我有一个输出块,如下所示:
- KB3167679 (MS16-101) (2 vulnerabilities)The following CVEs would be covered: CVE-2016-3300, CVE-2016-3237 - KB3114340 (MS16-099) (16 vulnerabilities)The following CVEs would be covered: CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, CVE-2014-6362
我能够轻松获得KB和MS值,但是我很难将所有CVE数字拉到后面。是否可以根据字符串“ - ”拆分输出,以便我得到这样的字符串:
- KB3167679 (MS16-101) (2 vulnerabilities)The following CVEs would be covered: CVE-2016-3300, CVE-2016-3237
- KB3114340 (MS16-099) (16 vulnerabilities)The following CVEs would be covered: CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, CVE-2014-6362
从这里开始,我想我可以用-AllMatches做一个正则表达式来获得我想要的东西。
答案 0 :(得分:0)
我会打开这些行,这样你的所有记录都是以连字符开头的单行,然后将字符串拆分为换行符。
'...' -replace '([:,])\n', '$1 ' -split '\n'
如果输入不是单个字符串,则首先通过Out-String管道输入。
将Select-String与正则表达式CVE-\d{4}-\d{4,}和参数-AllMatches一起使用(如您所疑)。
... | Select-String 'CVE-\d{4}-\d{4,}' -AllMatches |
ForEach-Object { $_.Matches.Value }
答案 1 :(得分:0)
我假设你想要保留KB / MS标识符和CVE代码之间的关系。
为此目的,我将填充哈希表,只需逐行读取文本,每次遇到KB行时都更新密钥:
# This hashtable will hold our data
$CVECoverage = @{}
$KB = 'Unknown'
# Read file line by line
Get-Content D:\test\nessus.txt |ForEach-Object {
# Check if line is a "header" line, grab the KB/MS ID
if($_ -like '- *')
{
$KB = $_.Substring(2, $_.IndexOf(')') - 1)
# If we don't already have a record of CVEs for this KB, create a new array
if(-not $CVECoverage.ContainsKey($KB)){
$CVECoverage[$KB] = @()
}
}
else
{
# Find CVEs and add to respective hashtable entry
foreach($CVE in $_ | Select-String -Pattern 'CVE-\d{4}-\d{4,}' -AllMatches)
{
$CVECoverage[$KB] += $CVE.Matches.Value
}
}
}
如果输入已经是一个大字符串,请使用以下内容将其拆分为单独的行:
$bigString -split "`r?`n" |ForEach-Object { ... }