I am using elementtree to parse an XML file and placing the data into an sqlite database. I have come across a problem that I believe could be solved by some better logic, that I am most likely missing. I am getting a local variable 'netbios_name' referenced before assignment
error, this is the case for the operating_system
variable as well. I understand why I am getting it but I am not certain on how to resolve the issue.
Any help would be appreciated.
Example XML Data
<ReportHost name="192.168.26.11"><HostProperties>
<tag name="HOST_END">Sat Apr 25 11:36:08 2015</tag>
<tag name="LastUnauthenticatedResults">1223744168</tag>
<tag name="Credentialed_Scan">false</tag>
<tag name="policy-used">Advanced Scan</tag>
<tag name="patch-summary-total-cves">5</tag>
<tag name="cpe-0">cpe:/o:microsoft:windows_2003_server::sp2 -> Microsoft Windows 2003 Server Service Pack 2</tag>
<tag name="system-type">general-purpose</tag>
<tag name="operating-system">Microsoft Windows Server 2003 Service Pack 2</tag>
<tag name="mac-address">00:1f:19:f5:14:34</tag>
<tag name="traceroute-hop-2">192.168.26.11</tag>
<tag name="traceroute-hop-1">10.100.1.249</tag>
<tag name="traceroute-hop-0">10.100.1.254</tag>
<tag name="host-ip">192.168.26.11</tag>
<tag name="netbios-name">PLUTOAPP01</tag>
<tag name="HOST_START">Sat Apr 25 10:20:43 2015</tag>
</HostProperties>
Example Problem Code
def get_details(nessus_file):
db = sqlite3.connect('database.sqlite')
cursor = db.cursor()
try:
tree = ET.parse(nessus_file)
for reporthost in tree.findall('/Report/ReportHost'):
host = reporthost.get('name')
for tag in reporthost.findall('.//HostProperties/tag'):
if tag.get('name') == 'netbios-name':
netbios_name = tag.text
elif tag.get('name') == 'operating-system':
operating_system = tag.text
else:
pass
#The if statements above^ are causing my issues along with the execute statement below
cursor.execute('INSERT INTO hosts(host, netbios_name, operating_system) VALUES(?,?,?)', (host, netbios_name, operating_system,))
for item in reporthost.findall('ReportItem'):
sev = item.get('severity')
name = item.get('pluginName')
description = item.findtext('description')
pluginid = item.get('pluginID')
cursor.execute('INSERT INTO vulns(pluginName, severity, description, pluginID) VALUES(?,?,?,?)', (name,sev,description,pluginid,))
for cve in item.getiterator('cve'):
cursor.execute('INSERT INTO cves(cve) VALUES(?)', (cve.text,))
db.commit()
db.close()
except Exception as e:
print e
exit()
create_db()
get_details('file.nessus')
Aucun commentaire:
Enregistrer un commentaire