Home > OS >  jq conditional delete from array
jq conditional delete from array

Time:10-22

I have this json i got from aws, this is just a test i created not my actual rules

[
    {
      "Name": "Fortinet-all_rules",
      "Priority": 0,
      "Statement": {
        "ManagedRuleGroupStatement": {
          "VendorName": "Fortinet",
          "Name": "all_rules",
          "ExcludedRules": [
            {
              "Name": "Database-Vulnerability-Exploit-01"
            },
            {
              "Name": "Database-Vulnerability-Exploit-02"
            },
            {
              "Name": "Database-Vulnerability-Exploit-03"
            },
            {
              "Name": "Malicious-Robot"
            },
            {
              "Name": "OS-Command-Injection-01"
            },
            {
              "Name": "OS-Command-Injection-02"
            },
            {
              "Name": "SQL-Injection-01"
            },
            {
              "Name": "SQL-Injection-02"
            },
            {
              "Name": "SQL-Injection-03"
            },
            {
              "Name": "Source-Code-Disclosure"
            },
            {
              "Name": "Web-Application-Injection-01"
            },
            {
              "Name": "Web-Application-Injection-02"
            },
            {
              "Name": "Web-Application-Vulnerability-Exploit-01"
            },
            {
              "Name": "Web-Application-Vulnerability-Exploit-02"
            },
            {
              "Name": "Web-Application-Vulnerability-Exploit-03"
            },
            {
              "Name": "Web-Application-Vulnerability-Exploit-04"
            },
            {
              "Name": "Web-Application-Vulnerability-Exploit-05"
            },
            {
              "Name": "Web-Application-Vulnerability-Exploit-06"
            },
            {
              "Name": "Web-Application-Vulnerability-Exploit-07"
            },
            {
              "Name": "Web-Scanner-01"
            },
            {
              "Name": "Web-Scanner-02"
            },
            {
              "Name": "Web-Scanner-03"
            },
            {
              "Name": "Web-Server-Vulnerability-Exploit-01"
            },
            {
              "Name": "Web-Server-Vulnerability-Exploit-02"
            },
            {
              "Name": "Web-Server-Vulnerability-Exploit-03"
            },
            {
              "Name": "Web-Server-Vulnerability-Exploit-04"
            }
          ],
          "ScopeDownStatement": {
            "RegexPatternSetReferenceStatement": {
              "ARN": "",
              "FieldToMatch": {
                "UriPath": {}
              },
              "TextTransformations": [
                {
                  "Priority": 0,
                  "Type": "NONE"
                }
              ]
            }
          }
        }
      },
      "OverrideAction": {
        "None": {}
      },
      "VisibilityConfig": {
        "SampledRequestsEnabled": true,
        "CloudWatchMetricsEnabled": true,
        "MetricName": "Fortinet-all_rules"
      }
    },
    {
      "Name": "DDOS_rate_rule",
      "Priority": 1,
      "Statement": {
        "RateBasedStatement": {
          "Limit": 350,
          "AggregateKeyType": "FORWARDED_IP",
          "ScopeDownStatement": {
            "NotStatement": {
              "Statement": {
                "IPSetReferenceStatement": {
                  "ARN": "",
                  "IPSetForwardedIPConfig": {
                    "HeaderName": "X-Forwarded-For",
                    "FallbackBehavior": "MATCH",
                    "Position": "FIRST"
                  }
                }
              }
            }
          },
          "ForwardedIPConfig": {
            "HeaderName": "X-Forwarded-For",
            "FallbackBehavior": "MATCH"
          }
        }
      },
      "Action": {
        "Block": {}
      },
      "VisibilityConfig": {
        "SampledRequestsEnabled": true,
        "CloudWatchMetricsEnabled": true,
        "MetricName": "DDOS_rate_rule"
      }
    }
  ]

So what i want for example is to delete the element { "Name": "OS-Command-Injection-01" }

I need to do it conditionally So i tried using select jq '. | select([].Statement.ManagedRuleGroupStatement.ExcludedRules[].Name == "Malicious-Robot")' problem is it errors jq: error (at :150): Cannot iterate over null (null) also if i try to chain selects it doesn't work I will also need to delete several object at once, but if i can delete one i can run the query several times so that's not an issue

CodePudding user response:

You can try this :

jq 'walk(if type=="object" and
            (.Name|IN("OS-Command-Injection-01","SQL-Injection-03"))
         then empty
         else . end)' input-file

CodePudding user response:

To delete objects from arrays, you could use the template:

walk(if type == "array”
     then map(select( 
      ( type=="object" and
        (.Name|IN( ... ) ) ) | not ))
     else . end)

CodePudding user response:

|= is useful for modifying elements of a data structure.

  • The left-hand side should return the things to modify. (Use parens if it contains |.)
  • The right-hand side is evaluated as if | was used instead of |=.
  • The right-hand side should return the new value. (Use parens if it contains |.)
  • The whole returns . with the modifications made.
jq '
   ( .[].Statement.ManagedRuleGroupStatement.ExcludedRules | arrays ) |=
      map(select(.Name != "OS-Command-Injection-01"))
'

jqplay

  • Related