Submitted by alla on Thu, 11/25/2010 - 15:52

Using Node Status | Table of Contents | Tracing Data Origin >

MagicTree defines a number of custom XPath functions to make certain queries and report generation tasks easier.

mt:empty(expression,...)

If it has any arguments it fails (returns empty nodeset). If it has no arguments it succeeds and returns a node from the current nodeset.

This function is useful to queries all nodes having no such-and-such subnodes. For instance, to select all ports without a service on it the following expression can be used:

//port[mt:empty(service, tunnel/service)]

mt:inputting(expression)

Returns a list of task objects that have the nodes specified by expression as input.

This function is useful for getting the list of tasks executed for a given object, such as host. For example, in a report section describing a host, you might have a subsection listing all commands that were executed for this host:

3.1.1 {{/.host}}

Some text..

Commands Executed for This Host

{{mt:inputting(.)}}

mt:tasklist()

Returns all executed tasks. Takes no arguments.

mt:taskscreenlog(task)

Returns the full screen log of the specified task as string.

mt:taskscreenlogbrief(task)

Returns the first 20 lines of the screen log of the specified task, followed by text "...skipping the rest of output...", as string.

mt:bsh(beanShellExpression)

Executes the specified "beanShellExpression" using the first node of the context as its argument.

mt:regex(expression)

Matches the specified regular expression against the first node in the context. Returns the list of all matches in the first node in the context.

mt:xreftarget(xref)

Returns the node to which the cross-reference specified as the argument points.

mt:linkedxrefs(expression)

Returns the list od xrefs that point to the nodes, specified by expression.

mt:join(expression, separator)

This function works in a way similar to join() in Perl and PHP. It takes a list of values, specified by expression, joins them using separator as separator and returns the result as string.

mt:unique(expression)

This function acts similar to uniq program on *nix. It takes a list of nodes, specified by expression, and returns a list, that contains only unique values. The nodes are compared by their text value. The only exception are Text objects that are compared by title.

This function comes extremely useful for grouping together vulnerability scanner findings, for example those returned by Nessus. If you want to list every kind of problem that Nessus has found, you can use something like this:

{{mt:unique(//finding/@title)}}

mt:path-to(expression)

Returns a list of paths from "testdata" node to the nodes specified by the expression. This can be useful for generating "Affected Systems" section in reports. See also mt:path-to-parent()

mt:path-to-parent()

Returns a list of paths from "testdata" node to the parents of the nodes specified by the expression. This can be useful for generating "Affected Systems" section in reports. For example, the following section of a report template groups vulnerability scanner findings and lists all affected hosts (and possibly ports) for each finding:

{{mt:unique(//finding/@title)}}

...

Affected Systems

  • {{mt:path-to-parent(//finding[@title = $_1])}}

If you are wondering what $_1 is supposed to mean, read Back Reference Variables

Using Node Status | Table of Contents | Tracing Data Origin >

Contacts

+32 (0) 2 215 53 58

info@gremwell.com

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.