Nmap Development mailing list archives

Re: New patch for XML output

From: Fyodor <fyodor () insecure org>
Date: Thu, 20 Dec 2007 19:47:21 -0800

On Fri, Dec 14, 2007 at 10:28:39AM -0700, David Fifield wrote:

On Fri, Dec 14, 2007 at 08:10:14AM -0300, João Medeiros wrote:

    I don't know if you the the topic [0] that I talk about the
problem. In it the reason to do this is explained. I don't understand
if you mean that is not necessary escape this, or if exists a better
way to solve the problem. If it's the first, please read the link
below.

[0] http://seclists.org/nmap-dev/2007/q4/0572.html


You're right, I didn't realize that this was a follow-up patch. I'm also
more ignorant of XML than I thought. It seems painful, because it will
create a bunch of long ugly lines in the XML output (that can't be cut
and pasted), but your solution seems like the right one. Escaping
whitespace characters is only required in attribute values, but then
almost everything in Nmap XML is stored in attributes anyway. I'll think
about it and leave some time for others to comment but I think I'll
commit the rest of your patch.


Maybe we move things such as the OS fingerprint out of attributes and
into plain content.  So instead of having:

<osfingerprint fingerprint="
SCAN(V=4.50%D=12/20%OT=22%CT=70%CU=%PV=N%G=N%TM=476B362D%P=x86_64-unknown-linux-gnu)
SEQ(SP=C7%GCD=1%ISR=CA%TI=Z%II=I%TS=A)
OPS(O1=M5ACST11NW7%O2=M5ACST11NW7%O3=M5ACNNT11NW7%O4=M5ACST11NW7%O5=M5ACST11NW7%O6=M5ACST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%TG=40%W=16D0%O=M5ACNNSNW7%CC=N%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5ACST11NW7%RD=0%Q=)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%TOSI=Z%CD=S%SI=S%DLI=S)
" />

We could have:

<osfingerprint>
SCAN(V=4.50%D=12/20%OT=22%CT=70%CU=%PV=N%G=N%TM=476B362D%P=x86_64-unknown-linux-gnu)
SEQ(SP=C7%GCD=1%ISR=CA%TI=Z%II=I%TS=A)
OPS(O1=M5ACST11NW7%O2=M5ACST11NW7%O3=M5ACNNT11NW7%O4=M5ACST11NW7%O5=M5ACST11NW7%O6=M5ACST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%TG=40%W=16D0%O=M5ACNNSNW7%CC=N%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5ACST11NW7%RD=0%Q=)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%TOSI=Z%CD=S%SI=S%DLI=S)
</osfingerprint>

Would that resolve João's issue?  I'm trying to remember if there was
a good reason that we put almost everything in attributes.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

New patch for XML output João Medeiros (Dec 12)
- Re: New patch for XML output David Fifield (Dec 13)
  - Re: New patch for XML output João Medeiros (Dec 14)
    - Re: New patch for XML output David Fifield (Dec 14)
    - Re: New patch for XML output João Medeiros (Dec 14)
    - Re: New patch for XML output Fyodor (Dec 20)
    - Re: New patch for XML output Max (Dec 20)