我试图使用以下命令将JSON文件转换成XML,其中使用JQ和XMSTARTLET
jq -r 'def walk(f): . as $in | if type == "object" then reduce keys_unsorted[] as $key (.; .[$key] = ($in[$key] | walk(f))) | f else f end; walk(tostring) | gsub("&"; "&")' input.json | xmlstarlet fo --omit-decl --indent-tab > output.xml但失败,出现以下错误
-:1.1: Start tag expected, '<' not found
{"@programName":"OWASP ZAP","@version":"D-2023-05-30","@generated":"Wed, 31 May
^我通过在线验证器验证了我的JSON文件,它看起来是正确的。
我的input.json如下
{
"@programName": "OWASP ZAP",
"@version": "D-2023-05-30",
"@generated": "Wed, 31 May 2023 16:25:43",
"site":[
{
"@name": "http://127.0.0.1:8000",
"@host": "127.0.0.1",
"@port": "8000",
"@ssl": "false",
"alerts": [
{
"pluginid": "10038",
"alertRef": "10038-1",
"alert": "Content Security Policy (CSP) Header Not Set",
"name": "Content Security Policy (CSP) Header Not Set",
"riskcode": "2",
"confidence": "3",
"riskdesc": "Medium (High)",
"desc": "<p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p>",
"instances":[
{
"uri": "http://127.0.0.1:8000",
"method": "GET",
"param": "",
"attack": "",
"evidence": "",
"otherinfo": ""
},
{
"uri": "http://127.0.0.1:8000/robots.txt",
"method": "GET",
"param": "",
"attack": "",
"evidence": "",
"otherinfo": ""
},
{
"uri": "http://127.0.0.1:8000/sitemap.xml",
"method": "GET",
"param": "",
"attack": "",
"evidence": "",
"otherinfo": ""
}
],
"count": "3",
"solution": "<p>Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.</p>",
"otherinfo": "",
"reference": "<p>https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy</p><p>https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html</p><p>http://www.w3.org/TR/CSP/</p><p>http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html</p><p>http://www.html5rocks.com/en/tutorials/security/content-security-policy/</p><p>http://caniuse.com/#feat=contentsecuritypolicy</p><p>http://content-security-policy.com/</p>",
"cweid": "693",
"wascid": "15",
"sourceid": "1"
}
]
}
]
}我不知道我在这里做错了什么?
我实际上想将JSON转换为Junit格式的XML
<testsuites>
<testsuite tests="1" failures="1" name="127.0.0.1 - OWASP ZAP">
<properties>
<property name="type" value="OWASP ZAP"/>
</properties>
<testcase classname="Content Security Policy (CSP) Header Not Set" failures="3" name="[Medium] - Content Security Policy (CSP) Header Not Set" file="">
<failure message="Content Security Policy (CSP) Header Not Set" type="failure">Description: Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files. URIs Reported(3): - http://127.0.0.1:8000 - http://127.0.0.1:8000/robots.txt - http://127.0.0.1:8000/sitemap.xml Solution: Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header. OtherInfo: Reference: - https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy - https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html - http://www.w3.org/TR/CSP/ - http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html - http://www.html5rocks.com/en/tutorials/security/content-security-policy/ - http://caniuse.com/#feat=contentsecuritypolicy - http://content-security-policy.com/</failure>
</testcase>
</testsuite>
</testsuites>警报数量成为标签“count”的失败和测试计数:“3”将成为标签URL连接的失败计数,并显示在“报告的URI(3):”之后的标签下
我发现了这个问题和一些有趣的答案。Is it possible to convert from JSON or YAML to XML using jq/yq/xq
我尝试使用上面提到的过滤器“json_to_xml.jq”,并使用下面的命令
jq -Rf json_to_xml.jq input.json > output.xml
它给出了以下格式的XML结果,但我需要在上述所需的格式结果
<site name="http://127.0.0.1:8000" host="127.0.0.1" port="8000" ssl="false"><alerts><pluginid>10038</pluginid><alertRef>10038-1</alertRef><alert>Content Security Policy (CSP) Header Not Set</alert><name>Content Security Policy (CSP) Header Not Set</name><riskcode>2</riskcode><confidence>3</confidence><riskdesc>Medium (High)</riskdesc><desc><p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p></desc><instances><uri>http://127.0.0.1:8000</uri><method>GET</method><param></param><attack></attack><evidence></evidence><otherinfo></otherinfo></instances><instances><uri>http://127.0.0.1:8000/robots.txt</uri><method>GET</method><param></param><attack></attack><evidence></evidence><otherinfo></otherinfo></instances><instances><uri>http://127.0.0.1:8000/sitemap.xml</uri><method>GET</method><param></param><attack></attack><evidence></evidence><otherinfo></otherinfo></instances><count>3</count><solution><p>Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.</p></solution><otherinfo></otherinfo><reference><p>https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy</p><p>https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html</p><p>http://www.w3.org/TR/CSP/</p><p>http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html</p><p>http://www.html5rocks.com/en/tutorials/security/content-security-policy/</p><p>http://caniuse.com/#feat=contentsecuritypolicy</p><p>http://content-security-policy.com/</p></reference><cweid>693</cweid><wascid>15</wascid><sourceid>1</sourceid></alerts></site>
1条答案
按热度按时间zlhcx6iw1#
非常不清楚哪些元素是如何相互关联的(特别是在迭代过程中,因为示例只提供了一个集合,并且在许多边缘情况下都没有达到),但是这里有一种方法(至少对于初学者来说)如何使用xq将示例JSON结构转换为示例XML(它执行JSON <->XML转换,并在引擎盖下使用jq):