Neo4j

jwcqcon · ‎12-19-2019

I am having a really difficult time importing from a JSON similar to this one. I have no problems with the majority of the data. It is the data contained in the section below that is:

"configurations" : {
"ABC_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"123_match" : [ {
"vulnerable" : true,
"testdata" : "c:a:gksu-polkit_project:gksu-polkit::::::::",
"versionEndExcluding" : "0.0.3"
} ]
}, {
"operator" : "OR",
"123_match" : [ {
"vulnerable" : true,
"testdata" : "abc:2.3:o:debian:debian_linux:6.0:::::::*"
} ]
Here is a snippet of the cypher I am trying
<UNWIND ['test.json'] as filename>
<CALL apoc.load.json(filename) YIELD value AS n>

The error message"Type mismatch: expected a map but was List{Map" is returned. I have tried using [0] and other fixes I have seen but none work. The 123_match is the field I am unable to create a node with. Everything else works (non of the cypher for that is included here)

Source data example:
"ABC_Items" : [ {
"ABC" : {
"data_type" : "ABC",
"data_format" : "ABCDE",
"data_version" : "4.0",
"ABC_data_meta" : {
"ID" : "ABC-1234-0703",
"ASSIGNER" : "ABC@ABCDE.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "XYZ-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"qwe" : "sdfkjsadhkjaccess.redhat.com/security/ABC/ABC-1234-0703",
"name" : "sdfkjsadhkjaccess.redhat.com/security/ABC/ABC-1234-0703",
"refsource" : "MISC",
"tags" : [ "Broken Link" ]
}, {
"qwe" : "sdfkjsadhkjsecurity-tracker.debian.org/tracker/ABC-1234-0703",
"name" : "sdfkjsadhkjsecurity-tracker.debian.org/tracker/ABC-1234-0703",
"refsource" : "MISC",
"tags" : [ "Third Party Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session."
} ]
}
},
"configurations" : {
"ABC_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"123_match" : [ {
"vulnerable" : true,
"testdata" : "c:a:gksu-polkit_project:gksu-polkit::::::::",
"versionEndExcluding" : "0.0.3"
} ]
}, {
"operator" : "OR",
"123_match" : [ {
"vulnerable" : true,
"testdata" : "abc:2.3:o:debian:debian_linux:6.0:::::::*"
} ]
} ]
},
"impact" : {
"baseMetricV3" : {
"yyyyy3" : {
"version" : "3.1",
"vectorString" : "yyyyy:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector" : "NETWORK",
"attackComplexity" : "LOW",
"privilegesRequired" : "NONE",
"userInteraction" : "NONE",
"scope" : "UNCHANGED",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL"
},
"exploitabilityScore" : 3.9,
"impactScore" : 5.9
},
"baseMetricV2" : {
"yyyyy2" : {
"vers" : "2.0",
"vectorStr" : "A",
"accessV" : "NEK",
"accessCo" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitability" : 10.0,
"impac" : 6.4,
"acIn" : false,
"obtainAllP" : false,
"obtainUser" : false,
"obtainOther" : false,
"userInteraction" : false
}
},
"publishedDate" : "2019-11-15T17:15Z",
"lastModifiedDate" : "2019-12-03T14:55Z"
},
Please provide the following information if you ran into a more serious issue:

neo4j version, desktop version, browser version
3.5.6, Browser version 4.0.1

paulare · ‎12-20-2019

Your Cypher Query has abc23Uri key - but thats missing from your example JSON.
If possible, please review test.json you provided.

I suggest to use bit post formatting - like preformatted text option - then its easier to read and copy-paste code/JSON snippets.

Like that:

{
	"ABC_Items": [{
		"ABC": {
			"data_type": "ABC",
			"data_format": "ABCDE",
			"data_version": "4.0",
			"ABC_data_meta": {
				"ID": "ABC-1234-0703",
				"ASSIGNER": "ABC@ABCDE.org"
			},
			"problemtype": {
				"problemtype_data": [{
					"description": [{
						"lang": "en",
						"value": "XYZ-20"
					}]
				}]
			},
			"references": {
				"reference_data": [{
					"qwe": "sdfkjsadhkjaccess.redhat.com/security/ABC/ABC-1234-0703",
					"name": "sdfkjsadhkjaccess.redhat.com/security/ABC/ABC-1234-0703",
					"refsource": "MISC",
					"tags": ["Broken Link"]
				}, {
					"qwe": "sdfkjsadhkjsecurity-tracker.debian.org/tracker/ABC-1234-0703",
					"name": "sdfkjsadhkjsecurity-tracker.debian.org/tracker/ABC-1234-0703",
					"refsource": "MISC",
					"tags": ["Third Party Advisory"]
				}]
			},
			"description": {
				"description_data": [{
					"lang": "en",
					"value": "In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session."
				}]
			}
		},
		"configurations": {
			"ABC_data_version": "4.0",
			"nodes": [{
				"operator": "OR",
				"match_123": [{
					"vulnerable": true,
					"testdata": "c:a:gksu-polkit_project:gksu-polkit::::::::",
					"versionEndExcluding": "0.0.3"}]}, {
				"operator": "OR",
				"match_123": [{
					"vulnerable": true,
					"testdata": "abc:2.3:o:debian:debian_linux:6.0:::::::*"
				}]
			}]
		},
		"impact": {
			"baseMetricV3": {
				"yyyyy3": {
					"version": "3.1",
					"vectorString": "yyyyy:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
					"attackVector": "NETWORK",
					"attackComplexity": "LOW",
					"privilegesRequired": "NONE",
					"userInteraction": "NONE",
					"scope": "UNCHANGED",
					"confidentialityImpact": "HIGH",
					"integrityImpact": "HIGH",
					"availabilityImpact": "HIGH",
					"baseScore": 9.8,
					"baseSeverity": "CRITICAL"
				},
				"exploitabilityScore": 3.9,
				"impactScore": 5.9
			},
			"baseMetricV2": {
				"yyyyy2": {
					"vers": "2.0",
					"vectorStr": "A",
					"accessV": "NEK",
					"accessCo": "LOW",
					"authentication": "NONE",
					"confidentialityImpact": "PARTIAL",
					"integrityImpact": "PARTIAL",
					"availabilityImpact": "PARTIAL",
					"baseScore": 7.5
				},
				"severity": "HIGH",
				"exploitability": 10.0,
				"impac": 6.4,
				"acIn": false,
				"obtainAllP": false,
				"obtainUser": false,
				"obtainOther": false,
				"userInteraction": false
			}
		},
		"publishedDate": "2019-11-15T17:15Z",
		"lastModifiedDate": "2019-12-03T14:55Z"
	}]
}

Before using FOREACH - i would experiment to with getting data just with a RETURN clause.
I had to rename key 123_match in JSON file to match_123 - for some reason first one caused issues.

UNWIND ['Jcrowell.json'] as filename
CALL apoc.load.json(filename) YIELD value AS v
RETURN v.ABC_Items[0].configurations.nodes[0].match_123[0].testdata

│"v.ABC_Items[0].configurations.nodes[0].match_123[0].testdata"│
╞══════════════════════════════════════════════════════════════╡
│"c:a:gksu-polkit_project:gksu-polkit::::::::"                 │
└──────────────────────────────────────────────────────────────┘

koji · ‎12-20-2019

You can use backticks for names that begin with a number.

123_match[0] to `123_match`[0]

UNWIND ['test.json'] as filename
CALL apoc.load.json(filename) YIELD value AS v
RETURN v.ABC_Items[0].configurations.nodes[0].`123_match`[0].testdata

v.ABC_Items[0].configurations.nodes[0].`123_match`[0].testdata
"c:a:gksu-polkit_project:gksu-polkit::::::::"

https://neo4j.com/docs/cypher-manual/current/syntax/naming/

paulare · ‎12-21-2019

Thanks, forgot about backticks

Neo4j

Problem importing JSON