Use blocked paths in xmlfilecontent probe

jan-cerny · jan-cerny · commit e4ea549a9158 · 2023-12-18T17:11:07.000+01:00
diff --git a/src/OVAL/probes/independent/xmlfilecontent_probe.c b/src/OVAL/probes/independent/xmlfilecontent_probe.c
@@ -142,7 +142,7 @@ static xmlDocPtr strip_ns(xmlDocPtr doc)
 	return result;
 }
 
-static int process_file(const char *prefix, const char *path, const char *filename, struct pfdata *pfd)
+static int process_file(const char *prefix, const char *path, const char *filename, struct pfdata *pfd, struct oscap_list *blocked_paths)
 {
 	int ret = 0, path_len, filename_len;
 	char *whole_path = NULL;
@@ -170,6 +170,10 @@ static int process_file(const char *prefix, const char *path, const char *filena
 
 	memcpy(whole_path + path_len, filename, filename_len + 1);
 
+	if (probe_path_is_blocked(whole_path, blocked_paths)) {
+		goto cleanup;
+	}
+
 	if (prefix == NULL) {
 		doc = xmlParseFile(whole_path);
 	} else {
@@ -392,7 +396,7 @@ int xmlfilecontent_probe_main(probe_ctx *ctx, void *arg)
 
 	if ((ofts = oval_fts_open_prefixed(prefix, path_ent, filename_ent, filepath_ent, behaviors_ent, probe_ctx_getresult(ctx))) != NULL) {
 		while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
-			process_file(prefix, ofts_ent->path, ofts_ent->file, &pfd);
+			process_file(prefix, ofts_ent->path, ofts_ent->file, &pfd, ctx->blocked_paths);
 			oval_ftsent_free(ofts_ent);
 		}
 
