Advisory Parser
===============
This library allows you to parse data from security advisories of certain
projects to extract information about security issues. The parsed
information includes metadata such as impact, CVSS score, summary,
description, and others; for a full list, see the
``advisory_parser/flaw.py`` file.
**DISCLAIMER**: Much of the advisory parsing is fairly fragile. Because web
pages change all the time, it is not uncommon for parsers to break when a
page is changed in some way. Also, the advisory parsers only work with the
latest version of the advisory pages.
The need for parsing raw security advisories in this way could be avoided
if vendors provided their security pages in a machine readable (and
preferably standardized) format. An example of this would be Red Hat's
security advisories that can be pulled in from a separate Security Data API
(`RHSA-2016:1883.json <https://access.redhat.com/labs/securitydataapi/cvrf/RHSA-2016:1883.json>`_)
or downloaded as an XML file
(`cvrf-rhsa-2016-1883.xml <https://www.redhat.com/security/data/cvrf/2016/cvrf-rhsa-2016-1883.xml>`_),
or OpenSSL's list of issues available in XML
(`vulnerabilities.xml <https://www.openssl.org/news/vulnerabilities.xml>`_).
If you are a vendor or an upstream project owner interested in providing
your security advisories in a machine readable format and don't know where
to start, feel free to reach out to mprpic@redhat.com.
Currently available parsers include:
.. csv-table::
:header: "Project", "Example URL"
:widths: 20, 80
"Google Chrome", `<https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html>`_
"Adobe Flash", `<https://helpx.adobe.com/security/products/flash-player/apsb17-17.html>`_
"Jenkins", `<https://www.jenkins.io/security/advisory/2023-04-12>`_
"MySQL", `<http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html>`_
"phpMyAdmin", ""
"Wireshark", ""
Installation
------------
::
pip install advisory-parser
Usage
-----
.. code-block:: python
from pprint import pprint
from advisory_parser import Parser
url = 'https://helpx.adobe.com/security/products/flash-player/apsb17-17.html'
flaws, warnings = Parser.parse_from_url(url)
for flaw in flaws:
print()
pprint(vars(flaw))
Raw data
{
"_id": null,
"home_page": "https://github.com/RedHatProductSecurity/advisory-parser",
"name": "advisory-parser",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "security advisory parser scraper",
"author": "Martin Prpi\u010d, Red Hat Product Security",
"author_email": "secalert@redhat.com",
"download_url": "https://files.pythonhosted.org/packages/c2/ed/ac15a4c3fd80e019a1bf3e6a92f8c927091809bc154e382e9d0d7a0fec54/advisory_parser-1.13.tar.gz",
"platform": null,
"description": "Advisory Parser\n===============\n\nThis library allows you to parse data from security advisories of certain\nprojects to extract information about security issues. The parsed\ninformation includes metadata such as impact, CVSS score, summary,\ndescription, and others; for a full list, see the\n``advisory_parser/flaw.py`` file.\n\n**DISCLAIMER**: Much of the advisory parsing is fairly fragile. Because web\npages change all the time, it is not uncommon for parsers to break when a\npage is changed in some way. Also, the advisory parsers only work with the\nlatest version of the advisory pages.\n\nThe need for parsing raw security advisories in this way could be avoided\nif vendors provided their security pages in a machine readable (and\npreferably standardized) format. An example of this would be Red Hat's\nsecurity advisories that can be pulled in from a separate Security Data API\n(`RHSA-2016:1883.json <https://access.redhat.com/labs/securitydataapi/cvrf/RHSA-2016:1883.json>`_)\nor downloaded as an XML file\n(`cvrf-rhsa-2016-1883.xml <https://www.redhat.com/security/data/cvrf/2016/cvrf-rhsa-2016-1883.xml>`_),\nor OpenSSL's list of issues available in XML\n(`vulnerabilities.xml <https://www.openssl.org/news/vulnerabilities.xml>`_).\n\nIf you are a vendor or an upstream project owner interested in providing\nyour security advisories in a machine readable format and don't know where\nto start, feel free to reach out to mprpic@redhat.com.\n\nCurrently available parsers include:\n\n.. csv-table::\n :header: \"Project\", \"Example URL\"\n :widths: 20, 80\n\n \"Google Chrome\", `<https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html>`_\n \"Adobe Flash\", `<https://helpx.adobe.com/security/products/flash-player/apsb17-17.html>`_\n \"Jenkins\", `<https://www.jenkins.io/security/advisory/2023-04-12>`_\n \"MySQL\", `<http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html>`_\n \"phpMyAdmin\", \"\"\n \"Wireshark\", \"\"\n\nInstallation\n------------\n\n::\n\n pip install advisory-parser\n\nUsage\n-----\n\n.. code-block:: python\n\n from pprint import pprint\n from advisory_parser import Parser\n\n\n url = 'https://helpx.adobe.com/security/products/flash-player/apsb17-17.html'\n flaws, warnings = Parser.parse_from_url(url)\n\n for flaw in flaws:\n print()\n pprint(vars(flaw))\n",
"bugtrack_url": null,
"license": "LGPLv3+",
"summary": "Security flaw parser for upstream security advisories",
"version": "1.13",
"project_urls": {
"Homepage": "https://github.com/RedHatProductSecurity/advisory-parser"
},
"split_keywords": [
"security",
"advisory",
"parser",
"scraper"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c4863c0914ebcacdeb3ba43a1f9500ebd0e81e573824068353f4b0b8bb7d14dc",
"md5": "770132a2f08a322765c69c7fa86174ce",
"sha256": "f1d937b708a4e9ecd3bbaa534b9fef78746795ebf8b1ce482b0d390ffd5fb6e9"
},
"downloads": -1,
"filename": "advisory_parser-1.13-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "770132a2f08a322765c69c7fa86174ce",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 18322,
"upload_time": "2024-07-11T00:52:56",
"upload_time_iso_8601": "2024-07-11T00:52:56.072512Z",
"url": "https://files.pythonhosted.org/packages/c4/86/3c0914ebcacdeb3ba43a1f9500ebd0e81e573824068353f4b0b8bb7d14dc/advisory_parser-1.13-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c2edac15a4c3fd80e019a1bf3e6a92f8c927091809bc154e382e9d0d7a0fec54",
"md5": "a135f61791fe0d65f5fa185bed3a66ab",
"sha256": "22d177b5c6fd6d914d13dbbc5b72fb5e7bf344dc58253095eb5f4e70b45ab999"
},
"downloads": -1,
"filename": "advisory_parser-1.13.tar.gz",
"has_sig": false,
"md5_digest": "a135f61791fe0d65f5fa185bed3a66ab",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 92571,
"upload_time": "2024-07-11T00:52:58",
"upload_time_iso_8601": "2024-07-11T00:52:58.557449Z",
"url": "https://files.pythonhosted.org/packages/c2/ed/ac15a4c3fd80e019a1bf3e6a92f8c927091809bc154e382e9d0d7a0fec54/advisory_parser-1.13.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-11 00:52:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "RedHatProductSecurity",
"github_project": "advisory-parser",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "advisory-parser"
}
JSON
