Solved

Please Help!  XLS Filter problem

Posted on 2009-07-14
9
612 Views
Last Modified: 2013-11-08
Hello experts,

I have a script that I run for some vulnerability reports that parses and filters XML information into a handy table.  I have used it for Nessus data in the past without issues.  However, now we are utilizing Retina Vulnerability scanners that export an XML structure a little different.

I manipulated the XSL file to accomodate the XML for Retina, BUT, I am having issues displaying the correct data.  For instance, I used to have an XML node called "<severity>" that was numerical (1 through 3).  Now, with the new XML structure, the equivalent is called "<pciLevel>" and is not numeric but instead is like this "3 (High)".  I was thinking that perhaps I should utilize the "<risk>" node instead to filter it, but then again, it is not numerical which I am used to.

I had a sort function working with just the numeric version, but with the alpha numeric result the sort function doesn't seem to want to display anything.

I have an IF statement in place "<xsl:if test="pciLevel &gt; 1 (Low)">" which I assume is the culprit.  But, then again, I have another field that filters a little more like this:

<xsl:choose>
      <xsl:when test="pciLevel = 3 (High)">
      <td bgcolor="red" bordercolor="#000000" align="center" valign="middle" width="90px">
      <xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>High</td>
                     </xsl:when>

      <xsl:otherwise>
      <td bgcolor="green" align="center" valign="middle" width="90px">
      <xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>Low</td>
      </xsl:otherwise>
</xsl:choose>


I hope what I am asking makes sense.  Any help would be greatly appreciated.

Thanks,
XML:
 
<scanJob>
 
<hosts>
<host>
<ip>192.168.3.102</ip>
<netBIOSName>N/A</netBIOSName>
<dnsName>unknown</dnsName>
<mac>N/A</mac>
<os>N/A</os>
<audit>
<rthID>3688</rthID>
<cve>CVE-1999-0524</cve>
<name>ICMP Timestamp Request</name>
<description>ICMP Timestamp request is allowed from arbitrary hosts.</description>
<date>06/24/2009</date>
<risk>High</risk>
<pciLevel>5 (Urgent)</pciLevel>
<cvssScore>0 [AV:L/AC:L/Au:N/C:N/I:N/A:N]</cvssScore>
<fixInformation>Filter the ICMP Timestamp request.</fixInformation>
</audit>
</host>
 
<host>
<ip>192.168.3.114</ip>
<netBIOSName>N/A</netBIOSName>
<dnsName>unknown</dnsName>
<mac>N/A</mac>
<os>N/A</os>
<audit>
<rthID>3688</rthID>
<cve>CVE-1999-0524</cve>
<name>ICMP Timestamp Request</name>
<description>ICMP Timestamp request is allowed from arbitrary hosts.</description>
<date>06/24/2009</date>
<risk>Medium</risk>
<pciLevel>4 (Critical)</pciLevel>
<cvssScore>0 [AV:L/AC:L/Au:N/C:N/I:N/A:N]</cvssScore>
<fixInformation>Filter the ICMP Timestamp request.</fixInformation></audit>
</host>
<host>
<ip>192.168.3.215</ip>
<netBIOSName>N/A</netBIOSName>
<dnsName>unknown</dnsName>
<mac>N/A</mac>
<os>N/A</os>
<audit>
<rthID>3688</rthID>
<cve>CVE-1999-0524</cve>
<name>ICMP Timestamp Request</name>
<description>ICMP Timestamp request is allowed from arbitrary hosts.</description>
<date>06/24/2009</date>
<risk>Low</risk>
<pciLevel>1 (Low)</pciLevel>
<cvssScore>0 [AV:L/AC:L/Au:N/C:N/I:N/A:N]</cvssScore>
<fixInformation>Filter the ICMP Timestamp request.</fixInformation>
</audit>
</host>
</hosts>
 
</scanJob>
 
 
 
 
 
 
The XSL:
 
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:fo="http://www.w3.org/1999/XSL/Format">
	<xsl:output method="html" encoding="UTF-8"/>
 
	<xsl:template name="GetHostName">
		<xsl:param name="rthID"/>
		<xsl:for-each select="//hosts/host">
			<xsl:if test="audit/rthID = $rthID">
				<xsl:value-of select="ip"/>
				<br/>
			</xsl:if>
		</xsl:for-each>
	</xsl:template>
	<xsl:template match="hosts/host/audit">
		<br/>Plugin ID: <xsl:value-of select="rthID"/>
		<xsl:call-template name="GetHostName">
			<xsl:with-param name="rthID" select="rthID"/>
		</xsl:call-template>
	</xsl:template>
	<xsl:key name="pcodes" match="//host/audit" use="rthID"/>
	<xsl:template match="/">
		
 
		<!-- COUNTER SCRIPT -->
		<script type="text/javascript">
		var count=0;
		function incrementCounter() { count++; document.write(count); } 
		</script>
 
 
 
 
 
		<table border="0" style="width: 610px; font-family: Arial;  font-size: 10px;" align="center">
			<tr>
				<th id="cells">Finding Number</th>
				<th id="cells">NIST 800-53/ DHS Control Severity</th>
				<th id="cells">Machine Name</th>
				<th id="cells">Finding</th>
				<th id="cells">Suggested Mitigation </th>
			</tr>
			<xsl:for-each select="//host/audit[generate-id(.)=
        generate-id(key('pcodes', rthID)[1])]">
				<xsl:sort select="pciLevel"/>
				<xsl:for-each select="key('pcodes', rthID)">
					<xsl:sort select="../../host/ip"/>
					
					<xsl:if test="pciLevel &gt; 1 (Low)">
					<tr  style="vertical-align: top; height: 40px;">
 
 
 
						    <xsl:if test="position() = 1">
							
								<td align="center" valign="center" width="90px">
								<xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
							
									Nessus-<!--xsl:value-of select="position()"/-->
									<script language="javascript">
									incrementCounter();
									</script>
 
								
								</td>
 
 
 
 
 
 
						<xsl:choose>
							<xsl:when test="pciLevel = 3 (High)">
							<td bgcolor="red" bordercolor="#000000" align="center" valign="middle" width="90px">
							   	<xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
								High
							</td>
							</xsl:when>
						
 
							<xsl:otherwise>
							<td bgcolor="green" align="center" valign="middle" width="90px">
							   	<xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
								Low
							</td>
							
							</xsl:otherwise>
						</xsl:choose>
 
								<td align="center" valign="middle">
									  
										<xsl:if test="../../host/audit/rthID = rthID">
										<xsl:call-template name="GetHostName">
										<xsl:with-param name="rthID" select="rthID"/>
										</xsl:call-template>
										</xsl:if>
										
	
 
 
 
							<td width="250px">
								<xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
								<b><xsl:value-of select="name"/> </b><p></p><xsl:value-of select="description"/>
								
 
 
 
							</td>
							
 
							<td align="center" valign="center">
								<xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
							
									
								
							</td>
 
						
							</td>
						</xsl:if>
					</tr>
					</xsl:if>
				</xsl:for-each>
			</xsl:for-each>
		</table>
	</xsl:template>
</xsl:stylesheet>

Open in new window

0
Comment
Question by:shark1998
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 60

Expert Comment

by:Geert Bormans
ID: 24849898
why don't you filter out everything  that is not numerical from the pciLevel element
you can do that with a simple translate
translate(pciLevel, translate(picLevel, '0123456789', ''), '')
now all non numeric characters are removed
(high and low seem redundant to me)
and you can use the pciLevel element, exactly the same way as you did before with severity
0
 

Author Comment

by:shark1998
ID: 24849939
Can you provide an example of how to accomplish this.  Thank you for your comments.
0
 
LVL 60

Expert Comment

by:Geert Bormans
ID: 24849984
well, your test should become
<xsl:if test="number(translate(pciLevel, translate(picLevel, '0123456789', ''), '')) > 1">
(simply ignore the "low")

and the sort
<xsl:sort select="number(translate(pciLevel, translate(picLevel, '0123456789', ''), '')) "/>
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:shark1998
ID: 24858678
I am sorry.  But which sections should be replaced.  I have mutliple Sort and if test sections.  
0
 

Author Comment

by:shark1998
ID: 24858682
Would you mind putting it the way it should be in the code that I provided?  It would be appreciated.
0
 
LVL 60

Expert Comment

by:Geert Bormans
ID: 24858706
well, I assume you know better then I do where you want to sort based on the numerics in pciLevel
and I assume that you know better than I do where you need to test for a numeric in the pciLevel to be > 1

I will have a look though
0
 
LVL 60

Accepted Solution

by:
Geert Bormans earned 500 total points
ID: 24858817

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:fo="http://www.w3.org/1999/XSL/Format">
    <xsl:output method="html" encoding="UTF-8"/>
    
    <xsl:template name="GetHostName">
        <xsl:param name="rthID"/>
        <xsl:for-each select="//hosts/host">
            <xsl:if test="audit/rthID = $rthID">
                <xsl:value-of select="ip"/>
                <br/>
            </xsl:if>
        </xsl:for-each>
    </xsl:template>
    <xsl:template match="hosts/host/audit">
        <br/>Plugin ID: <xsl:value-of select="rthID"/>
        <xsl:call-template name="GetHostName">
            <xsl:with-param name="rthID" select="rthID"/>
        </xsl:call-template>
    </xsl:template>
    <xsl:key name="pcodes" match="//host/audit" use="rthID"/>
    <xsl:template match="/">
        
        
        <!-- COUNTER SCRIPT -->
        <script type="text/javascript">
            var count=0;
            function incrementCounter() { count++; document.write(count); } 
        </script>
        
        
        
        
        
        <table border="0" style="width: 610px; font-family: Arial;  font-size: 10px;" align="center">
            <tr>
                <th id="cells">Finding Number</th>
                <th id="cells">NIST 800-53/ DHS Control Severity</th>
                <th id="cells">Machine Name</th>
                <th id="cells">Finding</th>
                <th id="cells">Suggested Mitigation </th>
            </tr>
            <xsl:for-each select="//host/audit[generate-id(.)=
                generate-id(key('pcodes', rthID)[1])]">
                <xsl:sort select="number(translate(pciLevel, translate(pciLevel, '0123456789', ''), '')) "/>
                <xsl:for-each select="key('pcodes', rthID)">
                    <xsl:sort select="../../host/ip"/>
                    
                    <xsl:if test="number(translate(pciLevel, translate(pciLevel, '0123456789', ''), '')) > 1">
                        <tr  style="vertical-align: top; height: 40px;">
                            
                            
                            
                            <xsl:if test="position() = 1">
                                
                                <td align="center" valign="center" width="90px">
                                    <xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
                                    
                                    Nessus-<!--xsl:value-of select="position()"/-->
                                    <script language="javascript">
                                        incrementCounter();
                                    </script>
                                    
                                    
                                </td>
                                
                                
                                
                                
                                
                                
                                <xsl:choose>
                                    <xsl:when test="number(translate(pciLevel, translate(pciLevel, '0123456789', ''), '')) = 3">
                                        <td bgcolor="red" bordercolor="#000000" align="center" valign="middle" width="90px">
                                            <xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
                                            High
                                        </td>
                                    </xsl:when>
                                    
                                    
                                    <xsl:otherwise>
                                        <td bgcolor="green" align="center" valign="middle" width="90px">
                                            <xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
                                            Low
                                        </td>
                                        
                                    </xsl:otherwise>
                                </xsl:choose>
                                
                                <td align="center" valign="middle">
                                    
                                    <xsl:if test="../../host/audit/rthID = rthID">
                                        <xsl:call-template name="GetHostName">
                                            <xsl:with-param name="rthID" select="rthID"/>
                                        </xsl:call-template>
                                    </xsl:if>
                                    
                                    
                                    
                                    
                                    
                                    <td width="250px">
                                        <xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
                                        <b><xsl:value-of select="name"/> </b><p></p><xsl:value-of select="description"/>
                                        
                                        
                                        
                                        
                                    </td>
                                    
                                    
                                    <td align="center" valign="center">
                                        <xsl:attribute name="rowspan"><xsl:value-of select="count(key('pcodes', rthID))"/></xsl:attribute>
                                        
                                        
                                        
                                    </td>
                                    
                                    
                                </td>
                            </xsl:if>
                        </tr>
                    </xsl:if>
                </xsl:for-each>
            </xsl:for-each>
        </table>
    </xsl:template>
</xsl:stylesheet>

Open in new window

0
 

Author Comment

by:shark1998
ID: 24859037
Thanks! Now I see what you mean.  Your work is appreciated.
0
 
LVL 60

Expert Comment

by:Geert Bormans
ID: 24859051
welcome,
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
Many times as a report developer I've been asked to display normalized data such as three rows with values Jack, Joe, and Bob as a single comma-separated string such as 'Jack, Joe, Bob', and vice versa.  Here's how to do it. 
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question