Python—如何在for循环中打印json的内部键?
我有一个类似这样的json文件Python—如何在for循环中打印json的内部键?,python,json,for-loop,Python,Json,For Loop,我有一个类似这样的json文件 [ { "analysis_start_time": "2020-10-24T17:29:00+00:00", "av_detect": 67, "certificates": [], "classification_tags": [ "apt",
[
{
"analysis_start_time": "2020-10-24T17:29:00+00:00",
"av_detect": 67,
"certificates": [],
"classification_tags": [
"apt",
"apt28",
"apt29",
"cozer",
"cozybear",
"cozycar",
"cozyduke",
"downloader",
"dukes",
"euroapt",
"exploit",
"fancybear",
"group-4127",
"group100",
"group74",
"hammertoss",
"infostealer",
"irontwilight",
"minidionis",
"officemonkeys",
"pawnstorm",
"qakbot",
"seaduke",
"sednit",
"sofacy",
"strontium",
"swallowtail",
"tag_0700",
"tg-4127",
"thedukes",
"tsarteam",
"zemot"
],
"mitre_attcks": [
{
"attck_id": "T1046",
"attck_id_wiki": "https://attack.mitre.org/techniques/T1046",
"informative_identifiers": [],
"informative_identifiers_count": 0,
"malicious_identifiers": [],
"malicious_identifiers_count": 0,
"suspicious_identifiers": [],
"suspicious_identifiers_count": 1,
"tactic": "Discovery",
"technique": "Network Service Scanning"
},
{
"attck_id": "T1016",
"attck_id_wiki": "https://attack.mitre.org/techniques/T1016",
"informative_identifiers": [],
"informative_identifiers_count": 0,
"malicious_identifiers": [],
"malicious_identifiers_count": 1,
"suspicious_identifiers": [],
"suspicious_identifiers_count": 0,
"tactic": "Discovery",
"technique": "System Network Configuration Discovery"
}
],
}
{
"analysis_start_time": "2020-07-10T14:39:28+00:00",
"av_detect": 67,
"certificates": [],
"classification_tags": [],
"compromised_hosts": [],
"domains": [],
"environment_description": "Static Analysis",
"environment_id": null,
"error_origin": null,
"error_type": null,
"extracted_files": [],
"file_metadata": null,
"hosts": [],
"imphash": null,
"interesting": false,
"job_id": null,
"md5": "77e7fb6b56c3ece4ef4e93b6dc608be0",
"mitre_attcks": [],
"processes": [],
"sha1": "f46f84e53263a33e266aae520cb2c1bd0a73354e",
"sha256": "5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d",
"sha512": "fb35607e7b1279a404927f4fb8b714aa766872d66a187af9a89955143b21785611d6073bfaf28686b4d93dba1756073b802afba82ff0e8a1272dd853ab88924a",
"size": 23552,
"ssdeep": null,
"state": "SUCCESS",
"submissions": [
{
"created_at": "2020-07-10T14:39:28+00:00",
"filename": "file",
"submission_id": "5f087da0ef7c213b097953e2",
"url": null
}
],
"submit_name": "file",
"tags": [],
"target_url": null,
"threat_level": 2,
"threat_score": null,
"total_network_connections": 0,
"total_processes": 0,
"total_signatures": 0,
"type": "PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows",
"type_short": [
"peexe",
"64bits",
"executable"
],
"url_analysis": false,
"verdict": "malicious",
"vx_family": "Application.Pup"
},
and so on (total 4 but they could be more)
我的代码是:
for i in jsonOut:
try:
print('- Start time '+i['analysis_start_time']+'\n')
except:
print('\n')
try:
print('- Detetction: '+str(i['av_detect'])+'%\n')
except:
print('\n')
try:
print('- Signatures: '+str(i['total_signatures'])+'\n')
except:
print('\n')
try:
print('- Threat Level: '+str(i['threat_score'])+'\n')
except:
print('\n')
try:
print('- Verdict: '+str(i['verdict'])+'\n')
except:
print('\n')
try:
print('- Suspicious id: '+str(i['mitre_attcks']['suspicious_identifiers_count'])+'\n')
except:
print('\n')
try:
print('- Maliciuos id: '+str(i['mitre_attcks']['malicious_identifiers_count'])+'\n\n')
print('-----------------------------------------')
except:
print('\n')
我的输出是,但没有关于“mitre_attcks”的信息
- 开始时间2020-10-24T17:29:00+00:00
- 检举率:67%
- 签名:5
- 威胁等级:99
- 判决:恶意
- 开始时间2020-07-10T14:39:28+00:00
- 检举率:67%
- 签名:0
- 威胁等级:无
- 判决:恶意
- 开始时间2019-01-11T20:48:12+00:00
- 检举率:67%
- 签名:12
- 威胁等级:100
- 判决:恶意
- 开始时间2015-10-09T00:57:40+00:00
- 检举率:67%
- 签名:7
- 威胁等级:16
- 判决:可疑
谢谢问题在于,您不需要迭代
mitre_attcks
数组,也不一定需要使用try except
块来检查字典中是否存在键,您可以使用in
操作符和if
进行检查
这是您的问题的可能解决方案,您只需将“test.json”
路径调整为您自己的json文件的实际路径:
导入json
打开(“test.json”)作为json_文件:
analysis\u data=json.load(json\u文件)
report=“”
对于分析数据中的分析:
如果分析中出现“分析开始时间”:
报告+=“-开始时间:“+analysis[“analysis\u Start\u time”]+”\n\n
如果分析中出现“av_检测”:
报告+=“-检测:“+str(分析[“av_检测”])+”\n\n”
如果分析中出现“总签名”:
报告+=“-签名:”+str(分析[“总签名])+“\n\n”
如果分析中出现“威胁评分”:
报告+=“-威胁级别:”+str(分析[“威胁分数”])+“\n\n”
如果分析中出现“裁决”:
报告+=“-裁决:”+str(分析[“裁决”])+“\n\n”
如果分析中出现“斜接”:
报告+=“-斜接攻击:\n\n”
对于分析中的攻击[“mitre_attcks”]:
如果攻击中出现“可疑标识符计数”:
报告+=(
“\t-可疑id:”
+str(攻击[“可疑标识符计数”])
+“\n\n”
)
如果攻击中出现“恶意\u标识符\u计数”:
报告+=(
“\t-恶意用户id:”
+str(攻击[“恶意标识符计数”])
+“\n\n”
)
报告+=“\t”+“*”*20+“\n\n”
报告+=“-”*30+“\n\n”
打印(报告)
输出:
- Start time: 2020-10-24T17:29:00+00:00
- Detection: 67%
- Mitre Attacks:
- Suspicious id: 1
- Maliciuos id: 0
********************
- Suspicious id: 0
- Maliciuos id: 1
********************
------------------------------
- Start time: 2020-07-10T14:39:28+00:00
- Detection: 67%
- Signatures: 0
- Threat Level: None
- Verdict: malicious
- Mitre Attacks:
------------------------------
仅使用
除外:
将捕获所有错误。这通常不是你想要的。您的try块中似乎有一个keyrerror,因为i['mitre\u attcks']
是一个列表,需要在访问每个字段之前循环或索引。