PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Prevent zenmapCore.NmapParser from looking up remote/system XML entities

Browse Source
This commit is contained in:
dmiller
2014-04-16 20:37:52 +00:00
parent 5087947a42
commit d2009ab250
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
zenmap/zenmapCore/NmapParser.py
View File

@@ -131,7 +131,7 @@ import copy
from types import StringTypes
from xml.sax import make_parser
from xml.sax import SAXException
from xml.sax.handler import ContentHandler
from xml.sax.handler import ContentHandler, EntityResolver
from xml.sax.saxutils import XMLGenerator
from xml.sax.xmlreader import AttributesImpl as Attributes
@@ -1349,11 +1349,21 @@ class NmapParserSAX(ParserBasics, ContentHandler):
return self.unsaved
class OverrideEntityResolver(EntityResolver):
"""This class overrides the default behavior of xml.sax to download
remote DTDs, instead returning blank strings"""
empty = StringIO.StringIO()
def resolveEntity(self, publicId, systemId):
return OverrideEntityResolver.empty
def nmap_parser_sax():
parser = make_parser()
nmap_parser = NmapParserSAX()
parser.setContentHandler(nmap_parser)
parser.setEntityResolver(OverrideEntityResolver())
nmap_parser.set_parser(parser)
return nmap_parser