lib/python/nvd.py

# nvd.py -- simplistic NVD parser
# Copyright (C) 2005 Florian Weimer <fw@deneb.enyo.de>
# 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

"""This module parses the XML files provided by the
National Vulnerability Database (NVD) <http://nvd.nist.gov/>
"""

import xml.sax
import xml.sax.handler

class _Parser(xml.sax.handler.ContentHandler):
    """Parser helper class."""

    def __init__(self):
        self.result = []
        self.start_dispatcher = {}
        for x in ('entry', 'local', 'range', 'remote', 'user_init',
                  'avail', 'conf', 'int', 'sec_prot'):
             self.start_dispatcher[x] = getattr(self, 'TAG_' + x)

    def _noop(*args):
        pass

    def startElement(self, name, attrs):
        self.start_dispatcher.get(name, self._noop)(name, attrs)

    def TAG_entry(self, name, attrs):
        self.name = attrs['name'].encode('utf-8')
        self.published = attrs['published'].encode('utf-8')
        self.severity = attrs.get('severity', u'').encode('utf-8')
        self.discovered = attrs.get('discovered', u'').encode('utf-8')

        self.range_local = self.range_remote = self.range_user_init = None

        self.loss_avail = self.loss_conf = self.loss_int \
            = self.loss_sec_prot_user = self.loss_sec_prot_admin \
            = self.loss_sec_prot_other = 0

    def TAG_range(self, name, attrs):
        self.range_local = self.range_remote = self.range_user_init = 0

    def TAG_local(self, name, attrs):
        self.range_local = 1
    def TAG_remote(self, name, attrs):
        self.range_remote = 1
    def TAG_user_init(self, name, attrs):
        self.range_user_init = 1
    def TAG_loss_types(self, name, attrs):
        self.clear_loss()
    def TAG_avail(self, name, attrs):
        self.loss_avail = 1
    def TAG_conf(self, name, attrs):
        self.loss_conf = 1
    def TAG_int(self, name, attrs):
        self.loss_int = 1
    def TAG_sec_prot(self, name, attrs):
        if attrs.has_key('user'):
            self.loss_sec_prot_user = 1
        if attrs.has_key('admin'):
            self.loss_sec_prot_admin = 1
        if attrs.has_key('other'):
            self.loss_sec_prot_other = 1
            
    def endElement(self, name):
        if name == 'entry':
            self.result.append((self.name,
                                self.discovered,
                                self.published,
                                self.severity,
                                self.range_local,
                                self.range_remote,
                                self.range_user_init,
                                self.loss_avail,
                                self.loss_conf,
                                self.loss_int,
                                self.loss_sec_prot_user,
                                self.loss_sec_prot_admin,
                                self.loss_sec_prot_other))

def parse(file):
    """Parses the indicated file object.  Returns a list of tuples,
    containing the following elements:

    - CVE name
    - discovery data (can be empty)
    - publication date
    - severity (can be empty)
    - local range flag
    - remote range flag
    - availability loss type flag
    - confidentiality loss type flag
    - integrity loss type flag
    - security protection (user) loss type flag
    - security protection (admin) loss type flag
    - security protection (other) loss type flag
    """
    parser = xml.sax.make_parser()
    parser.setFeature(xml.sax.handler.feature_namespaces, 0)
    p = _Parser()
    parser.setContentHandler(p)
    parser.parse(file)
    return p.result
1	# nvd.py -- simplistic NVD parser
2	# Copyright (C) 2005 Florian Weimer <fw@deneb.enyo.de>
3	#
4	# This program is free software; you can redistribute it and/or modify
5	# it under the terms of the GNU General Public License as published by
6	# the Free Software Foundation; either version 2 of the License, or
7	# (at your option) any later version.
8	#
9	# This program is distributed in the hope that it will be useful,
10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	# GNU General Public License for more details.
13	#
14	# You should have received a copy of the GNU General Public License
15	# along with this program; if not, write to the Free Software
16	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17
18	"""This module parses the XML files provided by the
19	National Vulnerability Database (NVD) <http://nvd.nist.gov/>
20	"""
21
22	import xml.sax
23	import xml.sax.handler
24
25	class _Parser(xml.sax.handler.ContentHandler):
26	"""Parser helper class."""
27
28	def __init__(self):
29	self.result = []
30	self.start_dispatcher = {}
31	for x in ('entry', 'local', 'range', 'remote', 'user_init',
32	'avail', 'conf', 'int', 'sec_prot'):
33	self.start_dispatcher[x] = getattr(self, 'TAG_' + x)
34
35	def _noop(*args):
36	pass
37
38	def startElement(self, name, attrs):
39	self.start_dispatcher.get(name, self._noop)(name, attrs)
40
41	def TAG_entry(self, name, attrs):
42	self.name = attrs['name'].encode('utf-8')
43	self.published = attrs['published'].encode('utf-8')
44	self.severity = attrs.get('severity', u'').encode('utf-8')
45	self.discovered = attrs.get('discovered', u'').encode('utf-8')
46
47	self.range_local = self.range_remote = self.range_user_init = None
48
49	self.loss_avail = self.loss_conf = self.loss_int \
50	= self.loss_sec_prot_user = self.loss_sec_prot_admin \
51	= self.loss_sec_prot_other = 0
52
53	def TAG_range(self, name, attrs):
54	self.range_local = self.range_remote = self.range_user_init = 0
55
56	def TAG_local(self, name, attrs):
57	self.range_local = 1
58	def TAG_remote(self, name, attrs):
59	self.range_remote = 1
60	def TAG_user_init(self, name, attrs):
61	self.range_user_init = 1
62	def TAG_loss_types(self, name, attrs):
63	self.clear_loss()
64	def TAG_avail(self, name, attrs):
65	self.loss_avail = 1
66	def TAG_conf(self, name, attrs):
67	self.loss_conf = 1
68	def TAG_int(self, name, attrs):
69	self.loss_int = 1
70	def TAG_sec_prot(self, name, attrs):
71	if attrs.has_key('user'):
72	self.loss_sec_prot_user = 1
73	if attrs.has_key('admin'):
74	self.loss_sec_prot_admin = 1
75	if attrs.has_key('other'):
76	self.loss_sec_prot_other = 1
77
78	def endElement(self, name):
79	if name == 'entry':
80	self.result.append((self.name,
81	self.discovered,
82	self.published,
83	self.severity,
84	self.range_local,
85	self.range_remote,
86	self.range_user_init,
87	self.loss_avail,
88	self.loss_conf,
89	self.loss_int,
90	self.loss_sec_prot_user,
91	self.loss_sec_prot_admin,
92	self.loss_sec_prot_other))
93
94	def parse(file):
95	"""Parses the indicated file object. Returns a list of tuples,
96	containing the following elements:
97
98	- CVE name
99	- discovery data (can be empty)
100	- publication date
101	- severity (can be empty)
102	- local range flag
103	- remote range flag
104	- availability loss type flag
105	- confidentiality loss type flag
106	- integrity loss type flag
107	- security protection (user) loss type flag
108	- security protection (admin) loss type flag
109	- security protection (other) loss type flag
110	"""
111	parser = xml.sax.make_parser()
112	parser.setFeature(xml.sax.handler.feature_namespaces, 0)
113	p = _Parser()
114	parser.setContentHandler(p)
115	parser.parse(file)
116	return p.result