Python逻辑问题
Python Logic Issue
我正在使用 elementtree 解析 XML 文件并将数据放入 sqlite 数据库中。我遇到了一个我认为可以通过更好的逻辑来解决的问题,我很可能会遗漏这个问题。我收到 local variable 'netbios_name' referenced before assignment 错误,operating_system 变量也是如此。我明白我为什么会收到它,但我不确定如何解决这个问题。
如有任何帮助,我们将不胜感激。
示例XML数据
<ReportHost name="192.168.26.11"><HostProperties>
<tag name="HOST_END">Sat Apr 25 11:36:08 2015</tag>
<tag name="LastUnauthenticatedResults">1223744168</tag>
<tag name="Credentialed_Scan">false</tag>
<tag name="policy-used">Advanced Scan</tag>
<tag name="patch-summary-total-cves">5</tag>
<tag name="cpe-0">cpe:/o:microsoft:windows_2003_server::sp2 -> Microsoft Windows 2003 Server Service Pack 2</tag>
<tag name="system-type">general-purpose</tag>
<tag name="operating-system">Microsoft Windows Server 2003 Service Pack 2</tag>
<tag name="mac-address">00:1f:19:f5:14:34</tag>
<tag name="traceroute-hop-2">192.168.26.11</tag>
<tag name="traceroute-hop-1">10.100.1.249</tag>
<tag name="traceroute-hop-0">10.100.1.254</tag>
<tag name="host-ip">192.168.26.11</tag>
<tag name="netbios-name">PLUTOAPP01</tag>
<tag name="HOST_START">Sat Apr 25 10:20:43 2015</tag>
</HostProperties>
示例问题代码
def get_details(nessus_file):
db = sqlite3.connect('database.sqlite')
cursor = db.cursor()
try:
tree = ET.parse(nessus_file)
for reporthost in tree.findall('/Report/ReportHost'):
host = reporthost.get('name')
for tag in reporthost.findall('.//HostProperties/tag'):
if tag.get('name') == 'netbios-name':
netbios_name = tag.text
elif tag.get('name') == 'operating-system':
operating_system = tag.text
else:
pass
#The if statements above^ are causing my issues along with the execute statement below
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
for item in reporthost.findall('ReportItem'):
sev = item.get('severity')
name = item.get('pluginName')
description = item.findtext('description')
pluginid = item.get('pluginID')
cursor.execute('INSERT INTO vulns(pluginName, severity, description, pluginID) VALUES(?,?,?,?)', (name,sev,description,pluginid,))
for cve in item.getiterator('cve'):
cursor.execute('INSERT INTO cves(cve) VALUES(?)', (cve.text,))
db.commit()
db.close()
except Exception as e:
print e
exit()
create_db()
get_details('file.nessus')
您正试图为每个这样的标签插入 netbios 名称和操作系统。您需要将插入移出您拥有的 for 循环,并为两个变量设置默认值:
netbios_name = operating_system = None
for tag in reporthost.findall('.//HostProperties/tag'):
if tag.get('name') == 'netbios-name':
netbios_name = tag.text
elif tag.get('name') == 'operating-system':
operating_system = tag.text
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
如果 XML 文档中没有任何一个值,这将插入 NULL 个值。
由于您只查找这两个标签,您也可以通过过滤属性值来搜索特定元素:
netbios_name = reporthost.find('.//HostProperties/tag[@name="netbios-name"]')
netbios_name = netbios_name and netbios.text
operating_system = reporthost.find('.//HostProperties/tag[@name="operating-system"]')
operating_system = operating_system and operating_system.text
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
[@attrib="value"] 语法指示 ElementTree 查找具有该属性和值的标签; .find() 方法找到第一个这样的标签或 returns None 如果它丢失了。下一行然后将变量设置为 None 或从找到的标签中提取文本。
我正在使用 elementtree 解析 XML 文件并将数据放入 sqlite 数据库中。我遇到了一个我认为可以通过更好的逻辑来解决的问题,我很可能会遗漏这个问题。我收到 local variable 'netbios_name' referenced before assignment 错误,operating_system 变量也是如此。我明白我为什么会收到它,但我不确定如何解决这个问题。
如有任何帮助,我们将不胜感激。
示例XML数据
<ReportHost name="192.168.26.11"><HostProperties>
<tag name="HOST_END">Sat Apr 25 11:36:08 2015</tag>
<tag name="LastUnauthenticatedResults">1223744168</tag>
<tag name="Credentialed_Scan">false</tag>
<tag name="policy-used">Advanced Scan</tag>
<tag name="patch-summary-total-cves">5</tag>
<tag name="cpe-0">cpe:/o:microsoft:windows_2003_server::sp2 -> Microsoft Windows 2003 Server Service Pack 2</tag>
<tag name="system-type">general-purpose</tag>
<tag name="operating-system">Microsoft Windows Server 2003 Service Pack 2</tag>
<tag name="mac-address">00:1f:19:f5:14:34</tag>
<tag name="traceroute-hop-2">192.168.26.11</tag>
<tag name="traceroute-hop-1">10.100.1.249</tag>
<tag name="traceroute-hop-0">10.100.1.254</tag>
<tag name="host-ip">192.168.26.11</tag>
<tag name="netbios-name">PLUTOAPP01</tag>
<tag name="HOST_START">Sat Apr 25 10:20:43 2015</tag>
</HostProperties>
示例问题代码
def get_details(nessus_file):
db = sqlite3.connect('database.sqlite')
cursor = db.cursor()
try:
tree = ET.parse(nessus_file)
for reporthost in tree.findall('/Report/ReportHost'):
host = reporthost.get('name')
for tag in reporthost.findall('.//HostProperties/tag'):
if tag.get('name') == 'netbios-name':
netbios_name = tag.text
elif tag.get('name') == 'operating-system':
operating_system = tag.text
else:
pass
#The if statements above^ are causing my issues along with the execute statement below
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
for item in reporthost.findall('ReportItem'):
sev = item.get('severity')
name = item.get('pluginName')
description = item.findtext('description')
pluginid = item.get('pluginID')
cursor.execute('INSERT INTO vulns(pluginName, severity, description, pluginID) VALUES(?,?,?,?)', (name,sev,description,pluginid,))
for cve in item.getiterator('cve'):
cursor.execute('INSERT INTO cves(cve) VALUES(?)', (cve.text,))
db.commit()
db.close()
except Exception as e:
print e
exit()
create_db()
get_details('file.nessus')
您正试图为每个这样的标签插入 netbios 名称和操作系统。您需要将插入移出您拥有的 for 循环,并为两个变量设置默认值:
netbios_name = operating_system = None
for tag in reporthost.findall('.//HostProperties/tag'):
if tag.get('name') == 'netbios-name':
netbios_name = tag.text
elif tag.get('name') == 'operating-system':
operating_system = tag.text
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
如果 XML 文档中没有任何一个值,这将插入 NULL 个值。
由于您只查找这两个标签,您也可以通过过滤属性值来搜索特定元素:
netbios_name = reporthost.find('.//HostProperties/tag[@name="netbios-name"]')
netbios_name = netbios_name and netbios.text
operating_system = reporthost.find('.//HostProperties/tag[@name="operating-system"]')
operating_system = operating_system and operating_system.text
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
[@attrib="value"] 语法指示 ElementTree 查找具有该属性和值的标签; .find() 方法找到第一个这样的标签或 returns None 如果它丢失了。下一行然后将变量设置为 None 或从找到的标签中提取文本。