')
+          @state[:proto] = @text.split('(')[1].split('/')[1].gsub(/\)/, '')
+          @state[:port] = @text.split('(')[1].split('/')[0].gsub(/\)/, '')
+        elsif @text && @text.index('/')
+          @state[:proto] = @text.split('/')[1].strip
+          @state[:port] = @text.split('/')[0].strip
+        else
+          @state[:proto] = nil
+          @state[:port] = nil
+        end
+
+        if @state[:port] && @state[:port] == 'general'
          @state[:proto] = nil
          @state[:port] = nil
-          @text = nil
-          return
        end
-        @state[:proto] = @text.split('(')[0].strip if @text
-        @state[:port] = @text.split('(')[1].split('/')[0].gsub(/\)/, '') if @text
-        @text = nil
      elsif in_tag('ports')
-        record_service
+        if @text && @text.index('(')
+          @state[:name] = @text.split(' ')[0]
+          @state[:port] = @text.split('(')[1].split('/')[0]
+          @state[:proto] = @text.split('(')[1].split('/')[1].split(')')[0]
+          record_service unless @state[:name].nil?
+        elsif @text && @text.index('/')
+          @state[:port] = @text.split('/')[0]
+          @state[:proto] = @text.split('/')[1]
+          record_service unless @state[:port] == 'general'
+        end
      end
    when "name"
      return if not in_tag("result")
      @state[:has_text] = true
-      @text = nil
+    end
+
+    if @state[:text_backup]
+      @text = @state[:text_backup]
+      @state[:text_backup] = nil
    else
      @text = nil
    end
+
    @state[:current_tag].delete name
  end

@ -153,8 +151,6 @@ module Parser
  end

  def record_service
-    return if not @state[:name]
-
    service_info = {}
    service_info[:host] = @state[:host]
    service_info[:name] = @state[:name]