Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Interacting with scan can break XML DTD validation

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 02 Sep 2011 16:19:06 -0500
Hey list,
I found an issue that may not be worth pursuing, but here it is: When increasing verbosity in the middle of a scan, XML elements may be output without preceding ones (e.g. taskend without corresponding taskbegin), which causes the output to fail DTD validation. Steps to reproduce: 

1. Start a scan with parallel DNS resolution and XML output:
$ nmap -sL -oX out.xml 192.168.1.0/24

2. Between 1-2 seconds after initiating, press "v" to increase verbosity.
3. Try to validate the output against DTD. Example output from python lxml validator: out.xml:4:0:ERROR:VALID:DTD_CONTENT_MODEL: Element nmaprun content does not follow the DTD, expecting (scaninfo* , verbose , debugging , ((taskbegin , taskprogress* , taskend) | prescript | postscript | host | output)* , runstats), got (verbose debugging taskend host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host host runstats )
I'm not sure how to go about fixing this. It seems like something that is just not well supported by serially-output XML (along with the "verbose" level, which changes without being noted in the output).
As a side note, I also found and patched a problem with the DTD regarding service fingerprint confidence levels. Previously, these were enumerated as 0, 3, 5, and 10, but I found tcpwrapped services were given a value of 8. The comments in portlist.h say it could be any integer between 0 and 10, so that's what I changed the DTD to reflect. 

Dan

Attachment: dtd.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: