Skip to content

Commit

Permalink
Fix XML output plugin generates invalid XML andresriancho#15246
Browse files Browse the repository at this point in the history
  • Loading branch information
andresriancho committed Apr 17, 2017
1 parent b2fb699 commit c85876e
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
2 changes: 1 addition & 1 deletion w3af/plugins/output/xml_file.py
Original file line number Diff line number Diff line change
Expand Up @@ -435,7 +435,7 @@ def handle_body(self, parent_node, headers, body):
# https://github.com/andresriancho/w3af/issues/264 is fixed by encoding
# the ']]>', which in some cases would end up in a CDATA section and
# break it, using base64 encoding
if '\0' in body or ']]>' in body:
if INVALID_XML.search(body) or ']]>' in body:
# irrespective of the mimetype; if the NULL char is present; then
# base64.encode it
encoded = base64.encodestring(body)
Expand Down
11 changes: 10 additions & 1 deletion w3af/plugins/tests/output/test_xml_file.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
from w3af.core.data.options.option_types import OUTPUT_FILE

from w3af.plugins.tests.helper import PluginTest, PluginConfig
from w3af.plugins.output.xml_file import xml_file, xml_str
from w3af.plugins.output.xml_file import xml_file, xml_str, INVALID_XML


@attr('smoke')
Expand Down Expand Up @@ -222,3 +222,12 @@ def test_replace_xml_str(self):

def test_mixed_xml_str(self):
self.assertEquals('a?b', xml_str('a\0b'))

def test_re_match(self):
self.assertIsNotNone(INVALID_XML.search('a\0b'))

def test_re_match_false_1(self):
self.assertIsNone(INVALID_XML.search('ab'))

def test_re_match_false_2(self):
self.assertIsNone(INVALID_XML.search('ab\n'))

0 comments on commit c85876e

Please sign in to comment.