Question

我有这个JSON文件：

{
  "vulnerable_configuration_cpe_2_2": [
    "cpe:/o:apple:apple_tv:9.1",
    "cpe:/o:apple:watchos:2.1",
    "cpe:/o:apple:iphone_os:9.2",
    "cpe:/o:apple:mac_os_x:10.11.2"
  ],
  "vulnerable_configuration": [
    {
      "title": "cpe:2.3:o:apple:apple_tv:9.1",
      "id": "cpe:2.3:o:apple:apple_tv:9.1"
    },
    {
      "title": "cpe:2.3:o:apple:watchos:2.1",
      "id": "cpe:2.3:o:apple:watchos:2.1"
    },
    {
      "title": "cpe:2.3:o:apple:iphone_os:9.2",
      "id": "cpe:2.3:o:apple:iphone_os:9.2"
    },
    {
      "title": "cpe:2.3:o:apple:mac_os_x:10.11.2",
      "id": "cpe:2.3:o:apple:mac_os_x:10.11.2"
    }
  ],
  "summary": "The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",
  "references": [
    "https://support.apple.com/HT206168",
    "https://support.apple.com/HT205732",
    "https://support.apple.com/HT205731",
    "https://support.apple.com/HT205729",
    "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html",
    "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html",
    "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html",
    "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
  ],
  "Modified": "2016-03-29T19:01:26.810-04:00",
  "Published": "2016-02-01T06:59:01.090-05:00",
  "access": {
    "vector": "LOCAL",
    "complexity": "LOW",
    "authentication": "NONE"
  },
  "cvss": 7.2,
  "cvss-time": "2016-03-29T09:43:55.537-04:00",
  "cwe": "CWE-119",
  "id": "CVE-2016-1717",
  "impact": {
    "integrity": "COMPLETE",
    "confidentiality": "COMPLETE",
    "availability": "COMPLETE"
  }

我想使用JQ或任何Linux工具删除以下数据

访问（包括向量，复杂性，身份验证）
引用：仅限第一个或第一个参考
CVSS时间
vulnerability_configuration_cpe_2_2（Incluide cpe：/ o：apple：apple_tv：9.1，等）

结果，我希望它是这样的：

{
  "vulnerable_configuration": [
    {
      "title": "cpe:2.3:o:apple:apple_tv:9.1",
      "id": "cpe:2.3:o:apple:apple_tv:9.1"
    },
    {
      "title": "cpe:2.3:o:apple:watchos:2.1",
      "id": "cpe:2.3:o:apple:watchos:2.1"
    },
    {
      "title": "cpe:2.3:o:apple:iphone_os:9.2",
      "id": "cpe:2.3:o:apple:iphone_os:9.2"
    },
    {
      "title": "cpe:2.3:o:apple:mac_os_x:10.11.2",
      "id": "cpe:2.3:o:apple:mac_os_x:10.11.2"
    }
  ],
  "summary": "The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",
  "references": [
    "https://support.apple.com/HT206168",
   ],
  "Modified": "2016-03-29T19:01:26.810-04:00",
  "Published": "2016-02-01T06:59:01.090-05:00",
  "cvss": 7.2,
  "cwe": "CWE-119",
  "id": "CVE-2016-1717",
  "impact": {
    "integrity": "COMPLETE",
    "confidentiality": "COMPLETE",
    "availability": "COMPLETE"
  }

我试试

cat file.json | jq ('del(.cvss-time)' and 'access')

但没有工作

我必须使用什么命令JQ？或者我可以使用什么工具？

坦克！

Answer 1

以下jq＆gt; = 1.5的过滤器符合您的要求：

del(.access)
| .references |= [.[0]]
| del(."cvss-time")
| del(.vulnerable_configuration_cpe_2_2)

如果您使用的是jq 1.4，请使用del(.["cvss-time"])代替del(."cvss-time")。

使用JQ或任何Linux工具删除或解析JSON文件中的数据

1 个答案: