Browse code

Add XML string escaping

Bernd Wurst authored on19/12/2008 12:00:11
Showing1 changed files
... ...
@@ -23,6 +23,7 @@
23 23
 # along with this program.    If not, see <http://www.gnu.org/licenses/>.
24 24
 
25 25
 import ConfigParser, os, glob, pprint, re, optparse, sys, gettext
26
+from xml.sax.saxutils import escape
26 27
 
27 28
 gettext.textdomain('freewvs')
28 29
 _ = gettext.gettext
... ...
@@ -64,12 +65,12 @@ def vulnprint(appname, version, safeversion, vuln, vfilename, subdir, style = No
64 65
         if safeversion == 'ok':
65 66
             state = 'ok'
66 67
         print '  <app state="%s">' % state
67
-        print '    <appname>%s</appname>' % appname
68
-        print '    <version>%s</version>' % version
69
-        print '    <directory>%s</directory>' % appdir
68
+        print '    <appname>%s</appname>' % escape(appname)
69
+        print '    <version>%s</version>' % escape(version)
70
+        print '    <directory>%s</directory>' % escape(appdir)
70 71
         if state == 'vulnerable':
71
-            print '    <safeversion>%s</safeversion>' % safeversion
72
-            print '    <vulninfo>%s</vulninfo>' % vuln
72
+            print '    <safeversion>%s</safeversion>' % escape(safeversion)
73
+            print '    <vulninfo>%s</vulninfo>' % escape(vuln)
73 74
         print '  </app>'
74 75
 
75 76