Simple package that given a CVE desription tries to extract useful semantics from it using NLP
Project description
CVE analyzer
This project aims to extract from a collection of vulnerabilities report expressed in common English language various semantic information. These semantic information are encoded and retrieved using Name Entity recognition (NER) on the description and currently the available labels are the following:
- FUNCTION: Vulnerable function name.
- VERSION: Vulnerable version of the target program.
- SOURCECE: Path to the source code that contains the vulnerable function/functions.
- DRIVER: Driver that we the attacker needs to interact with to trigger the exploit.
- STRUCT: Malformed struct that contains the bug.
- VULNERABILITY: Type of the vulnerability (e.g. buffer overflow, etc...).
- CAPABILITY: Capability that the attacker gains after a successful exploitation of the vulnerability (e.g. remote code execution, etc...).
Dataset
The dataset on which the initial state of the project has been developed and tested on is the list of Common Vulnerability Exposure (CVE) regarding the Linux kernel for the years 2017 and 2018 (for this first implementation). The dataset can be found on the website CVE detail
The dataset is formatted as a Comma Separated Values (CSV) but it has been simplified from it's original version and only the description fields has been taken into account.
Installation
Install the project and al its dependencies with:
pip install cve_analyzer
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cve_analyzer-0.0.4-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5182822e1aba293c768414b43b374a1955b535ff2e7a3e269c36b6063b7c10ab |
|
| MD5 | 438cc049cfee2dc62ba8210d60389f45 |
|
| BLAKE2b-256 | 0d5e36f21af0453abb3b3f1026c2ca8a22369a6853284079569017f475898a50 |
