在Go中解析XML

huangapple go评论96阅读模式
英文:

Parsing xml in Go

问题

我想解析类似示例中结构化的XML的位。我一直遇到值为空的问题。这只是我正在处理的简化版本,只是为了显示问题。

package main

import (
        "encoding/xml"
        "fmt"
)

type Entry struct {
        VulnCveId   string  `xml:"entry>vuln:cve-id"`
}

func main() {
        v := Entry{}
        err := xml.Unmarshal([]byte(data), &v)
        if err != nil {
                fmt.Printf("error: %v", err)
                return
        }

        fmt.Println(v.VulnCveId)
}

const data = `
  <entry id="CVE-2005-4895">
    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
      <cpe-lang:logical-test negate="false" operator="OR">
        <cpe-lang:fact-ref name="cpe:/a:csilvers:gperftools:0.3" />
        <cpe-lang:fact-ref name="cpe:/a:csilvers:gperftools:0.2" />
        <cpe-lang:fact-ref name="cpe:/a:csilvers:gperftools:0.1" />
      </cpe-lang:logical-test>
    </vuln:vulnerable-configuration>
    <vuln:vulnerable-software-list>
      <vuln:product>cpe:/a:csilvers:gperftools:0.3</vuln:product>
      <vuln:product>cpe:/a:csilvers:gperftools:0.1</vuln:product>
      <vuln:product>cpe:/a:csilvers:gperftools:0.2</vuln:product>
    </vuln:vulnerable-software-list>
    <vuln:cve-id>CVE-2005-4895</vuln:cve-id>
    <vuln:published-datetime>2012-07-25T15:55:01.273-04:00</vuln:published-datetime>
    <vuln:last-modified-datetime>2012-08-09T00:00:00.000-04:00</vuln:last-modified-datetime>
    <vuln:cvss>
      <cvss:base_metrics>
        <cvss:score>5.0</cvss:score>
        <cvss:access-vector>NETWORK</cvss:access-vector>
        <cvss:access-complexity>LOW</cvss:access-complexity>
        <cvss:authentication>NONE</cvss:authentication>
        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
        <cvss:integrity-impact>NONE</cvss:integrity-impact>
        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
        <cvss:source>http://nvd.nist.gov</cvss:source>
        <cvss:generated-on-datetime>2012-07-26T08:38:00.000-04:00</cvss:generated-on-datetime>
      </cvss:base_metrics>
    </vuln:cvss>
    <vuln:cwe id="CWE-189" />
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>MISC</vuln:source>
      <vuln:reference href="http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/" xml:lang="en">http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>CONFIRM</vuln:source>
      <vuln:reference href="http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog" xml:lang="en">http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog</vuln:reference>
    </vuln:references>
    <vuln:summary>Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.</vuln:summary>
  </entry>
`

在这个实例中,v.VulnCveId为空。我做错了什么?

英文:

I'd like to parse bits of XML structured like those in the example. I keep running into values being empty. This is a simplified version of what I'm working with, just to show the issue.

package main

import (
        &quot;encoding/xml&quot;
        &quot;fmt&quot;
)

type Entry struct {
        VulnCveId   string  `xml:&quot;entry&gt;vuln:cve-id&quot;`
}

func main() {
        v := Entry{}
        err := xml.Unmarshal([]byte(data), &amp;v)
        if err != nil {
                fmt.Printf(&quot;error: %v&quot;, err)
                return
        }

        fmt.Println(v.VulnCveId)
}

const data = `
  &lt;entry id=&quot;CVE-2005-4895&quot;&gt;
    &lt;vuln:vulnerable-configuration id=&quot;http://nvd.nist.gov/&quot;&gt;
      &lt;cpe-lang:logical-test negate=&quot;false&quot; operator=&quot;OR&quot;&gt;
        &lt;cpe-lang:fact-ref name=&quot;cpe:/a:csilvers:gperftools:0.3&quot; /&gt;
        &lt;cpe-lang:fact-ref name=&quot;cpe:/a:csilvers:gperftools:0.2&quot; /&gt;
        &lt;cpe-lang:fact-ref name=&quot;cpe:/a:csilvers:gperftools:0.1&quot; /&gt;
      &lt;/cpe-lang:logical-test&gt;
    &lt;/vuln:vulnerable-configuration&gt;
    &lt;vuln:vulnerable-software-list&gt;
      &lt;vuln:product&gt;cpe:/a:csilvers:gperftools:0.3&lt;/vuln:product&gt;
      &lt;vuln:product&gt;cpe:/a:csilvers:gperftools:0.1&lt;/vuln:product&gt;
      &lt;vuln:product&gt;cpe:/a:csilvers:gperftools:0.2&lt;/vuln:product&gt;
    &lt;/vuln:vulnerable-software-list&gt;
    &lt;vuln:cve-id&gt;CVE-2005-4895&lt;/vuln:cve-id&gt;
    &lt;vuln:published-datetime&gt;2012-07-25T15:55:01.273-04:00&lt;/vuln:published-datetime&gt;
    &lt;vuln:last-modified-datetime&gt;2012-08-09T00:00:00.000-04:00&lt;/vuln:last-modified-datetime&gt;
    &lt;vuln:cvss&gt;
      &lt;cvss:base_metrics&gt;
        &lt;cvss:score&gt;5.0&lt;/cvss:score&gt;
        &lt;cvss:access-vector&gt;NETWORK&lt;/cvss:access-vector&gt;
        &lt;cvss:access-complexity&gt;LOW&lt;/cvss:access-complexity&gt;
        &lt;cvss:authentication&gt;NONE&lt;/cvss:authentication&gt;
        &lt;cvss:confidentiality-impact&gt;NONE&lt;/cvss:confidentiality-impact&gt;
        &lt;cvss:integrity-impact&gt;NONE&lt;/cvss:integrity-impact&gt;
        &lt;cvss:availability-impact&gt;PARTIAL&lt;/cvss:availability-impact&gt;
        &lt;cvss:source&gt;http://nvd.nist.gov&lt;/cvss:source&gt;
        &lt;cvss:generated-on-datetime&gt;2012-07-26T08:38:00.000-04:00&lt;/cvss:generated-on-datetime&gt;
      &lt;/cvss:base_metrics&gt;
    &lt;/vuln:cvss&gt;
    &lt;vuln:cwe id=&quot;CWE-189&quot; /&gt;
    &lt;vuln:references xml:lang=&quot;en&quot; reference_type=&quot;UNKNOWN&quot;&gt;
      &lt;vuln:source&gt;MISC&lt;/vuln:source&gt;
      &lt;vuln:reference href=&quot;http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/&quot; xml:lang=&quot;en&quot;&gt;http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/&lt;/vuln:reference&gt;
    &lt;/vuln:references&gt;
    &lt;vuln:references xml:lang=&quot;en&quot; reference_type=&quot;UNKNOWN&quot;&gt;
      &lt;vuln:source&gt;CONFIRM&lt;/vuln:source&gt;
      &lt;vuln:reference href=&quot;http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog&quot; xml:lang=&quot;en&quot;&gt;http://code.google.com/p/gperftools/source/browse/tags/perftools-0.4/ChangeLog&lt;/vuln:reference&gt;
    &lt;/vuln:references&gt;
    &lt;vuln:summary&gt;Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.&lt;/vuln:summary&gt;
  &lt;/entry&gt;
`

v.VulnCveId is empty in this instance. What am I doing wrong?

答案1

得分: 2

问题是你没有命名空间。你有一个前缀“vuln”,但它没有在任何地方声明。实际上,它甚至不是有效的XML。

将第一行改为:

<entry xmlns:vuln="http://my-namespace.com" id="CVE-2005-4895">

然后将你的结构标签改为:

`xml:"entry>http://my-namespace.com cve-id"`

然后你就可以继续了。

英文:

The problem is that you don't have a namespace. You have a prefix, "vuln", but it's not declared anywhere. It's actually not even valid XML.

Make the first line this:

&lt;entry xmlns:vuln=&quot;http://my-namespace.com&quot; id=&quot;CVE-2005-4895&quot;&gt;

then make your struct tag this

`xml:&quot;entry&gt;http://my-namespace.com cve-id&quot;`

and you should be good to go.

答案2

得分: 1

VulnCveId string xml:&quot;cve-id&quot;

这将返回一个非空的 v.VulnCveId

英文:

Note: the same query without the namespace: http://play.golang.org/p/Gh5WltGzw3

VulnCveId   string  `xml:&quot;cve-id&quot;`

That will return a non-empty v.VulnCveId.

答案3

得分: 1

VulnCveId string xml:"vuln cve-id" 这也可以使用空格代替冒号来命名空间。

英文:

VulnCveId string xml:&quot;vuln cve-id&quot; this can also work namespace use space instead of colon

答案4

得分: 0

这对我来说看起来几乎像是一个bug。

英文:

This looks like a bug almost to me.

huangapple
  • 本文由 发表于 2012年8月18日 02:56:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/12011622.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定