CODEWITHSUNDEEP
jq
KarlsD
KarlsD

Reputation: 667

jq: select only necessary fields if the field n is x

I have the following JSON scheme:

{
  "CVE_data_type" : "CVE",
  "CVE_data_format" : "MITRE",
  "CVE_data_version" : "4.0",
  "CVE_data_numberOfCVEs" : "19162",
  "CVE_data_timestamp" : "2022-02-24T08:00Z",
  "CVE_Items" : [ {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-0597",
        "ASSIGNER" : "[email protected]"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.synology.com/security/advisory/Synology_SA_20_15",
          "name" : "https://www.synology.com/security/advisory/Synology_SA_20_15",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.lenovo.com/de/en/product_security/len-30041",
          "name" : "https://support.lenovo.com/de/en/product_security/len-30041",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20200611-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20200611-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.kb.cert.org/vuls/id/257161",
          "name" : "VU#257161",
          "refsource" : "CERT-VN",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:active_management_technology:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndIncluding" : "11.8.76",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:active_management_technology:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.10",
          "versionEndIncluding" : "11.11.76",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:active_management_technology:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.20",
          "versionEndIncluding" : "11.22.76",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:active_management_technology:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.0",
          "versionEndIncluding" : "12.0.63",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:active_management_technology:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "13.0",
          "versionEndIncluding" : "13.0.31",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:active_management_technology:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "14.0",
          "versionEndIncluding" : "14.0.32",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndIncluding" : "11.8.76",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.10",
          "versionEndIncluding" : "11.11.76",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.20",
          "versionEndIncluding" : "11.22.76",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.0",
          "versionEndIncluding" : "12.0.63",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "13.0",
          "versionEndIncluding" : "13.0.31",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:software_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "14.0",
          "versionEndIncluding" : "14.0.32",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-06-15T14:15Z",
    "lastModifiedDate" : "2021-03-18T13:15Z"
 }, {
    "cve" : {[...]

I need to get the following values from the schema if the ID value is CVE-2020-0597:

CWE-125

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5

I've never worked with this, so it's a little hard for me to understand how to do it in this structure. Can somebody show me an example for my case?

Upvotes: 0

Views: 47

Answers (1)

pmf
pmf

Reputation: 36231

Without further details wrt conditions, array indices etc, I guess this is what you want:

jq -r '
  .CVE_Items[] | select(.cve.CVE_data_meta.ID == "CVE-2020-0597")
  | .cve.problemtype.problemtype_data[0].description[0].value, 
    (.impact.baseMetricV3.cvssV3 | .vectorString, .baseScore)
'

CWE-125
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5

Demo

Upvotes: 1

Related Questions