pullcve parsing error - Githubissues

sjvermeu / cvechecker

Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data

GNU General Public License v3.0

258 stars 68 forks source link

pullcve parsing error #34

Closed lyfak closed 4 years ago

lyfak commented 6 years ago

I just installed blackarch tools on Antergos using strap...and on the packages cvechecker was included.After the sucessful installation(after some strugless) I did a pullcves pull

The result is :

`...snip... var/cvechecker/cache/nvdcve-2.0-modified.xml:290: parser error : Entity 'reg' not defined ere is an addition or modification to any vulnerability with a starting CVE® ^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:366: parser error : Opening and ending tag mismatch: br line 364 and div

^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:367: parser error : Opening and ending tag mismatch: br line 363 and div

^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:397: parser error : xmlParseEntityRef: no name Search & Statistics
^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:456: parser error : xmlParseEntityRef: no name General Questions & Webmaster Contact < ^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:505: parser error : Opening and ending tag mismatch: div line 361 and footer ^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:524: parser error : Opening and ending tag mismatch: div line 314 and form ^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:525: parser error : Opening and ending tag mismatch: footer line 313 and body ^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:526: parser error : Opening and ending tag mismatch: section line 261 and html ^ /var/cvechecker/cache/nvdcve-2.0-modified.xml:527: parser error : Premature end of data in tag nav line 81

^ ...snip....`

What could cause that problem ?

Thanks

sjvermeu commented 6 years ago

It sounds like the download of the XML used a wrong URL. Currently, the URL it should download in pullcves is http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz. I don't know which version of cvechecker you are using, the cvechecker version 3.6 and earlier will be using a wrong URL (the URL changed somwhere in 2016 to only allow compressed XML downloads).

sjvermeu commented 4 years ago

NVD/NIST has in the mean time switched to JSON rather than XML files (sigh). The code in repo has been updated to reflect that.