3

I'm trying to extract a specific key and value from json in windows with Python.

I'd like to use the dumps command, but can't find a good example.

**Updated data: An extract from the json file is (but the file is very long):

   {
  "CVE_data_type" : "CVE",
  "CVE_data_format" : "MITRE",
  "CVE_data_version" : "4.0",
  "CVE_data_numberOfCVEs" : "64",
  "CVE_data_timestamp" : "2020-01-09T08:00Z",
  "CVE_Items" : [ {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-0001",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://source.android.com/security/bulletin/2020-01-01",
          "name" : "https://source.android.com/security/bulletin/2020-01-01",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2020-01-08T19:15Z",
    "lastModifiedDate" : "2020-01-08T20:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-0002",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://source.android.com/security/bulletin/2020-01-04",
          "name" : "https://source.android.com/security/bulletin/2020-01-04",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },

    ...

I need to extract the ID and description.

I tried this

for key, value in json.dumps(cve_dict['CVE_Items'][0], sort_keys=True, indent=4, separators=',', ': ')):
    #if(key in ['ID', 'description']):
    print(key, value)

But I get this error:

  File "unzip_get_info.py", line 19
    for key, value in json.dumps(cve_dict['CVE_Items'][0], sort_keys=True, indent=4, separators=',', ': ')):
                                                                                                          ^
SyntaxError: invalid syntax

I can get the whole json to print out with this:

print(json.dumps(cve_dict['CVE_Items'][0], sort_keys=True, indent = 4, separators=(',', ': ')))

I'm not a huge python programmer. Any idea how I can get the key/value of ID and description out? I tried doing it directly with cve_dict, but the error was something about how I can't do that directly.

I'd appreciate the help. This is my first python program.

I'm trying to figure out how to do it with dumps with this link, but I'm not seeing it. I looked at this too, but I'm not sure.

**Update: I tried 

for key, value in cve_dict['CVE_Items'][0].items():
    if(key in ['ID', 'description']):
        print(key, value)

trying to limit it to ID and description, in addition to what was suggested below, but it's not printing anything. I know ID and description are in there (see json above). How do I just print ID and description, and not all the key/values?

Michele
  • 3,617
  • 12
  • 47
  • 81

2 Answers2

2

You should not convert the dict to a JSON string when the dict itself can be easily traversed. Simply access the desired value of the ID key with:

cve_dict['CVE_Items'][0]['cve']['CVE_data_meta']['ID']

If you want all the IDs you can iterate through the list items with a for loop:

for item in cve_dict['CVE_Items']:
    print(item['cve']['CVE_data_meta']['ID'])
blhsing
  • 91,368
  • 6
  • 71
  • 106
  • 1
    Thanks a lot! I thought I understood, but when I tried to get description with print(cve_dict['CVE_Items'][0]['cve']['description']['description_data']['value'] ) it's saying TypeError: list indices must be integers or slices, not str – Michele Jan 10 '20 at 00:37
  • 1
    You're welcome. The values of both `description` and `description_data` are lists, so you should access the sub-dicts within via indices: `cve_dict['CVE_Items'][0]['cve']['description'][0]['description_data'][0]['value'] ` – blhsing Jan 10 '20 at 00:39
  • Idk, it's saying KeyError: 0 with print(cve_dict['CVE_Items'][0]['cve']['description'][0]['description_data'][0]['value'] ) – Michele Jan 10 '20 at 00:43
  • 1
    Oops I thought the value of `description` is a list, which it is not, so: `cve_dict['CVE_Items'][0]['cve']['description']['description_data'][0]['value']` – blhsing Jan 10 '20 at 00:44
  • It turns out that each json file has more than one cve id. Any idea how I can find them all and get those? Would you suggest a while loop maybe? – Michele Jan 10 '20 at 01:00
  • 1
    Can you update your question with a sample of your data that has more than one `cve` ID, so that it is clear where the multiple IDs are? – blhsing Jan 10 '20 at 01:02
  • I just updated it. I didn't notice it until I printed one and it didn't match my data set above. – Michele Jan 10 '20 at 01:09
  • I updated the json so it includes multiple ids. Any idea how to get them all? What I have now just gets one cve/description. – Michele Jan 10 '20 at 13:26
0

Could you try iterate over dict:

for k, v in cve_dict['CVE_Items'][0].items():
    print(k, v)

The json.dumps is to convert dict back to string, not python object to iterate over,

Phung Duy Phong
  • 876
  • 6
  • 18
  • it's printing the info, but how do I limit it to the KEY/value of ID and description? – Michele Jan 09 '20 at 21:23
  • I added **Update to the question. When I do what you say, it prints everything, not just ID and description. When I try to add the if, it prints nothing. – Michele Jan 09 '20 at 21:27