用Python解析XML attrib，“和”字符分割

#!/usr/bin/env python import os import sys import time from subprocess import call import xml.etree.ElementTree import re range_from = 2017 range_to = 2017 def process_entry(entry): cve = entry.attrib.get("name") print cve cpes = get_cpes_affected(entry) def get_cpes_affected(entry): child = [] for e in entry.iter(): if "}prod" in e.tag: print e.attrib print unichr(34) if unichr(34) in e.attrib: print "hey yo" child.append("product," + str(e.attrib).split('"')[1] + "," + str(e.attrib).split('"')[3]) else: child.append("product," + str(e.attrib).split("'")[3] + "," + str(e.attrib).split("'")[7]) #print e.tag, e.attrib if "'prev'" in e.attrib: child.append("version," + str(e.attrib).split("'")[7] + "," + str(e.attrib).split("'")[3]) if "}vers" in e.tag and "'prev'" not in e.attrib: child.append("version," + str(e.attrib).split("'")[3] + ",") #print e.tag, e.attrib for derp in child: print derp for i in range(range_from, range_to+1): os.system("wget -O tmp.zip https://nvd.nist.gov/download/nvdcve-%i.xml.zip" % i) os.system("unzip -o tmp.zip") e = xml.etree.ElementTree.parse('nvdcve-%i.xml' % i).getroot() for entry in e: process_entry(entry)

<entry type="CVE" name="CVE-2017-5916" seq="2017-5916" published="2017-05-05" modified="2017-05-16" severity="Medium" CVSS_version="2.0" CVSS_score="4.3" CVSS_base_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)"> <desc> <descript source="cve">The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript> </desc> <loss_types> <conf/> </loss_types> <range> <network/> </range> <refs> <ref source="MISC" url="https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" adv="1">https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f</ref> </refs> <vuln_soft> <prod name="america's_first_fcu_mobile_banking" vendor="america's_first_federal_credit_union"> <vers num="3.1.0" prev="1" edition=":~~~iphone_os~~"/> </prod> </vuln_soft>

Traceback (most recent call last): File "prev-version-load.py", line 49, in <module> process_entry(entry) File "prev-version-load.py", line 18, in process_entry cpes = get_cpes_affected(entry) File "prev-version-load.py", line 33, in get_cpes_affected child.append("product," + str(e.attrib).split("'")[3] + "," + str(e.attrib).split("'")[7]) IndexError: list index out of range

2条回答

网友

1楼 · 编辑于 2024-05-21 23:27:31

这与解析xml无关，而是与格式化输出的方式有关。你知道吗

与shell脚本不同，在shell脚本中，大多数东西都是字符串，您可以通过摆弄字符串来获得所需的输出，python是一种面向对象的语言，python中的对象有类型。尤其是e.attrib是字典类型，不能对字典执行字符串操作。你知道吗

我建议使用ElementTree的findall()方法，而不是像我认为的那样。例如，我认为这是你真正想做的：

#!/usr/bin/env python
from xml.etree import ElementTree as ET

range_from = 2017
range_to = 2017

def process_entry(entry):
    cve = entry.attrib.get("name")
    print cve
    cpes = get_cpes_affected(entry)


def get_cpes_affected(entry):
    prods = entry.findall('nvd:vuln_soft/nvd:prod', namespaces=namespaces)
    for prod in prods:
        print prod.attrib
        print '"'
    for prod in prods:
        print "product,{},{}".format(prod.attrib['vendor'], prod.attrib['name'])
        for vers in prod.findall('nvd:vers', namespaces=namespaces):
            if vers.get('edition'):
                print "version,{},".format(vers.attrib['edition'])
            elif vers.get('prev') == '1':
                print "version,{},".format(vers.attrib['prev'])
            else:
                print "version,{},".format(vers.attrib['num'])


namespaces = {'nvd': 'http://nvd.nist.gov/feeds/cve/1.2'}
# OPTIONAL: registering namespace is useful for outputting XML with ET.tostring()/ET.dump()
#for prefix, ns in namespaces.items():
#    ET.register_namespace(prefix, ns)

for i in range(range_from, range_to+1):
    e = ET.parse('nvdcve-%i.xml' % i).getroot()

    for entry in e:
        process_entry(entry)

网友

2楼 · 编辑于 2024-05-21 23:27:31

考虑替换。。。你知道吗

if "}prod" in e.tag:
    print unichr(34)
    if unichr(34) in e.attrib:
        print "hey yo"
        child.append("product," + str(e.attrib).split('"')[1] + "," + str(e.attrib).split('"')[3])
    else:
        child.append("product," + str(e.attrib).split("'")[3] + "," + str(e.attrib).split("'")[7])
    #print e.tag, e.attrib
if "'prev'" in e.attrib:
    child.append("version," + str(e.attrib).split("'")[7] + "," + str(e.attrib).split("'")[3])
if "}vers" in e.tag and "'prev'" not in e.attrib:
    child.append("version," + str(e.attrib).split("'")[3] + ",")

与。。。你知道吗

reg=r"\"|'(?=[^\"]*')|'(?=\W*\")"
if "prod" in e.tag:
  #print(re.split(reg,str(e.attrib)))
  child.append("product," + re.split(reg,str(e.attrib))[3] + "," + re.split(reg,str(e.attrib))[7])
    #print e.tag, e.attrib
if "prev" in e.attrib:
    child.append("version," + re.split(reg,str(e.attrib))[7] + "," + re.split(reg,str(e.attrib))[3])
if "vers" in e.tag and "prev" not in e.attrib:
    child.append("version," + re.split(reg,str(e.attrib))[3] + ",")

如果可行，请告诉我，我会解释。

更新

更好的解决办法是下图：-你知道吗

    if "prod" in e.tag:
        #print(e.attrib)
        child.append("product," + e.attrib['name'] + "," + e.attrib['vendor'])
    if "prev" in e.attrib:
        child.append("version," + e.attrib['prev'] + "," + e.attrib['num'])
    if "vers" in e.tag and "prev" not in e.attrib:
        child.append("version," + e.attrib['num'] + ",")

使用给定xml的一个工作示例是here，这三种情况分别是您的、我的原始解决方案和更新的解决方案。你知道吗

相关问题更多 >

编程相关推荐

热门问题

热门文章