I am processing a batch of vulnerability reports and and my XPath syntax is not working as I expect.
The block of code:
for ($xc->findnodes( 'fndvuln', $host)) {
$fnd_vuln_id = $_->findvalue('./@id');
print "\n";
print $fnd_vuln_id . "\n";
$commonRecord{"nCircleVulnID"} = $fnd_vuln_id;
# The Vulnerabliliy descriptions are in /audit/vulnerabilities
for $vuln ( $xc->findnodes("/audit/vulnerabilities/vuln[\@id = '$f
+nd_vuln_id']")) {
$commonRecord{"nCircleVulnName"} = $xc->findvalue('vname', $vu
+ln);
$commonRecord{"nCircleVulnScore"} = $xc->findvalue('vscore', $
+vuln);
$commonRecord{"nCircleVulnRisk"} = $xc->findvalue('risk', $vul
+n);
$commonRecord{"nCircleVulnSkill"} = $xc->findvalue('skill', $v
+uln);
$commonRecord{"nCircleVulnStrategy"} = $xc->findvalue('strateg
+y', $vuln);
$commonRecord{"nCircleVulnDesc"} = &clean( $xc->findvalue( 'vd
+escription', $vuln));
# This is where the issue is:
if ( $xc->findnodes( 'advisories/cve', $vuln )) {
for ( $xc->findvalue( 'advisories/cve', $vuln )) {
print $_ . "\n";
push ( @cve_records, $_ );
}
}
}
And the XML that it is reading:
<audit>
<devices>
<host id="125861" persistent_id="20164">
<fndvuln id="3522" port="161" proto="udp"/>
</host>
</devices>
<vulnerabilities>
<vuln id="3522">
<vname>
SNMP System Description Available (system.sysDescr)</vname>
<vscore>48</vscore>
<risk>Exposure</risk>
<skill>Automated Exploit</skill>
<strategy>Network Reconnaissance</strategy>
<vdescription>
The SNMP System Description (sys.sysDescr, OID=.iso.3.6.1.2.1.1.1.0) i
+s remotely available. This can give detailed operating system, build,
+ and version information about the target.
</vdescription>
<advisories>
<cve>CVE: CVE-1999-0516</cve>
<cve>CVE: CVE-1999-0517</cve>
</advisories>
</vuln>
Note the there are multiple <cve></cve> elements but are concatenated in the output:
3522
CVE: CVE-1999-0516CVE: CVE-1999-0517
How do I make the for loop read the <cve> elements individually so that I can push them onto the array?
As always, thanks for any input...
Scott