librex 0.0.35 → 0.0.36

data/lib/rex/io/stream_abstraction.rb

@@ -148,7 +148,7 @@ protected
 							closed = true
 							wlog("monitor_rsock: closed remote socket due to nil read")
 						end
-					rescue ::Exception
+					rescue ::Exception => e
 						closed = true
 						wlog("monitor_rsock: exception during read: #{e.class} #{e}")
 					end
@@ -169,10 +169,11 @@ protected
 							#     This way we naturally perform a resend if a failure occured.
 							#     Catches an edge case with meterpreter TCP channels where remote send
 							#     failes gracefully and a resend is required.
-							if (sent.nil? or sent <= 0)
+							if (sent.nil?)
+								closed = true
 								wlog("monitor_rsock: failed writing, socket must be dead")
 								break
-							else
+							elsif (sent > 0)
 								total_sent += sent
 							end
 						rescue ::IOError, ::EOFError => e

data/lib/rex/parser/acunetix_nokogiri.rb

@@ -0,0 +1,394 @@
+require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+require 'rex'
+require 'uri'
+
+module Rex
+	module Parser
+
+		# If Nokogiri is available, define the Acunetix document class. 
+		load_nokogiri && class AcunetixDocument < Nokogiri::XML::SAX::Document
+
+		include NokogiriDocMixin
+
+		# The resolver prefers your local /etc/hosts (or windows equiv), but will
+		# fall back to regular DNS. It retains a cache for the import to avoid 
+		# spamming your network with DNS requests.
+		attr_reader :resolv_cache 
+
+		# If name resolution of the host fails out completely, you will not be
+		# able to import that Scan task. Other scan tasks in the same report
+		# should be unaffected.
+		attr_reader :parse_warnings
+
+		def start_document
+			@parse_warnings = []
+			@resolv_cache = {}
+		end
+
+		def start_element(name=nil,attrs=[])
+			attrs = normalize_attrs(attrs)
+			block = @block
+			@state[:current_tag][name] = true
+			case name
+			when "Scan" # Start of the thing.
+			when "Name", "StartURL", "Banner", "Os"
+				@state[:has_text] = true
+			when "LoginSequence" # Skipping for now
+			when "Crawler"
+				record_crawler(attrs)
+			when "FullURL"
+				@state[:has_text] = true
+			when "Variable"
+				record_variable(attrs)
+			when "Request", "Response"
+				@state[:has_text] = true
+			end
+		end
+
+		def end_element(name=nil)
+			block = @block
+			case name
+			when "Scan" 
+				# Clears most of the @state out, we're done with this web site. 
+				@state.delete_if {|k| k != :current_tag}
+			when "Name"
+				@state[:has_text] = false
+				collect_scan_name
+				collect_report_item_name
+				@text = nil
+			when "StartURL" # Populates @state[:starturl_uri], we use this a lot
+				@state[:has_text] = false
+				collect_host 
+				collect_service
+				@text = nil
+				handle_parse_warnings &block
+				host_object = report_host &block
+				if host_object
+					report_starturl_service(host_object,&block)
+					db.report_import_note(@args[:wspace],host_object)
+				end
+			when "Banner"
+				@state[:has_text] = false
+				collect_and_report_banner
+			when "Os"
+				@state[:has_text] = false
+				report_os_fingerprint
+			when "LoginSequence" # This comes up later in the report anyway
+			when "Crawler"
+				report_starturl_web_site(&block)
+			when "FullURL"
+				@state[:has_text] = false
+				report_web_site(@text,&block)
+				@text = nil
+			when "Inputs"
+				report_web_form(&block)
+			when "Request"
+				@state[:has_text] = false
+				collect_page_request
+				@text = nil
+			when "Response"
+				@state[:has_text] = false
+				collect_page_response
+				@text = nil
+				report_web_page(&block)
+			end
+			@state[:current_tag].delete name
+		end
+
+		def collect_page_response
+			return unless in_tag("TechnicalDetails")
+			return unless in_tag("ReportItem")
+			return unless @text
+			return if @text.to_s.empty?
+			@state[:page_response] = @text
+		end
+
+		def collect_page_request
+			return unless in_tag("TechnicalDetails")
+			return unless in_tag("ReportItem")
+			return unless @text
+			return if @text.to_s.empty?
+			@state[:page_request] = @text
+		end
+
+		def collect_scan_name
+			return unless in_tag("Scan")
+			return if in_tag("ReportItems")
+			return if in_tag("Crawler")
+			return unless @text
+			return if @text.strip.empty?
+			@state[:scan_name] = @text.strip
+		end
+
+		def collect_host
+			return unless in_tag("Scan")
+			return unless @text
+			return if @text.strip.empty?
+			uri = URI.parse(@text) rescue nil
+			return unless uri
+			address = resolve_scan_starturl_address(uri)
+			@report_data[:host] = address
+			@report_data[:state] = Msf::HostState::Alive
+		end
+
+		def collect_service
+			return unless @report_data[:host]
+			return unless in_tag("Scan")
+			return unless @text
+			return if @text.strip.empty?
+			uri = URI.parse(@text) rescue nil
+			return unless uri
+			@state[:starturl_uri] = uri 
+			@report_data[:ports] ||= []
+			@report_data[:ports] << @state[:starturl_port]
+		end
+
+		def collect_and_report_banner
+			return unless (svc = @state[:starturl_service_object]) # Yes i want assignment
+			return unless @text
+			return if @text.strip.empty?
+			return unless in_tag("Scan")
+			svc_info = {
+				:host => svc.host,
+				:port => svc.port,
+				:proto => svc.proto,
+				:info => @text.strip
+			}
+			db_report(:service, svc_info)
+			@text = nil
+		end
+
+		def collect_report_item_name
+			return unless in_tag("ReportItem")
+			return unless @text
+			return if @text.strip.empty?
+			@state[:report_item] = @text
+		end
+
+		# @state[:fullurl] is set by report_web_site
+		def record_variable(attrs)
+			return unless in_tag("Inputs")
+			return unless @state[:fullurl].kind_of? URI
+			method = attr_hash(attrs)["Type"] 
+			return unless method
+			return if method.strip.empty?
+			@state[:form_variables] ||= []
+			@state[:form_variables] << [attr_hash(attrs)["Name"],method]
+		end
+
+		def record_crawler(attrs)
+			return unless in_tag("Scan")
+			return unless @state[:starturl_service_object]
+			starturl = attr_hash(attrs)["StartUrl"]
+			return unless starturl
+			@state[:crawler_starturl] = starturl
+		end
+
+		def report_web_form(&block)
+			return unless in_tag("SiteFiles")
+			return unless @state[:web_site]
+			return unless @state[:fullurl].kind_of? URI
+			return unless @state[:form_variables].kind_of? Array
+			return if @state[:form_variables].empty?
+			method = @state[:form_variables].first[1]
+			vars = @state[:form_variables].map {|x| x[0]}
+			form_info = {}
+			form_info[:web_site] = @state[:web_site]
+			form_info[:path] = @state[:fullurl].path
+			form_info[:query] = @state[:fullurl].query
+			form_info[:method] = method
+			form_info[:params] = vars
+			url = @state[:fullurl].to_s
+			db.emit(:web_form,url,&block) if block
+			db_report(:web_form,form_info)
+			@state[:fullurl] = nil
+			@state[:form_variables] = nil
+		end
+
+		def report_web_page(&block)
+			return if should_skip_this_page
+			return unless @state[:web_site]
+			return unless @state[:page_request]
+			return if @state[:page_request].strip.empty?
+			return unless @state[:page_response]
+			return if @state[:page_response].strip.empty?
+			path,query_string = parse_request(@state[:page_request])
+			return unless path
+			parsed_response = parse_response(@state[:page_response])
+			return unless parsed_response
+			web_page_info = {}
+			web_page_info[:web_site] = @state[:web_site]
+			web_page_info[:path] = path
+			web_page_info[:code] = parsed_response[:code].to_i
+			web_page_info[:headers] = parsed_response[:headers]
+			web_page_info[:body] = parsed_response[:body]
+			web_page_info[:query] = query_string || ""
+			url = ""
+			url << @state[:web_site].service.name.to_s << "://"
+			url << @state[:web_site].vhost.to_s << ":"
+			url << path
+			uri = URI.parse(url) rescue nil
+			return unless uri # Sanity checker
+			db.emit(:web_page, url, &block) if block
+			web_page_object = db_report(:web_page,web_page_info)
+			@state[:page_request] = @state[:page_response] = nil
+			@state[:web_page] = web_page_object
+		end
+
+		# Reasons why we shouldn't collect a particular web page.
+		def should_skip_this_page
+			if @state[:report_item] =~ /Unrestricted File Upload/
+				# This means that the page being collected is something the
+				# auditor put there, so it's not useful to report on.
+				return true
+			end
+			return false
+		end
+
+		# XXX Rex::Proto::Http::Packet seems broken for
+		# actually parsing requests and responses, but all I 
+		# need are the headers anyway
+		def parse_request(request)
+			headers = Rex::Proto::Http::Packet::Header.new
+			headers.from_s request.dup # It's destructive.
+			return unless headers.cmd_string
+			verb,req = headers.cmd_string.split(/\s+/)
+			return unless verb
+			return unless req
+			path,query_string = req.split(/\?/)[0,2]
+		end
+
+		def parse_response(response)
+			headers = Rex::Proto::Http::Packet::Header.new
+			headers.from_s response.dup # It's destructive.
+			return unless headers.cmd_string
+			http,code,msg = headers.cmd_string.split(/\s+/) 
+			return unless code 
+			return unless code.to_i.to_s == code
+			parsed = {}
+			parsed[:code] = code
+			parsed[:headers] = {}
+			headers.each do |k,v|
+				parsed[:headers][k.to_s.downcase] = []
+				parsed[:headers][k.to_s.downcase] << v
+			end
+			parsed[:body] = "" # We never seem to get this from Acunetix
+			parsed
+		end
+
+		def report_host(&block)
+			return unless @report_data[:host]
+			return unless in_tag("Scan")
+			if host_is_okay
+				db.emit(:address,@report_data[:host],&block) if block
+				host_info = @report_data.merge(:workspace => @args[:wspace])
+				db_report(:host,host_info)
+			end
+		end
+
+		# The service is super important, so we hang on to it for the
+		# rest of the scan.
+		def report_starturl_service(host_object,&block)
+			return unless host_object
+			return unless @state[:starturl_uri]
+			name = @state[:starturl_uri].scheme
+			port = @state[:starturl_uri].port
+			addr = host_object.address
+			svc = {
+				:host => host_object,
+				:port => port,
+				:name => name.dup,
+				:proto => "tcp"
+			}
+			if name and port
+				db.emit(:service,[addr,port].join(":"),&block) if block
+				@state[:starturl_service_object] = db_report(:service,svc)
+			end
+		end
+
+		def report_web_site(url,&block)
+			return unless in_tag("Crawler")
+			return unless url
+			return if url.strip.empty?
+			uri = URI.parse(url) rescue nil
+			return unless uri
+			host = uri.host
+			port = uri.port
+			scheme = uri.scheme
+			return unless scheme[/^https?/]
+			return unless (host && port && scheme)
+			address = resolve_address(host)
+			return unless address
+			service_info = [ @args[:wspace], address, "tcp", port ]
+			service_object = db.get_service(*service_info)
+			service_object = db_report(:service,service_info) unless service_object
+			web_site_info = {
+				:workspace => @args[:wspace],
+				:service => service_object,
+				:vhost => host,
+				:ssl => (scheme == "https")
+			}
+			@state[:web_site] = db_report(:web_site,web_site_info)
+			@state[:fullurl] = uri
+		end
+
+		def report_starturl_web_site(&block)
+			return unless @state[:crawler_starturl]
+			starturl = @state[:crawler_starturl].dup
+			report_web_site(starturl,&block)
+		end
+
+		def report_os_fingerprint
+			return unless @state[:starturl_service_object]
+			return unless @text
+			return if @text.strip.empty?
+			return unless in_tag("Scan")
+			host = @state[:starturl_service_object].host
+			fp_note = {
+				:workspace => host.workspace,
+				:host => host,
+				:type => 'host.os.acunetix_fingerprint',
+				:data => {:os => @text}
+			}
+			db_report(:note, fp_note)
+			@text = nil
+		end
+
+		def resolve_port(uri)
+			@state[:port] = uri.port
+			unless @state[:port]
+				@parse_warnings << "Could not determine a port for '#{@state[:scan_name]}'"
+			end
+			@state[:port] = uri.port
+		end
+
+		def resolve_address(host)
+			return @resolv_cache[host] if @resolv_cache[host]
+			address = Rex::Socket.resolv_to_dotted(host) rescue nil
+			@resolv_cache[host] = address
+			return address
+		end
+
+		def resolve_scan_starturl_address(uri)
+			if uri.host
+				address = resolve_address(uri.host)
+				unless address
+					@parse_warnings << "Could not resolve address for '#{uri.host}', skipping '#{@state[:scan_name]}'"
+				end
+			else
+				@parse_warnings << "Could not determine a host for '#{@state[:scan_name]}'"
+			end
+			address
+		end
+
+		def handle_parse_warnings(&block)
+			return if @parse_warnings.empty?
+			@parse_warnings.each do |pwarn|
+				db.emit(:warning, pwarn, &block) if block
+			end
+		end
+
+	end
+	end
+end
+

data/lib/rex/parser/appscan_nokogiri.rb

@@ -0,0 +1,366 @@
+require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+
+module Rex
+	module Parser
+
+		# If Nokogiri is available, define AppScan document class. 
+		load_nokogiri && class AppscanDocument < Nokogiri::XML::SAX::Document
+
+		include NokogiriDocMixin
+
+		# The resolver prefers your local /etc/hosts (or windows equiv), but will
+		# fall back to regular DNS. It retains a cache for the import to avoid 
+		# spamming your network with DNS requests.
+		attr_reader :resolv_cache 
+
+		# If name resolution of the host fails out completely, you will not be
+		# able to import that Scan task. Other scan tasks in the same report
+		# should be unaffected.
+		attr_reader :parse_warning
+
+		def start_document
+			@parse_warnings = []
+			@resolv_cache = {}
+		end
+
+		def start_element(name=nil,attrs=[])
+			attrs = normalize_attrs(attrs)
+			block = @block
+			@state[:current_tag][name] = true
+			case name
+			when "Issue" # Start of the stuff we want
+				collect_issue(attrs)
+			when "Entity" # Start of the stuff we want
+				collect_entity(attrs)
+			when "Severity", "Url", "OriginalHttpTraffic"
+				@state[:has_text] = true
+			end
+		end
+
+		def end_element(name=nil)
+			block = @block
+			case name
+			when "Issue" # Wrap it up
+				record_issue
+				# Reset the state once we close an issue
+				@state = @state.select do 
+					|k| [:current_tag, :web_sites].include? k
+				end
+			when "Url" # Populates @state[:web_site]
+				@state[:has_text] = false
+				record_url
+				@text = nil
+				report_web_site(&block)
+				handle_parse_warnings(&block)
+			when "Severity"
+				@state[:has_text] = false
+				record_risk
+				@text = nil
+			when "OriginalHttpTraffic" # Request and response
+				@state[:has_text] = false
+				record_request_and_response
+				report_service_info 
+				page_info = report_web_page(&block)
+				if page_info
+					form_info = report_web_form(page_info,&block)
+					if form_info
+						report_web_vuln(form_info,&block)
+					end
+				end
+				@text = nil
+			end
+			@state[:current_tag].delete name
+		end
+
+		def report_web_vuln(form_info,&block)
+			return unless(in_issue && has_text)
+			return unless form_info.kind_of? Hash
+			return unless @state[:issue]
+			return unless @state[:issue]["Noise"]
+			return unless @state[:issue]["Noise"].to_s.downcase == "false"
+			return unless @state[:issue][:vuln_param]
+			web_vuln_info = {}
+			web_vuln_info[:web_site] = form_info[:web_site] 
+			web_vuln_info[:path] = form_info[:path] 
+			web_vuln_info[:query] = form_info[:query] 
+			web_vuln_info[:method] = form_info[:method] 
+			web_vuln_info[:params] = form_info[:params] 
+			web_vuln_info[:pname] = @state[:issue][:vuln_param]
+			web_vuln_info[:proof] = "" # TODO: pick this up from <Difference> maybe?
+			web_vuln_info[:risk] = @state[:issue][:risk]
+			web_vuln_info[:name] = @state[:issue]["IssueTypeID"]
+			web_vuln_info[:category] = "imported"
+			web_vuln_info[:confidence] = 100 # Seems pretty binary, noise or not
+			db.emit(:web_vuln, web_vuln_info[:name], &block) if block
+			web_vuln = db_report(:web_vuln, web_vuln_info)
+		end
+
+		def collect_entity(attrs)
+			return unless in_issue
+			return unless @state[:issue].kind_of? Hash
+			ent_hash = attr_hash(attrs)
+			return unless ent_hash
+			return unless ent_hash["Type"].to_s.downcase == "parameter"
+			@state[:issue][:vuln_param] = ent_hash["Name"]
+		end
+
+		def report_web_form(page_info,&block)
+			return unless(in_issue && has_text)
+			return unless page_info.kind_of? Hash
+			return unless @state[:request_body]
+			return if @state[:request_body].strip.empty?
+			web_form_info = {}
+			web_form_info[:web_site] = page_info[:web_site]
+			web_form_info[:path] = page_info[:path]
+			web_form_info[:query] = page_info[:query]
+			web_form_info[:method] = @state[:request_headers].cmd_string.split(/\s+/)[0]
+			parsed_params = parse_params(@state[:request_body])
+			return unless parsed_params
+			return if parsed_params.empty?
+			web_form_info[:params] = parsed_params
+			web_form = db_report(:web_form, web_form_info)
+			@state[:web_forms] ||= []
+			unless @state[:web_forms].include? web_form
+				db.emit(:web_form, @state[:uri].to_s, &block) if block
+				@state[:web_forms] << web_form
+			end
+			web_form_info
+		end
+
+		def parse_params(request_body)
+			return unless request_body
+			pairs = request_body.split(/&/)
+			params = []
+			pairs.each do |pair|
+				param,value = pair.split("=",2)
+				params << [param,""] # Can't tell what's default
+			end
+			params
+		end
+
+		def report_web_page(&block)
+			return unless(in_issue && has_text)
+			return unless @state[:web_site]
+			return unless @state[:response_headers]
+			return unless @state[:uri]
+			web_page_info = {}
+			web_page_info[:web_site] = @state[:web_site]
+			web_page_info[:path] = @state[:uri].path
+			web_page_info[:body] = @state[:response_body].to_s
+			web_page_info[:query] = @state[:uri].query
+			code = @state[:response_headers].cmd_string.split(/\s+/)[1]
+			return unless code
+			web_page_info[:code] = code 
+			parsed_headers = {}
+		 	@state[:response_headers].each do |k,v| 
+				parsed_headers[k.to_s.downcase] ||= []
+				parsed_headers[k.to_s.downcase] << v
+			end
+			return if parsed_headers.empty?
+			web_page_info[:headers] = parsed_headers
+			web_page = db_report(:web_page, web_page_info)
+			@state[:web_pages] ||= []
+			unless @state[:web_pages].include? web_page
+				db.emit(:web_page, @state[:uri].to_s, &block) if block
+				@state[:web_pages] << web_page
+			end
+			web_page_info
+		end
+
+		def report_service_info
+			return unless(in_issue && has_text)
+			return unless @state[:web_site]
+			return unless @state[:response_headers]
+			banner = @state[:response_headers]["server"]
+			return unless banner
+			service = @state[:web_site].service
+			return unless service.info.to_s.empty?
+			service_info = {
+				:host => service.host,
+				:port => service.port,
+				:proto => service.proto,
+				:info => banner
+			}
+			db_report(:service, service_info) 
+		end
+
+		def record_request_and_response
+			return unless(in_issue && has_text)
+			return unless @state[:web_site]
+			really_original_traffic = unindent_and_crlf(@text)
+			split_traffic = really_original_traffic.split(/\r\n\r\n/)
+			request_headers_text = split_traffic.first
+			content_length = 0
+			if request_headers_text =~ /\ncontent-length:\s+([0-9]+)/mni
+				content_length = $1.to_i
+			end
+			if(content_length > 0) and (split_traffic[1].to_s.size >= content_length)
+				request_body_text = split_traffic[1].to_s[0,content_length]
+			else
+				request_body_text = nil
+			end
+			response_headers_text = split_traffic[1].to_s[content_length,split_traffic[1].to_s.size].lstrip
+			request = request_headers_text 
+			return unless(request && response_headers_text)
+			response_body_text = split_traffic[2]
+			req_header = Rex::Proto::Http::Packet::Header.new
+			res_header = Rex::Proto::Http::Packet::Header.new
+			req_header.from_s request_headers_text.dup
+			res_header.from_s response_headers_text.dup
+			@state[:request_headers] = req_header
+			@state[:request_body] = request_body_text
+			@state[:response_headers] = res_header
+			@state[:response_body] = response_body_text
+		end
+
+		# Appscan tab-indents which makes parsing a little difficult. They
+		# also don't record CRLFs, just LFs.
+		def unindent_and_crlf(text)
+			second_line = text.split(/\r*\n/)[1]
+			indent_level = second_line.size - second_line.lstrip.size
+			unindented_text_lines = []
+			text.split(/\r*\n/).each do |line|
+				if line =~ /^\t{#{indent_level}}/
+					unindented_line = line[indent_level,line.size]
+					unindented_text_lines << unindented_line
+				else
+					unindented_text_lines << line
+				end
+			end
+			unindented_text_lines.join("\r\n")
+		end
+
+		def record_risk
+			return unless(in_issue && has_text)
+			@state[:issue] ||= {}
+			@state[:issue][:risk] = map_severity_to_risk
+		end
+
+		def map_severity_to_risk
+			case @text.to_s.downcase
+			when "high"   ; 5
+			when "medium" ; 3
+			when "low"    ; 1
+			else          ; 0
+			end
+		end
+
+		# TODO
+		def record_issue
+			return unless in_issue
+			return unless @report_data[:issue].kind_of? Hash
+			return unless @state[:web_site]
+			return if @state[:issue]["Noise"].to_s.downcase == "true"
+		end
+
+		def collect_issue(attrs)
+			return unless in_issue
+			@state[:issue] = {}
+			@state[:issue].merge! attr_hash(attrs)
+		end
+
+		def report_web_site(&block)
+			return unless @state[:uri]
+			uri = @state[:uri]
+			hostname = uri.host # Assume the first one is the real hostname
+			address = resolve_issue_url_address(uri)
+			return unless address
+			unless @resolv_cache.values.include? address
+				db.emit(:address, address, &block) if block
+			end
+			port = resolve_port(uri)
+			return unless port
+			scheme = uri.scheme
+			return unless scheme
+			web_site_info = {:workspace => @args[:wspace]}
+			web_site_info[:vhost] = hostname
+			service_obj = check_for_existing_service(address,port)
+			if service_obj
+				web_site_info[:service] = service_obj
+			else
+				web_site_info[:host] = address
+				web_site_info[:port] = port
+				web_site_info[:ssl] = scheme == "https"
+			end
+			web_site_obj = db_report(:web_site, web_site_info)
+			@state[:web_sites] ||= []
+			unless @state[:web_sites].include? web_site_obj
+				url = "#{uri.scheme}://#{uri.host}:#{uri.port}"
+				db.emit(:web_site, url, &block) if block
+				db.report_import_note(@args[:wspace], web_site_obj.service.host)
+				@state[:web_sites] << web_site_obj
+			end
+			@state[:service] = service_obj || web_site_obj.service
+			@state[:host] = (service_obj || web_site_obj.service).host
+			@state[:web_site] = web_site_obj
+		end
+
+		def check_for_existing_service(address,port)
+			db.get_service(@args[:wspace],address,"tcp",port)
+		end
+
+		def resolve_port(uri)
+			@state[:port] = uri.port
+			unless @state[:port]
+				@parse_warnings << "Could not determine a port for '#{@state[:scan_name]}'"
+			end
+			return @state[:port]
+		end
+
+		def resolve_address(host)
+			return @resolv_cache[host] if @resolv_cache[host]
+			address = Rex::Socket.resolv_to_dotted(host) rescue nil
+			@resolv_cache[host] = address
+			if address
+				block = @block
+				db.emit(:address, address, &block) if block
+			end
+			return address
+		end
+
+		# Alias this 
+		def resolve_issue_url_address(uri)
+			if uri.host
+				address = resolve_address(uri.host)
+				unless address
+					@parse_warnings << "Could not resolve address for '#{uri.host}', skipping."
+				end
+			else
+				@parse_warnings << "Could not determine a host for this import."
+			end
+			address
+		end
+
+		def handle_parse_warnings(&block)
+			return if @parse_warnings.empty?
+			@parse_warnings.each do |pwarn|
+				db.emit(:warning, pwarn, &block) if block
+			end
+		end
+
+		def record_url
+			return unless in_issue
+			return unless has_text
+			uri = URI.parse(@text) rescue nil
+			return unless uri
+			@state[:uri] = uri
+		end
+
+		def in_issue
+			return false unless in_tag("Issue")
+			return false unless in_tag("Issues")
+			return false unless in_tag("XmlReport")
+			return true
+		end
+
+		def has_text
+			return false unless @text
+			return false if @text.strip.empty?
+			@text = @text.strip
+		end
+
+	end
+
+end
+end
+