📄 html_output.c
字号:
/* Nessus
* Copyright (C) 1998 - 2001 Renaud Deraison
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* In addition, as a special exception, Renaud Deraison
* gives permission to link the code of this program with any
* version of the OpenSSL library which is distributed under a
* license identical to that listed in the included COPYING.OpenSSL
* file, and distribute linked combinations including the two.
* You must obey the GNU General Public License in all respects
* for all of the code used other than OpenSSL. If you modify
* this file, you may extend this exception to your version of the
* file, but you are not obligated to do so. If you do not wish to
* do so, delete this exception statement from your version.
*
* Output modified by Isaac Dawson of Security Management Partners.
*
* changes to generate valid html: Axel Nennker axel@nennker.de
* 20020919 see: http://validator.w3.org/file-upload.html
* - an attribute vaule must be quoted if it contains any character
* other than letters(A-Za-z), digits, hyphens and periods
* - added charset iso-8859-1
* 20020924 Axel Nennker axel@nennker.de
* some more fixes for valid html4.0
*
*/
#include "../includes.h"
#include "../libnessus.h"
#include "report.h"
#include "report_utils.h"
//#include "error_dialog.h"
//#include "globals.h"
static char * convert_cr_to_html(char *);
static char * portname_to_ahref(char *, char *);
void summary_to_file(FILE *, struct arglist *);
/*
* Handy functions
*/
/* All the cross references (CVE, BID) have the same format - XREF: <num>,...<br> */
static char *
extract_xref(file, str, url)
FILE * file;
char * str, * url;
{
while(str != NULL && strncmp(str, "<br>", 4) != 0)
{
char * e1 = strchr(str, ',');
char * e2 = strchr(str, '<');
char tmp = '\0';
if((e1 > e2) || (e1 == NULL))e1 = e2;
if(e1 != NULL)
{
tmp = e1[0];
e1[0] = '\0';
}
fprintf(file, "<a href=\"%s%s\">%s</a>", url, str, str);
str = e1;
if(e1 != NULL)
{
e1[0] = tmp;
if(tmp == ','){
fputc(',', file);
fputc(' ', file);
str ++;
str ++;
}
else
fputc('<', file);
}
}
return str;
}
static void
print_data_with_links(file, str, plugin_id)
FILE * file;
char * str, * plugin_id;
{
while(str != NULL && str[0] != '\0')
{
if(strncmp(str, "http:", 5) == 0 || strncmp(str, "https:", 6) == 0 )
{
char * e1, * e2;
char tmp = 0;
e1 = strchr(str, ' ');
e2 = strstr(str, "<br>");
if((e1 > e2) || (e1 == NULL))e1 = e2;
if(e1 != NULL)
{
tmp = e1[0];
e1[0] = '\0';
}
fprintf(file, "<a href=\"%s\">%s</a>", str, str);
str += strlen(str) - 1;
if(e1 != NULL)
{
e1[0] = tmp;
}
}
else if(strncmp(str, "CVE_ID : ", strlen("CVE_ID : ")) == 0)
{
fprintf(file, "CVE_ID : ");
str += strlen("CVE_ID : ");
str = extract_xref(file, str, "http://cgi.nessus.org/cve.php3?cve=");
}
else if(strncmp(str, "BUGTRAQ_ID : ", strlen("BUGTRAQ_ID : ")) == 0)
{
fprintf(file, "BUGTRAQ_ID : ");
str += strlen("BUGTRAQ_ID : ");
str = extract_xref(file, str, "http://cgi.nessus.org/bid.php3?bid=");
}
else if(strncmp(str, "NESSUS_ID : ", strlen("NESSUS_ID : ")) == 0)
{
fprintf(file, "NESSUS_ID : ");
str += strlen("NESSUS_ID : ");
str = extract_xref(file, str, "http://cgi.nessus.org/nessus_id.php3?id=");
}
else fputc(str[0], file);
if ( str != NULL ) str++;
}
//fprintf(file, "Nessus ID : <a href=\"http://cgi.nessus.org/nessus_id.php3?id=%s\">%s</a>", plugin_id, plugin_id);
}
static char * convert_cr_to_html(str)
char * str;
{
int num = 0;
char * t;
char * ret;
int i, j = 0;
/*
* Compute the size we'll need
*/
t = str;
while(t[0])
{
if((t[0]=='\n')||(t[0]=='>')||(t[0]=='<'))num++;
t++;
}
ret = emalloc(strlen(str)+5*num+1);
for(i=0, j=0;str[i];i++,j++)
{
if(str[i]=='\n'){
ret[j++]='<';
ret[j++]='b';
ret[j++]='r';
ret[j++]='>';
ret[j]='\n';
}
else if(str[i]=='>') {
ret[j++]='&';
ret[j++]='g';
ret[j++]='t';
ret[j]=';';
}
else if(str[i]=='<')
{
ret[j++]='&';
ret[j++]='l';
ret[j++]='t';
ret[j]=';';
}
else ret[j] = str[i];
}
return ret;
}
static char * portname_to_ahref(name, hostname)
char * name;
char * hostname;
{
char *t, *k;
/*
* Convert '192.168.1.1' to '192_168_1_1' or
* 'prof.nessus.org' to 'prof_nessus_org'
*/
hostname =
t = estrdup (hostname) ;
while ((t = strchr (t, '.')) != 0)
t [0] = '_' ;
if (name == 0)
return hostname ;
/*
* Convert 'telnet (21/tcp)' to '21_tcp'
*/
name =
k = estrdup (name);
if ((t = strrchr (k, '(')) != 0)
k = t + 1;
if ((t = strchr (k, ')')) != 0)
t [0] = '\0' ;
while ((t = strchr (k, '/')) != 0)
t [0] = '_' ;
/*
* append: "name" + "_" + "hostname"
*/
t = emalloc (strlen (hostname) + strlen (k) + 2);
strcat (strcat (strcpy (t, hostname), "_"), k);
efree (&hostname);
efree (&name);
return t ;
}
int
arglist_to_html(hosts, filename)
struct arglist * hosts;
char * filename;
{
FILE * file;
struct arglist * h;
if(!strcmp(filename, "-"))file = stdout;
else file = fopen(filename, "w");
if(!file){
show_error("Could not create this file !");
perror("fopen ");
return(-1);
}
/* Print the Style Sheet Opts and Report Summary */
summary_to_file(file, hosts);
h = hosts;
/* Loop through hosts and print out their problems "Host List"*/
while(h && h->next)
{
int result;
char * href = portname_to_ahref(NULL, h->name);
fprintf(file, " <tr>\n\t <td class=default width=\"60%%\"><a href=\"#%s\">%s</a></td>\n", href, h->name);
result = is_there_any_hole(h->value);
if(result == HOLE_PRESENT)
fprintf(file, "\t<td class=default width=\"40%%\"><font color=red>Security hole(s) found</font></td></tr>\n");
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -