我使用elementtree来解析XML文件并将数据放入sqlite数据库。我遇到了一个问题,我认为可以通过一些更好的逻辑来解决,我很可能会错过这个问题。我收到了local variable 'netbios_name' referenced before assignment错误,operating_system变量就是这种情况。我理解为什么我会这样做,但我不确定如何解决这个问题。
任何帮助都将不胜感激。
示例XML数据
<ReportHost name="192.168.26.11"><HostProperties>
<tag name="HOST_END">Sat Apr 25 11:36:08 2015</tag>
<tag name="LastUnauthenticatedResults">1223744168</tag>
<tag name="Credentialed_Scan">false</tag>
<tag name="policy-used">Advanced Scan</tag>
<tag name="patch-summary-total-cves">5</tag>
<tag name="cpe-0">cpe:/o:microsoft:windows_2003_server::sp2 -> Microsoft Windows 2003 Server Service Pack 2</tag>
<tag name="system-type">general-purpose</tag>
<tag name="operating-system">Microsoft Windows Server 2003 Service Pack 2</tag>
<tag name="mac-address">00:1f:19:f5:14:34</tag>
<tag name="traceroute-hop-2">192.168.26.11</tag>
<tag name="traceroute-hop-1">10.100.1.249</tag>
<tag name="traceroute-hop-0">10.100.1.254</tag>
<tag name="host-ip">192.168.26.11</tag>
<tag name="netbios-name">PLUTOAPP01</tag>
<tag name="HOST_START">Sat Apr 25 10:20:43 2015</tag>
</HostProperties>
示例问题代码
def get_details(nessus_file):
db = sqlite3.connect('database.sqlite')
cursor = db.cursor()
try:
tree = ET.parse(nessus_file)
for reporthost in tree.findall('/Report/ReportHost'):
host = reporthost.get('name')
for tag in reporthost.findall('.//HostProperties/tag'):
if tag.get('name') == 'netbios-name':
netbios_name = tag.text
elif tag.get('name') == 'operating-system':
operating_system = tag.text
else:
pass
#The if statements above^ are causing my issues along with the execute statement below
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
for item in reporthost.findall('ReportItem'):
sev = item.get('severity')
name = item.get('pluginName')
description = item.findtext('description')
pluginid = item.get('pluginID')
cursor.execute('INSERT INTO vulns(pluginName, severity, description, pluginID) VALUES(?,?,?,?)', (name,sev,description,pluginid,))
for cve in item.getiterator('cve'):
cursor.execute('INSERT INTO cves(cve) VALUES(?)', (cve.text,))
db.commit()
db.close()
except Exception as e:
print e
exit()
create_db()
get_details('file.nessus')
答案 0 :(得分:4)
您正尝试为每个此类标记插入netbios名称和操作系统 。您需要将插入移出for循环,并为两个变量设置默认值:
netbios_name = operating_system = None
for tag in reporthost.findall('.//HostProperties/tag'):
if tag.get('name') == 'netbios-name':
netbios_name = tag.text
elif tag.get('name') == 'operating-system':
operating_system = tag.text
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
如果XML文档中不存在任何值,则会插入NULL值。
由于您只查找两个标记,您还可以通过过滤属性值来搜索特定元素:
netbios_name = reporthost.find('.//HostProperties/tag[@name="netbios-name"]')
netbios_name = netbios_name and netbios.text
operating_system = reporthost.find('.//HostProperties/tag[@name="operating-system"]')
operating_system = operating_system and operating_system.text
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
[@attrib="value"]语法指示ElementTree查找具有该属性和值的标记; .find()方法查找第一个此类标记,如果缺少则返回None。然后,下一行将变量设置为None或从找到的标记中提取文本。