Home > Blockchain >  Find json match in txt file list in python
Find json match in txt file list in python

Time:07-20

Im new to json files and I have a text file with a bunch of package names (line by line). I want to check if this names show up in the debian security tracker json file (https://security-tracker.debian.org/tracker/data/json) and if they do print the ones that find a match

I tried this but does not output anything:

def json_find():
    json_file = json.dumps(info)
    with open("package_names.txt", "r") as f:
       for line in f:
            if line in json_file:
                print (line)
json_find()

Where info has the json file from the security tracker. But i cant find a way to iterate through the text file and search for the names in the json file

The list looks something like this:

nftables
python3-translationstring
gcc-8-base
libpocojson60
passwd
automake

Example of the json file :

{
  "389-ds-base": {
    "CVE-2012-0833": {
      "description": "The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.",
      "scope": "local",
      "releases": {
        "bookworm": {
          "status": "resolved",
          "repositories": {
            "bookworm": "2.0.15-1"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        },
        "bullseye": {
          "status": "resolved",
          "repositories": {
            "bullseye": "1.4.4.11-2"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        },
        "buster": {
          "status": "resolved",
          "repositories": {
            "buster": "1.4.0.21-1"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        },
        "sid": {
          "status": "resolved",
          "repositories": {
            "sid": "2.0.15-1"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        }
      }
    },
    "CVE-2012-2678": {
      "description": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.",
      "scope": "local",
      "releases": {
        "bookworm": {
          "status": "resolved",
          "repositories": {
            "bookworm": "2.0.15-1"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        },
        "bullseye": {
          "status": "resolved",
          "repositories": {
            "bullseye": "1.4.4.11-2"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        },
        "buster": {
          "status": "resolved",
          "repositories": {
            "buster": "1.4.0.21-1"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        },
        "sid": {
          "status": "resolved",
          "repositories": {
            "sid": "2.0.15-1"
          },
          "fixed_version": "0",
          "urgency": "unimportant"
        }
      }
    },

For example if i had 389-ds-base in my list i would like to print it out

CodePudding user response:

import json

JSON_FILE = 'security.json'
PKG_FILE = 'package_names.txt'


def json_find():
    json_data = {}
    with open(JSON_FILE, 'r') as f:
        json_data = json.load(f)
    with open(PKG_FILE, 'r') as f:
        pkg_list = f.read().splitlines()

    vulnerable = []
    for package in pkg_list:
        if package in json_data:
            vulnerable.append(package)
    return vulnerable

If you use the same json you provided in the question, and include 389-ds-base in the package list file (package_names.txt), you'll get the list ['389-ds-base'] as result.

  • Related