如何解析 NVD CVE XML 并导入到数据库 [英] How to parse NVD CVE XML and import to Database

问题描述

我想解析大型 XML 文件并将它们存储到数据库(mysql)中像这样的 XML:文件 XML ~ 200MB我该如何解析这个 XML 文件?如何获取像 .它有 2 部分 'vuln' 和 'vulnerable-configuration'谢谢！

I want to parse large XML file and storage they into database(mysql) XML like this: File XML ~ 200MB How can I do to parse this XML file? How to get child element like . Its has 2 part 'vuln' and 'vulnerable-configuration' Thanks!

<entry id="CVE-2015-0002">
    <vuln:vulnerable-configuration id="http://www.nist.gov/">
      <cpe-lang:logical-test operator="OR" negate="false">
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1"/>
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1"/>
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-"/>
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-"/>
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-:gold"/>
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2::~~~x64~~"/>
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt:-:gold"/>
        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1:-"/>
      </cpe-lang:logical-test>
    </vuln:vulnerable-configuration>
    <vuln:vulnerable-software-list>
      <vuln:product>cpe:/o:microsoft:windows_server_2012:-:gold</vuln:product>
      <vuln:product>cpe:/o:microsoft:windows_rt:-:gold</vuln:product>
      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1</vuln:product>
      <vuln:product>cpe:/o:microsoft:windows_rt_8.1:-</vuln:product>
      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2::~~~x64~~</vuln:product>
      <vuln:product>cpe:/o:microsoft:windows_8:-</vuln:product>
      <vuln:product>cpe:/o:microsoft:windows_8.1:-</vuln:product>
      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1</vuln:product>
    </vuln:vulnerable-software-list>
    <vuln:cve-id>CVE-2015-0002</vuln:cve-id>
    <vuln:published-datetime>2015-01-13T17:59:01.253-05:00</vuln:published-datetime>
    <vuln:last-modified-datetime>2015-01-14T16:51:14.253-05:00</vuln:last-modified-datetime>
    <vuln:cvss>
      <cvss:base_metrics>
        <cvss:score>7.2</cvss:score>
        <cvss:access-vector>LOCAL</cvss:access-vector>
        <cvss:access-complexity>LOW</cvss:access-complexity>
        <cvss:authentication>NONE</cvss:authentication>
        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
        <cvss:source>http://nvd.nist.gov</cvss:source>
        <cvss:generated-on-datetime>2015-01-14T16:20:33.273-05:00</cvss:generated-on-datetime>
      </cvss:base_metrics>
    </vuln:cvss>
    <vuln:cwe id="CWE-264"/>
    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
      <vuln:source>MS</vuln:source>
      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS15-001" xml:lang="en">MS15-001</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>MISC</vuln:source>
      <vuln:reference href="https://code.google.com/p/google-security-research/issues/detail?id=118" xml:lang="en">https://code.google.com/p/google-security-research/issues/detail?id=118</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>MISC</vuln:source>
      <vuln:reference href="http://www.zdnet.com/article/google-discloses-unpatched-windows-vulnerability/" xml:lang="en">http://www.zdnet.com/article/google-discloses-unpatched-windows-vulnerability/</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>MISC</vuln:source>
      <vuln:reference href="http://twitter.com/sambowne/statuses/550384131683520512" xml:lang="en">http://twitter.com/sambowne/statuses/550384131683520512</vuln:reference>
    </vuln:references>
    <vuln:summary>The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."</vuln:summary>
  </entry>

推荐答案

部分答案.

首先看这个链接回答你的大部分问题，如何导入带有嵌套节点的 XML (父/子关系)进入 Access?

First of all look at this link to answer most of your question, How to import XML with nested nodes (parent/child relationships) into Access?

将 XML 导入 Access，并使用文件对 XML 进行转换，以便每个子表获得键 vuln:cve-id 链接回主表 entry

Import XML to Access, and use a file to transform the XML so that each sub table get the key vuln:cve-id to link back to the main table entry

下面的代码适用于一些子表，但不是全部，如果有人能指出为什么它不适用于所有子表，请这样做.但是它确实为您提供了带有 vuln:cve-id vuln:published-datetime vuln:last-modified-datetime vuln:summary 加上 cvss:base_metrics cvss:score cvss:access 的主表-vector cvss:access-complexity cvss:source cvss:generated-on-datetime.

The below code works for some of the sub tables but not all, If anyone can point out why it does not work for all sub tables please do so. However it does give you the main table with vuln:cve-id vuln:published-datetime vuln:last-modified-datetime vuln:summary plus the cvss:base_metrics cvss:score cvss:access-vector cvss:access-complexity cvss:source cvss:generated-on-datetime.

将以下代码放入名为 transform.xslt 的文件中，并在导入 access 时使用它.您需要添加适当的 XSL 标题，我无法在这篇文章中添加它们，因为您需要至少 10 个声望才能发布超过 2 个链接":-(

Put the below code in a file called transform.xslt and use it when importing into access. you need to add the appropriate XSL headders, I could not add them in this post as "you need at least 10 reputation to post more than 2 links" :-(

<xsl:template match="/">
    <dataroot>
        <xsl:apply-templates select="@*|node()"/>
    </dataroot>
</xsl:template>

<xsl:template match="@*|node()">
    <xsl:copy>
        <xsl:apply-templates select="@*|node()"/>
    </xsl:copy>
</xsl:template>

<xsl:template match="entry">
    <xsl:apply-templates select="@*|node()"/>
</xsl:template>

<xsl:template match="cpe-lang:logical-test">
    <cpe-lang:logical-test>
        <vuln:cve-id><xsl:value-of select="../../vuln:cve-id"/></vuln:cve-id>
        <xsl:apply-templates select="@*|node()"/>
    </cpe-lang:logical-test>
</xsl:template>

<xsl:template match="vuln:vulnerable-configuration">
    <vuln:vulnerable-configuration>
        <vuln:cve-id><xsl:value-of select="../../vuln:cve-id"/></vuln:cve-id>
        <xsl:apply-templates select="@*|node()"/>
    </vuln:vulnerable-configuration>
</xsl:template>

<xsl:template match="vuln:vulnerable-software-list">
    <vuln:vulnerable-software-list>
        <vuln:cve-id><xsl:value-of select="../vuln:cve-id"/></vuln:cve-id>
        <xsl:apply-templates select="@*|node()"/>
    </vuln:vulnerable-software-list>
</xsl:template>

<xsl:template match="cvss:base_metrics">
    <cvss:base_metrics>
        <vuln:cve-id><xsl:value-of select="../../vuln:cve-id"/></vuln:cve-id>
        <xsl:apply-templates select="@*|node()"/>
    </cvss:base_metrics>
</xsl:template>

<xsl:template match="vuln:references">
    <vuln:references>
        <vuln:cve-id><xsl:value-of select="../vuln:cve-id"/></vuln:cve-id>
        <xsl:apply-templates select="@*|node()"/>
    </vuln:references>
</xsl:template>

<xsl:template match="vuln:scanner">
    <vuln:scanner>
        <vuln:cve-id><xsl:value-of select="../vuln:cve-id"/></vuln:cve-id>
        <xsl:apply-templates select="@*|node()"/>
    </vuln:scanner>
</xsl:template>

这篇关于如何解析 NVD CVE XML 并导入到数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！