PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001718PacketFencescanningpublic2013-09-25 04:222013-09-25 08:30
ReportererSitzt 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version4.0.6-2 
Target VersionFixed in Version 
fixed in git revision
fixed in mtn revision
Summary0001718: OpenVAS XML-Respone can only be read if order and spaces are exactly as expectet by PacketFence
DescriptionThe XML response returned by omp is parsed via regex like this one :

/<get_reports_response\ status="([0-9]+)" [^\<]+[\<][^\>]+[\>] ([a-zA-Z0-9\=]+)/x

In my case omp returns this XML

<get_reports_response status_text="OK" status="200"><report id="15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a" format_id="6c248850-1f62-11e1-b082-406186ea4fc5" extension="html" type="scan" content_type="text/html">

As you can see "status_text" and "status" are in a different order than pf expects them.

I think the way the XML responses are evaluated is prone to errors and should be changed. Regex is not the way to go here.

I have asked (in #openvas) if the order of elements is fixed in the xml and it is not...


Steps To Reproduce
Additional InformationUbuntu 12.04
OpenVAS 5

ii libopenvas5 5.0.4-1
ii openvas-administrator 1.2.1-1ubuntu1~precise
ii openvas-check-setup 2.2.0-0ubuntu1~precise
ii openvas-cli 1.1.5-1ubuntu1~precise
ii openvas-client 2.0.5-1ubuntu1
ii openvas-manager 3.0.6-0ubuntu1~precise
ii openvas-scanner 3.3.1-1ubuntu1~precise
TagsNo tags attached.
Relationships
Attached Files? openvas.pm (11,603) 2013-09-25 05:22
https://www.packetfence.org/bugs/file_download.php?file_id=187&type=bug
Issue History
Date ModifiedUsernameFieldChange
2013-09-25 04:22erSitztNew Issue
2013-09-25 04:24erSitztNote Added: 0003454
2013-09-25 05:19erSitztNote Added: 0003455
2013-09-25 05:22erSitztFile Added: openvas.pm
2013-09-25 08:30erSitztNote Added: 0003456

Notes
(0003454)
erSitzt   
2013-09-25 04:24   
I've removed the Base64 encoded part of the response here to keep the post readable.
(0003455)
erSitzt   
2013-09-25 05:19   
I suggest using XML::Simple, this returns an easy to use hash.

$VAR1 = {
          'report' => {
                      'format_id' => '6c248850-1f62-11e1-b082-406186ea4fc5',
                      'extension' => 'html',
                      'content_type' => 'text/html',
                      'content' => 'BASE64ENCODEDCONTENT',
                      'type' => 'scan',
                      'id' => '15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a'
                    },
          'status' => '200',
          'status_text' => 'OK'
        };

This is what it looks like in openvas.pm

    my $xml = new XML::Simple;
    my $response = $xml->XMLin($output);
    my $status = $response->{'status'};
    my $escalator_id = $response->{'id'};

    # Fetch response status and escalator id
    # Scan escalator successfully created
    if ( defined($status) && $status eq $RESPONSE_RESOURCE_CREATED ) {
        $logger->info("Scan escalator named $name successfully created with id: $escalator_id");
        $this->{_escalatorId} = $escalator_id;
        return $TRUE;
    }

I've renamed $response to $status, because thats what it is.

I'll attach my version of the file.
(0003456)
erSitzt   
2013-09-25 08:30   
I needed to untaint the result of the $command executed by pf_run in util.pm

From line 983:

    } else {
        # scalar context
        `$command` =~ /^(.*)$/;
        $result = $1;
        return $result if ($CHILD_ERROR == 0);
    }