用PHP解析nvdxml
我正在尝试解析此XML文件: 如果我回显$source,那么我看到整个XML文件都已加载,但是如果我打印\r$XML,则只回显id:用PHP解析nvdxml,php,xml,Php,Xml,我正在尝试解析此XML文件: 如果我回显$source,那么我看到整个XML文件都已加载,但是如果我打印\r$XML,则只回显id: SimpleXMLElement Object ( [@attributes] => Array ( [nvd_xml_version] => 2.0 [pub_date] => 2013-07-11T12:00:45 ) [entry] =>
SimpleXMLElement Object
(
[@attributes] => Array
(
[nvd_xml_version] => 2.0
[pub_date] => 2013-07-11T12:00:45
)
[entry] => Array
(
[0] => SimpleXMLElement Object
(
[@attributes] => Array
(
[id] => CVE-2000-0851
)
)
[1] => SimpleXMLElement Object
(
[@attributes] => Array
(
[id] => CVE-2004-0685
)
)
为什么我遗漏了“条目”标签中的所有信息也许这可以让你开始:
<?php
$url = 'http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml';
$source = file_get_contents($url);
$xml = new SimpleXMLElement($source);
$entries = $xml->entry;
foreach ($entries as $entry) {
$namespace = $entry->getNameSpaces(true);
$tmp = $entry->children($namespace['vuln']);
//print_r($namespace);
print_r($tmp);
break;
}
您可以取消注释打印($namespace),以查看自定义名称空间包含的内容
如果我打印出$namespace
,则输出为:
Array
(
[] => http://scap.nist.gov/schema/feed/vulnerability/2.0
[vuln] => http://scap.nist.gov/schema/vulnerability/0.4
[cpe-lang] => http://cpe.mitre.org/language/2.0
[cvss] => http://scap.nist.gov/schema/cvss-v2/0.2
[xml] => http://www.w3.org/XML/1998/namespace
)
然后,要获取易受攻击的配置的属性,只需使用->getAttribute('name')
这方面的一个例子是:
print_r($tmp->{"vulnerable-configuration"}->attributes());
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
[vulnerable-configuration] => SimpleXMLElement Object
(
)
[vulnerable-software-list] => SimpleXMLElement Object
(
[product] => cpe:/o:microsoft:windows_2000
)
[cve-id] => CVE-2000-0851
[published-datetime] => 2000-11-14T00:00:00.000-05:00
[last-modified-datetime] => 2013-07-06T00:11:34.357-04:00
[cvss] => SimpleXMLElement Object
(
)
[security-protection] => ALLOWS_OTHER_ACCESS
[references] => Array
(
[0] => SimpleXMLElement Object
(
[source] => BID
[reference] => 1651
)
[1] => SimpleXMLElement Object
(
[source] => MS
[reference] => MS00-065
)
[2] => SimpleXMLElement Object
(
[source] => ATSTAKE
[reference] => A090700-1
)
[3] => SimpleXMLElement Object
(
[source] => XF
[reference] => w2k-still-image-service
)
)
[summary] => Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
)
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
)
您应该将名称放在{}
中,因为它包含无效字符
以上内容应打印出来:
SimpleXMLElement Object
(
[@attributes] => Array
(
[id] => http://nvd.nist.gov/
)
)
如果您之前不知道这些值,仍然可以循环使用$namespace
变量:
foreach ($namespaces as $namespace) {
$tmp = $entry->children($namespace);
print_r($tmp);
}
其结果将是:
print_r($tmp->{"vulnerable-configuration"}->attributes());
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
[vulnerable-configuration] => SimpleXMLElement Object
(
)
[vulnerable-software-list] => SimpleXMLElement Object
(
[product] => cpe:/o:microsoft:windows_2000
)
[cve-id] => CVE-2000-0851
[published-datetime] => 2000-11-14T00:00:00.000-05:00
[last-modified-datetime] => 2013-07-06T00:11:34.357-04:00
[cvss] => SimpleXMLElement Object
(
)
[security-protection] => ALLOWS_OTHER_ACCESS
[references] => Array
(
[0] => SimpleXMLElement Object
(
[source] => BID
[reference] => 1651
)
[1] => SimpleXMLElement Object
(
[source] => MS
[reference] => MS00-065
)
[2] => SimpleXMLElement Object
(
[source] => ATSTAKE
[reference] => A090700-1
)
[3] => SimpleXMLElement Object
(
[source] => XF
[reference] => w2k-still-image-service
)
)
[summary] => Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
)
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
)
谢谢你的回答。有什么方法可以在不知道所有可能的子键的情况下将整个条目映射到php对象或数组?请查看
$namespace
变量。它包含所有可能的“自定义”名称空间。您可以循环浏览条目,我也包括了这个示例。好的,在创建xml对象之前,我已经删除了所有的名称空间,现在它可以正常工作了xD感谢提示请使用xml名称空间。如果您没有开始理解它们,那么使用XML将继续失败。删除您在下面的评论中宣布的名称空间就是这样一个失败。
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
[vulnerable-configuration] => SimpleXMLElement Object
(
)
[vulnerable-software-list] => SimpleXMLElement Object
(
[product] => cpe:/o:microsoft:windows_2000
)
[cve-id] => CVE-2000-0851
[published-datetime] => 2000-11-14T00:00:00.000-05:00
[last-modified-datetime] => 2013-07-06T00:11:34.357-04:00
[cvss] => SimpleXMLElement Object
(
)
[security-protection] => ALLOWS_OTHER_ACCESS
[references] => Array
(
[0] => SimpleXMLElement Object
(
[source] => BID
[reference] => 1651
)
[1] => SimpleXMLElement Object
(
[source] => MS
[reference] => MS00-065
)
[2] => SimpleXMLElement Object
(
[source] => ATSTAKE
[reference] => A090700-1
)
[3] => SimpleXMLElement Object
(
[source] => XF
[reference] => w2k-still-image-service
)
)
[summary] => Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
)
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
)
SimpleXMLElement Object
(
)