XML-formatted NVT-tags


#1

The XML Report format currently contains a section “tags” for the NVTs that describes tags in a non-XML syntax ( tag1=value1|tag2=value2|tag3=value3 ). For any tools parsing the XML reports for some purposes, this means to add an extra parser for this syntax rather than using the XML standard methodology.

We want to replace the pipe-separated list with XML elements in a future GMP version.

Here is an example on how this would look like: This is the current situation:

<tags>cvss_base_vector=AV:N/AC:L/Au:N/C:C/I:C/A:C|impact=Successful exploitation will allow attackers to manipulate or gain knowledge
  of sensitive information, bypass restrictions, cause a denial of service or
  compromise a vulnerable system.
  Impact Level: System/Application|affected=Oracle Java JDK/JRE version 6 Update 21 on windows|insight=Multiple flas are caused by errors in the 2D, CORBA, Deployment, JRE,
  Java Web Start, New Java Plug-in, Sound, Deployment Toolkit, JSSE, Kerberos,
  Networking, Swing, and JNDI components.|summary=This host is installed with Oracle Java JDK/JRE and is prone to
  multiple vulnerabilities.|solution=Upgrade to JDK/JRE version 6 Update 22
  http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html [^]

  or
  Apply the patch from below link,
  http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html [^]

  *****
  NOTE: Ignore this warning if above mentioned patch is already applied.
  *****</tags>

and it would change into this notation:

<tags>
  <tag>
    <name>cvss_base_vector</name>
    <value>AV:N/AC:L/Au:N/C:C/I:C/A:C</value>
  </tag>
  <tag>
    <name>impact</name>
    <value>Successful exploitation will allow attackers to manipulate or gain knowledge
  of sensitive information, bypass restrictions, cause a denial of service or
  compromise a vulnerable system.
  Impact Level: System/Application</value>
  </tag>
  <tag>
    <name>affected</name>
    <value>Oracle Java JDK/JRE version 6 Update 21 on windows</value>
  </tag>
  <tag>
    <name>insight</name>
    <value>Multiple flas are caused by errors in the 2D, CORBA, Deployment, JRE,
  Java Web Start, New Java Plug-in, Sound, Deployment Toolkit, JSSE, Kerberos,
  Networking, Swing, and JNDI components.</value>
  </tag>
  <tag>
    <name>summary</name>
    <value>This host is installed with Oracle Java JDK/JRE and is prone to
  multiple vulnerabilities.</value>
  </tag>
  <tag>
    <name>solution</name>
    <value>Upgrade to JDK/JRE version 6 Update 22
  http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html [^]

  or
  Apply the patch from below link,
  http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html [^]

  *****
  NOTE: Ignore this warning if above mentioned patch is already applied.
  *****</value>
  </tag>
</tags>

Of course it would mean that any script or processing routine of XML-report needs an update.
But in fact it basically means to simplify the routine.