我有以下xml:
<a>
<TICKET_LIST>
<TICKET>
<NUMBER>182820</NUMBER>
<DETECTION>
<IP network_id="173230">192.168.140.61</IP>
<DNSNAME><![CDATA[local]]></DNSNAME>
<PORT>80</PORT>
<SERVICE>CGI</SERVICE>
<PROTOCOL>tcp</PROTOCOL>
</DETECTION>
<VULNINFO>
<TITLE><![CDATA[HTTP TRACE / TRACK Methods Enabled]]></TITLE>
<TYPE>VULN</TYPE>
<QID>12680</QID>
<SEVERITY>3</SEVERITY>
<STANDARD_SEVERITY>3</STANDARD_SEVERITY>
<CVE_ID_LIST>
<CVE_ID><![CDATA[CVE-2004-2320]]></CVE_ID>
<CVE_ID><![CDATA[CVE-2010-0386]]></CVE_ID>
<CVE_ID><![CDATA[CVE-2003-1567]]></CVE_ID>
</CVE_ID_LIST>
</VULNINFO>
</TICKET>
<TICKET>
<NUMBER>182957</NUMBER>
<DETECTION>
<IP network_id="173230">192.168.200.46</IP>
<DNSNAME><![CDATA[local]]></DNSNAME>
<PORT>443</PORT>
<SERVICE>Web server</SERVICE>
<PROTOCOL>tcp</PROTOCOL>
</DETECTION>
<VULNINFO>
<TITLE><![CDATA[Web Server Uses Plain-Text Form Based Authentication]]></TITLE>
<TYPE>VULN</TYPE>
<QID>86728</QID>
<SEVERITY>3</SEVERITY>
<STANDARD_SEVERITY>3</STANDARD_SEVERITY>
</VULNINFO>
</TICKET>
</TICKET_LIST>
</a>
我想将某些数据导出为csv格式。
此代码按预期返回一些数据:
xmlstarlet sel -T -t -m /a/TICKET_LIST/TICKET -v "concat(NUMBER,',',DETECTION/IP,',',DETECTION/DNSNAME,',',DETECTION/SERVICE,',',DETECTION/PORT,',',VULNINFO/TITLE,',',VULNINFO/QID)" -n file.xml
但是我也对其余所有数据在同一行上的所有CVE_ID数据感兴趣。
我现在得到的结果是:
182820,192.168.140.61,local,CGI,80,HTTP TRACE / TRACK Methods Enabled,12680
182957,192.168.200.46,local,Web server,443,Web Server Uses Plain-Text Form Based Authentication,86728
预期结果是:
182820,192.168.140.61,local,CGI,80,HTTP TRACE / TRACK Methods Enabled,12680,CVE-2004-2320 CVE-2010-0386 CVE-2003-1567
182957,192.168.200.46,local,Web server,443,Web Server Uses Plain-Text Form Based Authentication,86728
由于存在多个CVE_ID元素,您需要添加另一个匹配-m的匹配项(VULNINFO/CVE_ID_LIST/CVE_ID)。
此外,要使换行符(-n)正确输出,您必须中断嵌套(-b)。
示例...
xmlstarlet sel -T -t -m /a/TICKET_LIST/TICKET -v "concat(NUMBER,',',DETECTION/IP,',',DETECTION/DNSNAME,',',DETECTION/SERVICE,',',DETECTION/PORT,',',VULNINFO/TITLE,',',VULNINFO/QID,',')" -m VULNINFO/CVE_ID_LIST/CVE_ID -v "concat(.,' ')" -b -n file.xml
输出...
182820,192.168.140.61,local,CGI,80,HTTP TRACE / TRACK Methods Enabled,12680,CVE-2004-2320 CVE-2010-0386 CVE-2003-1567
182957,192.168.200.46,local,Web server,443,Web Server Uses Plain-Text Form Based Authentication,86728,
如果您看到xmlstarlet内部使用的XSLT(-C)...,那么命令行可能更有意义。
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:exslt="http://exslt.org/common" version="1.0" extension-element-prefixes="exslt">
<xsl:output omit-xml-declaration="yes" indent="no" method="text"/>
<xsl:template match="/">
<xsl:for-each select="/a/TICKET_LIST/TICKET">
<xsl:call-template name="value-of-template">
<xsl:with-param name="select" select="concat(NUMBER,',',DETECTION/IP,',',DETECTION/DNSNAME,',',DETECTION/SERVICE,',',DETECTION/PORT,',',VULNINFO/TITLE,',',VULNINFO/QID,',')"/>
</xsl:call-template>
<xsl:for-each select="VULNINFO/CVE_ID_LIST/CVE_ID">
<xsl:call-template name="value-of-template">
<xsl:with-param name="select" select="concat(.,' ')"/>
</xsl:call-template>
</xsl:for-each>
<xsl:value-of select="' '"/>
</xsl:for-each>
</xsl:template>
<xsl:template name="value-of-template">
<xsl:param name="select"/>
<xsl:value-of select="$select"/>
<xsl:for-each select="exslt:node-set($select)[position()>1]">
<xsl:value-of select="' '"/>
<xsl:value-of select="."/>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
请注意,输出的第二行末尾带有,。我认为这不会成为问题,因为CSV行将具有相同数量的列。
如果有问题,您可以使用“ if”(-i)并在处理它们之前检查是否有任何CVE_ID ...
xmlstarlet sel -T -t -m /a/TICKET_LIST/TICKET -v "concat(NUMBER,',',DETECTION/IP,',',DETECTION/DNSNAME,',',DETECTION/SERVICE,',',DETECTION/PORT,',',VULNINFO/TITLE,',',VULNINFO/QID)" -i VULNINFO/CVE_ID_LIST/CVE_ID -o "," -m VULNINFO/CVE_ID_LIST/CVE_ID -v "concat(.,' ')" -b -n file.xml
输出与上面相同,除了第二行未输出尾随, ...
182820,192.168.140.61,local,CGI,80,HTTP TRACE / TRACK Methods Enabled,12680,CVE-2004-2320 CVE-2010-0386 CVE-2003-1567
182957,192.168.200.46,local,Web server,443,Web Server Uses Plain-Text Form Based Authentication,86728