Fork me on GitHub
Built by Maven

Usage

Invocation

x2vc is a command line application that is called to inspect one or more XSLT programs (stylesheets). The basic syntax is

$ x2vc <mode> <file(s)> [options]

where mode must be one of

You can specify one or multiple files on the command line. Be aware that there are currently an issue with wildcards not working consistently on all platforms.

More advanced options are available for further configuration and logging purposes, but they are not required in most cases.

Console output

When started with a single file to inspect, the console output might look like this:

12:59:05.131 [x2vc-main] I: Preparing pool of 2-8 worker threads with a timeout of PT10S
12:59:05.143 [x2vc-main] I: Starting processing of stylesheet my_stylesheet.xslt
12:59:05.143 [watcher-0] I: Worker status: 0 threads, tasks: 0 queued --> 0 executing --> 0 completed of total 0 scheduled
12:59:06.144 [watcher-0] I: Worker status: 8 threads, tasks: 2 queued --> 8 executing --> 1 completed of total 11 scheduled
12:59:07.183 [watcher-0] I: Worker status: 8 threads, tasks: 144 queued --> 8 executing --> 21 completed of total 173 scheduled
12:59:08.225 [watcher-0] I: Worker status: 8 threads, tasks: 114 queued --> 8 executing --> 51 completed of total 173 scheduled
12:59:09.258 [watcher-0] I: Worker status: 8 threads, tasks: 82 queued --> 8 executing --> 83 completed of total 173 scheduled
12:59:10.262 [watcher-0] I: Worker status: 8 threads, tasks: 54 queued --> 8 executing --> 111 completed of total 173 scheduled
12:59:11.263 [watcher-0] I: Worker status: 8 threads, tasks: 17 queued --> 8 executing --> 148 completed of total 173 scheduled
12:59:12.267 [watcher-0] I: Worker status: 8 threads, tasks: 0 queued --> 0 executing --> 174 completed of total 174 scheduled
12:59:12.304 [x2vc-main] I: Shutting down worker threads
12:59:12.304 [x2vc-main] I: Worker status: 0 threads, tasks: 0 queued --> 0 executing --> 174 completed of total 174 scheduled
12:59:12.305 [x2vc-main] I: Processing completed in 7,18 seconds

x2vc is a multi-threaded application that uses aggressive parallelization to ensure best usage of system resources. The console will report an overview of the worker threads and the number of tasks that are waiting to be processed, currently being processed or have been completed. Once all tasks are done, the application will exit. Under normal circumstances, no further information is available from the console.

Output files

Assuming that the XSLT program file my_stylesheet.xslt was examined, the following files were used and/or created:

  • my_stylesheet.x2vc_schema is the schema file that contains information required for the XSS scan. It is created and updated by the schema derivation.
  • my_stylesheet.xslt.log is the log file with all recorded activities for the stylesheet. Separate logs are kept for all files checked. By default, the log files are rotated to my_stylesheet.xslt.N.log with N = 1..9, so that a maximum of ten log files are kept.
  • my_stylesheet_x2vc_report.html is the report generated by the XSS vulnerability scan in human-readable form.
  • my_stylesheet_x2vc_report.xml is the report generated by the XSS vulnerability scan in machine-readable form.