我有以下字符串。
result = '[
{
"id": 668,
"overview": "All versions of `react-marked-markdown` are vulnerable to cross-site scripting (XSS) via `href` attributes. This is exploitable if user is provided to `react-marked-markdown`\n\nProof of concept:\n\n```\nimport React from 'react'\nimport ReactDOM from 'react-dom'\nimport { MarkdownPreview } from 'react-marked-markdown'\n\nReactDOM.render(\n<MarkdownPreview\nmarkedOptions={{ sanitize: true }}\nvalue={'[XSS](javascript: alert`1`)'}\n/>,\ndocument.getElementById('root')\n)\n```",
"recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
"cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"cvss_score": 9.3,
"module": "react-marked-markdown"
},
{
"id": 577,
"overview": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n",
"recommendation": "Update to version 4.17.5 or later.",
"cvss_vector": null,
"cvss_score": 2,
"module": "lodash",
"version": "3.10.1"
}
]'
如何从此字符串中删除“概述”字段和值。因为当我尝试使用“ $ {JsonOutput.toJson(result)}”将该字符串转换为JSON对象时,因为此概述部分包含{},它给了我解析错误。
这是我尝试过的
result=result | sed 's/"overview":*\\(","\)/\\1/g'
有人可以在这里帮助我吗?
上面的字符串应该像这样
[
{
"id": 668,
"recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
"cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"cvss_score": 9.3,
"module": "react-marked-markdown"
},
{
"id": 577,
"recommendation": "Update to version 4.17.5 or later.",
"cvss_vector": null,
"cvss_score": 2,
"module": "lodash",
"version": "3.10.1"
}
]
以便我可以将其转换为JSON对象。
答案 0 :(得分:2)
您需要使用JSON解析器来解析JSON数据。如您所见,尝试使用正则表达式太脆弱了。
首先,将棘手的字符串存储到变量中以进行测试:使用带引号的heredoc:
$ result=$(cat <<'END'
[
{
"id": 668,
"overview": "All versions of `react-marked-markdown` are vulnerable to cross-site scripting (XSS) via `href` attributes. This is exploitable if user is provided to `react-marked-markdown`\n\nProof of concept:\n\n```\nimport React from 'react'\nimport ReactDOM from 'react-dom'\nimport { MarkdownPreview } from 'react-marked-markdown'\n\nReactDOM.render(\n<MarkdownPreview\nmarkedOptions={{ sanitize: true }}\nvalue={'[XSS](javascript: alert`1`)'}\n/>,\ndocument.getElementById('root')\n)\n```",
"recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
"cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"cvss_score": 9.3,
"module": "react-marked-markdown"
},
{
"id": 577,
"overview": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n",
"recommendation": "Update to version 4.17.5 or later.",
"cvss_vector": null,
"cvss_score": 2,
"module": "lodash",
"version": "3.10.1"
}
]
END
)
然后,使用jq
删除概述键$ new_json=$(echo "$result" | jq 'map(del(.overview))')
$ echo "$new_json"
[
{
"id": 668,
"recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
"cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"cvss_score": 9.3,
"module": "react-marked-markdown"
},
{
"id": 577,
"recommendation": "Update to version 4.17.5 or later.",
"cvss_vector": null,
"cvss_score": 2,
"module": "lodash",
"version": "3.10.1"
}
]