我有下面的目录。我想将其格式更改为一个字符串,该字符串看起来像一个具有固定列的表(库、漏洞ID、严重性、安装版本、固定版本、标题)
[
{
"Target": "docker:17.06.0-dind (alpine 3.6.2)",
"Type": "alpine",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2017-15873",
"PkgName": "busybox",
"InstalledVersion": "1.26.2-r5",
"FixedVersion": "1.26.2-r9",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Title": "busybox: Integer overflow in the get_next_block function",
"Description": "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-190"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"redhat": {
"v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://bugs.busybox.net/show_bug.cgi?id=10431",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15873",
"https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0",
"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html",
"https://usn.ubuntu.com/3935-1/",
"https://usn.ubuntu.com/usn/usn-3935-1"
],
"PublishedDate": "2017-10-24T20:29:00Z",
"LastModifiedDate": "2019-04-03T15:29:00Z"
},
{
"VulnerabilityID": "CVE-2017-16544",
"PkgName": "busybox",
"InstalledVersion": "1.26.2-r5",
"FixedVersion": "1.26.2-r9",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Title": "busybox: Insufficient sanitization of filenames when autocompleting",
"Description": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-94"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"redhat": {
"v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 6.5,
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"V3Score": 4.8
}
},
"References": [
"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"http://seclists.org/fulldisclosure/2019/Jun/18",
"http://seclists.org/fulldisclosure/2019/Sep/7",
"http://seclists.org/fulldisclosure/2020/Aug/20",
"http://seclists.org/fulldisclosure/2020/Mar/15",
"http://seclists.org/fulldisclosure/2020/Sep/6",
"http://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544",
"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8",
"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html",
"https://seclists.org/bugtraq/2019/Jun/14",
"https://seclists.org/bugtraq/2019/Sep/7",
"https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"https://usn.ubuntu.com/3935-1/",
"https://usn.ubuntu.com/usn/usn-3935-1",
"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
],
"PublishedDate": "2017-11-20T15:29:00Z",
"LastModifiedDate": "2020-09-02T21:15:00Z"
},
{
"VulnerabilityID": "CVE-2017-15650",
"PkgName": "musl",
"InstalledVersion": "1.1.16-r10",
"FixedVersion": "1.1.16-r14",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Description": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-119"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395",
"http://git.musl-libc.org/cgit/musl/tree/WHATSNEW",
"http://openwall.com/lists/oss-security/2017/10/19/5",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650",
"https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"
],
"PublishedDate": "2017-10-19T23:29:00Z",
"LastModifiedDate": "2017-11-08T16:21:00Z"
},
{
"VulnerabilityID": "CVE-2017-15650",
"PkgName": "musl-utils",
"InstalledVersion": "1.1.16-r10",
"FixedVersion": "1.1.16-r14",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Description": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-119"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395",
"http://git.musl-libc.org/cgit/musl/tree/WHATSNEW",
"http://openwall.com/lists/oss-security/2017/10/19/5",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650",
"https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"
],
"PublishedDate": "2017-10-19T23:29:00Z",
"LastModifiedDate": "2017-11-08T16:21:00Z"
}
]
}
]
我想将其格式更改为以下格式,以便生成具有适当格式的PDF:
+------------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------+------------------+----------+-------------------+---------------+--------------------------------+
| busybox | CVE-2017-15873 | MEDIUM | 1.26.2-r5 | 1.26.2-r9 | busybox: Integer overflow in |
| | | | | | the get_next_block function |
+ +------------------+ + + +--------------------------------+
| | CVE-2017-16544 | | | | busybox: Insufficient |
| | | | | | sanitization of filenames when |
| | | | | | autocompleting |
+------------+------------------+ +-------------------+---------------+--------------------------------+
| musl | CVE-2017-15650 | | 1.1.16-r10 | 1.1.16-r14 | musl libc before 1.1.17 has |
| | | | | | a buffer overflow via crafted |
| | | | | | DNS replies... |
+------------+ + + + + +
| musl-utils | | | | | |
| | | | | | |
| | | | | | |
+------------+------------------+----------+-------------------+---------------+--------------------------------+
我该怎么做
编辑
我编写了这段代码来格式化列表
from prettytable import PrettyTable
pretty_table = PrettyTable()
big_list = [
{
"Target": "docker:17.06.0-dind (alpine 3.6.2)",
"Type": "alpine",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2017-15873",
"PkgName": "busybox",
"InstalledVersion": "1.26.2-r5",
"FixedVersion": "1.26.2-r9",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Title": "busybox: Integer overflow in the get_next_block function",
"Description": "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-190"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"redhat": {
"v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V2Score": 4.3,
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 3.3
}
},
"References": [
"https://bugs.busybox.net/show_bug.cgi?id=10431",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15873",
"https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0",
"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html",
"https://usn.ubuntu.com/3935-1/",
"https://usn.ubuntu.com/usn/usn-3935-1"
],
"PublishedDate": "2017-10-24T20:29:00Z",
"LastModifiedDate": "2019-04-03T15:29:00Z"
},
{
"VulnerabilityID": "CVE-2017-16544",
"PkgName": "busybox",
"InstalledVersion": "1.26.2-r5",
"FixedVersion": "1.26.2-r9",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Title": "busybox: Insufficient sanitization of filenames when autocompleting",
"Description": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-94"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"redhat": {
"v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V2Score": 6.5,
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"V3Score": 4.8
}
},
"References": [
"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"http://seclists.org/fulldisclosure/2019/Jun/18",
"http://seclists.org/fulldisclosure/2019/Sep/7",
"http://seclists.org/fulldisclosure/2020/Aug/20",
"http://seclists.org/fulldisclosure/2020/Mar/15",
"http://seclists.org/fulldisclosure/2020/Sep/6",
"http://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544",
"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8",
"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html",
"https://seclists.org/bugtraq/2019/Jun/14",
"https://seclists.org/bugtraq/2019/Sep/7",
"https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"https://usn.ubuntu.com/3935-1/",
"https://usn.ubuntu.com/usn/usn-3935-1",
"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
],
"PublishedDate": "2017-11-20T15:29:00Z",
"LastModifiedDate": "2020-09-02T21:15:00Z"
},
{
"VulnerabilityID": "CVE-2017-15650",
"PkgName": "musl",
"InstalledVersion": "1.1.16-r10",
"FixedVersion": "1.1.16-r14",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Description": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-119"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395",
"http://git.musl-libc.org/cgit/musl/tree/WHATSNEW",
"http://openwall.com/lists/oss-security/2017/10/19/5",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650",
"https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"
],
"PublishedDate": "2017-10-19T23:29:00Z",
"LastModifiedDate": "2017-11-08T16:21:00Z"
},
{
"VulnerabilityID": "CVE-2017-15650",
"PkgName": "musl-utils",
"InstalledVersion": "1.1.16-r10",
"FixedVersion": "1.1.16-r14",
"Layer": {
"DiffID": "sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0"
},
"SeveritySource": "nvd",
"Description": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-119"
],
"VendorVectors": {
"nvd": {
"v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
}
},
"References": [
"http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395",
"http://git.musl-libc.org/cgit/musl/tree/WHATSNEW",
"http://openwall.com/lists/oss-security/2017/10/19/5",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650",
"https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"
],
"PublishedDate": "2017-10-19T23:29:00Z",
"LastModifiedDate": "2017-11-08T16:21:00Z"
}
]
}
]
pretty_table.field_names = ["Library", "Vulnerability ID", "Severity", "Installed version", "Fixed Version", "Title"]
pretty_table.align['Title'] = 'l'
pretty_table._max_width = {"Title": 50}
for row in big_list:
if row['Vulnerabilities'] != 'null':
for vuln in row['Vulnerabilities']:
pretty_table.add_row([vuln['PkgName'],vuln['VulnerabilityID'], vuln['Severity'], vuln['InstalledVersion'],
vuln['FixedVersion'], vuln['Description']
])
print(pretty_table)
但我的问题是,我无法将其写入PDF文件
目前没有回答
相关问题 更多 >
编程相关推荐