关于XPath解析xml文档
解析文件
<AURORA> <vendor>绿盟科技</vendor> <product>远程安全评估系统</product> <version>V6.0R03F01SP02</version> <plug_version>V6.0R02F01.1804</plug_version> <TASK> <TASK_ID>58</TASK_ID> <TASK_NAME><![CDATA[扫描【10.62.144.54】]]></TASK_NAME> <TASK_TARGETS><![CDATA[10.62.144.54]]></TASK_TARGETS> <PLUGIN_TEMPLATE><![CDATA[自动匹配扫描]]></PLUGIN_TEMPLATE> <PLUGIN_TEMPLATE_VUL></PLUGIN_TEMPLATE_VUL> <START_TIME>2021-02-26 16:25:23</START_TIME> <END_TIME>2021-02-26 16:28:32</END_TIME> </TASK> <INFOS> <INFO> <TARGET_IP>10.62.144.54</TARGET_IP> <START_TIME>2021-02-26 16:25:26</START_TIME> <END_TIME>2021-02-26 16:28:30</END_TIME> <MESSS> <MESS> <MESS_TYPE>10</MESS_TYPE> <MESS_TYPE_NAME><![CDATA[端口信息]]></MESS_TYPE_NAME> <PLUGIN_ID></PLUGIN_ID> <PORT></PORT> <PROTO></PROTO> <MESS_STRING> <SP><![CDATA[3011]]></SP> <SP><![CDATA[tcp]]></SP> <SP><![CDATA[trusted-web]]></SP> <SP><![CDATA[open]]></SP> </MESS_STRING> </MESS> <MESS> <MESS_TYPE>5</MESS_TYPE> <MESS_TYPE_NAME><![CDATA[操作系统类型]]></MESS_TYPE_NAME> <PLUGIN_ID></PLUGIN_ID> <PORT></PORT> <PROTO></PROTO> <MESS_STRING> <SP><![CDATA[Linux]]></SP> <SP><![CDATA[]]></SP> </MESS_STRING> </MESS> </MESSS> </INFO> </INFOS> <VULS> <VUL> <TARGET_IP>10.62.144.54</TARGET_IP> <SEVERITYS> <SEVERITY> <VUL_ID>50638</VUL_ID> <PROTO>1</PROTO> <PORT>0</PORT> <SERVICE></SERVICE> <MESS_STRING><![CDATA[初始时间戳:00000000\n接收时间戳:01cd3683\n传递时间戳:01cd3683\n]]></MESS_STRING> </SEVERITY> <SEVERITY> <VUL_ID>50631</VUL_ID> <PROTO>1</PROTO> <PORT>0</PORT> <SERVICE></SERVICE> <MESS_STRING><![CDATA[路由跟踪列表:\n*\n136.63.45.77\n136.63.45.102\n*\n10.62.144.54\n]]></MESS_STRING> </SEVERITY> </SEVERITYS> </VUL> </VULS> <PLUGINS> <PLUGIN> <PLUGIN_ID>50631</PLUGIN_ID> <VUL_ID>50631</VUL_ID> <NAME>允许Traceroute探测</NAME> <CVE_ID></CVE_ID> <NSFOCUS_ID></NSFOCUS_ID> <BUGTRAQ_ID></BUGTRAQ_ID> <RISK>1.0</RISK> <SOLUTION><![CDATA[在防火墙中禁用Time Exceeded类型的ICMP包]]></SOLUTION> <DESCRIPTION><![CDATA[本插件使用Traceroute探测来获取扫描器与远程主机之间的路由信息。攻击者也可以利用这些信息来了解目标网络的网络拓扑。]]></DESCRIPTION> </PLUGIN> <PLUGIN> <PLUGIN_ID>50638</PLUGIN_ID> <VUL_ID>50638</VUL_ID> <NAME>ICMP timestamp请求响应漏洞</NAME> <CVE_ID>CVE-1999-0524</CVE_ID> <NSFOCUS_ID></NSFOCUS_ID> <BUGTRAQ_ID></BUGTRAQ_ID> <RISK>0.0</RISK> <SOLUTION><![CDATA[NSFOCUS建议您采取以下措施以降低威胁: * 在您的防火墙上过滤外来的ICMP timestamp(类型 13)报文以及外出的ICMP timestamp回复报文。]]></SOLUTION> <DESCRIPTION><![CDATA[远程主机会回复ICMP_TIMESTAMP查询并返回它们系统的当前时间。 这可能允许攻击者攻击一些基于时间认证的协议。]]></DESCRIPTION> </PLUGIN> </PLUGINS>
</AURORA>
public static void vulnCollects() { try { DocumentBuilderFactory documentBuilderFactory=DocumentBuilderFactory.newInstance() ; documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder=documentBuilderFactory.newDocumentBuilder(); String file="E:\\vuln\\report_standard_1086_22286_58.xml"; Document document=documentBuilder.parse(new File(file)); XPath xpath= XPathFactory.newInstance().newXPath(); String vulnFile="/AURORA/PLUGINS/PLUGIN"; NodeList nodeList= (NodeList) xpath.compile(vulnFile).evaluate(document, XPathConstants.NODESET); for(int i=0;i<nodeList.getLength();i++){ Node node=nodeList.item(i); Element element= (Element) node; System.out.println(element.getElementsByTagName("NAME").item(0).getTextContent()); } } catch (Exception e) { e.printStackTrace(); } }
public static void fileDuler(){ String file="E:\\vuln\\report_standard_1086_22286_58.xml"; File files=new File(file); if(files.exists()){ System.out.println("开始读取文件"); try { DocumentBuilderFactory documentBuilderFactory=DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder= documentBuilderFactory.newDocumentBuilder(); Document document=documentBuilder.parse(files); XPath xPath=XPathFactory.newInstance().newXPath(); String evaluate="/AURORA/product"; Node node = (Node) xPath.compile(evaluate).evaluate(document, XPathConstants.NODE); System.out.println(node.getTextContent()); } catch (Exception e) { e.printStackTrace(); } } }
public static void fileDulers(){ String file="E:\\vuln\\report_standard_1086_22286_58.xml"; File files=new File(file); if(files.exists()){ System.out.println("开始读取文件"); try { DocumentBuilderFactory documentBuilderFactory=DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder= documentBuilderFactory.newDocumentBuilder(); Document document=documentBuilder.parse(files); XPath xPath=XPathFactory.newInstance().newXPath(); String evaluate="/AURORA/VULS/VUL"; NodeList nodeList = (NodeList) xPath.compile(evaluate).evaluate(document, XPathConstants.NODESET); for(int i=0;i< nodeList.getLength();i++){ Node node=nodeList.item(i); Element element= (Element) node; System.out.println(element.getElementsByTagName("TARGET_IP").item(0).getTextContent()); NodeList nodeList1=element.getElementsByTagName("SEVERITY"); for(int j=0;j<nodeList1.getLength();j++){ Node node1=nodeList1.item(j); Element element1= (Element) node1; System.out.println("=VUL_ID"+element1.getElementsByTagName("VUL_ID").item(0).getTextContent()); } } } catch (Exception e) { e.printStackTrace(); } } }