PythonのXML属性の解析と文字分割

<entry type="CVE" name="CVE-2017-5916" seq="2017-5916" published="2017-05-05" modified="2017-05-16" severity="Medium" CVSS_version="2.0" CVSS_score="4.3" CVSS_base_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)"> <desc> <descript source="cve">The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript> </desc> <loss_types> <conf/> </loss_types> <range> <network/> </range> <refs> <ref source="MISC" url="https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" adv="1">https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f</ref> </refs> <vuln_soft> <prod name="america's_first_fcu_mobile_banking" vendor="america's_first_federal_credit_union"> <vers num="3.1.0" prev="1" edition=":~~~iphone_os~~"/> </prod> </vuln_soft>

#!/usr/bin/env python import os import sys import time from subprocess import call import xml.etree.ElementTree import re range_from = 2017 range_to = 2017 def process_entry(entry): cve = entry.attrib.get("name") print cve cpes = get_cpes_affected(entry) def get_cpes_affected(entry): child = [] for e in entry.iter(): if "}prod" in e.tag: print e.attrib print unichr(34) if unichr(34) in e.attrib: print "hey yo" child.append("product," + str(e.attrib).split('"')[1] + "," + str(e.attrib).split('"')[3]) else: child.append("product," + str(e.attrib).split("'")[3] + "," + str(e.attrib).split("'")[7]) #print e.tag, e.attrib if "'prev'" in e.attrib: child.append("version," + str(e.attrib).split("'")[7] + "," + str(e.attrib).split("'")[3]) if "}vers" in e.tag and "'prev'" not in e.attrib: child.append("version," + str(e.attrib).split("'")[3] + ",") #print e.tag, e.attrib for derp in child: print derp for i in range(range_from, range_to+1): os.system("wget -O tmp.zip https://nvd.nist.gov/download/nvdcve-%i.xml.zip" % i) os.system("unzip -o tmp.zip") e = xml.etree.ElementTree.parse('nvdcve-%i.xml' % i).getroot() for entry in e: process_entry(entry)

Traceback (most recent call last): File "prev-version-load.py", line 49, in <module> process_entry(entry) File "prev-version-load.py", line 18, in process_entry cpes = get_cpes_affected(entry) File "prev-version-load.py", line 33, in get_cpes_affected child.append("product," + str(e.attrib).split("'")[3] + "," + str(e.attrib).split("'")[7]) IndexError: list index out of range

これは、xmlの解析とは関係ありませんが、出力のフォーマット方法とは関係ありません。

ほとんどのものが文字列だけで、あなたが望む出力を得るために文字列の手書きをすることができるシェルスクリプトとは異なり、Pythonはオブジェクト指向言語です。Pythonのオブジェクトには型があります。特にe.attribは辞書型であり、辞書に対して文字列演算を行うことはできません。

あなたがしようとしていたと思われることを行う代わりに、ElementTreeのfindall()メソッドを使用することをお勧めします。

#!/usr/bin/env python 
from xml.etree import ElementTree as ET 

range_from = 2017 
range_to = 2017 

def process_entry(entry): 
    cve = entry.attrib.get("name") 
    print cve 
    cpes = get_cpes_affected(entry) 


def get_cpes_affected(entry): 
    prods = entry.findall('nvd:vuln_soft/nvd:prod', namespaces=namespaces) 
    for prod in prods: 
     print prod.attrib 
     print '"' 
    for prod in prods: 
     print "product,{},{}".format(prod.attrib['vendor'], prod.attrib['name']) 
     for vers in prod.findall('nvd:vers', namespaces=namespaces): 
      if vers.get('edition'): 
       print "version,{},".format(vers.attrib['edition']) 
      elif vers.get('prev') == '1': 
       print "version,{},".format(vers.attrib['prev']) 
      else: 
       print "version,{},".format(vers.attrib['num']) 


namespaces = {'nvd': 'http://nvd.nist.gov/feeds/cve/1.2'} 
# OPTIONAL: registering namespace is useful for outputting XML with ET.tostring()/ET.dump() 
#for prefix, ns in namespaces.items(): 
# ET.register_namespace(prefix, ns) 

for i in range(range_from, range_to+1): 
    e = ET.parse('nvdcve-%i.xml' % i).getroot() 

    for entry in e: 
     process_entry(entry)

出典

2017-10-05 17:46:01

はい、これは私が最初にやろうとしていたことですが、最初はやっていないし、奇妙なことに戻りました。 – Adthrawn

は、交換を検討エラーを含めるのを忘れて...

if "}prod" in e.tag: 
    print unichr(34) 
    if unichr(34) in e.attrib: 
     print "hey yo" 
     child.append("product," + str(e.attrib).split('"')[1] + "," + str(e.attrib).split('"')[3]) 
    else: 
     child.append("product," + str(e.attrib).split("'")[3] + "," + str(e.attrib).split("'")[7]) 
    #print e.tag, e.attrib 
if "'prev'" in e.attrib: 
    child.append("version," + str(e.attrib).split("'")[7] + "," + str(e.attrib).split("'")[3]) 
if "}vers" in e.tag and "'prev'" not in e.attrib: 
    child.append("version," + str(e.attrib).split("'")[3] + ",")

With ...

reg=r"\"|'(?=[^\"]*')|'(?=\W*\")" 
if "prod" in e.tag: 
    #print(re.split(reg,str(e.attrib))) 
    child.append("product," + re.split(reg,str(e.attrib))[3] + "," + re.split(reg,str(e.attrib))[7]) 
    #print e.tag, e.attrib 
if "prev" in e.attrib: 
    child.append("version," + re.split(reg,str(e.attrib))[7] + "," + re.split(reg,str(e.attrib))[3]) 
if "vers" in e.tag and "prev" not in e.attrib: 
    child.append("version," + re.split(reg,str(e.attrib))[3] + ",")

これが動作すれば教えてください。私は説明します。

UPDATE

さらに良い解決策は以下の通りです： - あなたの指定したXMLと

if "prod" in e.tag: 
     #print(e.attrib) 
     child.append("product," + e.attrib['name'] + "," + e.attrib['vendor']) 
    if "prev" in e.attrib: 
     child.append("version," + e.attrib['prev'] + "," + e.attrib['num']) 
    if "vers" in e.tag and "prev" not in e.attrib: 
     child.append("version," + e.attrib['num'] + ",")

実施例は、すべての3例のあなたのためのhere、私の元のソリューションおよび更新されたソリューションです。。

出典

2017-10-05 16:50:40 kaza

ああ、2番目の解決策は、私が試していたものです。私はifを実行せずにフィールドを引き出すためにXPATHを使用しようとしましたが、失敗しました。 – Adthrawn

@Adthrawn：stdlibのxml.etreeはxpathをサポートしていません。 xpathを使用する場合は、[lxml]（https://pypi.python.org/pypi/lxml）の[etree]（http://lxml.de/tutorial.html）を使用してください。 –

PythonのXML属性の解析と文字分割

答えて

関連する問題