-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resolves #4698 #4699
resolves #4698 #4699
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a big oversight, given that the fast-xml-parser was striping the attributes prefixes, great catch.
I would make use of const for the attributes being searched, there is, use:
const COMPLIANCE_CHEK_NAME = 'compliance-check-name';
const COMPLIANCE_INFO = 'compliance-info';
const COMPLIANCE_SOLUTION = 'compliance-solution';
const COMPLIANCE_RESULT = 'compliance-result';
const COMPLIANCE_ACTUAL_VALUE = 'compliance-actual-value';
Signed-off-by: wdower <will@dower.dev>
Signed-off-by: wdower <will@dower.dev>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we can get an anonymized sample file that would test against this, it would be great. Can you ask your sponsor to see if they would mind if we attempted to anonymize their data? Doesn't need to be a blocker for this pr.
Kudos, SonarCloud Quality Gate passed!
|
The
fast-xml-parser
module was set to strip out the namespace prefix from XML tags (ex thecm
in<cm:compliance-check-name
) using theremoveNSPrefix
option forparseXML
.Problem was that the nessus mapper was looking for XML tags that had not had the namespace stripped out. So
parseXML
was (correctly) returning values likecompliance-check-name
as attributes, but the mapper was looking forcm:compliance-check-name
.