Parsing nested json data using Python

Question

[
    {
        "asset_id": 49,
        "status": "success",
        "name": "de1",
        "app": "CCid",
        "action_results": [
            {
                "status": "success",
                "data": [
                    {
                        "report": {
                            "status": {
                                "origin": "sa",
                                "status": "Up.",
                                "sha1": "4a",
                                "sample_started_at": 159,
                                "running_on": "mt",
                                "ran": true,
                                "auto": true,
                                "vm": "w"
                            },
                            "artifacts": {
                                "1": {
                                    "size": 599518,
                                    "mime-type": "applic=binary",
                                    "antivirus": {
                                        "reversing_labs": {
                                            "status": "UNKNOWN",
                                            "scanner_count": 0,
                                            "scanner_match": 0,
                                            "threat_name": "",
                                            "query_hash": {
                                                "sha256": "029"
                                            },
                                            "last_seen": "0001-01-01T00:00:00Z"
                                        }
                                    },
                                    "entropy": 7.9870740440306
                                },
                                "10": {
                                    "size": 599518,
                                    "mime-type": "applic=binary",
                                    "antivirus": {
                                        "reversing_labs": {
                                            "status": "UNKNOWN",
                                            "scanner_count": 0,
                                            "scanner_match": 0,
                                            "threat_name": "",
                                            "query_hash": {
                                                "sha256": "d38"
                                            },
                                            "last_seen": "0001-01-01T00:00:00Z"
                                        }
                                    },
                                    "entropy": 1
                                }
                            }
                        }
                    }
                ],
                "app_id": 15
            }
        ]
    }
]

I am trying to access scanner count and scanner match values using python But not getting the required result.

action_results = results[0].get('action_results', [])
action_status = action_results[0].get('status', 'failed') 
results_data = action_results[0].get('data', []) 
sandbox_report = results_data[0].get('report', {})
for key,value in sandbox_report.items():
            if key == "artifacts":
                artifacts = list()
                for each_key, each_value in value.items():
                    for i in each_value:
                        if i == "antivirus":
                            artifact_item = dict()
                            reversing_labs = i.get('reversing_labs', {})
                            artifact_item['scanner_count'] = reversing_labs.get('scanner_count', 0)

Can anyone point out whats wrong ?

I hope you have converted the json to python dict using ```json.load()``` — JenilDave, Jun 21 '20 at 10:21

score 1 · Accepted Answer · answered Jun 21 '20 at 10:36

1

You can try

action_results = results[0].get('action_results', [])
action_status = action_results[0].get('status', 'failed')
results_data = action_results[0].get('data', [])
sandbox_report = results_data[0].get('report', {})
artifact_item = dict()
for key,value in sandbox_report.items():
            if key == "artifacts":
                artifacts = list()
                for each_key, each_value in value.items():
                    for k, v in each_value.items():
                        if k == "antivirus":
                            reversing_labs = v.get('reversing_labs', {})
                            artifact_item[key] = [{'scanner_count' : reversing_labs.get('scanner_count', 0)},
                                                    {'scanner_match' : reversing_labs.get('scanner_match', 0)}]
print(artifact_item)

Output

{'artifacts': [{'scanner_count': 0}, {'scanner_match': 0}]}

This code will extract the values of scanner_count and scanner_match in a list in a dictionary that the key value is artifacts.

answered Jun 21 '20 at 10:36

Leo Arad

4,452
2
6
17

Did you try on a different dict? – Leo Arad Jun 21 '20 at 12:32
No Dictionary is same. – monika kumari Jun 21 '20 at 12:35
There is not platform key in the dict – Leo Arad Jun 21 '20 at 12:36
File "../pylib/pham/rules.py", line 7083, in call_action_callback File "", line 373, in Format_Result File "../pylib/phantom/rules.py", line 197, in encode_all_parameters File "../pylib/pham/rules.py", line 1308, in format File "../pylib/pham/rules.py", line 197, in encode_all_parameters File "../pylib/pham/rules.py", line 1459, in expand_template_ KeyError: ''platform'' – monika kumari Jun 21 '20 at 12:36
The only change that made in the dict when I test it was to replace `true` with `"true"` or `True`. – Leo Arad Jun 21 '20 at 12:37
It can be because in the code there is no `expand_template` that seems to be from an API call. – Leo Arad Jun 21 '20 at 12:39
hmm okay.Any idea how to resove this ? – monika kumari Jun 21 '20 at 12:43
I don't know the details about the call – Leo Arad Jun 21 '20 at 12:50
that error was because of Sha256 key value pair in disctionary. Do u know how to handle these kind of Parameters? "sha256": "de5aae881c99a79c81bf2b6be27a3e68ef8db4bbeb378a9fff888881d112d435f", – monika kumari Jun 22 '20 at 08:20
This error seems to be by hashing of keys to a dictionary I'm not sure which of the keys have conflicts but you can look https://stackoverflow.com/questions/5884066/hashing-a-dictionary to find out about this error – Leo Arad Jun 22 '20 at 08:30

score 0 · Answer 2 · answered Jun 21 '20 at 10:46

this is how i'd do it.

jsonData = json.loads(results)
nested = jsonData[0]['action_results'][0]['data'][0]['report']['artifacts']

for artifact in nested:
    print(f"Scanner count = {nested[artifact]['antivirus']['reversing_labs']['scanner_count']}")
    print(f"Scanner match = {nested[artifact]['antivirus']['reversing_labs']['scanner_match']}")

Parsing nested json data using Python

2 Answers2