Search XML-file from LS

HCL Domino Domino Forum
1

Hi there,I need to check one of our apps against a XML-file published in the National Vulnerability Database (http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml).

In our app there are lots of entries for which I have to search the XML-file.

Since I’venever dealed with XML, I have no clue, where or how to start.

How do I search for a node’s value (i.e. “cpe:/o:microsoft:windows_2000:::datacenter_server”).

And when I’ve found it, how do I navigate “up” and “down” to parent notes?

I found a lot o f stuff searching this forum, but that kind of confused me even more :-?

Thanks for any help!

Buzzy

2

Subject: Try this

You could use the Notes XML classes to load the XML and walk the tree looking for the node in question. Or you could instead use MS XMLDOM and XPath queries to get what you want e.g.

Dim xmlDoc As Variant

Dim xmlNode As Variant

Dim xmlParentNode As Variant

Dim bOK As Boolean

Dim sXPath As String

Set xmlDoc = CreateObject(“Msxml2.DOMDocument.3.0”)

xmlDoc.async = False

bOK = xmlDoc.load(“http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml”)

If Not bOK Then

Msgbox xmlDoc.parseError.reason

Exit Sub

End If

Call xmlDoc.setProperty(“SelectionLanguage”, “XPath”)

Call xmlDoc.setProperty(“SelectionNamespaces”, “xmlns:vuln=‘http://scap.nist.gov/schema/vulnerability/0.4’”)

sXPath = |.//vuln:product[. = “cpe:/o:microsoft:windows_2000:::datacenter_server”]|

Set xmlNode = xmlDoc.selectSingleNode(sXPath)

If xmlNode Is Nothing Then

Msgbox "Not found"

Else

Set xmlParentNode = xmlNode.parentNode



Msgbox xmlParentNode.nodeName

End If

3

Subject: Cool!

Well, I think that’s something to work with.Thanks a lot!

Buzzy

4

Subject: Searching for Attributes

Hi again,seems like I’ll have to use the older version (NVD - Data Feeds) of the NVD-file :frowning:

Unfortunately, its structure is quite different. I tried it in a similar way, but it didn’t work.

The only line I changed so far is this:

sXPath = |.//prod[@vendor=“| + vendorArr(zähler) + |”]|

For each loop vendorArr(zähler) contains an other value (i.e. “microsoft”), so sXPath would be smth. like “.//prod[@vendor=“microsoft”]”

But Set xmlNode = xmlDoc.selectSingleNode(sXPath) only returns “No node found”…

I changed the Namespace according to the one described in the XML-header:

Call xmlDoc.setProperty(“SelectionNamespaces”, “xmlns=‘http://nvd.nist.gov/feeds/cve/1.2’”)

Could you please give me some advice, how to handle this XML-structure?

Thanks again!

Have a nice weekend,

Buzzy

5

Subject: Try removing the SelectionLanguages call…

i.e. Comment out the Call xmlDoc.setProperty(“SelectionLanguage”, “XPath”) line. This causes the MSXML 3.0 parser to use the older XSLPattern syntax engine. I tried that and it worked, although I can’t see why it should matter in the example you have given [but then, this is Microsoft technology, so we should expect things like this].

6

Subject: Yeee-haaaa…

…great hint!One more time: thanks!

Greets,

Buzzy

7

Subject: One question

Hi again,when I’m trying to loop thur an array containing all applications, it doesn’t work:

Forall app In appArr

	Print "'" + app + "'"

	'sXPath = |.//vuln:product[. = "cpe:/a:adobe:acrobat_reader:9.3.3"]|

	sXPath = |.//vuln:product[. = "} + cstr(app) + {"]|

	

	Set xmlNode = xmlDoc.selectSingleNode(sXPath)	

	If xmlNode Is Nothing Then		

		Print "Not found"		

	Else		

		Set xmlParentNode = xmlNode.parentNode		

		Print xmlParentNode.nodeName		

	End If

	Exit Sub

End Forall

The variable “app” contains “cpe:/a:adobe:acrobat_reader:9.3.3” the first time, but I’m just getting an “Not found” msgbox - why? When I’m using it as an hard coded string, it works :-?

Any suggestions?

Buzzy

8

Subject: Forget it - I’m a moron!

I was using “{” and “}” instead of “|” to embed my variable :expressionless: