Skip to main content

Nessus XML Validation

Tenable Network Security no longer provides a DTD for Nessus 4.2 reports. I'm working on adding Nessus support to OpenFISMA, and wanted to be able to validate that the XML that I was processing from a user was in fact the correct format. I ended up using Instance2Scehma to generate the RNG schema, and then used Trang to generate other schemas that might be useful to other people.

So, XMLReader in PHP is a little bit weird, and you can't validate the XML until you start reading it. And XMLReader won't throw validation exceptions, so you can't put your reading into a try/catch and stop processing once you find out that there's an error. Bummer. What you can do though, is do your processing, check for errors, and then persist the data after checking to make sure that the XML is valid.

<?php
$xmlReader = new XMLReader();
$xmlReader->open('report.nessus');
$xmlReader->setRelaxNGSchema('schema.rng');

while($xmlReader->read()) {
  // process XML ...
}

if($xmlReader->isValid()) {
  // persist data
} else {
  // handle invalid XML
  throw new Exception('Bad XML.');
}
?>

Schema files are attached in a variety of formats at the bottom of this post.

Trackback URL for this post:

http://www.jbip.net/trackback/71
AttachmentSize
schema.rng10.9 KB
schema.dtd4.57 KB
schema.rnc4.52 KB
schema.xsd6.31 KB