- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
所有,我真的需要一些帮助。我的最终目标是能够使用 perl 读取 xml 文件并将其插入数据库以跟踪 CVE。在这个阶段,如果我可以在我的代码中从 XML 文件中引用变量,我确信我可以将它插入到数据库中。现在我要做的就是将它打印到屏幕上,但我无法让它工作。
这是我的简单代码和 XML 文件。
希望有人能让我走到这里。
--Perl 代码开始--
#!/usr/bin/perl
# use module
use XML::Simple;
use Data::Dumper;
# create object
xml = new XML::Simple (KeyAttr=>[]);
# read XML file
#$data = $xml->XMLin("tms.xml");
# print output - used this to see if it was even reading it
#print Dumper($data);
# access XML data
print "Here is the BugTrackID: $data->{'x:BugTraqID'}\n";
--perl代码结束---
--xml开始--
<?xml version="1.0" encoding="us-ascii"?>
<Alerts xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:alerts.symantec.com https://alerts.symantec.com/vulalert.xsd">
<x:AlertDocument xmlns:x="urn:alerts.symantec.com" AlertStatusID="57982" Type="1" DetailLevel="25" Language="1">
<x:BugTraqID>57982</x:BugTraqID>
<x:Title>Sonar Multiple Cross Site Scripting Vulnerabilities</x:Title>
<x:StatusID>1</x:StatusID>
<x:CVE>CVE-MAP-NOMATCH</x:CVE>
<x:Published>Feb 12 2013</x:Published>
<x:LastUpdated>2013-02-15T19:03:48</x:LastUpdated>
<x:Remote>Yes</x:Remote>
<x:Local>No</x:Local>
<x:Credibility>Single Source</x:Credibility>
<x:Classification>Input Validation Error</x:Classification>
<x:Availability>User Initiated</x:Availability>
<x:Ease>Exploit Available</x:Ease>
<x:Authentication>Not Required</x:Authentication>
<x:CVSS2_BaseScore>5.8</x:CVSS2_BaseScore>
<x:CVSS2_TemporalScore>5</x:CVSS2_TemporalScore>
<x:CVSS2_BaseVector>AV:N/AC:M/Au:N/C:P/I:P/A:N</x:CVSS2_BaseVector>
<x:CVSS2_TemporalVector>E:F/RL:U/RC:UC</x:CVSS2_TemporalVector>
<x:CVSS1_BaseScore>3.7</x:CVSS1_BaseScore>
<x:CVSS1_TemporalScore>3.2</x:CVSS1_TemporalScore>
<x:NVD_CVSS2_BaseScore>4.3</x:NVD_CVSS2_BaseScore>
<x:NVD_CVSS2_ComponentString>AV:N/AC:M/Au:N/C:N/I:P/A:N</x:NVD_CVSS2_ComponentString>
<x:ImpactRating>4</x:ImpactRating>
<x:Severity>6.1</x:Severity>
<x:EaseofExploit>8</x:EaseofExploit>
<x:UrgencyRating>6.1</x:UrgencyRating>
<x:LastChange>Initial analysis.</x:LastChange>
<x:VulnerableSystems>
<x:VulnerableSystem>
<x:Title><![CDATA[SonarSource Sonar 3.4.1 cpe:/a:sonarsource:sonar:3.4.1 SYMC]]></x:Title>
</x:VulnerableSystem>
</x:VulnerableSystems>
<x:ShortSummary><![CDATA[Sonar is prone to multiple cross-site scripting vulnerabilities.]]></x:ShortSummary>
<x:Impact>An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.</x:Impact>
<x:TechnicalDescription><![CDATA[Sonar is the open source platform for code quality inspection.
The application is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input submitted to the following scripts and parameters:
'index.php ' : 'search', 'assignee_login',
'author_login'
'sources.php' : 'resource'
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Sonar 3.4.1 is vulnerable; other versions may also be affected.]]>
</x:TechnicalDescription>
<x:AttackScenario><![CDATA[1. An attacker scans for and locates a site running the affected application.
2. The attacker crafts a URI link that includes malicious script code designed to leverage one of these issues.
3. The attacker uses email or other means to distribute the malicious link and entices an unsuspecting user to follow it.
4. When the user follows the link, the attacker-specified script code runs in their browser in the context of the affected site.
A successful exploit may let the attacker steal cookie-based authentication credentials and launch other attacks.]]></x:AttackScenario>
<x:Exploit><![CDATA[Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
The following example URIs are available:
http://www.example.com/dependencies/index? search="&gt;&lt;script&gt;alert(/devilteam.pl/)&lt;/script&gt;
http://www.example.com/dashboard/index/41730? did=4&amp;period=3"&gt;&lt;script&gt;alert(/devilteam.pl/)&lt;/script&am p;gt;
http://www.example.com/reviews/index?review_id=&amp;statuses[]=OPEN&amp;statuses[]=REOPENED&amp;severities[]=&amp;projects[]=&amp;amp;author_login=&amp;assignee_login="&gt;&lt;script&gt;alert(/devilteam.pl/)&lt;/script&gt;&amp;false_positives=without&amp;sort=&amp;asc=false&amp;commit=Search
http://www.example.com/reviews/index?review_id=&amp;statuses[]=OPEN&amp;statuses[]=REOPENED&amp;severities[]=&amp;projects[]=&amp;amp;author_login="&gt;&lt;script&gt;alert(/devilteam.pl/)&lt;/script&gt;&amp;assignee_login=&amp;false_positives=without&amp;sort=&amp;asc=false&amp;commit=Search
http://www.example.com/api/sources?resource=&lt;script&gt;alert(/devilteam.pl/)&lt;/script&gt;&amp;format=txt
]]></x:Exploit>
<x:MitigatingStrategies>
<x:MitigatingStrategy>
<x:Title><![CDATA[Block external access at the network boundary, unless external parties require service.]]></x:Title>
<x:Description><![CDATA[If global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.]]></x:Description>
</x:MitigatingStrategy>
<x:MitigatingStrategy>
<x:Title><![CDATA[Run all software as a nonprivileged user with minimal access rights.]]></x:Title>
<x:Description><![CDATA[Attackers may successfully exploit client flaws in the browser through cross-site scripting vulnerabilities. When possible, run client software as regular user accounts with limited access to system resources. This may limit the immediate consequences of client-side vulnerabilities. ]]></x:Description>
</x:MitigatingStrategy>
<x:MitigatingStrategy>
<x:Title><![CDATA[Do not follow links provided by unknown or untrusted sources.]]></x:Title>
<x:Description><![CDATA[Web users should be cautious about following links to websites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users. ]]></x:Description>
</x:MitigatingStrategy>
<x:MitigatingStrategy>
<x:Title><![CDATA[Set web browser security to disable the execution of script code or active content.]]></x:Title>
<x:Description><![CDATA[Since exploiting cross-site scripting issues often requires malicious script code to run in browsers, consider disabling script code and active content support within a client browser as a way to prevent a successful exploit. Note that this mitigation tactic might adversely affect legitimate sites that rely on the execution of browser-based script code. ]]></x:Description>
</x:MitigatingStrategy>
</x:MitigatingStrategies>
<x:Solutions>
<x:Workaround><![CDATA[Workaround
]]></x:Workaround>
<x:Solution><![CDATA[Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.]]></x:Solution>
</x:Solutions>
<x:Credit>DevilTeam</x:Credit>
<x:ChangeLogs>
<x:ChangeLog>
<x:Title><![CDATA[2013.02.15: Initial analysis.]]></x:Title>
</x:ChangeLog>
</x:ChangeLogs>
<x:References>
<x:Reference>
<x:Title><![CDATA[Web Page:Sonar Homepage (SonarSource) SonarSource]]></x:Title>
<x:URL><![CDATA[http://www.sonarsource.com/products/software/sonar/]]></x:URL>
<x:Description><![CDATA[http://www.sonarsource.com/products/software/sonar/]]></x:Description>
</x:Reference>
<x:Reference>
<x:Title><![CDATA[Web Page:Sonar v.3.4.1 =&gt; XSS (CWE-79) (DevilTeam) DevilTeam]]></x:Title>
<x:URL><![CDATA[http://cxsecurity.org/issue/WLB-2013020088]]></x:URL>
<x:Description><![CDATA[http://cxsecurity.org/issue/WLB-2013020088]]></x:Description>
</x:Reference>
</x:References>
<x:URL>https://alerts.symantec.com/loaddocument.aspx?GUID=cffd18f0-7b75-4c6a-adc0-74f480808fff</x:URL>
<x:OVALDefinitions />
</x:AlertDocument>
</Alerts>
--xml结束---
最佳答案
也许您正在寻找 $data->{'x:AlertDocument'}{'x:BugTraqID'}
?
我更喜欢 XML::LibXML。无论文档中使用什么前缀(如果有),以下内容都将起作用。 (您永远不必关心文档中使用的前缀。)
#!/usr/bin/perl
use strict;
use warnings;
use XML::LibXML qw( );
use XML::LibXML::XPathContext qw( );
my $parser = XML::LibXML->new();
my $doc = $parser->parse_file("tms.xml");
my $xpc = XML::LibXML::XPathContext->new($doc);
$xpc->registerNs(x => 'urn:alerts.symantec.com');
for my $alert_doc ($xpc->findnodes('/Alerts/x:AlertDocument')) {
my ($bug_traq_id) = $xpc->findnodes('x:BugTraqID', $alert_doc);
print $bug_traq_id->textContent(), "\n";
}
关于xml - 使用 Perl XML::Simple 解析带有命名空间的 xml,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14906247/
我想使用 li 和 ul 制作一个多级下拉列表,以便显示我博客中按年和月排序的所有文章。我希望我的下拉菜单看起来像 Google Blogspot 下拉菜单: 这是我的 CSS 和 HTML 代码 u
我在 Win 7 64 机器上将 CodeBlocks 与 gcc 4.7.2 和 gmp 5.0.5 结合使用。开始使用 gmpxx 后,我看到一个奇怪的段错误,它不会出现在 +、- 等运算符中,但
我正在使用 tern 为使用 CodeMirror 运行的窗口提供一些增强的智能感知,它工作正常,但我遇到了一个问题,我想添加一些自定义“types”,可以这么说,这样下拉列表中它们旁边就有图标了。我
我正在尝试让我的 PC 成为 Android 2.3.4 设备的 USB 主机,以便能够在不需要实际“附件”的情况下开发 API。为此,我需要将 PC 设置为 USB 主机和“设备”(在我的例子中是运
很难说出这里要问什么。这个问题模棱两可、含糊不清、不完整、过于宽泛或夸夸其谈,无法以目前的形式得到合理的回答。如需帮助澄清此问题以便重新打开,visit the help center . 关闭 9
我在设置服务器方面几乎是个新手,但遇到了一个问题。我有一个 Ubuntu 16.04 VPS 并安装了 Apache2 和 Tomcat7。我正在为 SSL 使用 LetsEncrypt 和 Cert
我在一个基于谷歌地图的项目上工作了超过 6 个月。我使用的是 Google Maps API V1 及其开发人员 API key 。当我尝试发布应用程序时,我了解到 Google API V1 已被弃
我是 Python 的新手,所以如果我对一些简单的事情感到困惑,请原谅。 我有一个这样的对象: class myObject(object): def __init__(self):
这个问题已经有答案了: How can I access object properties containing special characters? (2 个回答) 已关闭 9 年前。 我正在尝
我有下面的 CSS。我想要的是一种流体/液体(因为缺乏正确的术语)css。我正在为移动设备开发,当我改变模式时 从纵向 View 到陆地 View ,我希望它流畅。现在的图像 在陆地 View 中效
我正在尝试使用可以接受参数的缓存属性装饰器。 我查看了这个实现:http://www.daniweb.com/software-development/python/code/217241/a-cac
这个问题在这里已经有了答案: Understanding slicing (36 个答案) 关闭 6 年前。 以a = [1,2,3,4,5]为例。根据我的直觉,我认为 a[::-1] 与 a[0:
mysqldump -t -u root -p mytestdb mytable --where=datetime LIKE '2014-09%' 这就是我正在做的事情,它会返回: mysqldum
我正在制作销售税计算器,除了总支付金额部分外,其他一切都正常。在我的程序中,我希望能够输入一个数字并获得该项目的税额我还希望能够获得支付的总金额,包括交易中的税金。到目前为止,我编写的代码完成了所有这
关闭。这个问题不符合Stack Overflow guidelines .它目前不接受答案。 我们不允许在 Stack Overflow 上提出有关通用计算硬件和软件的问题。您可以编辑问题,使其成为
我是否必须进行任何额外的设置才能让 apache-airflow 在任务失败时向我发送电子邮件。我的配置文件中有以下内容(与默认值保持不变): [email] email_backend = airf
这个问题在这里已经有了答案: What does the $ symbol do in VBA? (5 个回答) 3年前关闭。 使用返回字符串(如 Left)的内置函数有什么区别吗?或使用与 $ 相同
我有一个用VB6编写的应用程序,我需要使用一个用.NET编写的库。有什么方法可以在我的应用程序上使用该库吗? 谢谢 最佳答案 这取决于。您可以控制.NET库吗? 如果是这样,则可以修改您的库,以便可以
当我创建一个以 ^ 开头的类方法时,我尝试调用它,它给了我一个错误。 class C { method ^test () { "Hi" } } dd C.new.test; Too m
我已经使用 bower 安装了 angularjs 和 materialjs。 凉亭安装 Angular Material 并将“ngMaterial”注入(inject)我的应用程序,但出现此错误。
我是一名优秀的程序员,十分优秀!