1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
%global _empty_manifest_terminate_build 0
Name: python-advisory-parser
Version: 1.12
Release: 1
Summary: Security flaw parser for upstream security advisories
License: LGPLv3+
URL: https://github.com/RedHatProductSecurity/advisory-parser
Source0: https://files.pythonhosted.org/packages/09/b0/63971338a60f5cf26d943a1f0796560d9a09e8c49830d343823ed11cf387/advisory-parser-1.12.tar.gz
BuildArch: noarch
Requires: python3-beautifulsoup4
%description
This library allows you to parse data from security advisories of certain
projects to extract information about security issues. The parsed
information includes metadata such as impact, CVSS score, summary,
description, and others; for a full list, see the
``advisory_parser/flaw.py`` file.
**DISCLAIMER**: Much of the advisory parsing is fairly fragile. Because web
pages change all the time, it is not uncommon for parsers to break when a
page is changed in some way. Also, the advisory parsers only work with the
latest version of the advisory pages.
The need for parsing raw security advisories in this way could be avoided
if vendors provided their security pages in a machine readable (and
preferably standardized) format. An example of this would be Red Hat's
security advisories that can be pulled in from a separate Security Data API
(`RHSA-2016:1883.json <https://access.redhat.com/labs/securitydataapi/cvrf/RHSA-2016:1883.json>`_)
or downloaded as an XML file
(`cvrf-rhsa-2016-1883.xml <https://www.redhat.com/security/data/cvrf/2016/cvrf-rhsa-2016-1883.xml>`_),
or OpenSSL's list of issues available in XML
(`vulnerabilities.xml <https://www.openssl.org/news/vulnerabilities.xml>`_).
If you are a vendor or an upstream project owner interested in providing
your security advisories in a machine readable format and don't know where
to start, feel free to reach out to mprpic@redhat.com.
Currently available parsers include:
"Google Chrome", `<https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html>`_
"Adobe Flash", `<https://helpx.adobe.com/security/products/flash-player/apsb17-17.html>`_
"Jenkins", ""
"MySQL", `<http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html>`_
"phpMyAdmin", ""
"Wireshark", ""
%package -n python3-advisory-parser
Summary: Security flaw parser for upstream security advisories
Provides: python-advisory-parser
BuildRequires: python3-devel
BuildRequires: python3-setuptools
%description -n python3-advisory-parser
This library allows you to parse data from security advisories of certain
projects to extract information about security issues. The parsed
information includes metadata such as impact, CVSS score, summary,
description, and others; for a full list, see the
``advisory_parser/flaw.py`` file.
**DISCLAIMER**: Much of the advisory parsing is fairly fragile. Because web
pages change all the time, it is not uncommon for parsers to break when a
page is changed in some way. Also, the advisory parsers only work with the
latest version of the advisory pages.
The need for parsing raw security advisories in this way could be avoided
if vendors provided their security pages in a machine readable (and
preferably standardized) format. An example of this would be Red Hat's
security advisories that can be pulled in from a separate Security Data API
(`RHSA-2016:1883.json <https://access.redhat.com/labs/securitydataapi/cvrf/RHSA-2016:1883.json>`_)
or downloaded as an XML file
(`cvrf-rhsa-2016-1883.xml <https://www.redhat.com/security/data/cvrf/2016/cvrf-rhsa-2016-1883.xml>`_),
or OpenSSL's list of issues available in XML
(`vulnerabilities.xml <https://www.openssl.org/news/vulnerabilities.xml>`_).
If you are a vendor or an upstream project owner interested in providing
your security advisories in a machine readable format and don't know where
to start, feel free to reach out to mprpic@redhat.com.
Currently available parsers include:
"Google Chrome", `<https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html>`_
"Adobe Flash", `<https://helpx.adobe.com/security/products/flash-player/apsb17-17.html>`_
"Jenkins", ""
"MySQL", `<http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html>`_
"phpMyAdmin", ""
"Wireshark", ""
%package help
Summary: Development documents and examples for advisory-parser
Provides: python3-advisory-parser-doc
%description help
This library allows you to parse data from security advisories of certain
projects to extract information about security issues. The parsed
information includes metadata such as impact, CVSS score, summary,
description, and others; for a full list, see the
``advisory_parser/flaw.py`` file.
**DISCLAIMER**: Much of the advisory parsing is fairly fragile. Because web
pages change all the time, it is not uncommon for parsers to break when a
page is changed in some way. Also, the advisory parsers only work with the
latest version of the advisory pages.
The need for parsing raw security advisories in this way could be avoided
if vendors provided their security pages in a machine readable (and
preferably standardized) format. An example of this would be Red Hat's
security advisories that can be pulled in from a separate Security Data API
(`RHSA-2016:1883.json <https://access.redhat.com/labs/securitydataapi/cvrf/RHSA-2016:1883.json>`_)
or downloaded as an XML file
(`cvrf-rhsa-2016-1883.xml <https://www.redhat.com/security/data/cvrf/2016/cvrf-rhsa-2016-1883.xml>`_),
or OpenSSL's list of issues available in XML
(`vulnerabilities.xml <https://www.openssl.org/news/vulnerabilities.xml>`_).
If you are a vendor or an upstream project owner interested in providing
your security advisories in a machine readable format and don't know where
to start, feel free to reach out to mprpic@redhat.com.
Currently available parsers include:
"Google Chrome", `<https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html>`_
"Adobe Flash", `<https://helpx.adobe.com/security/products/flash-player/apsb17-17.html>`_
"Jenkins", ""
"MySQL", `<http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html>`_
"phpMyAdmin", ""
"Wireshark", ""
%prep
%autosetup -n advisory-parser-1.12
%build
%py3_build
%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .
%files -n python3-advisory-parser -f filelist.lst
%dir %{python3_sitelib}/*
%files help -f doclist.lst
%{_docdir}/*
%changelog
* Thu Feb 23 2023 Python_Bot <Python_Bot@openeuler.org> - 1.12-1
- Package Spec generated
|
