Security flaw parser for upstream security advisories

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jasinner from gravatar.com jasinner Avatar for mprpic from gravatar.com mprpic

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU Lesser General Public License v3 or later (LGPLv3+) (LGPLv3+)

Author: Martin Prpič, Red Hat Product Security

Tags security, advisory, parser, scraper

Classifiers

Project description

Travis CI test status

This library allows you to parse data from security advisories of certain projects to extract information about security issues. The parsed information includes metadata such as impact, CVSS score, summary, description, and others; for a full list, see the advisory_parser/flaw.py file.

DISCLAIMER: Much of the advisory parsing is fairly fragile. Because web pages change all the time, it is not uncommon for parsers to break when a page is changed in some way. Also, the advisory parsers only work with the latest version of the advisory pages.

The need for parsing raw security advisories in this way could be avoided if vendors provided their security pages in a machine readable (and preferably standardized) format. An example of this would be Red Hat’s security advisories that can be pulled in from a separate Security Data API (RHSA-2016:1883.json) or downloaded as an XML file (cvrf-rhsa-2016-1883.xml), or OpenSSL’s list of issues available in XML (vulnerabilities.xml).

If you are a vendor or an upstream project owner interested in providing your security advisories in a machine readable format and don’t know where to start, feel free to reach out to mprpic@redhat.com.

Currently available parsers include:

Project

Example URL

Google Chrome

https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html

Adobe Flash

https://helpx.adobe.com/security/products/flash-player/apsb17-17.html

Jenkins

MySQL

http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html

phpMyAdmin

Wireshark

Installation

pip install advisory-parser

Usage

from pprint import pprint
from advisory_parser import Parser


url = 'https://helpx.adobe.com/security/products/flash-player/apsb17-17.html'
flaws, warnings = Parser.parse_from_url(url)

for flaw in flaws:
    print()
    pprint(vars(flaw))

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jasinner from gravatar.com jasinner Avatar for mprpic from gravatar.com mprpic

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU Lesser General Public License v3 or later (LGPLv3+) (LGPLv3+)

Author: Martin Prpič, Red Hat Product Security

Tags security, advisory, parser, scraper

Classifiers

Release history Release notifications | RSS feed

1.12

1.11

1.10

1.9

1.8

1.7

1.6

This version

1.5

1.4

1.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

advisory-parser-1.5.tar.gz (49.8 kB view hashes)

Uploaded Source

Built Distribution

advisory_parser-1.5-py2.py3-none-any.whl (14.4 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page