imporve readability NIST_data_leakage_01_registry.ppt

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bookstore>
+  <book category="cooking">
+    <title lang="en">Everyday Italian</title>
+    <author>Giada De Laurentiis</author>
+    <year>2005</year>
+    <price>30.00</price>
+  </book>
+  <book category="children">
+    <title lang="en">Harry Potter</title>
+    <author>J K. Rowling</author>
+    <year>2005</year>
+    <price>29.99</price>
+  </book>
+  <book category="web">
+    <title lang="en">Learning XML</title>
+    <author>Erik T. Ray</author>
+    <year>2003</year>
+    <price>39.95</price>
+  </book>
+</bookstore>

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_book_category_attrib.py

@@ -0,0 +1,10 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore_removed_ns.xml")
+root = tree.getroot()
+
+# Iterate through the book elements and print their category attributes
+for book in root.findall(".//book"):  # Find all 'book' elements at any depth
+    # Get book category attribute
+    cate = book.attrib.get("category")
+    print("book category: {}".format(cate))

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_tags.py

@@ -0,0 +1,16 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore.xml")
+root = tree.getroot()
+
+# Create an empty set to store unique tag names
+tag_names = set()
+
+# Iterate through the elements and collect unique tag names
+for element in root.iter():
+    tag_names.add(element.tag)
+
+# Convert the set to a sorted list and print the tag names
+tag_list = sorted(tag_names)
+for tag in tag_list:
+    print(tag)

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_titles_v1.py

@@ -0,0 +1,11 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore.xml")
+root = tree.getroot()
+
+# Iterate through the book elements and print their titles
+for book in root.findall(".//book"):  # Find all 'book' elements at any depth
+    # Find the first 'title' elements at current depth
+    title_element = book.find("title")
+    if title_element is not None:
+        print("Book Title: {}".format(title_element.text))

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_titles_v2.py

@@ -0,0 +1,8 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore.xml")
+root = tree.getroot()
+
+# Find and print all the "year" elements
+for title_element in root.findall(".//title"):
+    print(title_element.text)

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_ns.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bookstore xmlns="http://schemas.exampl.com">
+  <book category="cooking">
+    <title lang="en">Everyday Italian</title>
+    <author>Giada De Laurentiis</author>
+    <year>2005</year>
+    <price>30.00</price>
+  </book>
+  <book category="children">
+    <title lang="en">Harry Potter</title>
+    <author>J K. Rowling</author>
+    <year>2005</year>
+    <price>29.99</price>
+  </book>
+  <book category="web">
+    <title lang="en">Learning XML</title>
+    <author>Erik T. Ray</author>
+    <year>2003</year>
+    <price>39.95</price>
+  </book>
+</bookstore>

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_remove_ns.py

@@ -0,0 +1,23 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore.xml")
+root = tree.getroot()
+
+
+# Define a function to recursively remove all namespace prefixes
+def remove_namespace_prefix(element):
+    print(element.tag)
+    element.tag = element.tag.split("}", 1)[-1]  # Remove namespace prefix
+    for child in element:
+        remove_namespace_prefix(child)
+
+
+# Remove namespace prefixes from the root element and its descendants
+remove_namespace_prefix(root)
+
+# Convert the modified XML tree to a string
+modified_xml = ET.tostring(root, encoding="utf-8")
+
+# Save the updated XML to a new file
+with open("bookstore_removed_ns.xml", "wb") as f:
+    f.write(modified_xml)

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_removed_ns.xml

@@ -0,0 +1,20 @@
+<bookstore>
+  <book category="cooking">
+    <title lang="en">Everyday Italian</title>
+    <author>Giada De Laurentiis</author>
+    <year>2005</year>
+    <price>30.00</price>
+  </book>
+  <book category="children">
+    <title lang="en">Harry Potter</title>
+    <author>J K. Rowling</author>
+    <year>2005</year>
+    <price>29.99</price>
+  </book>
+  <book category="web">
+    <title lang="en">Learning XML</title>
+    <author>Erik T. Ray</author>
+    <year>2003</year>
+    <price>39.95</price>
+  </book>
+</bookstore>

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_show_first_book.py

@@ -0,0 +1,12 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore.xml")
+root = tree.getroot()
+
+# Access the first child element of the root directly using indexing
+first_element = root[0]
+
+# Print the tag name and text content of the first element
+print("Tag Name:", first_element.tag)
+for child in first_element:
+    print(f"{child.tag}: {child.text}")

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_update_one_author.py

@@ -0,0 +1,15 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore.xml")
+root = tree.getroot()
+
+# Find the "author" element with the current name and update it
+for author_element in root.findall(".//author"):
+    if author_element.text == "Giada De Laurentiis":
+        author_element.text = "Giada Laurentiis"
+
+# Serialize the updated XML to a string
+updated_xml_content = ET.tostring(root, encoding="utf-8")
+
+# Print the updated XML content
+print(updated_xml_content.decode("utf-8"))

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_update_price_plus1.py

@@ -0,0 +1,17 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("bookstore.xml")
+root = tree.getroot()
+
+# Find and update all the "price" elements
+for price_element in root.findall(".//price"):
+    current_price = float(price_element.text)
+    new_price = current_price + 1
+    price_element.text = str(new_price)
+
+# Serialize the updated XML to a string
+updated_xml_content = ET.tostring(root, encoding="utf-8")
+
+# Save the updated XML to a new file
+with open("bookstore_updated.xml", "wb") as f:
+    f.write(updated_xml_content)

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_findall_eventid_time.py

@@ -0,0 +1,22 @@
+import xml.etree.ElementTree as ET
+import xml.dom.minidom as minidom
+
+tree = ET.parse("SecurityEvt_ns_removed.xml")
+root = tree.getroot()
+
+# Iterate through all System elements
+for system_element in root.findall(".//System"):
+    event_id_element = system_element.find("EventID")
+    time_created_element = system_element.find("TimeCreated")
+
+    # Check if EventID and TimeCreated elements exist
+    if (
+        event_id_element is not None
+        and event_id_element.text == "4608"
+        and time_created_element is not None
+    ):
+        event_id = event_id_element.text
+        system_time = time_created_element.get("SystemTime")
+
+        # Print the lists of EventID and TimeCreated values
+        print("EventIDs: {} and SystemTimes: {}".format(event_id, system_time))

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_format.py

@@ -0,0 +1,26 @@
+import xml.etree.ElementTree as ET
+import xml.dom.minidom as minidom
+
+tree = ET.parse("SecurityEvt_ns_removed.xml")
+root = tree.getroot()
+
+# Convert the entire XML to a string with pretty formatting
+formatted_xml_str = ET.tostring(root, encoding="utf-8", method="xml").decode("utf-8")
+
+# Parse the formatted XML content
+dom = minidom.parseString(formatted_xml_str)
+
+# Pretty print the XML content
+pretty_xml = dom.toprettyxml(indent="  ")
+
+# Remove extra blank lines
+non_empty_pretty_lines = [line for line in pretty_xml.splitlines() if line.strip()]
+
+# Join the lines to get the final XML content
+formatted_xml = "\n".join(non_empty_pretty_lines)
+
+# Save the nicely formatted XML to a new file
+with open("securityEvt_formatted.xml", "w") as file:
+    file.write(formatted_xml)
+
+print("Formatted XML saved to 'securityEvt_formatted.xml'.")

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_list_tags.py

@@ -0,0 +1,16 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("SecurityEvt.xml")
+root = tree.getroot()
+
+# Create an empty set to store unique tag names
+tag_names = set()
+
+# Iterate through the elements and collect unique tag names
+for element in root.iter():
+    tag_names.add(element.tag)
+
+# Convert the set to a sorted list and print the tag names
+tag_list = sorted(tag_names)
+for tag in tag_list:
+    print(tag)

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_ns_remove.py

@@ -0,0 +1,23 @@
+import xml.etree.ElementTree as ET
+
+tree = ET.parse("SecurityEvt.xml")
+root = tree.getroot()
+
+
+# Define a function to recursively remove all namespace prefixes
+def remove_namespace_prefix(element):
+    # print(element.tag)
+    element.tag = element.tag.split("}", 1)[-1]  # Remove namespace prefix
+    for child in element:
+        remove_namespace_prefix(child)
+
+
+# Remove namespace prefixes from the root element and its descendants
+remove_namespace_prefix(root)
+
+# Convert the modified XML tree to a string
+modified_xml = ET.tostring(root, encoding="utf-8")
+
+# Save the updated XML to a new file
+with open("SecurityEvt_ns_removed.xml", "wb") as f:
+    f.write(modified_xml)

NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_show_first_event.py

@@ -0,0 +1,24 @@
+import xml.etree.ElementTree as ET
+import xml.dom.minidom as minidom
+
+tree = ET.parse("SecurityEvt_ns_removed.xml")
+root = tree.getroot()
+
+# Find the first Event element
+first_event = root.find(".//Event")
+
+# Check if a Event element was found
+if first_event is not None:
+    # Convert the first Event element to a string with pretty formatting
+    first_event_str = ET.tostring(first_event, encoding="unicode", method="xml")
+
+    # Parse the XML content
+    dom = minidom.parseString(first_event_str)
+
+    # Pretty print the XML content
+    pretty_xml = dom.toprettyxml(indent="   ")
+
+    # Print the nicely formatted XML
+    print(pretty_xml)
+else:
+    print("No Event elements found in the XML.")