-
Notifications
You must be signed in to change notification settings - Fork 0
/
kb_v2-cve2csv.xsl
93 lines (80 loc) · 3.17 KB
/
kb_v2-cve2csv.xsl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="text" encoding="iso-8859-1"/>
<!--
CSV header (first line containing the column titles):
QID,CVE-ID,CVE-URL
Input file generated by curl -H 'X-Requested-With: curl' -u 'USERNAME:PASSWORD' 'https://qualysapi.qualys.com/api/2.0/fo/knowledge_base/vuln/?action=list&details=All' > vulnkb_v2.xml
xsltproc kb_v2-cve2csv.xsl vulnkb_v2.xml > kb_v2-cve.csv
-->
<xsl:param name="delim" select="string(',')" />
<xsl:param name="quote" select="string('"')" />
<xsl:param name="break" select="string('
')" />
<xsl:param name="linefeed" select="string(' ')" />
<xsl:template match="/">
<xsl:text>"QID","CVE-ID","CVE-URL"</xsl:text>
<xsl:value-of select="$linefeed"/>
<xsl:apply-templates select="KNOWLEDGE_BASE_VULN_LIST_OUTPUT/RESPONSE/VULN_LIST/VULN/CVE_LIST/CVE"/>
</xsl:template>
<xsl:template match="CVE">
<xsl:call-template name="display_csv_field">
<xsl:with-param name="field" select="ancestor::VULN/QID" />
</xsl:call-template>
<xsl:value-of select="$delim"/>
<xsl:call-template name="display_csv_field">
<xsl:with-param name="field" select="ID" />
</xsl:call-template>
<xsl:value-of select="$delim"/>
<xsl:call-template name="display_csv_field">
<xsl:with-param name="field" select="URL" />
</xsl:call-template>
<xsl:value-of select="$linefeed" />
</xsl:template>
<!-- Template to escape csv field -->
<xsl:template name="display_csv_field">
<xsl:param name="field"/>
<xsl:choose>
<xsl:when test="contains($field,$quote)">
<!-- Field contains a quote. We must enclose this field in quotes,
and we must escape each of the quotes in the field value.
-->
<xsl:value-of select="$quote"/>
<xsl:call-template name="escape_quotes">
<xsl:with-param name="string" select="$field" />
</xsl:call-template>
<xsl:value-of select="$quote"/>
</xsl:when>
<xsl:when test="contains($field,',' ) or contains($field,$linefeed)">
<!-- Field contains a comma and/or a linefeed.
We must enclose this field in quotes.
-->
<xsl:value-of select="concat($quote,$field,$quote)"/>
</xsl:when>
<xsl:otherwise>
<!-- No need to enclose this field in quotes.-->
<xsl:value-of select="$field" />
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<!-- Helper for escaping CSV field -->
<xsl:template name="escape_quotes">
<xsl:param name="string" />
<xsl:value-of select="substring-before($string,$quote)" />
<xsl:value-of select="$quote"/>
<xsl:value-of select="$quote"/>
<xsl:variable name="substring_after_first_quote" select="substring-after($string,$quote)" />
<xsl:choose>
<xsl:when test="not(contains($substring_after_first_quote,$quote))">
<xsl:value-of select="$substring_after_first_quote" />
</xsl:when>
<xsl:otherwise>
<!-- The substring after the first quote contains a quote.
So, we call ourself recursively to escape the quotes
in the substring after the first quote.
-->
<xsl:call-template name="escape_quotes">
<xsl:with-param name="string" select="$substring_after_first_quote"/>
</xsl:call-template>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>