我是json文件的新手,我有一个包含一堆包名称的文本文件(逐行(。我想检查这些名称是否显示在debian安全跟踪器json文件中(https://security-tracker.debian.org/tracker/data/json)如果他们真的打印了找到匹配的
我试过了,但没有输出任何东西:
def json_find():
json_file = json.dumps(info)
with open("package_names.txt", "r") as f:
for line in f:
if line in json_file:
print (line)
json_find()
其中info
具有来自安全跟踪器的json文件。但是我找不到一种方法来遍历文本文件并在json文件中搜索名称
列表如下所示:
nftables
python3-translationstring
gcc-8-base
libpocojson60
passwd
automake
json文件示例:
{
"389-ds-base": {
"CVE-2012-0833": {
"description": "The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.",
"scope": "local",
"releases": {
"bookworm": {
"status": "resolved",
"repositories": {
"bookworm": "2.0.15-1"
},
"fixed_version": "0",
"urgency": "unimportant"
},
"bullseye": {
"status": "resolved",
"repositories": {
"bullseye": "1.4.4.11-2"
},
"fixed_version": "0",
"urgency": "unimportant"
},
"buster": {
"status": "resolved",
"repositories": {
"buster": "1.4.0.21-1"
},
"fixed_version": "0",
"urgency": "unimportant"
},
"sid": {
"status": "resolved",
"repositories": {
"sid": "2.0.15-1"
},
"fixed_version": "0",
"urgency": "unimportant"
}
}
},
"CVE-2012-2678": {
"description": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.",
"scope": "local",
"releases": {
"bookworm": {
"status": "resolved",
"repositories": {
"bookworm": "2.0.15-1"
},
"fixed_version": "0",
"urgency": "unimportant"
},
"bullseye": {
"status": "resolved",
"repositories": {
"bullseye": "1.4.4.11-2"
},
"fixed_version": "0",
"urgency": "unimportant"
},
"buster": {
"status": "resolved",
"repositories": {
"buster": "1.4.0.21-1"
},
"fixed_version": "0",
"urgency": "unimportant"
},
"sid": {
"status": "resolved",
"repositories": {
"sid": "2.0.15-1"
},
"fixed_version": "0",
"urgency": "unimportant"
}
}
},
例如,如果我的列表中有389-ds-base
,我想打印出
import json
JSON_FILE = 'security.json'
PKG_FILE = 'package_names.txt'
def json_find():
json_data = {}
with open(JSON_FILE, 'r') as f:
json_data = json.load(f)
with open(PKG_FILE, 'r') as f:
pkg_list = f.read().splitlines()
vulnerable = []
for package in pkg_list:
if package in json_data:
vulnerable.append(package)
return vulnerable
如果您使用问题中提供的相同json,并在包列表文件(package_names.txt
(中包含389-ds-base
,则会得到列表['389-ds-base']
。