这是我的示例输入文件:
{
"name": "756",
"children": [{
"name": "Process Activities",
"children": [{
"name": "LOAD LIBRARY::shell32.dll"
}, {
"name": "#REDCREATE PROCESS::DLL INJECTION INTO PROCESS WITH ID 680 App=[C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp /SL5=$1D0314,1364673,56832,C://Blues//file.s62451 ]"
}, {
"name": "#REDLOAD LIBRARY::comctl32.dll"
}, {
"name": "LOAD LIBRARY::C://Windows//system32//uxtheme.dll"
}, {
"name": "LOAD LIBRARY::dwmapi.dll"
}, {
"name": "LOAD LIBRARY::UxTheme.dll"
}, {
"name": "#REDPROCESS CREATE::C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp /SL5=$1D0314,1364673,56832,C://Blues//file.s62451"
}]
}, {
"name": "File Activities",
"children": [{
"name": "FILE READ::C://Blues//file.s62451"
}, {
"name": "FILE OPEN::<R>C://Blues//file.s62451"
}, {
"name": "FILE OPEN::<W>C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp"
}, {
"name": "#REDEXECUTABLE FILE WRITE::C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp"
}, {
"name": "FILE CLOSE::C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp"
}, {
"name": "FILE CLOSE::C://Blues//file.s62451"
}, {
"name": "FILE OPEN::<R>C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp"
}]
}, {
"name": "680",
"children": [{
"name": "Process Activities",
"children": [{
"name": "#REDCURRENT PROCESS::C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp"
}, {
"name": "LOAD LIBRARY::C://Windows//system32//uxtheme.dll"
}, {
"name": "LOAD LIBRARY::dwmapi.dll"
}, {
"name": "LOAD LIBRARY::ADVAPI32.dll"
}]
}, {
"name": "File Activities",
"children": [{
"name": "FILE OPEN::<R>C://Windows//Fonts//staticcache.dat"
}, {
"name": "FILE READ::C://Windows//Fonts//staticcache.dat"
}]
}]
}]
}
如果我有一个名为“处理活动”,“文件活动”,“注册表活动”或“网络活动”的子项,我必须删除该子项。所以这个过程就像树一样。
这是上面示例的输出:
{
"name": "756",
"children": [{
"name": "680",
"children": []
}
我尝试了以下内容: 这是我的代码:
import json
def infosorting(sample_dict):
if sample_dict["name"] not in ['Process Activities', 'File Activities', 'Registry Activities', 'Network Activities']:
for child in sample_dict["children"]:
if child["name"] in ['Process Activities', 'File Activities', 'Registry Activities', 'Network Activities']:
#sample_dict["children"].pop(sample_dict["children"].index(child))
sample_dict["children"].remove(child)
#del child
else:
infosorting(child)
else:
sample_dict ={}
return sample_dict
def main():
file_sample = open("/home/manchala/PdfJson/md5/file11.txt")
fs = file_sample.read()
sample_dict = json.loads(fs)
new_dict=infosorting(sample_dict)
print new_dict
if __name__=='__main__':
main()
但我得到这样的输出
{
u 'name': u '756', u 'children': [{
u 'name': u 'File Activities',
u 'children': [{
u 'name': u 'FILE READ::C://Blues//file.s62451'
}, {
u 'name': u 'FILE OPEN::<R>C://Blues//file.s62451'
}, {
u 'name': u 'FILE OPEN::<W>C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp'
}, {
u 'name': u '#REDEXECUTABLE FILE WRITE::C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp'
}, {
u 'name': u 'FILE CLOSE::C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp'
}, {
u 'name': u 'FILE CLOSE::C://Blues//file.s62451'
}, {
u 'name': u 'FILE OPEN::<R>C://Users//blues//AppData//Local//Temp//is-Q43LA.tmp//file.tmp'
}]
}, {
u 'name': u '680',
u 'children': [{
u 'name': u 'File Activities',
u 'children': [{
u 'name': u 'FILE OPEN::<R>C://Windows//Fonts//staticcache.dat'
}, {
u 'name': u 'FILE READ::C://Windows//Fonts//staticcache.dat'
}]
}]
}]
}
为什么我无法删除名为“文件活动”的孩子? 请帮我弄清楚我的代码中有什么问题并帮我纠正。