Add XML string escaping
Bernd Wurst commited on 2008-12-19 12:00:11
Zeige 1 geänderte Dateien mit 6 Einfügungen und 5 Löschungen.
- freewvs 6392b85..8f68a98
| ... | ... |
@@ -23,6 +23,7 @@ |
| 23 | 23 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 24 | 24 |
|
| 25 | 25 |
import ConfigParser, os, glob, pprint, re, optparse, sys, gettext |
| 26 |
+from xml.sax.saxutils import escape |
|
| 26 | 27 |
|
| 27 | 28 |
gettext.textdomain('freewvs')
|
| 28 | 29 |
_ = gettext.gettext |
| ... | ... |
@@ -64,12 +65,12 @@ def vulnprint(appname, version, safeversion, vuln, vfilename, subdir, style = No |
| 64 | 65 |
if safeversion == 'ok': |
| 65 | 66 |
state = 'ok' |
| 66 | 67 |
print ' <app state="%s">' % state |
| 67 |
- print ' <appname>%s</appname>' % appname |
|
| 68 |
- print ' <version>%s</version>' % version |
|
| 69 |
- print ' <directory>%s</directory>' % appdir |
|
| 68 |
+ print ' <appname>%s</appname>' % escape(appname) |
|
| 69 |
+ print ' <version>%s</version>' % escape(version) |
|
| 70 |
+ print ' <directory>%s</directory>' % escape(appdir) |
|
| 70 | 71 |
if state == 'vulnerable': |
| 71 |
- print ' <safeversion>%s</safeversion>' % safeversion |
|
| 72 |
- print ' <vulninfo>%s</vulninfo>' % vuln |
|
| 72 |
+ print ' <safeversion>%s</safeversion>' % escape(safeversion) |
|
| 73 |
+ print ' <vulninfo>%s</vulninfo>' % escape(vuln) |
|
| 73 | 74 |
print ' </app>' |
| 74 | 75 |
|
| 75 | 76 |
|
| 76 | 77 |