PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Prevent zenmapCore.NmapParser from looking up remote/system XML entities

Browse Source
This commit is contained in:
dmiller
2014-04-16 20:37:52 +00:00
parent 5087947a42
commit d2009ab250
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
zenmap/zenmapCore/NmapParser.py
View File

@@ -131,7 +131,7 @@ import copy
from types import StringTypes from types import StringTypes
from xml.sax import make_parser from xml.sax import make_parser
from xml.sax import SAXException from xml.sax import SAXException
from xml.sax.handler import ContentHandler from xml.sax.handler import ContentHandler, EntityResolver
from xml.sax.saxutils import XMLGenerator from xml.sax.saxutils import XMLGenerator
from xml.sax.xmlreader import AttributesImpl as Attributes from xml.sax.xmlreader import AttributesImpl as Attributes
@@ -1349,11 +1349,21 @@ class NmapParserSAX(ParserBasics, ContentHandler):
return self.unsaved return self.unsaved
class OverrideEntityResolver(EntityResolver):
"""This class overrides the default behavior of xml.sax to download
remote DTDs, instead returning blank strings"""
empty = StringIO.StringIO()
def resolveEntity(self, publicId, systemId):
return OverrideEntityResolver.empty
def nmap_parser_sax(): def nmap_parser_sax():
parser = make_parser() parser = make_parser()
nmap_parser = NmapParserSAX() nmap_parser = NmapParserSAX()
parser.setContentHandler(nmap_parser) parser.setContentHandler(nmap_parser)
parser.setEntityResolver(OverrideEntityResolver())
nmap_parser.set_parser(parser) nmap_parser.set_parser(parser)
return nmap_parser return nmap_parser