Skip to main content

Security flaw parser for upstream security advisories

Project description

This library allows you to parse data from security advisories of certain projects to extract information about security issues. The parsed information includes metadata such as impact, CVSS score, summary, description, and others; for a full list, see the advisory_parser/flaw.py file.

DISCLAIMER: Much of the advisory parsing is fairly fragile. Because web pages change all the time, it is not uncommon for parsers to break when a page is changed in some way. Also, the advisory parsers only work with the latest version of the advisory pages.

The need for parsing raw security advisories in this way could be avoided if vendors provided their security pages in a machine readable (and preferably standardized) format. An example of this would be Red Hat’s security advisories that can be pulled in from a separate Security Data API (RHSA-2016:1883.json) or downloaded as an XML file (cvrf-rhsa-2016-1883.xml), or OpenSSL’s list of issues available in XML (vulnerabilities.xml).

If you are a vendor or an upstream project owner interested in providing your security advisories in a machine readable format and don’t know where to start, feel free to reach out to mprpic@redhat.com.

Currently available parsers include:

Project

Example URL

Google Chrome

https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html

Adobe Flash

https://helpx.adobe.com/security/products/flash-player/apsb17-17.html

Jenkins

https://www.jenkins.io/security/advisory/2023-04-12

MySQL

http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html

phpMyAdmin

Wireshark

Installation

pip install advisory-parser

Usage

from pprint import pprint
from advisory_parser import Parser


url = 'https://helpx.adobe.com/security/products/flash-player/apsb17-17.html'
flaws, warnings = Parser.parse_from_url(url)

for flaw in flaws:
    print()
    pprint(vars(flaw))

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

advisory_parser-1.13.tar.gz (92.6 kB view details)

Uploaded Source

Built Distribution

advisory_parser-1.13-py2.py3-none-any.whl (18.3 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file advisory_parser-1.13.tar.gz.

File metadata

  • Download URL: advisory_parser-1.13.tar.gz
  • Upload date:
  • Size: 92.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.3

File hashes

Hashes for advisory_parser-1.13.tar.gz
Algorithm Hash digest
SHA256 22d177b5c6fd6d914d13dbbc5b72fb5e7bf344dc58253095eb5f4e70b45ab999
MD5 a135f61791fe0d65f5fa185bed3a66ab
BLAKE2b-256 c2edac15a4c3fd80e019a1bf3e6a92f8c927091809bc154e382e9d0d7a0fec54

See more details on using hashes here.

File details

Details for the file advisory_parser-1.13-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for advisory_parser-1.13-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 f1d937b708a4e9ecd3bbaa534b9fef78746795ebf8b1ce482b0d390ffd5fb6e9
MD5 770132a2f08a322765c69c7fa86174ce
BLAKE2b-256 c4863c0914ebcacdeb3ba43a1f9500ebd0e81e573824068353f4b0b8bb7d14dc

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page