Skip to main content
Help us improve PyPI by participating in user testing. All experience levels needed!

Security flaw parser for upstream security advisories

Project description

Travis CI test status

This library allows you to parse data from security advisories of certain projects to extract information about security issues. The parsed information includes metadata such as impact, CVSS score, summary, description, and others; for a full list, see the advisory_parser/flaw.py file.

DISCLAIMER: Much of the advisory parsing is fairly fragile. Because web pages change all the time, it is not uncommon for parsers to break when a page is changed in some way. Also, the advisory parsers only work with the latest version of the advisory pages.

The need for parsing raw security advisories in this way could be avoided if vendors provided their security pages in a machine readable (and preferably standardized) format. An example of this would be Red Hat’s security advisories that can be pulled in from a separate Security Data API (RHSA-2016:1883.json) or downloaded as an XML file (cvrf-rhsa-2016-1883.xml), or OpenSSL’s list of issues available in XML (vulnerabilities.xml).

If you are a vendor or an upstream project owner interested in providing your security advisories in a machine readable format and don’t know where to start, feel free to reach out to mprpic@redhat.com.

Currently available parsers include:

Project Example URL
Google Chrome https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
Adobe Flash https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
Jenkins  
MySQL http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html
phpMyAdmin  
Wireshark  

Installation

pip install advisory-parser

Usage

from pprint import pprint
from advisory_parser import Parser


url = 'https://helpx.adobe.com/security/products/flash-player/apsb17-17.html'
flaws, warnings = Parser.parse_from_url(url)

for flaw in flaws:
    print()
    pprint(vars(flaw))

Project details


Release history Release notifications

This version
History Node

1.7

History Node

1.6

History Node

1.5

History Node

1.4

History Node

1.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
advisory_parser-1.7-py2.py3-none-any.whl (14.8 kB) Copy SHA256 hash SHA256 Wheel py2.py3 Apr 11, 2018
advisory-parser-1.7.tar.gz (78.1 kB) Copy SHA256 hash SHA256 Source None Apr 11, 2018

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page