Security flaw parser for upstream security advisories
Project description
Upstream repository: https://github.com/mprpic/advisory-parser
This library allows you to parse data from security advisories of certain projects to extract information about security issues. The parsed information includes metadata such as impact, CVSS score, summary, description, and others; for a full list, see the advisory_parser/flaw.py file.
DISCLAIMER: Much of the advisory parsing is fairly fragile. Because web pages change all the time, it is not uncommon for parsers to break when a page is changed in some way. Also, the advisory parsers only work with the latest version of the advisory pages.
The need for parsing raw security advisories in this way could be avoided if vendors provided their security pages in a machine readable (and preferably standardized) format. An example of this would be Red Hat’s security advisories that can be pulled in from a separate Security Data API (RHSA-2016:1883.json) or downloaded as an XML file (cvrf-rhsa-2016-1883.xml), or OpenSSL’s list of issues available in XML (vulnerabilities.xml).
If you are a vendor or an upstream project owner interested in providing your security advisories in a machine readable format and don’t know where to start, feel free to reach out to mprpic@redhat.com.
Currently available parsers include:
Project |
Example URL |
|---|---|
Google Chrome |
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html |
Adobe Flash |
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html |
Jenkins |
|
MySQL |
http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html |
phpMyAdmin |
|
Wireshark |
Installation
pip install advisory-parser
Usage
from pprint import pprint
from advisory_parser import Parser
url = 'https://helpx.adobe.com/security/products/flash-player/apsb17-17.html'
flaws, warnings = Parser.parse_from_url(url)
for flaw in flaws:
print()
pprint(vars(flaw))
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file advisory-parser-1.9.tar.gz.
File metadata
- Download URL: advisory-parser-1.9.tar.gz
- Upload date:
- Size: 79.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.33.0 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
487d8a0ebcc4f54dda2c599d82a4a42f852fac64bbff042f816ad26448974940
|
|
| MD5 |
f347316a62ef29c985b7ab32d3040469
|
|
| BLAKE2b-256 |
13360a93273624533aaf385dfab084e2b941e48766b7a130bb59dfded1415797
|
File details
Details for the file advisory_parser-1.9-py2.py3-none-any.whl.
File metadata
- Download URL: advisory_parser-1.9-py2.py3-none-any.whl
- Upload date:
- Size: 15.4 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.33.0 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a2e86fa30417d3e45cef18b25cb3c2043e85e52b3da54ff5d92d8cbb970adff4
|
|
| MD5 |
4e907872be7b67577f71ca37f366388d
|
|
| BLAKE2b-256 |
1219d7b6c42095f073eb7e1f600bdfe4dd73d213af886df6e6802438b22c2db4
|
