search

cr0hn / openvas_to_report

OpenVAS2Report: A set of tools to manager OpenVAS XML report files.
BSD 3-Clause "New" or "Revised" License
40 stars 22 forks source link

Regexp is wrong for port extract #10

Open JonasBVS opened 7 years ago

JonasBVS commented 7 years ago

openvas_to_report/libs/data/parsed_data.py

this pattern should extraxt correct information (without description) i'am not sure if this is the correct line that it searches, but using the patten below you can extract the port and protocol information: <port>22/tcp<host>xxx.xxx.xxx.xxx</host><severity>5.3</severity><threat>Medium</threat></port>

change number of groups to 3(line 100), and remove return of description(line 107)

pattern: ([\d]+)(/)([\w]+)

It fills out the information in the worksheets :) image

lilloxxx commented 6 years ago

Thanks a lot for the tip!

I'm not a python expert so to simplify

image

TheGroundZero commented 6 years ago

@lilloxxx Note that port numbers in the report can now also have the form of general/icmp next to tcp/443.

Below is my version of the code.
Just like you, I decided to drop the description and go for the number and protocol only.

I'm still doubting whether I should make the port number 0 or None when there's no explicit port number.

@staticmethod
def string2port(info):
    """
    Extract port number, protocol and description from an string.

    ..note:
        Raises value error if information can't be processed.

    # >>> p=Port.string2port("2000/tcp")
    # >>> print p.number
      2000
    # >>> print p.proto
      "tcp"

    # >>> p=Port.string2port("general/icmp")
    # >>> print p.number
      0
    # >>> print p.proto
      "icmp"

    :param info: raw string with port information
    :type info: basestring

    :return: Port instance
    :rtype: Port

    :raises: ValueError
    """
    if not isinstance(info, str):
        raise TypeError("Expected basestring, got '{}' instead".format(type(info)))

    regex_nr = re.search("([\d]+)(/)([\w]+)", info)
    regex_general = re.search("(general)(/)([\w]+)", info)

    if regex_nr and len(regex_nr.groups()) == 3:
        number = int(regex_nr.group(1))
        protocol = regex_nr.group(3)
    elif regex_general and len(regex_general.groups()) == 3:
        number = 0
        protocol = regex_general.group(3)
    else:
        raise ValueError("Can't parse input string")

    return Port(number, protocol)