使用元素树解析XML的混淆

Question

我在理解如何正确使用元素树方面有问题。我正试图解析一个nessus文件。提取所有主机的数据，例如，严重程度为4的主机。我可以识别sev，但我不知道如何只为这些项目提取数据。我在网上查看了文档和大量示例，但似乎没有人解释如何从第二级收集数据。我使用的是ElementTree 1.2.6

示例XML

<ReportItem port="445" svc_name="cifs" protocol="tcp" severity="4" pluginID="12215" pluginName="Sophos Anti-Virus Detection" pluginFamily="Windows">
<cpe>cpe:/a:sophos:sophos_anti-virus</cpe>
<cvss_base_score>10.0</cvss_base_score>
<cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C</cvss_vector>
<description>Sophos Anti-Virus, a commercial antivirus software package for Windows, is installed on the remote host. However, there is a problem with the install, either its services are not running or its engine and/or virus definition are out-of-date.</description>
<fname>sophos_installed.nasl</fname>
<plugin_modification_date>2013/04/02</plugin_modification_date>
<plugin_name>Sophos Anti-Virus Detection</plugin_name>
<plugin_publication_date>2002/04/26</plugin_publication_date>
<plugin_type>local</plugin_type>
<risk_factor>Critical</risk_factor>
<script_version>$Revision: 1.1411 $</script_version>
<see_also>http://www.sophos.com</see_also>
<solution>Make sure updates are working and the associated services are running.</solution>
<synopsis>An antivirus package is installed on the remote host, but it is not working properly.</synopsis>
<plugin_output>
Sophos Anti-Virus is installed on the remote host :

  Installation path : c:\Program Files\Sophos\Sophos Anti-Virus
  Product version   : 10.0.10
  Engine version    : 3.45.0.2100
  Virus signatures last updated   : 2011/03/11

Nessus does not currently have information about Sophos 10.0. It may no
longer be supported.

The virus signatures on the remote host are out-of-date by at least 3 days.
The last update from the vendor was on 2015/04/10.

As a result, the remote host might be infected by viruses.
</plugin_output>
</ReportItem>

电流码

import elementtree.ElementTree as ET

def getDetails(nessus_file):
    try:
        tree = ET.parse(nessus_file)
        doc = tree.getroot()
        listitem = doc.getiterator()

        for item in listitem:
            if item.tag == 'ReportItem':
                if item.get('severity') == '4':
                    walk = doc.getiterator('cve')
                    for cve in walk:
                        print cve.text #This prints all the CVEs that are in the nessus file, rather than just the cves associated with the  sev 4 item.

    except Exception as e:
        print e
        exit()

getDetails('file.nessus')

更新代码

import elementtree.ElementTree as ET

    def getDetails(nessus_file):
        try:
            tree = ET.parse(nessus_file)
            doc = tree.getroot()
            listitem = doc.getiterator()

            for document in doc:
                if document.tag == 'Report':
                    for host in document:
                        if host.tag == 'ReportHost':
                            print 'Host: ' + host.get('name')
                            for item in listitem:
                                if item.tag == 'ReportItem':
                                    if item.get('severity') == '4':
                                        print item.get('pluginName')
                                        for cve in item.findall('.//cve'):
                                            print cve.text

Answer 1

可能你在找findall

for cve in item.findall('.//cve'):
    print cve.text

以下是更新的功能：

def get_details(nessus_file):
    tree = ET.parse(nessus_file)
    for reporthost in tree.findall('/Report/ReportHost'):
        print 'Host: ' + host.get('name')
        for item in reporthost.findall('ReportItem'):
            if item.get('severity') == '4':
                print item.get('pluginName')
                for cve in item.findall('cve'):
                    print cve.text