Subject: RE: [xsl] XSL with namespace from NVD From: Emmanuel Bégué <eb@xxxxxxxxxx> Date: Thu, 18 Jun 2009 22:22:20 +0200 |
Hello, You need to stay within the context of the matched b:entry element; modify your stylesheet thusly: <xsl:template match="b:entry"> <div> <xsl:number format="1."/> <xsl:value-of select="@name"/> <xsl:text> : </xsl:text> <xsl:value-of select="@CVSS_base_score"/> </div> </xsl:template> and you will get what you want. Regards, EB > -----Original Message----- > From: Badrul Anuar [mailto:askbard@xxxxxxxxx] > Sent: Thursday, June 18, 2009 9:24 PM > To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx > Subject: [xsl] XSL with namespace from NVD > > > HI > > I try to extract some information from the NVD datafeed. The data > is in XML. > I only want make some analysis on the data. > For the trial version, I try to extract some attributes, but the first > entry is repeated for every entry. > > For example. > > This is the XML: > the original XML can be found from > http://nvd.nist.gov/download/nvdcve-recent.xml > --------------XML-start----------------- > > <?xml version='1.0' encoding='UTF-8'?> > <nvd > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns="http://nvd.nist.gov/feeds/cve/1.2" > nvd_xml_version="1.2" pub_date="2009-06-18" > xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2 > http://nvd.nist.gov/schema/nvdcve.xsd"> > <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" > CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" > CVSS_impact_subscore="6.4" name="CVE-2009-0791" seq="2009-0791" > severity="Medium" type="CVE" published="2009-06-09" CVSS_version="2.0" > CVSS_score="6.8" modified="2009-06-09"> > <desc> > <descript source="cve">Multiple integer overflows in the > pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote > attackers to cause a denial of service (application crash) or possibly > execute arbitrary code via a crafted PDF file that triggers a > heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) > FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) > PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may > overlap CVE-2009-1179.</descript> > </desc> > <loss_types> > <avail /> > <conf /> > <int /> > </loss_types> > <range> > <network /> > <user_init /> > </range> > <refs> > <ref source="CONFIRM" patch="1" > url="https://bugzilla.redhat.com/show_bug.cgi?id=491840">https://b ugzilla.redhat.com/show_bug.cgi?id=491840</ref> > </refs> > <vuln_soft> > <prod vendor="apple" name="cups"> > <vers num="1.3.7" /> > </prod> > </vuln_soft> > </entry> > <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" > CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" > CVSS_impact_subscore="2.9" name="CVE-2009-0949" seq="2009-0949" > severity="Medium" type="CVE" published="2009-06-09" CVSS_version="2.0" > CVSS_score="5.0" modified="2009-06-09"> > <desc> > <descript source="cve">The ippReadIO function in > cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize > memory for IPP request packets, which allows remote attackers to cause > a denial of service (NULL pointer dereference and daemon crash) via a > scheduler request with two consecutive IPP_TAG_UNSUPPORTED > tags.</descript> > </desc> > <loss_types> > <avail /> > </loss_types> > <range> > <network /> > </range> > <refs> > <ref source="DEBIAN" patch="1" > url="http://www.debian.org/security/2009/dsa-1811">DSA-1811</ref> > <ref source="SECUNIA" > url="http://secunia.com/advisories/35322" adv="1">35322</ref> > </refs> > <vuln_soft> > <prod vendor="apple" name="cups"> > <vers num="1.1" /> > </prod> > </vuln_soft> > </entry> > <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" > CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" > CVSS_impact_subscore="2.9" name="CVE-2009-1196" seq="2009-1196" > severity="Medium" type="CVE" published="2009-06-09" CVSS_version="2.0" > CVSS_score="5.0" modified="2009-06-09"> > <desc> > <descript source="cve">The directory-services > functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote > attackers to cause a denial of service (cupsd daemon outage or crash) > via manipulations of the timing of CUPS browse packets, related to a > "pointer use-after-delete flaw."</descript> > </desc> > <loss_types> > <avail /> > </loss_types> > <range> > <network /> > </range> > <refs> > <ref source="SECUNIA" > url="http://secunia.com/advisories/35340" adv="1">35340</ref> > </refs> > <vuln_soft> > <prod vendor="apple" name="cups"> > <vers num="1.1.17" /> > <vers num="1.1.22" /> > </prod> > </vuln_soft> > </entry> > > </nvd> > > --------------XML-end----------------- > > And I use the XSL with this code > > ----XSL-start------------ > <?xml version="1.0" encoding="utf-8"?> > <xsl:stylesheet > xmlns:xsl="http://www.w3.org/1999/XSL/Transform" > xmlns:b="http://nvd.nist.gov/feeds/cve/1.2" > version="1.0"> > <xsl:output method="html"/> > > <xsl:template match="//b:entry"> > > <div> > <xsl:number format="1."/> > <xsl:value-of select="//b:entry/@name"/> > <xsl:text> : </xsl:text> > > <xsl:value-of select="//b:entry/@CVSS_base_score"/> > </div> > > </xsl:template> > </xsl:stylesheet> > > -----XSL-end---------- > > the output is > 1.CVE-2009-0791 : 6.8 > 2.CVE-2009-0791 : 6.8 > 3.CVE-2009-0791 : 6.8 > > > My question is how to make sure the output is taken for each entry. > I would like to have the output like > 1.CVE-2009-0791 : 6.8 > 2.CVE-2009-0949 : 5.0 > 3.CVE-2009-1196 : 5.0 > > > Thank you in advance
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] XSL with namespace from N, G. Ken Holman | Thread | [xsl] child nodes and regex, Terry Ofner |
Re: [xsl] XSL with namespace from N, G. Ken Holman | Date | Re: [xsl] redirect output of transf, Mike Sokolov |
Month |