vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Escape XML/HTML code generated by nmap that can crash the GUI when the scan resul is displayed on screen

Browse source
This commit is contained in:
Luca Deri 2023-10-27 17:37:50 +02:00
parent 6c8c0f2b56
commit 38062b1e75
1 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

29
scripts/lua/modules/vulnerability_scan/vs_utils.lua
View file

@ -486,23 +486,24 @@ function vs_utils.cleanup_nmap_result(scan_result, scan_type)
end
end
if(false) then
-- Do not preprocess URLs
if(string.sub(l, 1, 2) == " [") then
local c = string.split(string.sub(l,3), "]")
local url = cve_utils.getDocURL(c[1], scan_type)
if(scan_type == "cve") then
-- Escape XML/HTML code that might be present in the output
l = l:gsub("<", "&lt;")
l = l:gsub(">", "&gt;")
if(string.sub(l, 1, 2) == " [") then
local c = string.split(string.sub(l,3), "]")
local url = cve_utils.getDocURL(c[1], scan_type)
if(scan_type == "cve") then
l = '[<A HREF="'..url..'">'..c[1]..'</A>]'..c[2]
elseif(scan_type == "openvas") then
l = '[<A HREF="'..url..'">'..c[1]..'</A>]'..c[2]
end
table.insert(cve, c[1])
num_vulnerabilities = num_vulnerabilities + 1
elseif(scan_type == "openvas") then
l = '[<A HREF="'..url..'">'..c[1]..'</A>]'..c[2]
end
table.insert(cve, c[1])
num_vulnerabilities = num_vulnerabilities + 1
end
table.insert(scan_out, l)
end