[XSL-LIST Mailing List Archive Home] [By Thread] [By Date]

[xsl] XSL with namespace from NVD

Subject: [xsl] XSL with namespace from NVD
From: Badrul Anuar <askbard@xxxxxxxxx>
Date: Thu, 18 Jun 2009 20:24:15 +0100
HI

I try to extract some information from the NVD datafeed. The data is in XML.
I only want make some analysis on the data.
For the trial version, I try to extract some attributes, but the first
entry is repeated for every entry.

For example.

This is the XML:
the original XML can be found from
http://nvd.nist.gov/download/nvdcve-recent.xml
--------------XML-start-----------------

<?xml version='1.0' encoding='UTF-8'?>
<nvd
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://nvd.nist.gov/feeds/cve/1.2"
  nvd_xml_version="1.2" pub_date="2009-06-18"
  xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2
http://nvd.nist.gov/schema/nvdcve.xsd">
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)"
CVSS_base_score="6.8" CVSS_exploit_subscore="8.6"
CVSS_impact_subscore="6.4" name="CVE-2009-0791" seq="2009-0791"
severity="Medium" type="CVE" published="2009-06-09" CVSS_version="2.0"
CVSS_score="6.8" modified="2009-06-09">
        <desc>
            <descript source="cve">Multiple integer overflows in the
pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted PDF file that triggers a
heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2)
FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5)
PSOutputDev.cxx in pdftops/.  NOTE: the JBIG2Stream.cxx vector may
overlap CVE-2009-1179.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="CONFIRM" patch="1"
url="https://bugzilla.redhat.com/show_bug.cgi?id=491840">https://bugzilla.redhat.com/show_bug.cgi?id=491840</ref>
              </refs>
        <vuln_soft>
            <prod vendor="apple" name="cups">
               <vers num="1.3.7" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)"
CVSS_base_score="5.0" CVSS_exploit_subscore="10.0"
CVSS_impact_subscore="2.9" name="CVE-2009-0949" seq="2009-0949"
severity="Medium" type="CVE" published="2009-06-09" CVSS_version="2.0"
CVSS_score="5.0" modified="2009-06-09">
        <desc>
            <descript source="cve">The ippReadIO function in
cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize
memory for IPP request packets, which allows remote attackers to cause
a denial of service (NULL pointer dereference and daemon crash) via a
scheduler request with two consecutive IPP_TAG_UNSUPPORTED
tags.</descript>
        </desc>
        <loss_types>
            <avail />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="DEBIAN" patch="1"
url="http://www.debian.org/security/2009/dsa-1811">DSA-1811</ref>
               <ref source="SECUNIA"
url="http://secunia.com/advisories/35322" adv="1">35322</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="cups">
                <vers num="1.1" />
                </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)"
CVSS_base_score="5.0" CVSS_exploit_subscore="10.0"
CVSS_impact_subscore="2.9" name="CVE-2009-1196" seq="2009-1196"
severity="Medium" type="CVE" published="2009-06-09" CVSS_version="2.0"
CVSS_score="5.0" modified="2009-06-09">
        <desc>
            <descript source="cve">The directory-services
functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote
attackers to cause a denial of service (cupsd daemon outage or crash)
via manipulations of the timing of CUPS browse packets, related to a
"pointer use-after-delete flaw."</descript>
        </desc>
        <loss_types>
            <avail />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
                <ref source="SECUNIA"
url="http://secunia.com/advisories/35340" adv="1">35340</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="cups">
                <vers num="1.1.17" />
                <vers num="1.1.22" />
            </prod>
        </vuln_soft>
    </entry>

</nvd>

--------------XML-end-----------------

And I use the XSL with this code

----XSL-start------------
<?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
  xmlns:b="http://nvd.nist.gov/feeds/cve/1.2"
  version="1.0">
  <xsl:output method="html"/>

  <xsl:template match="//b:entry">

    <div>
      <xsl:number format="1."/>
      <xsl:value-of select="//b:entry/@name"/>
      <xsl:text> : </xsl:text>

      <xsl:value-of select="//b:entry/@CVSS_base_score"/>
    </div>

  </xsl:template>
</xsl:stylesheet>

-----XSL-end----------

the output is
1.CVE-2009-0791 : 6.8
2.CVE-2009-0791 : 6.8
3.CVE-2009-0791 : 6.8


My question is how to make sure the output is taken for each entry.
I would like to have the output like
1.CVE-2009-0791 : 6.8
2.CVE-2009-0949 : 5.0
3.CVE-2009-1196 : 5.0


Thank you in advance
Current Thread
<- PreviousIndexNext ->
Re: [xsl] Entity escaping/translati, Dan Vint Thread Re: [xsl] XSL with namespace from N, G. Ken Holman
[xsl] XSL-FO Processor for Arabic T, Paul Spencer Date Re: [xsl] Move elements to precedin, G. Ken Holman
Month

Keywords
xml
xsl

Products

Features

Shop

Resources

Support

Company

© 2002-2022 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor