git-vuln-finder/bin/finder.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Finding potential software vulnerabilities from git commit messages
#
# Software is free software released under the "GNU Affero General Public License v3.0"
#
# This software is part of cve-search.org
#
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be


import json
import sys
import argparse

from git_vuln_finder import find, find_event


def main():
    """Point of entry for the script.
    """
    # Parsing arguments
    parser = argparse.ArgumentParser(
        description="Finding potential software vulnerabilities from git commit messages.",
        epilog="More info: https://github.com/cve-search/git-vuln-finder",
    )
    parser.add_argument("-v", help="increase output verbosity", action="store_true")
    parser.add_argument("-r", type=str, help="git repository to analyse")
    parser.add_argument("-o", type=str, help="Output format: [json]", default="json")
    parser.add_argument(
        "-s", type=str, help="State of the commit found", default="under-review"
    )
    parser.add_argument(
        "-p",
        type=str,
        help="Matching pattern to use: [vulnpatterns, cryptopatterns, cpatterns] - the pattern 'all' is used to match all the patterns at once.",
        default="vulnpatterns",
    )
    parser.add_argument(
        "-c",
        help="output only a list of the CVE pattern found in commit messages (disable by default)",
        action="store_true",
    )
    parser.add_argument(
        "-t", help="Include tags matching a specific commit", action="store_true"
    )
    parser.add_argument(
        "-gh", help="special option for gharchive, pass a file containing a PushEvent in JSON format"
    )
    args = parser.parse_args()

    if args.p not in ["vulnpatterns", "cryptopatterns", "cpatterns", "all"]:
        parser.print_usage()
        parser.exit()

    if not args.r and not args.gh:
        parser.print_usage()
        parser.exit()

    if args.gh:
        with open(args.gh, "r") as read_file:
            event = json.load(read_file)

        for element in event:
            for i in range(0,len(element["payload"]["commits"])):
                all_potential_vulnerabilities, all_cve_found, found = find_event(element["payload"]["commits"][i], element)

    else:
        # Launch the process
        all_potential_vulnerabilities, all_cve_found, found = find(
            args.r,
            tags_matching=args.t,
            commit_state=args.s,
            verbose=args.v,
            defaultpattern=args.p,
        )

    # Output the result as json. Can be piped to another software.
    if not args.c:
        print(json.dumps(all_potential_vulnerabilities))
    elif args.c:
        print(json.dumps(list(all_cve_found)))

    # Output the result to stderr.
    print(
        "{} CVE referenced found in commit(s)".format(len(list(all_cve_found))),
        file=sys.stderr,
    )
    print(
        "Total potential vulnerability found in {} commit(s)".format(found),
        file=sys.stderr,
    )
wip, but seems to be working as a cli 2020-01-03 15:06:33 +00:00			`#!/usr/bin/env python`
new: [git-vuln-finder] Initial release of git-vuln-finder Finding potential software vulnerabilities from git commit messages. First release based on a set of regexp patterns (to be improved). 2019-11-03 14:26:43 +00:00			`# -- coding: utf-8 --`
			`#`
			`# Finding potential software vulnerabilities from git commit messages`
			`#`
			`# Software is free software released under the "GNU Affero General Public License v3.0"`
			`#`
			`# This software is part of cve-search.org`
			`#`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00			`# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be`
new: [git-vuln-finder] Initial release of git-vuln-finder Finding potential software vulnerabilities from git commit messages. First release based on a set of regexp patterns (to be improved). 2019-11-03 14:26:43 +00:00

			`import json`
			`import sys`
			`import argparse`

gharchive process 2021-12-20 13:54:59 +00:00			`from git_vuln_finder import find, find_event`
wip, but seems to be working as a cli 2020-01-03 15:06:33 +00:00
new: [git-vuln-finder] Initial release of git-vuln-finder Finding potential software vulnerabilities from git commit messages. First release based on a set of regexp patterns (to be improved). 2019-11-03 14:26:43 +00:00
wip, but seems to be working as a cli 2020-01-03 15:06:33 +00:00			`def main():`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00			`"""Point of entry for the script.`
			`"""`
			`# Parsing arguments`
reformat a tiny with black 2020-01-06 06:50:21 +00:00			`parser = argparse.ArgumentParser(`
			`description="Finding potential software vulnerabilities from git commit messages.",`
			`epilog="More info: https://github.com/cve-search/git-vuln-finder",`
			`)`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00			`parser.add_argument("-v", help="increase output verbosity", action="store_true")`
			`parser.add_argument("-r", type=str, help="git repository to analyse")`
			`parser.add_argument("-o", type=str, help="Output format: [json]", default="json")`
reformat a tiny with black 2020-01-06 06:50:21 +00:00			`parser.add_argument(`
			`"-s", type=str, help="State of the commit found", default="under-review"`
			`)`
			`parser.add_argument(`
			`"-p",`
			`type=str,`
			`help="Matching pattern to use: [vulnpatterns, cryptopatterns, cpatterns] - the pattern 'all' is used to match all the patterns at once.",`
			`default="vulnpatterns",`
			`)`
			`parser.add_argument(`
			`"-c",`
			`help="output only a list of the CVE pattern found in commit messages (disable by default)",`
			`action="store_true",`
			`)`
			`parser.add_argument(`
			`"-t", help="Include tags matching a specific commit", action="store_true"`
			`)`
gharchive process 2021-12-20 13:54:59 +00:00			`parser.add_argument(`
			`"-gh", help="special option for gharchive, pass a file containing a PushEvent in JSON format"`
			`)`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00			`args = parser.parse_args()`

Make the whole thing importable in a Python code. 2020-01-06 15:29:30 +00:00			`if args.p not in ["vulnpatterns", "cryptopatterns", "cpatterns", "all"]:`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00			`parser.print_usage()`
			`parser.exit()`

gharchive process 2021-12-20 13:54:59 +00:00			`if not args.r and not args.gh:`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00			`parser.print_usage()`
			`parser.exit()`

gharchive process 2021-12-20 13:54:59 +00:00			`if args.gh:`
			`with open(args.gh, "r") as read_file:`
			`event = json.load(read_file)`

			`for element in event:`
			`for i in range(0,len(element["payload"]["commits"])):`
			`all_potential_vulnerabilities, all_cve_found, found = find_event(element["payload"]["commits"][i], element)`

			`else:`
			`# Launch the process`
			`all_potential_vulnerabilities, all_cve_found, found = find(`
			`args.r,`
			`tags_matching=args.t,`
			`commit_state=args.s,`
			`verbose=args.v,`
			`defaultpattern=args.p,`
			`)`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00
added comments 2020-01-06 21:33:21 +00:00			`# Output the result as json. Can be piped to another software.`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00			`if not args.c:`
			`print(json.dumps(all_potential_vulnerabilities))`
			`elif args.c:`
in place merge number of CVE found via summary function 2020-01-06 14:50:50 +00:00			`print(json.dumps(list(all_cve_found)))`
improved cli. removed useless import 2020-01-03 16:51:55 +00:00
added comments 2020-01-06 21:33:21 +00:00			`# Output the result to stderr.`
reformat a tiny with black 2020-01-06 06:50:21 +00:00			`print(`
in place merge number of CVE found via summary function 2020-01-06 14:50:50 +00:00			`"{} CVE referenced found in commit(s)".format(len(list(all_cve_found))),`
reformat a tiny with black 2020-01-06 06:50:21 +00:00			`file=sys.stderr,`
			`)`
			`print(`
			`"Total potential vulnerability found in {} commit(s)".format(found),`
			`file=sys.stderr,`
			`)`