文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >如何从JSON字符串中删除子字符串

如何从JSON字符串中删除子字符串
EN

Stack Overflow用户
提问于 2018-06-22 01:35:33
回答 1查看 748关注 0票数 1

我有一个下面的字符串。

代码语言:javascript
复制
result = '[
    {
        "id": 668,
        "overview": "All versions of `react-marked-markdown` are vulnerable to cross-site scripting (XSS) via `href` attributes. This is exploitable if user is provided to `react-marked-markdown`\n\nProof of concept:\n\n```\nimport React from 'react'\nimport ReactDOM from 'react-dom'\nimport { MarkdownPreview } from 'react-marked-markdown'\n\nReactDOM.render(\n<MarkdownPreview\nmarkedOptions={{ sanitize: true }}\nvalue={'[XSS](javascript: alert`1`)'}\n/>,\ndocument.getElementById('root')\n)\n```",
        "recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
        "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "cvss_score": 9.3,
        "module": "react-marked-markdown"
    },
    {
        "id": 577,
        "overview": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n",
        "recommendation": "Update to version 4.17.5 or later.",
        "cvss_vector": null,
        "cvss_score": 2,
        "module": "lodash",
        "version": "3.10.1"
    }
]'

如何从该字符串中删除"overview“字段和值。因为当我试图使用"${JsonOutput.toJson(result)}“将这个字符串转换成JSON对象时,它给出了解析错误,因为这个概述部分包含{}。

这就是我尝试过的

代码语言:javascript
复制
result=result | sed 's/"overview":*\\(","\)/\\1/g'

有人能帮我一下吗?

上面的字符串应该如下所示

代码语言:javascript
复制
[
    {
        "id": 668,
        "recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
        "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "cvss_score": 9.3,
        "module": "react-marked-markdown"
    },
    {
        "id": 577,
        "recommendation": "Update to version 4.17.5 or later.",
        "cvss_vector": null,
        "cvss_score": 2,
        "module": "lodash",
        "version": "3.10.1"
    }
]

这样我就可以将其转换为JSON对象。

bash
shell
jq
json
EN

回答 1

Stack Overflow用户

发布于 2018-06-22 02:11:53

您需要使用JSON解析器来解析JSON数据。正如您所看到的,尝试使用正则表达式太脆弱了。

首先,为了测试而将这个棘手的字符串存储到一个变量中:使用一个引用的heredoc:

代码语言:javascript
复制
$ result=$(cat <<'END'
[
    {
        "id": 668,
        "overview": "All versions of `react-marked-markdown` are vulnerable to cross-site scripting (XSS) via `href` attributes. This is exploitable if user is provided to `react-marked-markdown`\n\nProof of concept:\n\n```\nimport React from 'react'\nimport ReactDOM from 'react-dom'\nimport { MarkdownPreview } from 'react-marked-markdown'\n\nReactDOM.render(\n<MarkdownPreview\nmarkedOptions={{ sanitize: true }}\nvalue={'[XSS](javascript: alert`1`)'}\n/>,\ndocument.getElementById('root')\n)\n```",
        "recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
        "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "cvss_score": 9.3,
        "module": "react-marked-markdown"
    },
    {
        "id": 577,
        "overview": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n",
        "recommendation": "Update to version 4.17.5 or later.",
        "cvss_vector": null,
        "cvss_score": 2,
        "module": "lodash",
        "version": "3.10.1"
    }
]
END
)

然后,使用jq删除概览键

代码语言:javascript
复制
$ new_json=$(echo "$result" | jq 'map(del(.overview))')
$ echo "$new_json"
[
  {
    "id": 668,
    "recommendation": "No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time if you allow user input into href values.",
    "cvss_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
    "cvss_score": 9.3,
    "module": "react-marked-markdown"
  },
  {
    "id": 577,
    "recommendation": "Update to version 4.17.5 or later.",
    "cvss_vector": null,
    "cvss_score": 2,
    "module": "lodash",
    "version": "3.10.1"
  }
]
票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/50974532

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档