XML Data Import

[chevell]

Trying to import an XML file into FMP database. An example of the data in the file is below. I just need to know how to format the XSL file to import this.

This is a new database, so I don't have any limitations there.

<Group id="V-1070">

  

<title>Physical security</title>



<description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>

  

<Rule id="SV-24996r1_rule" severity="medium" weight="10.0">

  

<version>1.001</version>

  

<title>Physical security of the Automated Information System (AIS) does not meet DISA requirements.</title>



<description>&lt;VulnDiscussion&gt;Inadequate physical protection can undermine all other security precautions utilized to protect the system. This can jeopardize the confidentiality, availability, and integrity of the system.  Physical security of the AIS is the first line protection of any system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SecurityOverrideGuidance&gt;&lt;/SecurityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;IAControls&gt;PECF-1&lt;/IAControls&gt;</description>



<fixtext fixref="F-31r1_fix">Relocate equipment to a controlled access area.</fixtext>

  

<fix id="F-31r1_fix"/>

  

<check system="C-7883r4_chk">

	

<check-content-ref name="M" href="VMS_XCCDF_Benchmark_Windows_7_STIG.xml"/>

	

<check-content>Interview the SA to determine if equipment is located in an access controlled area.



Note:  Servers will be located in rooms, or locked cabinets, that are accessible only to authorized systems personnel.  Authorized user access should be verified at two points (i.e. building access and server room).  User workstations containing sensitive data should be in access controlled areas.</check-content>

  

</check>

  

</Rule>



</Group>

Any help would be greatly appreciated. Not sure if there's any more information you need. Thanks!

[comment]

1. Which "fields" do you want to import?

2. It looks like the example document contains only one "record". Is that - and will it always be - the case?

---

On second look, It would be best to post an actual file. I don't think it's showing right here, esp. the contents of the description tag.

Edited November 29, 2011 by comment

[chevell]

Yeah, that's what's throwing me. There's a bunch of nonsense in there. Not sure what its for. Honestly, that's the least of my worries. Yes, Its only one record. The contents of the file are sensative, so I can't post it, but that is what it looks like in the file. As far as fields, there's supposed to be:

group ID

Group Title

Rule ID

Severuity

Rule Version

Rule Title

Vulnerability Discussion

Responsibility

IAControls

Check Content

Fix Text

[comment]

Well, the point is that there is no Vulnerability Discussion element in the example you have posted. Instead, we see the text "<VulnDiscussion>" inside the description element. And it's not clear whether this problem exists in the original file or was created here.

[chevell]

Well, the point is that there is no Vulnerability Discussion element in the example you have posted. Instead, we see the text "<VulnDiscussion>" inside the description element. And it's not clear whether this problem exists in the original file or was created here.

Yeah, that's what it looks like in the original XML. JUst need to figure out how to import all of this into an FMP database and see what it looks like. Need some sort of XSL file for that, but I am clueless on how to accomplish that.

[comment]

that's what it looks like in the original XML.

Then the XSL stylesheet won't be able to extract Vulnerability Discussion out of the description. At best, you can import the entire description into a field, then try to parse it out using text calculations.

Perhaps you should contact the people that produce the XML and get them to do it right.

---

EDIT:

On second thought, you could also use text calculations within the stylesheet itself. Either way it's an unnecessary complication that would be best solved at the source.

[chevell]

The federal government isn't so responsive to lil ol' me. Anyhow, yes, if the description isn't in there, its not the end of the world. I have it other places. I just want to get it all into a DB instead of a web page.

Thank you.

[chevell]

Just looking at the original data, that wierd data is actually some sort of CSS defining it as bold. I can filter all of that out. Just need an XSL doc that says, these are the fields, and they go here in the DB.

Any help would be appreciated.

[chevell]

here it is, call cleaned up:

<Group id="V-1074">

  <title>Approved DoD Virus Scan Program</title>

  <Rule id="SV-25270r1_rule" severity="high" weight="10.0">

   <title>An approved DoD virus scan program is not used and/or updated.</title>

   <description>Here is the description.</description>

   <fixtext fixref="F-5817r2_fix">Here is the fix.</fixtext>

   <fix id="F-5817r2_fix"/>

   <check system="C-519r6_chk">

    <check-content-ref name="M" href="VMS_XCCDF_Benchmark_Windows_7_STIG.xml"/>

    <check-content>Note:   </check-content>

   </check>

  </Rule>

</Group>

[comment]

I am not sure I follow you fully. This last version doesn't have all the "fields" you listed earlier. Anyway, I am attaching an XSL document that extracts these:

• Group ID

• Group Title

• Rule ID

• Rule Severity

• Rule Title

and I am sure you'll be able to adapt it to extract more, if needed.

custom.zip

[chevell]

Ok, I made my modifications, but its only saying there is one record and when it imports, there is no data. I managed to cull down the xml and saved it as a txt so you could see the "whole" file.

Suggestions?

Thanks!

stig.txt

[comment]

Sorry, I can't help you with that.

[chevell]

Your file, unmodified, doesn't import anything, either. Am i missing something?

[comment]

Am i missing something?

I am afraid so. An XSLT stylesheet needs to match your source XML document schema on one side, and transform it to your solution's schema. When the source document's structure changes, the XSLT stylesheet no longer works.

The last file you have posted is very different from the two previous ones - and it's not a complete file, so there's not much I can do with it, even if I wanted to.

[chevell]

ok, found a web link for the XML file. I wasn't going to paste it, but if the DoD wants to put it up on their site, so be it.

http://web.nvd.nist.gov/view/ncp/repository/checklist/download?id=807&cid=1

Thoughts?

Appreciate your help.