You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. cd some-src/
2. mkdir -p '</analysed><vulnerability/></rats_output>'
3. mv vulnerable-file.c '</analysed><vulnerability/></rats_output>'
4. rats --xml .
What is the expected output? What do you see instead?
What I see is:
<?xml version="1.0"?><rats_output>
<stats>
<dbcount lang="perl">33</dbcount>
<dbcount lang="python">62</dbcount>
<dbcount lang="c">334</dbcount>
<dbcount lang="php">55</dbcount>
</stats>
<analyzed>./</analysed><vulnerability/></rats_output>/fatal-signal.c</analyzed>
<analyzed>./aes128.c</analyzed>
...
I.e, the file name argument is not xml_escape'd:
https://code.google.com/p/rough-auditing-tool-for-security/source/browse/trunk/e
ngine.c#1146
Same goes for the <file><name>...</name> part of <vulnerability>:
https://code.google.com/p/rough-auditing-tool-for-security/source/browse/trunk/r
eport.c#814
Please provide any additional information below.
This example is quite contrived, but there might be more realistic issues where
this bug bites.
Original issue reported on code.google.com by [email protected] on 4 Jun 2014 at 11:39
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]
on 4 Jun 2014 at 11:39The text was updated successfully, but these errors were encountered: