GithubHelp home page GithubHelp logo

00mjk / patch-finder Goto Github PK

View Code? Open in Web Editor NEW

This project forked from patchporting/patch-finder

0.0 0.0 0.0 376 KB

A tool to find security patches from across the web.

License: GNU General Public License v2.0

Python 80.15% HTML 19.85%

patch-finder's Introduction

Patch-finder

Build Status codecov

A webcrawler to extract security patches for vulnerabilities.

Usage

For a vulnerability ID, cd into the patch-finder folder and use:

$ python -m patchfinder <vuln_id>

For Example:

$ python -m patchfinder CVE-2019-7738

You can also install the package. cd into the patch-finder folder and use:

$ pip install .

The patchfinder can then be used as so:

$ patchfinder --help
usage: patchfinder [-h] [-d DEPTH_LIMIT] [-p PATCH_LIMIT] vuln_id

positional arguments:
  vuln_id               The vulnerability ID to find patches for

optional arguments:
  -h, --help            show this help message and exit
  -d DEPTH_LIMIT, --depth-limit DEPTH_LIMIT
                        The maximum depth the crawler should go to.
  -p PATCH_LIMIT, --patch-limit PATCH_LIMIT
                        The maximum number of patches to collect.

Extracted patches along with the site they were retrieved from are written to ./patches.json by default.

Settings

Default settings can be altered as necessary.

For settings relevant to the scraping framework Scrapy, refer:

patchfinder.settings.scrapy_settings

For settings relevant to the Patch-finder, refer:

patchfinder.settings.patchfinder_settings

Vulnerability identifiers

Vulnerability identifiers are notations used to identify one or more security vulnerabilities.

Identifiers that are currently recognized by the Patch-finder are:

  • CVE (Common Vulnerabilities & Exposures)
  • DSA (Debian Security Advisory)
  • GLSA (Gentoo Linux Security Advisory)
  • RHSA (Red Hat Security Advisory)

Patch Providers

While crawling, patches or patch links are identified if they belong to a patch provider.

Providers that are currently recognized by the Patch-finder are:

  • github.com
  • pagure.io
  • git.kernel.org
  • gitlab.com
  • bitbucket.org

Parsers

Parsers are crawlers for cases other than simple webcrawling. For example, a crawler for retrieving patches from Debian or RPM packages is a parser.

Currently a parser for retrieving patches from Debian packages can be used.

Parsers can be found in patchfinder.parsers. Settings relevant for the operation of these parsers is in patchfinder.settings.patchfinder_settings (See Settings section).

Tests

To run the tests, use:

$ python -m unittest discover -v tests

Or simply:

$ pytest

Build the docs

cd docs
pip install -r requirements-docs.txt
make html

patch-finder's People

Contributors

jajajasalu2 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.