javaxpathstax

Getting error while parsing an XML 1.1 document with Stax parser


I am trying to parse Burp Suite XML export. I have used Stax parser and XPath parser. But I am getting

Location: /py/message/viewBill.pt [id parameter]]]></location>
<severity>High</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[Reflected 
javax.xml.stream.XMLStreamException: ParseError at [row,col]:[66,2357]
Message: The element type "location" must be terminated by the matching end-tag "< /location>".
    at com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.next(XMLStreamReaderImpl.java:604)
    at com.sun.xml.internal.stream.XMLEventReaderImpl.nextEvent(XMLEventReaderImpl.java:83)

error all the time. Although there is an end-tag, parser cannot find it. My code is:

XMLInputFactory factory = XMLInputFactory.newInstance();
XMLEventReader eventReader = factory.createXMLEventReader(new StringReader(str));

while (eventReader.hasNext()) {
    XMLEvent event = eventReader.nextEvent();

    switch (event.getEventType()) {

        case XMLStreamConstants.START_ELEMENT:
            StartElement startElement = event.asStartElement();
            String qName = startElement.getName().getLocalPart();

            if (qName.equalsIgnoreCase(ISSUES)) {
                issues = true;
            } else if (qName.equalsIgnoreCase(ISSUE)) {
                issue = true;
            } else if (qName.equalsIgnoreCase(NAME)) {
                name = true;
            } else if (qName.equalsIgnoreCase(HOST)) {
                host = true;
            } else if (qName.equalsIgnoreCase(PATH)) {
                path = true;
            } else if (qName.equalsIgnoreCase(LOCATION)) {
                location = true;
            } else if (qName.equalsIgnoreCase(SEVERITY)) {
                severity = true;
            }
            break;

        case XMLStreamConstants.CHARACTERS:
            Characters characters = event.asCharacters();
            if (name) {
                System.out.println("Name: " + characters.getData());
                name = false;
            } else if (host) {
                System.out.println("Host: " + characters.getData());
                host = false;
            } else if (path) {
                System.out.println("Path: " + characters.getData());
                path = false;
            } else if (location) {
                System.out.println("Location: " + characters.getData());
                location = false;
            } else if (severity) {
                System.out.println("severity: " + characters.getData());
                severity = false;
            }
            break;

        case XMLStreamConstants.END_ELEMENT:
            EndElement endElement = event.asEndElement();
            String endElementName = endElement.getName().getLocalPart();

            if (endElementName.equalsIgnoreCase(ISSUE)) {
                issue = false;
            } else if (endElementName.equalsIgnoreCase(NAME)) {
                name = false;
            } else if (endElementName.equalsIgnoreCase(HOST)) {
                host = false;
            } else if (endElementName.equalsIgnoreCase(PATH)) {
                path = false;
            } else if (endElementName.equalsIgnoreCase(LOCATION)) {
                location = false;
            } 
            break;
    }
}

And I am trying to parse the report that I found on https://github.com/mtesauro/parse-tools/blob/master/examples/brief-burp-export.xml .

Can someone give some advice ?


Solution

  • I would hazard a guess that it's a bug in the XML parser. Specifically, I suspect it hasn't recognized ]]]> on line 63 as terminating the CDATA section, so it carries on thinking it's in CDATA until the ]]> at the end of line 66, at which point it found the end tag </issueBackground> where it was looking for </location>. Raise a ticket with the suppliers of the XML parser, or switch to one that works.