英文:
Convert JSON from Gitlab to CSV with JQ
问题
以下是您要翻译的内容:
"vulnerabilities": [
{
"id": "CVE-2015-5186",
"category": "container_scanning",
"message": "Audit: log terminal emulator escape sequences handling",
"description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.",
"cve": "CVE-2015-5186",
"severity": "Medium",
"solution": "No solution provided",
"scanner": {
"id": "trivy",
"name": "trivy"
},
"location": {
"dependency": {
"package": {
"name": "audit-libs"
},
"version": "2.8.5-4.el7"
},
"operating_system": "Unknown",
"image": "image.tar"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2015-5186",
"value": "CVE-2015-5186",
"url": "example.com"
}
],
"links": [{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
}
]
}
]
- echo "id, message, description, severity, name, version, identifiers" > $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
- jq -r '.vulnerabilities | map([.id, .message, .description, .severity, (.location | .dependency, .package, .name), (.location | .dependency, .version), (.identifiers | .0, .type), (.identifiers | .0, .name), (.identifiers | .0, .value), (.identifiers | .0, .url)] | join(", ")) | join("\n")' $CI_PROJECT_DIR/reports/gl-container-scanning-report.json >> $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
这是您当前的jq语句,但似乎有一些问题。
$ jq -r '.vulnerabilities | map([.id, .message, .description, .severity, (.location | .dependency, .package, .name), (.location | .dependency, .version), (.identifiers | .0, .type), (.identifiers | .0, .name), (.identifiers | .0, .value), (.identifiers | .0, .url)] | join(", ")) | join("\n")' $CI_PROJECT_DIR/reports/gl-container-scanning-report.json >> $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
jq: error (at /builds/group/subgroup/project/reports/gl-container-scanning-report.json:34424): Cannot index array with string "type"
我也尝试稍微修改以删除标识符,但结果如下。
$ echo "id, message, description, severity, name, version" > $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
$ jq -r '.vulnerabilities | map([.id, .message, .description, .severity, (.location | .dependency, .package, .name), (.location | .dependency, .version)] | join(", ")) | join("\n")' $CI_PROJECT_DIR/reports/gl-container-scanning-report.json >> $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
jq: error (at /builds/jdiss/fdtm/galelisten/reports/gl-container-scanning-report.json:34424): string ("CVE-2015-5...) and object ({"package":...) cannot be added
我正在尝试弄清楚位置信息,以便获取包名称及其版本。
我也尝试获取标识符信息。
您知道我可能遗漏了什么吗?
英文:
I am currently trying to create a json convert job in gitlab and I am running into issues with jq.
The following is the output from gitlab after doing container scanning and I am trying to convert it to a csv by using jq to get the information I want.
This is so I can include a readable csv as a build artifact.
"vulnerabilities": [
{
"id": "CVE-2015-5186",
"category": "container_scanning",
"message": "Audit: log terminal emulator escape sequences handling",
"description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.",
"cve": "CVE-2015-5186",
"severity": "Medium",
"solution": "No solution provided",
"scanner": {
"id": "trivy",
"name": "trivy"
},
"location": {
"dependency": {
"package": {
"name": "audit-libs"
},
"version": "2.8.5-4.el7"
},
"operating_system": "Unknown",
"image": "image.tar"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2015-5186",
"value": "CVE-2015-5186",
"url": "example.com"
}
],
"links": [{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
},{
"url": "example.com"
}
]
}
The following is my current jq statement and I am not sure what I am missing to make this work.
- echo "id, message, description, severity, name, version, identifiers" > $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
- jq -r '.vulnerabilities | map([.id, .message, .description, .severity, (.location | .dependency, .package, .name), (.location | .dependency, .version), (.identifiers | .0, .type), (.identifiers | .0, .name), (.identifiers | .0, .value), (.identifiers | .0, .url)] | join(", ")) | join("\n")' $CI_PROJECT_DIR/reports/gl-container-scanning-report.json >> $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
which results in
$ jq -r '.vulnerabilities | map([.id, .message, .description, .severity, (.location | .dependency, .package, .name), (.location | .dependency, .version), (.identifiers | .0, .type), (.identifiers | .0, .name), (.identifiers | .0, .value), (.identifiers | .0, .url)] | join(", ")) | join("\n")' $CI_PROJECT_DIR/reports/gl-container-scanning-report.json >> $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
jq: error (at /builds/group/subgroup/project/reports/gl-container-scanning-report.json:34424): Cannot index array with string "type"
I have also tried slightly modifying to remove the identifiers which resulted in this.
$ echo "id, message, description, severity, name, version" > $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
$ jq -r '.vulnerabilities | map([.id, .message, .description, .severity, (.location | .dependency, .package, .name), (.location | .dependency, .version)] | join(", ")) | join("\n")' $CI_PROJECT_DIR/reports/gl-container-scanning-report.json >> $CI_PROJECT_DIR/reports/${IMAGENAME}-trivy.csv
jq: error (at /builds/jdiss/fdtm/galelisten/reports/gl-container-scanning-report.json:34424): string ("CVE-2015-5...) and object ({"package":...) cannot be added
I am trying to figure out the location stuff so I can get the package name and its version.
I am also trying to get the identifiers information.
Any idea what I might be missing?
答案1
得分: 2
以下是您要翻译的内容:
"你似乎对 . (对象标识符索引)、, (逗号) 和 | (管道) 的用法感到困惑。
如果您想要访问以下 JSON 对象的 package:
{
"location": {
"dependency": {
"package": {
"name": "audit-libs"
},
"version": "2.8.5-4.el7"
},
"operating_system": "Unknown",
"image": "image.tar"
}
}
语法是 .location | .dependency | .package 或 .location.dependency.package(但不是 .location, .dependency, .package;后者是您的 JSON 中来自同一级的 3 个属性流)。
数组的元素使用 [0] 访问,而不是 .0(.0 是十进制数 0.0)。
现在,如果您想要 CSV,更容易使用内置的 @csv 过滤器。您不需要为标题使用 echo,jq 可以很好地添加标题:
["id", "message", "description", "severity", "name", "version", "identifiers"],
(
.vulnerabilities[]
| [
.id,
.message,
.description,
.severity,
(.location.dependency | .package.name, .version),
(.identifiers[0] | .type, .name, .value, .url)
]
) | @csv
(Raw) 输出:
"id","message","description","severity","name","version","identifiers"
"CVE-2015-5186","Audit: log terminal emulator escape sequences handling","Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.","Medium","audit-libs","2.8.5-4.el7","cve","CVE-2015-5186","CVE-2015-5186","example.com"
进一步阅读:https://stackoverflow.com/questions/32960857/how-to-convert-arbitrary-simple-json-to-csv-using-jq
英文:
You seem to be confused about the usage of . (object identifier-index), , (comma), and | (pipe).
If you want to access the package of the following JSON object:
{
"location": {
"dependency": {
"package": {
"name": "audit-libs"
},
"version": "2.8.5-4.el7"
},
"operating_system": "Unknown",
"image": "image.tar"
}
}
the syntax is .location | .dependency | .package or .location.dependency.package (but not .location, .dependency, .package; the latter is a stream of 3 properties all from the same level in your JSON).
Elements of an array are accessed with [0] and not with .0 (.0 is the decimal number 0.0).
Now, if you want CSV, it is easier to use the builtin @csv filter. You don't need that echo for the headers either, jq can add the headers just fine:
["id", "message", "description", "severity", "name", "version", "identifiers"],
(
.vulnerabilities[]
| [
.id,
.message,
.description,
.severity,
(.location.dependency | .package.name, .version),
(.identifiers[0] | .type, .name, .value, .url)
]
) | @csv
(Raw) output:
"id","message","description","severity","name","version","identifiers"
"CVE-2015-5186","Audit: log terminal emulator escape sequences handling","Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.","Medium","audit-libs","2.8.5-4.el7","cve","CVE-2015-5186","CVE-2015-5186","example.com"
Further reading: https://stackoverflow.com/questions/32960857/how-to-convert-arbitrary-simple-json-to-csv-using-jq
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论