VIA4CVE icon indicating copy to clipboard operation
VIA4CVE copied to clipboard

Published 20 hours ago verified publisher icon cve-search

RedHat rpm source file is truncated

Open IrootGeek opened this issue 7 years ago • 4 comments

Hi, The source of the "RedHat" rpm file is truncated in line 11830, column 12

XML Parsing Error: no element found Location: https://www.redhat.com/security/data/metrics/rpm-to-cve.xml Line Number 11830, Column 13: CVE ------------^

11821 <rpm rpm="ethereal-gnome-0:0.99.0-EL4.2">
11822  <erratum released="2006-05-03">RHSA-2006:0420</erratum>
11823   <cve>CVE-2006-1932</cve>
11824    <cve>CVE-2006-1933</cve>
11825     <cve>CVE-2006-1934</cve>
11826     <cve>CVE-2006-1935</cve>
11827     <cve>CVE-2006-1936</cve>
11828     <cve>CVE-2006-1937</cve>
11829    <cve>CVE-2006-1938</cve>
11830     <cve>CVE

When you run via4cve.py, you get errors:

[!] Failed to load module RedHatInfo:
[!] -> <unknown>:11830:12: no element found
Traceback (most recent call last):
File "/usr/lib/python3.4/xml/sax/expatreader.py", line 207, in feed
self._parser.Parse(data, isFinal)
xml.parsers.expat.ExpatError: no element found: line 11830, column 12

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/iroot/Bureau/Project/VIA4CVE-master/lib/PluginManager.py", line 25, in loadPlugins
self.plugins.append(getattr(i, x.split("/")[-1])())
File "/home/iroot/Bureau/Project/VIA4CVE-master/sources/RedHatInfo.py", line 131, in init
parser.parse(_file)
File "/usr/lib/python3.4/xml/sax/expatreader.py", line 107, in parse
xmlreader.IncrementalParser.parse(self, source)
File "/usr/lib/python3.4/xml/sax/xmlreader.py", line 125, in parse
self.close()
File "/usr/lib/python3.4/xml/sax/expatreader.py", line 217, in close
self.feed("", isFinal = 1)
File "/usr/lib/python3.4/xml/sax/expatreader.py", line 211, in feed
self._err_handler.fatalError(exc)
File "/usr/lib/python3.4/xml/sax/handler.py", line 38, in fatalError
raise exception
xml.sax._exceptions.SAXParseException: <unknown>:11830:12: no element found

IrootGeek avatar Jun 20 '17 09:06 IrootGeek

It seems like the file is normal again now. From the via4cve point of view, there was an error, but it didn't prevent the program to query the other security advisories.

DamienMolina avatar Jun 21 '17 07:06 DamienMolina

Hi @DamienMolina, Yes, the RedHat rpm file has been corrected and via4cve is running successfully. About the rpm error, preventing only the RedHat plugin from running.

IrootGeek avatar Jun 21 '17 08:06 IrootGeek

This makes me thing we should integrate a "last known good" into the VIA4 generation. When a source fails, it can pull the last-known-good. The date could be part of the metadata then

PidgeyL avatar Jun 21 '17 08:06 PidgeyL

Could we just simply rely on the size of the source?

adulau avatar Jun 27 '17 18:06 adulau