CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/rex/parser/ip360_aspl_xml.rb
Views: 1904
1
# -*- coding: binary -*-

2
require 'rexml/document'

3


4
module Rex

5
module Parser

6


7


8
class IP360ASPLXMLStreamParser

9


10
  @vulnid = nil

11
  @appid = nil

12
  @location = nil

13


14
  attr_accessor :on_found_aspl

15


16
  def initialize(&block)

17
    reset_state

18
    on_found_aspl = block if block

19
  end

20


21
  def reset_state

22
    @aspl = {'vulns' => {'name' => { }, 'cve' => { }, 'bid' => { } },

23
      'oses' => {'name' => { } } }

24
    @state = :generic_state

25
  end

26


27
  def tag_start(name, attributes)

28
    case name

29
    when "vulns"

30
      @location = "vulns"

31
    when "vuln"

32
      @vulnid = attributes['id'].strip

33
    when "name"

34
      @state = :is_name

35
    when "advisories"

36
      @c = ""

37
      @cfirst = 1

38
      @b = ""

39
      @bfirst = 1

40
      @x = Hash.new

41
    when "publisher"

42
      @state = :is_pub

43
    when "id"

44
      @state = :is_refid

45
    when "operatingSystems"

46
      @location = "os"

47
    when "operatingSystem"

48
      @osid = attributes['id'].strip

49
    end

50
  end

51


52
  def text(str)

53
    case @state

54
    when :is_name

55
      @aspl['vulns']['name'][@vulnid] = str if @location == "vulns"

56
      @aspl['oses'][@osid] = str if @location == "os"

57
    when :is_pub

58
      @x['pub'] = str

59
    when :is_refid

60
      @x['refid'] = str

61
    end

62
  end

63


64
  def tag_end(name)

65
    case name

66
    when "ontology"

67
      on_found_aspl.call(@aspl) if on_found_aspl

68
      reset_state

69
    when "advisory"

70
      if (@x['pub'] =~ /CVE/)

71
        if (@cfirst == 0)

72
          @c += ","

73
        end

74
        @c += @x['refid']

75
        @cfirst = 0

76
      elsif (@x['pub'] =~ /BugTraq/)

77
        if (@bfirst == 0)

78
          @b += ","

79
        end

80
        @b += @x['refid']

81
        @bfirst = 0

82
      end

83
    when "advisories"

84
      @aspl['vulns']['cve'][@vulnid] = @c

85
      @aspl['vulns']['bid'][@vulnid] = @b

86
      @c = ""

87
      @b = ""

88
    end

89
    @state = :generic_state

90
  end

91


92
  # We don't need these methods, but they're necessary to keep REXML happy

93
  #

94
  def xmldecl(version, encoding, standalone); end

95
  def cdata; end

96
  def comment(str); end

97
  def instruction(name, instruction); end

98
  def attlist; end

99
end

100


101
end

102
end

103


104