python中的xml xpath和嵌套

Question

我试图在.//statement/statement/description中打印出描述，这将是以下语句

“实施了确保组织计划进行与组织信息系统相关的安全测试、培训和监视活动的过程：

审查测试、培训和监测计划，以便与组织风险管理战略和全组织风险应对行动的优先事项保持一致。“

但出于某种原因，它也会进行更深入的研究，并打印出以下两条声明

“被开发和维护；

“继续及时执行；”

这是它打印出来的顺序

实现了确保组织计划进行与组织信息系统相关的安全测试、培训和监视活动的过程：

审查测试、培训和监测计划，以符合组织风险管理战略和组织范围内风险应对行动的优先事项。

发展和维持；及

继续及时执行；

我应该更改什么，这样它才能打印

实现了确保组织计划进行与组织信息系统相关的安全测试、培训和监视活动的过程：

审查测试、培训和监测计划，以符合组织风险管理战略和组织范围内风险应对行动的优先事项。

Python代码

import xml.etree.ElementTree as ET 
import csv


xmlFile='/Users/username/Desktop/xmlFile.xml'
tree = ET.parse(xmlFile) 
root = tree.getroot()

# open a file for writing
excelFile = open('/Users/username/Desktop/table2.csv', 'w')

# creates the csv writer object / varible to write to csv
csvwriter = csv.writer(excelFile)

# list that contains the header
list_head = []
count = 0

for element in root.findall('control'):
    list_nodes=[]
    if count == 0:

        number = element.find('number').tag
        list_head.append(number)

        description =element.find('.//statement/description').tag
        list_head.append(description)

        csvwriter.writerow(list_head)
        count = count + 1

    # Control number 
    number = 'Nist800-53-V4-' + element.find('number').text  
    list_nodes.append(number)


    # Control Description 
    if element.find('.//statement'):
        if element.find('.//statement/statement/') is not None:
            for descrip in element.findall('.//statement/statement/description'):
                descrip_value = descrip.text
                print(descrip_value)

    csvwriter.writerow(list_nodes)
excelFile.close()

XML文件

<?xml version="1.0" encoding="UTF-8"?>
<controls>
  <control>
    <family>PROGRAM MANAGEMENT</family>
    <number>PM-14</number>
    <title>TESTING, TRAINING, AND MONITORING</title>
    <statement>
      <description>The organization:</description>
      <statement>
        <number>PM-14a.</number>
        <description>
        Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
        </description>
        <statement>
          <number>PM-14a.1.</number>
          <description>Are developed and maintained; and</description>
        </statement>
        <statement>
          <number>PM-14a.2.</number>
          <description>Continue to be executed in a timely manner;</description>
        </statement>
      </statement>
      <statement>
        <number>PM-14b.</number>
        <description>
        Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
        </description>
      </statement>
    </statement>
    <supplemental-guidance>
      <description>
      This control ensures that organizations provide oversight for the security testing, training, and monitoring activities conducted organization-wide and that those activities are coordinated. With the importance of continuous monitoring programs, the implementation of information security across the three tiers of the risk management hierarchy, and the widespread use of common controls, organizations coordinate and consolidate the testing and monitoring activities that are routinely conducted as part of ongoing organizational assessments supporting a variety of security controls. Security training activities, while typically focused on individual information systems and specific roles, also necessitate coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.
      </description>
      <related>AT-3</related>
      <related>CA-7</related>
      <related>CP-4</related>
      <related>IR-3</related>
      <related>SI-4</related>
    </supplemental-guidance>
    <references>
      <reference>
        <item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-16">NIST Special Publication 800-16</item>
      </reference>
      <reference>
        <item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-37">NIST Special Publication 800-37</item>
      </reference>
      <reference>
        <item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-53A">NIST Special Publication 800-53A</item>
      </reference>
      <reference>
        <item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-137">NIST Special Publication 800-137</item>
      </reference>
    </references>
  </control>
</controls>

Answer 1

你的XPath表达式

.//statement/description

检索所有<description>元素，这些元素是<statement>元素的直接子元素。正如你所经历的，这些都是很多的。

将表达式更改为

statement/statement/description

您将得到所需的结果，因为您将只选择具有两个<description>祖先的<statement>元素(不准确，但足以获得gist)。