Skip to content
Browse files

[!] Bug fix: XML and MagicTree XML logging

[!] XML logging and MagicTree XML logging are now properly encoded

[~] XML logging is now consistent:

	[~] plugin names and plugin result data types have their own nodes
	[~] plugin result data values are comma seperated

[~] whatweb.xsl updated to reflect the changes to the XML logging format
  • Loading branch information...
1 parent 9d66f5d commit a151fdac1ce63d48b6dc2c310e055d76224884b1 @bcoles committed with urbanadventurer Jun 5, 2011
Showing with 37 additions and 22 deletions.
  1. +33 −18 lib/output.rb
  2. +4 −4 whatweb.xsl
View
51 lib/output.rb
@@ -250,8 +250,10 @@ def out(target, status, results)
end
# XML Output #
-# Hey, do u actually use this XML output? Then I'd love to hear from you for suggestions, changes, etc.
-# Does it bother you that some types of output are joined by commas but other types aren't?
+# Does anyone use XML output?
+# We'd love to hear any suggestions you may have!
+# Does it bother you that some types of output are joined by commas
+# but other types aren't?
class OutputXML < Output
def initialize(f=STDOUT)
super
@@ -269,6 +271,16 @@ def escape(t)
text=t.to_s.dup
# use sort_by so that & is before &quot;, etc.
@substitutions.sort_by {|a,b| a=="&" ? 0 : 1 }.map{|from,to| text.gsub!(from,to) }
+
+ # Encode all special characters
+ # More info: http://www.asciitable.com/
+ r=/[^\x20-\x5A\x5E-\x7E]/
+
+ # based on code for CGI.escape
+ text.gsub!(r) do |x|
+ '%' + x.unpack('H2' * x.size).join('%').upcase
+ end
+
text
end
@@ -277,11 +289,11 @@ def out(target, status, results)
@f.puts "<target>"
@f.puts "\t<uri>#{escape(target)}</uri>"
@f.puts "\t<http-status>#{escape(status)}</http-status>"
-
+
results.each do |plugin_name,plugin_results|
@f.puts "\t<plugin>"
@f.puts "\t\t<name>#{escape(plugin_name)}</name>"
-
+
unless plugin_results.empty?
# important info in brief mode is version, type and ?
# what's the highest probability for the match?
@@ -301,28 +313,21 @@ def out(target, status, results)
filepath = plugin_results.map {|x|
x[:filepath] unless x[:filepath].class==Regexp}.flatten.compact.sort.uniq.join(",")
- accounts = plugin_results.map {|x|
- x[:account] unless x[:account].class==Regexp }.flatten.compact.sort.uniq.to_a
+ account = plugin_results.map {|x|
+ x[:account] unless x[:account].class==Regexp}.flatten.compact.sort.uniq.join(",")
modules = plugin_results.map {|x|
- x[:module] unless x[:module].class==Regexp}.flatten.compact.sort.uniq.to_a
-
+ x[:module] unless x[:module].class==Regexp}.flatten.compact.sort.uniq.join(",")
+ # Output results
@f.puts "\t\t<certainty>#{escape(certainty)}</certainty>" if certainty and certainty < 100
version.map {|x| @f.puts "\t\t<version>#{escape(x)}</version>" }
os.map {|x| @f.puts "\t\t<os>#{escape(x)}</os>" }
- string.map {|x| @f.puts "\t\t<string>#{escape(x)}</string>" }
+ string.map {|x| @f.puts "\t\t<string>#{escape(x)}</string>" }
model.map {|x| @f.puts "\t\t<model>#{escape(x)}</model>" }
firmware.map {|x| @f.puts "\t\t<firmware>#{escape(x)}</firmware>" }
filepath.map {|x| @f.puts "\t\t<filepath>#{escape(x)}</filepath>" }
-
- if accounts.size > 0
- accounts.map {|x| @f.puts "\t\t<account>#{escape(x)}</account>" }
- @f.puts "\t\t<accounts>\n" + accounts.map {|x| "\t\t\t<accounts>#{escape(x)}</accounts>" }.join("\n") + "\n\t\t</accounts>"
- end
-
- if modules.size > 0
- @f.puts "\t\t<modules>\n" + modules.map {|x| "\t\t\t<module>#{escape(x)}</module>" }.join("\n") + "\n\t\t</modules>"
- end
+ account.map {|x| @f.puts "\t\t<account>#{escape(x)}</account>" }
+ modules.map {|x| @f.puts "\t\t<module>#{escape(x)}</module>" }
end
@f.puts "\t</plugin>"
end
@@ -351,6 +356,16 @@ def escape(t)
text=t.to_s.dup
# use sort_by so that & is before &quot;, etc.
@substitutions.sort_by {|a,b| a=="&" ? 0 : 1 }.map{|from,to| text.gsub!(from,to) }
+
+ # Encode all special characters
+ # More info: http://www.asciitable.com/
+ r=/[^\x20-\x5A\x5E-\x7E]/
+
+ # based on code for CGI.escape
+ text.gsub!(r) do |x|
+ '%' + x.unpack('H2' * x.size).join('%').upcase
+ end
+
text
end
View
8 whatweb.xsl
@@ -66,8 +66,8 @@ a{color:#000;}a:hover{color:#000;}a:visited{color:#000;}
<xsl:if test="model"><tr bgcolor="#ccffcc"><td>Model: <xsl:value-of select="model"/></td></tr></xsl:if>
<xsl:if test="firmware"><tr bgcolor="#ccffcc"><td>Firmware: <xsl:value-of select="firmware"/></td></tr></xsl:if>
<xsl:if test="filepath"><tr bgcolor="#ccffcc"><td>Filepath: <xsl:value-of select="filepath"/></td></tr></xsl:if>
- <xsl:for-each select="accounts"><xsl:if test="account"><tr bgcolor="#ccffcc"><td>Account: <xsl:value-of select="account"/></td></tr></xsl:if></xsl:for-each>
- <xsl:for-each select="modules"><xsl:if test="module"><tr bgcolor="#ccffcc"><td>Module: <xsl:value-of select="module"/></td></tr></xsl:if></xsl:for-each>
+ <xsl:if test="account"><tr bgcolor="#ccffcc"><td>Account: <xsl:value-of select="account"/></td></tr></xsl:if>
+ <xsl:if test="module"><tr bgcolor="#ccffcc"><td>Module: <xsl:value-of select="module"/></td></tr></xsl:if>
</td></tr>
</xsl:when>
<xsl:otherwise>
@@ -79,8 +79,8 @@ a{color:#000;}a:hover{color:#000;}a:visited{color:#000;}
<xsl:if test="model"><tr bgcolor="#bbddbb"><td>Model: <xsl:value-of select="model"/></td></tr></xsl:if>
<xsl:if test="firmware"><tr bgcolor="#bbddbb"><td>Firmware: <xsl:value-of select="firmware"/></td></tr></xsl:if>
<xsl:if test="filepath"><tr bgcolor="#bbddbb"><td>Filepath: <xsl:value-of select="filepath"/></td></tr></xsl:if>
- <xsl:for-each select="accounts"><xsl:if test="account"><tr bgcolor="#bbddbb"><td>Account: <xsl:value-of select="account"/></td></tr></xsl:if></xsl:for-each>
- <xsl:for-each select="modules"><xsl:if test="module"><tr bgcolor="#bbddbb"><td>Module: <xsl:value-of select="module"/></td></tr></xsl:if></xsl:for-each>
+ <xsl:if test="account"><tr bgcolor="#bbddbb"><td>Account: <xsl:value-of select="account"/></td></tr></xsl:if>
+ <xsl:if test="module"><tr bgcolor="#bbddbb"><td>Module: <xsl:value-of select="module"/></td></tr></xsl:if>
</td></tr>
</xsl:otherwise>
</xsl:choose>

0 comments on commit a151fda

Please sign in to comment.
Something went wrong with that request. Please try again.