iNoob
Reputation: 1395
Confusion with Parsing XML with elementtree
I am having problems understanding how to use Elementtree correctly. I am attempting to parse a nessus file. Extract the data for all hosts with findings of for instance with a severity of 4. I can ID the sev but Im not sure how to pull the data only for those items. I have checked the docs and loads of examples online but none seem to explain how to gather data from the second level in. I am using ElementTree 1.2.6
Example XML
<ReportItem port="445" svc_name="cifs" protocol="tcp" severity="4" pluginID="12215" pluginName="Sophos Anti-Virus Detection" pluginFamily="Windows">
<cpe>cpe:/a:sophos:sophos_anti-virus</cpe>
<cvss_base_score>10.0</cvss_base_score>
<cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C</cvss_vector>
<description>Sophos Anti-Virus, a commercial antivirus software package for Windows, is installed on the remote host. However, there is a problem with the install, either its services are not running or its engine and/or virus definition are out-of-date.</description>
<fname>sophos_installed.nasl</fname>
<plugin_modification_date>2013/04/02</plugin_modification_date>
<plugin_name>Sophos Anti-Virus Detection</plugin_name>
<plugin_publication_date>2002/04/26</plugin_publication_date>
<plugin_type>local</plugin_type>
<risk_factor>Critical</risk_factor>
<script_version>$Revision: 1.1411 $</script_version>
<see_also>http://www.sophos.com</see_also>
<solution>Make sure updates are working and the associated services are running.</solution>
<synopsis>An antivirus package is installed on the remote host, but it is not working properly.</synopsis>
<plugin_output>
Sophos Anti-Virus is installed on the remote host :
Installation path : c:\Program Files\Sophos\Sophos Anti-Virus
Product version : 10.0.10
Engine version : 3.45.0.2100
Virus signatures last updated : 2011/03/11
Nessus does not currently have information about Sophos 10.0. It may no
longer be supported.
The virus signatures on the remote host are out-of-date by at least 3 days.
The last update from the vendor was on 2015/04/10.
As a result, the remote host might be infected by viruses.
</plugin_output>
</ReportItem>
Current Code
import elementtree.ElementTree as ET
def getDetails(nessus_file):
try:
tree = ET.parse(nessus_file)
doc = tree.getroot()
listitem = doc.getiterator()
for item in listitem:
if item.tag == 'ReportItem':
if item.get('severity') == '4':
walk = doc.getiterator('cve')
for cve in walk:
print cve.text #This prints all the CVEs that are in the nessus file, rather than just the cves associated with the sev 4 item.
except Exception as e:
print e
exit()
getDetails('file.nessus')
Updated Code
import elementtree.ElementTree as ET
def getDetails(nessus_file):
try:
tree = ET.parse(nessus_file)
doc = tree.getroot()
listitem = doc.getiterator()
for document in doc:
if document.tag == 'Report':
for host in document:
if host.tag == 'ReportHost':
print 'Host: ' + host.get('name')
for item in listitem:
if item.tag == 'ReportItem':
if item.get('severity') == '4':
print item.get('pluginName')
for cve in item.findall('.//cve'):
print cve.text
Upvotes: 0
Views: 89
Answers (1)
Daniel
Reputation: 42748
Probably you are looking for findall:
for cve in item.findall('.//cve'):
print cve.text
Here is the updated function:
def get_details(nessus_file):
tree = ET.parse(nessus_file)
for reporthost in tree.findall('/Report/ReportHost'):
print 'Host: ' + host.get('name')
for item in reporthost.findall('ReportItem'):
if item.get('severity') == '4':
print item.get('pluginName')
for cve in item.findall('cve'):
print cve.text
Upvotes: 1
Related Questions
- Using Element Tree to parse XML (Python)
- Parsing XML via 'ElementTree' in Python
- Python - The ElementTree XML API (not parsing as expected)
- Parsing XML using Python ElementTree
- Parsing XML in Python using ElementTree example
- Element tree parsing
- Parsing XML with python and ElementTree
- Python XML Parsing with ElementTree
- Need help parsing XML with ElementTree
- Python ElementTree XML Parsing