These pages appear to contain mainly references to original sources, but often lack the detailed info on those sources.
Example:
If you visit this url:
https://cxsecurity.com/cveshow/CVE-2023-3892/
It contains this reference source:
https://www.mimsoftware.com/cve-2023-3892
If you visit the reference source, it has a section titled "Recommended Mitigation". This section is the "end-goal" of the fix finder, however, it is not the responsibility of the CXSecurityParser parser. The goal of the CXSecurityParser should be to scrape CXSecurity/ urls for original sources, which will be handled by other parsers (mainly the GenericParser).
For reference, please look at the NVDParser, as this is it's exact responsibility. In NVD's case, reference urls are categorized, thus an enum and some filtering, but otherwise the concept is the same, visit NVD/ urls, collect references, delegate to other parsers.
This issue should be marked complete when the following is true:
A new branch dev-patchfinder-cxsecurity is created from dev-patchfinder-vertical
A new class CXSecurityParser is created (extends FixParser) and modeled after the NVDParser structure
The FixParser.parseWebPage() method is overridden to parse specifically CXSecurity pages and return fixes.
NOTE: This method should handle the delegation to other parsers, collect their results accordingly, and return them in the fixes list
(Only As Necessary): If there are complications that require the FixParser.parse() method to be overloaded, do so
What this means: If a basic Jsoup.parse() does not properly capture the necessary page data (runs before slow JS loading), or any other problem with the default implementation, the FixParser.parse() method can be overridden to tweak the behavior accordingly.
A PR is created, reviewed by @dylan-mulligan, and merged back into dev-patchfinder-vertical
Base branch:
dev-patchfinder-verticalCVE lookup: https://cxsecurity.com/cveshow/
These pages appear to contain mainly references to original sources, but often lack the detailed info on those sources. Example: If you visit this url: https://cxsecurity.com/cveshow/CVE-2023-3892/ It contains this reference source: https://www.mimsoftware.com/cve-2023-3892 If you visit the reference source, it has a section titled "Recommended Mitigation". This section is the "end-goal" of the fix finder, however, it is not the responsibility of the CXSecurityParser parser. The goal of the CXSecurityParser should be to scrape CXSecurity/ urls for original sources, which will be handled by other parsers (mainly the GenericParser).
For reference, please look at the NVDParser, as this is it's exact responsibility. In NVD's case, reference urls are categorized, thus an enum and some filtering, but otherwise the concept is the same, visit NVD/ urls, collect references, delegate to other parsers.
This issue should be marked complete when the following is true:
dev-patchfinder-cxsecurityis created from dev-patchfinder-verticalFixParser.parseWebPage()method is overridden to parse specifically CXSecurity pages and return fixes.FixParser.parse()method to be overloaded, do soFixParser.parse()method can be overridden to tweak the behavior accordingly.