lib/nexpose/vulnerability.rb in dradis-nexpose-3.8.0 vs lib/nexpose/vulnerability.rb in dradis-nexpose-3.9.0
- old
+ new
@@ -69,35 +69,23 @@
method_name = translations_table.fetch(method, method.to_s)
return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
# Then we try simple children tags: description, solution
tag = @xml.xpath("./#{method_name}/ContainerBlockElement").first
- if tag
- lines = []
+ # Then we try the tags with nested content
+ nest = @xml.xpath("./#{method_name}").first
- # Go through Paragraphs and extract them.
- # FIXME: we're using .//. to get paragraphs nested in Nexpose lists,
- # ideally we'd convert this lists into Textile bullet point lists.
- tag.xpath(".//Paragraph").each do |xml_paragraph|
- lines << xml_paragraph.text.split("\n").collect(&:strip).join(' ').strip
- end
-
- return lines.join("\n\n")
+ # We need to clean up tags that have HTML content in them
+ if tags_with_html_content.include?(method)
+ return cleanup_html(tag)
+ # And we need to clean up the tags with nested content in them
+ elsif tags_with_nested_content.include?(method)
+ return cleanup_nested(nest)
+ else
+ return tag
end
- # Finally the enumerations: references, tags
- if method_name == 'references'
- references =
- @xml.xpath("./references/reference").map do |entry|
- {:source => entry['source'], :text => entry.text}
- end
-
- return references
- elsif method == 'tags'
- return @xml.xpath("./tags/tag").collect(&:text)
- end
-
# Handle evidence creation
if method_name == 'details'
vuln_id = @xml.attributes['id'].value
return @xml.xpath("//test[@id='#{vuln_id}']/Paragraph").
@@ -106,7 +94,47 @@
reject{|line| line.empty?}.join("\n")
end
nil
end
+
+ private
+
+ def cleanup_nested(source)
+ result = source.to_s
+ result.gsub!(/<references>/, '')
+ result.gsub!(/<\/references>/, '')
+ result.gsub!(/<reference source=\"(.*?)\">(.*?)<\/reference>/i) {"#{$1.strip}: #{$2.strip}\n"}
+ result.gsub!(/<tags>/, '')
+ result.gsub!(/<\/tags>/, '')
+ result.gsub!(/<tag>(.*?)<\/tag>/) {"#{$1}\n"}
+ result.gsub!(/ /, '')
+ result
+ end
+
+ def cleanup_html(source)
+ result = source.to_s
+ result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m){|m| "#{ $1 }"}
+ result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/m){|m| "\nbc. #{ $1 }\n\n"}
+ result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
+ result.gsub!(/<Paragraph>/, '')
+ result.gsub!(/<\/Paragraph>/, '')
+ result.gsub!(/<UnorderedList>(.*?)<\/UnorderedList>/m){|m| "#{ $1 }"}
+ result.gsub!(/<ListItem>(.*?)<\/ListItem>/m){|m| "#{ $1 }\n"}
+ result.gsub!(/ /, '')
+ result.gsub!(/<URLLink LinkTitle=\"(.*?)\" LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$2.strip} " }
+ result.gsub!(/<URLLink LinkURL=\"(.*?)\" LinkTitle=\"(.*?)\"\/>/i) { "\"#{$2.strip}\":#{$1.strip} " }
+ result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/m) {|m| "\"#{$4.strip}\":#{$2.strip} " }
+
+ result
+ end
+
+ def tags_with_html_content
+ [:description, :solution]
+ end
+
+ def tags_with_nested_content
+ [:references, :tags]
+ end
+
end
end