xml xpath 和嵌套在 python
xml xpath and nesting in python
我正在尝试打印出 .//statement/statement/description 中的描述,这将是以下语句
" Implements a process for ensuring that organizational plans for
conducting security testing, training, and monitoring activities
associated with organizational information systems:"
"Reviews testing, training, and monitoring plans for consistency with
the organizational risk management strategy and organization-wide
priorities for risk response actions."
但出于某种原因,它也钻得更深,并打印出以下两条语句
"Are developed and maintained; and"
"Continue to be executed in a timely manner;"
这是它在
中打印的顺序
Implements a process for ensuring that organizational plans for
conducting security testing, training, and monitoring activities
associated with organizational information systems:
Reviews testing, training, and monitoring plans for consistency with
the organizational risk management strategy and organization-wide
priorities for risk response actions.
Are developed and maintained; and
Continue to be executed in a timely manner;
我应该更改什么以便它只打印
Implements a process for ensuring that organizational plans for
conducting security testing, training, and monitoring activities
associated with organizational information systems:
Reviews testing, training, and monitoring plans for consistency with
the organizational risk management strategy and organization-wide
priorities for risk response actions.
Python代码
import xml.etree.ElementTree as ET
import csv
xmlFile='/Users/username/Desktop/xmlFile.xml'
tree = ET.parse(xmlFile)
root = tree.getroot()
# open a file for writing
excelFile = open('/Users/username/Desktop/table2.csv', 'w')
# creates the csv writer object / varible to write to csv
csvwriter = csv.writer(excelFile)
# list that contains the header
list_head = []
count = 0
for element in root.findall('control'):
list_nodes=[]
if count == 0:
number = element.find('number').tag
list_head.append(number)
description =element.find('.//statement/description').tag
list_head.append(description)
csvwriter.writerow(list_head)
count = count + 1
# Control number
number = 'Nist800-53-V4-' + element.find('number').text
list_nodes.append(number)
# Control Description
if element.find('.//statement'):
if element.find('.//statement/statement/') is not None:
for descrip in element.findall('.//statement/statement/description'):
descrip_value = descrip.text
print(descrip_value)
csvwriter.writerow(list_nodes)
excelFile.close()
XML 文件
<?xml version="1.0" encoding="UTF-8"?>
<controls>
<control>
<family>PROGRAM MANAGEMENT</family>
<number>PM-14</number>
<title>TESTING, TRAINING, AND MONITORING</title>
<statement>
<description>The organization:</description>
<statement>
<number>PM-14a.</number>
<description>
Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
</description>
<statement>
<number>PM-14a.1.</number>
<description>Are developed and maintained; and</description>
</statement>
<statement>
<number>PM-14a.2.</number>
<description>Continue to be executed in a timely manner;</description>
</statement>
</statement>
<statement>
<number>PM-14b.</number>
<description>
Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
</description>
</statement>
</statement>
<supplemental-guidance>
<description>
This control ensures that organizations provide oversight for the security testing, training, and monitoring activities conducted organization-wide and that those activities are coordinated. With the importance of continuous monitoring programs, the implementation of information security across the three tiers of the risk management hierarchy, and the widespread use of common controls, organizations coordinate and consolidate the testing and monitoring activities that are routinely conducted as part of ongoing organizational assessments supporting a variety of security controls. Security training activities, while typically focused on individual information systems and specific roles, also necessitate coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.
</description>
<related>AT-3</related>
<related>CA-7</related>
<related>CP-4</related>
<related>IR-3</related>
<related>SI-4</related>
</supplemental-guidance>
<references>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-16">NIST Special Publication 800-16</item>
</reference>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-37">NIST Special Publication 800-37</item>
</reference>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-53A">NIST Special Publication 800-53A</item>
</reference>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-137">NIST Special Publication 800-137</item>
</reference>
</references>
</control>
</controls>
您的 XPath 表达式
.//statement/description
检索作为 <statement> 元素的直接子元素的所有 <description> 元素。这些很多 - 正如您所经历的那样。
把你的表情改成
statement/statement/description
你会得到你想要的结果,因为你只会 select 有两个 <statement> 祖先的 <description> 元素(不准确,但足以理解要点) .
我正在尝试打印出 .//statement/statement/description 中的描述,这将是以下语句
" Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:"
"Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions."
但出于某种原因,它也钻得更深,并打印出以下两条语句
"Are developed and maintained; and"
"Continue to be executed in a timely manner;"
这是它在
中打印的顺序Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
Are developed and maintained; and
Continue to be executed in a timely manner;
我应该更改什么以便它只打印
Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
Python代码
import xml.etree.ElementTree as ET
import csv
xmlFile='/Users/username/Desktop/xmlFile.xml'
tree = ET.parse(xmlFile)
root = tree.getroot()
# open a file for writing
excelFile = open('/Users/username/Desktop/table2.csv', 'w')
# creates the csv writer object / varible to write to csv
csvwriter = csv.writer(excelFile)
# list that contains the header
list_head = []
count = 0
for element in root.findall('control'):
list_nodes=[]
if count == 0:
number = element.find('number').tag
list_head.append(number)
description =element.find('.//statement/description').tag
list_head.append(description)
csvwriter.writerow(list_head)
count = count + 1
# Control number
number = 'Nist800-53-V4-' + element.find('number').text
list_nodes.append(number)
# Control Description
if element.find('.//statement'):
if element.find('.//statement/statement/') is not None:
for descrip in element.findall('.//statement/statement/description'):
descrip_value = descrip.text
print(descrip_value)
csvwriter.writerow(list_nodes)
excelFile.close()
XML 文件
<?xml version="1.0" encoding="UTF-8"?>
<controls>
<control>
<family>PROGRAM MANAGEMENT</family>
<number>PM-14</number>
<title>TESTING, TRAINING, AND MONITORING</title>
<statement>
<description>The organization:</description>
<statement>
<number>PM-14a.</number>
<description>
Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
</description>
<statement>
<number>PM-14a.1.</number>
<description>Are developed and maintained; and</description>
</statement>
<statement>
<number>PM-14a.2.</number>
<description>Continue to be executed in a timely manner;</description>
</statement>
</statement>
<statement>
<number>PM-14b.</number>
<description>
Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
</description>
</statement>
</statement>
<supplemental-guidance>
<description>
This control ensures that organizations provide oversight for the security testing, training, and monitoring activities conducted organization-wide and that those activities are coordinated. With the importance of continuous monitoring programs, the implementation of information security across the three tiers of the risk management hierarchy, and the widespread use of common controls, organizations coordinate and consolidate the testing and monitoring activities that are routinely conducted as part of ongoing organizational assessments supporting a variety of security controls. Security training activities, while typically focused on individual information systems and specific roles, also necessitate coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.
</description>
<related>AT-3</related>
<related>CA-7</related>
<related>CP-4</related>
<related>IR-3</related>
<related>SI-4</related>
</supplemental-guidance>
<references>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-16">NIST Special Publication 800-16</item>
</reference>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-37">NIST Special Publication 800-37</item>
</reference>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-53A">NIST Special Publication 800-53A</item>
</reference>
<reference>
<item xml:lang="en-US" href="https://csrc.nist.gov/publications/search?keywords-lg=800-137">NIST Special Publication 800-137</item>
</reference>
</references>
</control>
</controls>
您的 XPath 表达式
.//statement/description
检索作为 <statement> 元素的直接子元素的所有 <description> 元素。这些很多 - 正如您所经历的那样。
把你的表情改成
statement/statement/description
你会得到你想要的结果,因为你只会 select 有两个 <statement> 祖先的 <description> 元素(不准确,但足以理解要点) .