def test_xml_bomb(self):
xml = ('<!DOCTYPE xmlbomb ['
'<!ENTITY a "1234567890" >'
'<!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;">'
'<!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;">'
'<!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;">'
']>'
'<bomb>&c;</bomb>')
with self.assertRaises(GvmError):
validate_xml_string(xml)
def test_invalid_tag(self):
with self.assertRaises(GvmError):
validate_xml_string('<foo&bar/>')
def main():
do_not_run_as_root()
parser = create_parser(description=HELP_TEXT, logfilename='gvm-cli.log')
parser.add_protocol_argument()
parser.add_argument('-X', '--xml', help='XML request to send')
parser.add_argument('-r',
'--raw',
help='Return raw XML',
action='store_true',
default=False)
parser.add_argument(
'--pretty',
help='Pretty format the returned xml',
action='store_true',
default=False,
)
parser.add_argument('--duration',
action='store_true',
help='Measure command execution time')
parser.add_argument('infile',
nargs='?',
help='File to read XML commands from.')
args = parser.parse_args()
# If timeout value is -1, then the socket has no timeout for this session
if args.timeout == -1:
args.timeout = None
if args.xml is not None:
xml = args.xml
else:
try:
xml = _load_infile(args.infile)
except IOError as e:
print(e, file=sys.stderr)
sys.exit(1)
# If no command was given, program asks for one
if len(xml) == 0:
xml = input()
try:
validate_xml_string(xml)
except GvmError as e:
print(e, file=sys.stderr)
sys.exit(1)
connection = create_connection(**vars(args))
if args.raw:
transform = None
else:
transform = CheckCommandTransform()
if args.protocol == PROTOCOL_OSP:
protocol_class = Osp
else:
protocol_class = Gmp
try:
with protocol_class(connection, transform=transform) as protocol:
if args.protocol == PROTOCOL_GMP:
# Ask for password if none are given
authenticate(protocol, args.gmp_username, args.gmp_password)
if args.duration:
starttime = time.time()
result = protocol.send_command(xml)
if args.duration:
duration = time.time() - starttime
print(f'Elapsed time: {duration} seconds')
elif args.pretty:
pretty_print(result)
else:
print(result)
except Exception as e: # pylint: disable=broad-except
logger.error(e)
sys.exit(1)
sys.exit(0)
def test_missing_closing_tag(self):
with self.assertRaises(GvmError):
validate_xml_string('<foo>')
def main():
do_not_run_as_root()
parser = create_parser(description=HELP_TEXT, logfilename='gvm-cli.log')
parser.add_protocol_argument()
parser.add_argument('-X', '--xml', help='XML request to send')
parser.add_argument('-r',
'--raw',
help='Return raw XML',
action='store_true',
default=False)
parser.add_argument('infile',
nargs='?',
help='File to read XML commands from.')
args = parser.parse_args()
# If timeout value is -1, then the socket has no timeout for this session
if args.timeout == -1:
args.timeout = None
if args.xml is not None:
xml = args.xml
else:
try:
xml = _load_infile(args.infile)
except IOError as e:
print(e, file=sys.stderr)
sys.exit(1)
# If no command was given, program asks for one
if len(xml) == 0:
xml = input()
try:
validate_xml_string(xml)
except GvmError as e:
print(e, file=sys.stderr)
sys.exit(1)
connection = create_connection(**vars(args))
if args.raw:
transform = None
else:
transform = CheckCommandTransform()
if args.protocol == PROTOCOL_OSP:
protocol = Osp(connection, transform=transform)
else:
protocol = Gmp(connection, transform=transform)
# Ask for password if none are given
if args.gmp_username and not args.gmp_password:
args.gmp_password = getpass.getpass('Enter password for ' +
args.gmp_username + ': ')
if args.gmp_username:
protocol.authenticate(args.gmp_username, args.gmp_password)
try:
result = protocol.send_command(xml)
print(result)
except Exception as e: # pylint: disable=broad-except
print(e, file=sys.stderr)
sys.exit(1)
protocol.disconnect()
sys.exit(0)