search

tidwall / gjson

Get JSON values quickly - JSON parser for Go
MIT License
13.95k stars 841 forks source link

Extract fields from nested JSON with different names #268

Closed dorneanu closed 2 years ago

dorneanu commented 2 years ago

Hi!

I know the title sounds a little bit confusing, so let me give you some example: 

{
    "cveContents":{
        "nvd":[
            {
                "type":"nvd",
                "cveID":"CVE-2021-0127",
                "title":"",
                "summary":"Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.",
                "cvss2Score":0,
                "cvss2Vector":"",
                "cvss2Severity":"",
                "cvss3Score":0,
                "cvss3Vector":"",
                "cvss3Severity":"",
                "sourceLink":"https://nvd.nist.gov/vuln/detail/CVE-2021-0127",
                "references":[
                    {
                        "link":"https://security.netapp.com/advisory/ntap-20220210-0008/",
                        "source":"CONFIRM"
                    },
                    {
                        "link":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html",
                        "source":"MISC"
                    }
                ],
                "published":"2022-02-09T23:15:00Z",
                "lastModified":"2022-02-10T10:15:00Z"
            }
        ],
        "ubuntu_api":[
            {
                "type":"ubuntu_api",
                "cveID":"CVE-2021-0127",
                "title":"",
                "summary":"Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.",
                "cvss2Score":0,
                "cvss2Vector":"",
                "cvss2Severity":"medium",
                "cvss3Score":0,
                "cvss3Vector":"",
                "cvss3Severity":"medium",
                "sourceLink":"https://ubuntu.com/security/CVE-2021-0127",
                "references":[
                    {
                        "link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0127",
                        "source":"CVE"
                    },
                    {
                        "link":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html"
                    }
                ],
                "published":"2021-11-17T20:15:00Z",
                "lastModified":"0001-01-01T00:00:00Z"
            }
        ]
    },
    "alertDict":{
        "cisa":null,
        "jpcert":null,
        "uscert":null
    }
}

How do I actually extract the field cvss2Severity from nvd and ubuntu_api? Extracting each one individually works:

But how do I get an array ob both values: '["", "medium"]' ? I've tried cveContents.#.0.cvss2Severity but it didn't work.

Thanks in advance.

dorneanu commented 2 years ago

After reading more about the existing modifiers, I came up with following solution: 

cveContents.@values.@flatten.#.cvss2Severity

which gives

["","medium"]
dorneanu commented 2 years ago

I'll close this for now.