0

我尝试解析 xml,但我没有机会,如果有人能解释我该怎么做或解释问题出在哪里,我将不胜感激:

这是我的xml代码:

    <?xml version='1.0' encoding='UTF-8'?>
    <nvd xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:scap-        core="http://scap.nist.gov/schema/scap-core/0.1" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" pub_date="2013-01-22T06:34:06" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd"         nvd_xml_version="2.0">
      <entry id="CVE-2009-0001">
        <vuln:vulnerable-software-list>
          <vuln:product>cpe:/a:apple:quicktime:3</vuln:product>
          <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
        </vuln:vulnerable-software-list>
        <vuln:cvss>
          <cvss:base_metrics>
          <cvss:score>9.3</cvss:score>
          <cvss:access-vector>NETWORK</cvss:access-vector>
          <cvss:access-complexity>LOW</cvss:access-complexity>
          <cvss:authentication>NONE</cvss:authentication>

          </cvss:base_metrics>
          </vuln:cvss>
      </entry>
      <entry id="CVE-2009-0002">
        <vuln:vulnerable-software-list>
          <vuln:product>cpe:/a:apple:quicktime:3</vuln:product>
          <vuln:product>cpe:/a:apple:quicktime:6.5</vuln:product>
          <vuln:product>cpe:/a:apple:quicktime:7.0</vuln:product>
          <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
        </vuln:vulnerable-software-list>
        <vuln:cvss>
          <cvss:base_metrics>
            <cvss:score>3.2</cvss:score>
            <cvss:access-vector>NETWORK</cvss:access-vector>
            <cvss:access-complexity>LOW</cvss:access-complexity>
            <cvss:authentication>NONE</cvss:authentication>

          </cvss:base_metrics>
        </vuln:cvss>
      </entry>
    </nvd>

我将 xslt 与下面的 xsl 文件一起使用:

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
                    xmlns:nvd="http://scap.nist.gov/schema/feed/vulnerability/2.0"
                    xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" version="1.0">

    <xsl:output encoding="UTF-8" method="text" />

    <xsl:template match="/"><xsl:apply-templates select="nvd:nvd" /></xsl:template>

    <xsl:template match="nvd:nvd"><xsl:apply-templates select="nvd:entry" /></xsl:template>

    <xsl:template match="nvd:entry">
    <xsl:apply-templates select="vuln:vulnerable-software-list">
      <xsl:with-param name="entryid" select="@id" />
    </xsl:apply-templates>
    </xsl:template>

    <xsl:template match="vuln:vulnerable-software-list">
    <xsl:param name="entryid" />
    <xsl:for-each select="vuln:product">
    <xsl:value-of select="$entryid" />:<xsl:value-of select="text()" /><xsl:text>
    </xsl:text>
    </xsl:for-each>
    </xsl:template>

    </xsl:stylesheet>

结果是:

    # xsltproc a2.xsl a2.xml
    CVE-2009-0001:cpe:/a:apple:quicktime:3
    CVE-2009-0001:cpe:/a:apple:quicktime:7.3.1.70
    CVE-2009-0002:cpe:/a:apple:quicktime:3
    CVE-2009-0002:cpe:/a:apple:quicktime:6.5
    CVE-2009-0002:cpe:/a:apple:quicktime:7.0
    CVE-2009-0002:cpe:/a:apple:quicktime:7.3.1.70

但现在我想像这样添加 cvss:score a 结尾:

    CVE-2009-0001:cpe:/a:apple:quicktime:3@9.3
    CVE-2009-0001:cpe:/a:apple:quicktime:7.3.1.70@9.3
    CVE-2009-0002:cpe:/a:apple:quicktime:3@3.2
    CVE-2009-0002:cpe:/a:apple:quicktime:6.5@3.2
    CVE-2009-0002:cpe:/a:apple:quicktime:7.0@3.2
    CVE-2009-0002:cpe:/a:apple:quicktime:7.3.1.70@3.2

我尝试过这样的想法:

添加

          <xsl:apply-templates select="vuln:cvss/cvss:base_metrics/cvss:score">

或者

    select="*/score"

但它不起作用.... :-(

当然我添加了一个参数:

      <xsl:value-of select="$score" /><xsl:text>

在模板 vuln:vulnerable-software-list

谢谢你的帮助

问候

阿诺

嗨 Jallopa:我尝试在 for-each 部分中添加您的代码,但它返回:

    xsltproc a.xsl a.xml
    XPath error : Undefined namespace prefix
    xmlXPathCompiledEval: evaluation failed
    runtime error: file a.xsl line 21 element value-of
    XPath evaluation returned no result.

第 21 行包含:

    <xsl:value-of select="ancestor::entry[1]/vuln:cvss/cvss:base_metrics/cvss:score"/>

嗨 wst,我已经尝试过你的代码,但这次

    xsltproc a.xsl a.xml
    XPath error : Undefined namespace prefix
    xmlXPathCompiledEval: evaluation failed
    runtime error: file a.xsl line 15 element with-param
    Failed to evaluate the expression of variable 'score'.

第 15 行是:

           <xsl:with-param name="score" select="vuln:cvss/cvss:base_metrics/cvss:score"/>

(我在 with-param 中的选择中添加了 =)

有任何想法吗 ?

谢谢。

4

2 回答 2

0

在 foreach 元素中,添加:

<xsl:value-of select="ancestor::entry[1]/vuln:cvss/cvss:base_metrics/cvss:score"/>

这将向上导航到第一个“条目”元素,然后向下导航到 cvss:score。

于 2013-02-01T17:24:58.177 回答
0

这个问题可以更简单地解决,但保持模板样式,您可以将值作为另一个参数传递:

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" 
    xmlns:nvd="http://scap.nist.gov/schema/feed/vulnerability/2.0"
    xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" version="1.0">

<xsl:output encoding="UTF-8" method="text" />

<xsl:template match="/"><xsl:apply-templates select="nvd:nvd" /></xsl:template>

<xsl:template match="nvd:nvd"><xsl:apply-templates select="nvd:entry" /></xsl:template>

<xsl:template match="nvd:entry">
    <xsl:apply-templates select="vuln:vulnerable-software-list">
        <xsl:with-param name="entryid" select="@id" />
        <xsl:with-param name="score" select"vuln:cvss/cvss:base_metrics/cvss:score"/>
    </xsl:apply-templates>
</xsl:template>

<xsl:template match="vuln:vulnerable-software-list">
    <xsl:param name="entryid" />
    <xsl:param name="score" />
    <xsl:for-each select="vuln:product">
        <xsl:value-of select="$entryid" />:<xsl:value-of select="text()" />@<xsl:value-of select="$score" /><xsl:text>
    </xsl:text>
    </xsl:for-each>
</xsl:template>

</xsl:stylesheet>
于 2013-02-01T17:25:10.210 回答