diff --git a/git_vuln_finder/__init__.py b/git_vuln_finder/__init__.py new file mode 100644 index 0000000..646d685 --- /dev/null +++ b/git_vuln_finder/__init__.py @@ -0,0 +1,6 @@ + +from git_vuln_finder.finder import build_pattern +from git_vuln_finder.finder import get_patterns +from git_vuln_finder.finder import find_vuln +from git_vuln_finder.finder import summary +from git_vuln_finder.finder import extract_cve diff --git a/git_vuln_finder/__pycache__/__init__.cpython-38.pyc b/git_vuln_finder/__pycache__/__init__.cpython-38.pyc new file mode 100644 index 0000000..e53df7e Binary files /dev/null and b/git_vuln_finder/__pycache__/__init__.cpython-38.pyc differ diff --git a/git_vuln_finder/__pycache__/finder.cpython-38.pyc b/git_vuln_finder/__pycache__/finder.cpython-38.pyc new file mode 100644 index 0000000..7837370 Binary files /dev/null and b/git_vuln_finder/__pycache__/finder.cpython-38.pyc differ diff --git a/git_vuln_finder/finder.py b/git_vuln_finder/finder.py new file mode 100644 index 0000000..184adc2 --- /dev/null +++ b/git_vuln_finder/finder.py @@ -0,0 +1,164 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# +# Finding potential software vulnerabilities from git commit messages +# +# Software is free software released under the "GNU Affero General Public License v3.0" +# +# This software is part of cve-search.org +# +# Copyright (c) 2019 Alexandre Dulaunoy - a@foo.be + + +import os +import re +import git +import json +import sys +import typing +from langdetect import detect as langdetect + + +PATTERNS_PATH="./git_vuln_finder/patterns" + + +def build_pattern(pattern_file): + fp = open(pattern_file, "r") + rex = "" + try: + prefix_fp = open(pattern_file + ".prefix", "r") + rex += prefix_fp.read() + prefix_fp.close() + except: + pass + + for line in fp.readlines(): + rex += line.rstrip() + "|" + rex = rex[:-1] # We remove the extra '| + fp.close() + + try: + suffix_fp = open(pattern_file + ".suffix", "r") + rex += suffix_fp.read() + suffix_fp.close() + except: + pass + + return rex + + +def get_patterns(patterns_path=PATTERNS_PATH): + patterns = {} + for root, dirs, files in os.walk(patterns_path): + path = root.split(os.sep) + for f in files: + if f.endswith(".prefix") or f.endswith(".suffix"): + continue + npath = root[len(patterns_path):].split(os.sep) + try: + npath.remove('') + except ValueError: + pass + + lang = npath[0] + severity = npath[1] + pattern_category = f + + try: # FIXME: Is there a better way? + a = patterns[lang] + except KeyError: + patterns[lang] = {} + try: + a = patterns[lang][severity] + except KeyError: + patterns[lang][severity] = {} + try: + a = patterns[lang][severity][pattern_category] + except KeyError: + rex = build_pattern(root + os.sep + f) + patterns[lang][severity][pattern_category] = re.compile(rex) + + return patterns + + +def find_vuln(commit, pattern, versbose=False): + m = pattern.search(commit.message) + if m: + if versbose: + print("Match found: {}".format(m.group(0)), file=sys.stderr) + print(commit.message, file=sys.stderr) + print("---", file=sys.stderr) + ret = {} + ret['commit'] = commit + ret['match'] = m.groups() + return ret + else: + return None + + +def summary(commit, + branch, + pattern, + origin=None, + vuln_match=None, + tags_matching=False, + commit_state="under-review" +): + potential_vulnerabilities = {} + rcommit = commit + cve = extract_cve(rcommit.message) + if origin is not None: + origin = origin + if origin.find('github.com'): + origin_github_api = origin.split(':')[1] + (org_name, repo_name) = origin_github_api.split('/', 1) + if repo_name.find('.git$'): + repo_name = re.sub(r".git$","", repo_name) + origin_github_api = 'https://api.github.com/repos/{}/{}/commits/{}'.format(org_name, repo_name, rcommit.hexsha) + + else: + origin = 'git origin unknown' + # deduplication if similar commits on different branches + if rcommit.hexsha in potential_vulnerabilities: + potential_vulnerabilities[rcommit.hexsha]['branches'].append(branch) + else: + potential_vulnerabilities[rcommit.hexsha] = {} + potential_vulnerabilities[rcommit.hexsha]['message'] = rcommit.message + potential_vulnerabilities[rcommit.hexsha]['language'] = langdetect(rcommit.message) + potential_vulnerabilities[rcommit.hexsha]['commit-id'] = rcommit.hexsha + potential_vulnerabilities[rcommit.hexsha]['summary'] = rcommit.summary + potential_vulnerabilities[rcommit.hexsha]['stats'] = rcommit.stats.total + potential_vulnerabilities[rcommit.hexsha]['author'] = rcommit.author.name + potential_vulnerabilities[rcommit.hexsha]['author-email'] = rcommit.author.email + potential_vulnerabilities[rcommit.hexsha]['authored_date'] = rcommit.authored_date + potential_vulnerabilities[rcommit.hexsha]['committed_date'] = rcommit.committed_date + potential_vulnerabilities[rcommit.hexsha]['branches'] = [] + potential_vulnerabilities[rcommit.hexsha]['branches'].append(branch) + potential_vulnerabilities[rcommit.hexsha]['pattern-selected'] = pattern.pattern + potential_vulnerabilities[rcommit.hexsha]['pattern-matches'] = vuln_match + potential_vulnerabilities[rcommit.hexsha]['origin'] = origin + if origin_github_api: + potential_vulnerabilities[commit.hexsha]['origin-github-api'] = origin_github_api + potential_vulnerabilities[rcommit.hexsha]['tags'] = [] + if tags_matching: + if repo.commit(rcommit).hexsha in tagmap: + potential_vulnerabilities[rcommit.hexsha]['tags'] = tagmap[repo.commit(rcommit).hexsha] + if cve: potential_vulnerabilities[rcommit.hexsha]['cve'] = cve + if cve: + potential_vulnerabilities[rcommit.hexsha]['state'] = "cve-assigned" + else: + potential_vulnerabilities[rcommit.hexsha]['state'] = commit_state + + return rcommit.hexsha, potential_vulnerabilities + + +def extract_cve(commit): + cve_found = set() + cve_find = re.compile(r'CVE-[1-2]\d{1,4}-\d{1,7}', re.IGNORECASE) + m = cve_find.findall(commit) + if m: + for v in m: + cve_found.add(v) + return m + else: + return None diff --git a/git_vuln_finder/patterns/en/medium/c b/git_vuln_finder/patterns/en/medium/c new file mode 100644 index 0000000..42d4a36 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/c @@ -0,0 +1,4 @@ +double[-| ]free +buffer overflow +double free +race[-| ]condition diff --git a/git_vuln_finder/patterns/en/medium/c.prefix b/git_vuln_finder/patterns/en/medium/c.prefix new file mode 100644 index 0000000..4a45df8 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/c.prefix @@ -0,0 +1 @@ +(?i)( \ No newline at end of file diff --git a/git_vuln_finder/patterns/en/medium/c.suffix b/git_vuln_finder/patterns/en/medium/c.suffix new file mode 100644 index 0000000..e8a0f87 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/c.suffix @@ -0,0 +1 @@ +) \ No newline at end of file diff --git a/git_vuln_finder/patterns/en/medium/crypto b/git_vuln_finder/patterns/en/medium/crypto new file mode 100644 index 0000000..b24e6c2 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/crypto @@ -0,0 +1,55 @@ +assessment +lack of +bad +vulnerable +missing +unproper +unsuitable +breakable +broken +weak +incorrect +replace +assessment +pen([\s-]?)test +pentest +penetration([\s-]?)test +report +vulnerablity +replace +fix +issue +fixes +add +remove +check){s1,} + (crypto +cryptographic +cryptography +encipherement +encryption +ciphers +cipher +AES +DES +3DES +cipher +GPG +PGP +OpenSSL +SSH +wireguard +VPN +CBC +ECB +CTR +key[.|,|\s] +private([\s-]?)key +public([\s-]?)key size +length +strenght +generation +randomness +entropy +prng +rng diff --git a/git_vuln_finder/patterns/en/medium/crypto.prefix b/git_vuln_finder/patterns/en/medium/crypto.prefix new file mode 100644 index 0000000..f5b5f62 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/crypto.prefix @@ -0,0 +1 @@ +.*( \ No newline at end of file diff --git a/git_vuln_finder/patterns/en/medium/crypto.suffix b/git_vuln_finder/patterns/en/medium/crypto.suffix new file mode 100644 index 0000000..12953cd --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/crypto.suffix @@ -0,0 +1 @@ +){1,} \ No newline at end of file diff --git a/git_vuln_finder/patterns/en/medium/vuln b/git_vuln_finder/patterns/en/medium/vuln new file mode 100644 index 0000000..db3ca53 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/vuln @@ -0,0 +1,30 @@ +denial of service +\bXXE\b +remote code execution +\bopen redirect +OSVDB +\bvuln +\bCVE\b +\bXSS\b +\bReDoS\b +\bNVD\b +malicious +x−frame−options +attack +cross site +exploit +malicious +directory traversal +\bRCE\b +\bdos\b +\bXSRF \b +\bXSS\b +clickjack +session.fixation +hijack +\badvisory +\binsecure +security +\bcross−origin\b +unauthori[z|s]ed +infinite loop \ No newline at end of file diff --git a/git_vuln_finder/patterns/en/medium/vuln.prefix b/git_vuln_finder/patterns/en/medium/vuln.prefix new file mode 100644 index 0000000..4a45df8 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/vuln.prefix @@ -0,0 +1 @@ +(?i)( \ No newline at end of file diff --git a/git_vuln_finder/patterns/en/medium/vuln.suffix b/git_vuln_finder/patterns/en/medium/vuln.suffix new file mode 100644 index 0000000..e8a0f87 --- /dev/null +++ b/git_vuln_finder/patterns/en/medium/vuln.suffix @@ -0,0 +1 @@ +) \ No newline at end of file diff --git a/poetry.lock b/poetry.lock new file mode 100644 index 0000000..02cd4ef --- /dev/null +++ b/poetry.lock @@ -0,0 +1,290 @@ +[[package]] +category = "dev" +description = "Code coverage measurement for Python" +name = "coverage" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" +version = "5.0.1" + +[package.extras] +toml = ["toml"] + +[[package]] +category = "dev" +description = "Discover and load entry points from installed packages." +name = "entrypoints" +optional = false +python-versions = ">=2.7" +version = "0.3" + +[[package]] +category = "dev" +description = "the modular source code checker: pep8, pyflakes and co" +name = "flake8" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "3.7.9" + +[package.dependencies] +entrypoints = ">=0.3.0,<0.4.0" +mccabe = ">=0.6.0,<0.7.0" +pycodestyle = ">=2.5.0,<2.6.0" +pyflakes = ">=2.1.0,<2.2.0" + +[[package]] +category = "main" +description = "Git Object Database" +name = "gitdb2" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.0.6" + +[package.dependencies] +smmap2 = ">=2.0.0" + +[[package]] +category = "main" +description = "Python Git Library" +name = "gitpython" +optional = false +python-versions = ">=3.0, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "3.0.5" + +[package.dependencies] +gitdb2 = ">=2.0.0" + +[[package]] +category = "main" +description = "Language detection library ported from Google's language-detection." +name = "langdetect" +optional = false +python-versions = "*" +version = "1.0.7" + +[package.dependencies] +six = "*" + +[[package]] +category = "dev" +description = "McCabe checker, plugin for flake8" +name = "mccabe" +optional = false +python-versions = "*" +version = "0.6.1" + +[[package]] +category = "dev" +description = "Optional static typing for Python" +name = "mypy" +optional = false +python-versions = ">=3.5" +version = "0.750" + +[package.dependencies] +mypy-extensions = ">=0.4.0,<0.5.0" +typed-ast = ">=1.4.0,<1.5.0" +typing-extensions = ">=3.7.4" + +[package.extras] +dmypy = ["psutil (>=4.0)"] + +[[package]] +category = "dev" +description = "Experimental type system extensions for programs checked with the mypy typechecker." +name = "mypy-extensions" +optional = false +python-versions = "*" +version = "0.4.3" + +[[package]] +category = "dev" +description = "unittest2 with plugins, the succesor to nose" +name = "nose2" +optional = false +python-versions = "*" +version = "0.9.1" + +[package.dependencies] +coverage = ">=4.4.1" +six = ">=1.7" + +[package.extras] +coverage_plugin = ["coverage (>=4.4.1)"] +doc = ["Sphinx (>=1.6.5)", "sphinx-rtd-theme", "mock"] + +[[package]] +category = "dev" +description = "Python style guide checker" +name = "pycodestyle" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.5.0" + +[[package]] +category = "dev" +description = "passive checker of Python programs" +name = "pyflakes" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.1.1" + +[[package]] +category = "main" +description = "Python 2 and 3 compatibility utilities" +name = "six" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*" +version = "1.13.0" + +[[package]] +category = "main" +description = "A pure Python implementation of a sliding window memory map manager" +name = "smmap2" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.0.5" + +[[package]] +category = "dev" +description = "a fork of Python 2 and 3 ast modules with type comment support" +name = "typed-ast" +optional = false +python-versions = "*" +version = "1.4.0" + +[[package]] +category = "dev" +description = "Backported and Experimental Type Hints for Python 3.5+" +name = "typing-extensions" +optional = false +python-versions = "*" +version = "3.7.4.1" + +[metadata] +content-hash = "4fd05852a9f3844298b1c0dbc4ab61ddbb77f4a42602c42982e19e531a7883d6" +python-versions = "^3.6" + +[metadata.files] +coverage = [ + {file = "coverage-5.0.1-cp27-cp27m-macosx_10_12_x86_64.whl", hash = "sha256:c90bda74e16bcd03861b09b1d37c0a4158feda5d5a036bb2d6e58de6ff65793e"}, + {file = "coverage-5.0.1-cp27-cp27m-macosx_10_13_intel.whl", hash = "sha256:bb3d29df5d07d5399d58a394d0ef50adf303ab4fbf66dfd25b9ef258effcb692"}, + {file = "coverage-5.0.1-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:1ca43dbd739c0fc30b0a3637a003a0d2c7edc1dd618359d58cc1e211742f8bd1"}, + {file = "coverage-5.0.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:591506e088901bdc25620c37aec885e82cc896528f28c57e113751e3471fc314"}, + {file = "coverage-5.0.1-cp27-cp27m-win32.whl", hash = "sha256:a50b0888d8a021a3342d36a6086501e30de7d840ab68fca44913e97d14487dc1"}, + {file = "coverage-5.0.1-cp27-cp27m-win_amd64.whl", hash = "sha256:c792d3707a86c01c02607ae74364854220fb3e82735f631cd0a345dea6b4cee5"}, + {file = "coverage-5.0.1-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:f425f50a6dd807cb9043d15a4fcfba3b5874a54d9587ccbb748899f70dc18c47"}, + {file = "coverage-5.0.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:25b8f60b5c7da71e64c18888f3067d5b6f1334b9681876b2fb41eea26de881ae"}, + {file = "coverage-5.0.1-cp35-cp35m-macosx_10_12_x86_64.whl", hash = "sha256:7362a7f829feda10c7265b553455de596b83d1623b3d436b6d3c51c688c57bf6"}, + {file = "coverage-5.0.1-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:fcd4459fe35a400b8f416bc57906862693c9f88b66dc925e7f2a933e77f6b18b"}, + {file = "coverage-5.0.1-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:40fbfd6b044c9db13aeec1daf5887d322c710d811f944011757526ef6e323fd9"}, + {file = "coverage-5.0.1-cp35-cp35m-win32.whl", hash = "sha256:7f2675750c50151f806070ec11258edf4c328340916c53bac0adbc465abd6b1e"}, + {file = "coverage-5.0.1-cp35-cp35m-win_amd64.whl", hash = "sha256:24bcfa86fd9ce86b73a8368383c39d919c497a06eebb888b6f0c12f13e920b1a"}, + {file = "coverage-5.0.1-cp36-cp36m-macosx_10_13_x86_64.whl", hash = "sha256:eeafb646f374988c22c8e6da5ab9fb81367ecfe81c70c292623373d2a021b1a1"}, + {file = "coverage-5.0.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:2ca2cd5264e84b2cafc73f0045437f70c6378c0d7dbcddc9ee3fe192c1e29e5d"}, + {file = "coverage-5.0.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:2cc707fc9aad2592fc686d63ef72dc0031fc98b6fb921d2f5395d9ab84fbc3ef"}, + {file = "coverage-5.0.1-cp36-cp36m-win32.whl", hash = "sha256:04b961862334687549eb91cd5178a6fbe977ad365bddc7c60f2227f2f9880cf4"}, + {file = "coverage-5.0.1-cp36-cp36m-win_amd64.whl", hash = "sha256:232f0b52a5b978288f0bbc282a6c03fe48cd19a04202df44309919c142b3bb9c"}, + {file = "coverage-5.0.1-cp37-cp37m-macosx_10_13_x86_64.whl", hash = "sha256:cfce79ce41cc1a1dc7fc85bb41eeeb32d34a4cf39a645c717c0550287e30ff06"}, + {file = "coverage-5.0.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:46c9c6a1d1190c0b75ec7c0f339088309952b82ae8d67a79ff1319eb4e749b96"}, + {file = "coverage-5.0.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:1cbb88b34187bdb841f2599770b7e6ff8e259dc3bb64fc7893acf44998acf5f8"}, + {file = "coverage-5.0.1-cp37-cp37m-win32.whl", hash = "sha256:ff3936dd5feaefb4f91c8c1f50a06c588b5dc69fba4f7d9c79a6617ad80bb7df"}, + {file = "coverage-5.0.1-cp37-cp37m-win_amd64.whl", hash = "sha256:65bead1ac8c8930cf92a1ccaedcce19a57298547d5d1db5c9d4d068a0675c38b"}, + {file = "coverage-5.0.1-cp38-cp38-macosx_10_13_x86_64.whl", hash = "sha256:348630edea485f4228233c2f310a598abf8afa5f8c716c02a9698089687b6085"}, + {file = "coverage-5.0.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:960d7f42277391e8b1c0b0ae427a214e1b31a1278de6b73f8807b20c2e913bba"}, + {file = "coverage-5.0.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:0101888bd1592a20ccadae081ba10e8b204d20235d18d05c6f7d5e904a38fc10"}, + {file = "coverage-5.0.1-cp38-cp38m-win32.whl", hash = "sha256:c0fff2733f7c2950f58a4fd09b5db257b00c6fec57bf3f68c5bae004d804b407"}, + {file = "coverage-5.0.1-cp38-cp38m-win_amd64.whl", hash = "sha256:5f622f19abda4e934938e24f1d67599249abc201844933a6f01aaa8663094489"}, + {file = "coverage-5.0.1-cp39-cp39m-win32.whl", hash = "sha256:2714160a63da18aed9340c70ed514973971ee7e665e6b336917ff4cca81a25b1"}, + {file = "coverage-5.0.1-cp39-cp39m-win_amd64.whl", hash = "sha256:b7dbc5e8c39ea3ad3db22715f1b5401cd698a621218680c6daf42c2f9d36e205"}, + {file = "coverage-5.0.1.tar.gz", hash = "sha256:5ac71bba1e07eab403b082c4428f868c1c9e26a21041436b4905c4c3d4e49b08"}, +] +entrypoints = [ + {file = "entrypoints-0.3-py2.py3-none-any.whl", hash = "sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19"}, + {file = "entrypoints-0.3.tar.gz", hash = "sha256:c70dd71abe5a8c85e55e12c19bd91ccfeec11a6e99044204511f9ed547d48451"}, +] +flake8 = [ + {file = "flake8-3.7.9-py2.py3-none-any.whl", hash = "sha256:49356e766643ad15072a789a20915d3c91dc89fd313ccd71802303fd67e4deca"}, + {file = "flake8-3.7.9.tar.gz", hash = "sha256:45681a117ecc81e870cbf1262835ae4af5e7a8b08e40b944a8a6e6b895914cfb"}, +] +gitdb2 = [ + {file = "gitdb2-2.0.6-py2.py3-none-any.whl", hash = "sha256:96bbb507d765a7f51eb802554a9cfe194a174582f772e0d89f4e87288c288b7b"}, + {file = "gitdb2-2.0.6.tar.gz", hash = "sha256:1b6df1433567a51a4a9c1a5a0de977aa351a405cc56d7d35f3388bad1f630350"}, +] +gitpython = [ + {file = "GitPython-3.0.5-py3-none-any.whl", hash = "sha256:c155c6a2653593ccb300462f6ef533583a913e17857cfef8fc617c246b6dc245"}, + {file = "GitPython-3.0.5.tar.gz", hash = "sha256:9c2398ffc3dcb3c40b27324b316f08a4f93ad646d5a6328cafbb871aa79f5e42"}, +] +langdetect = [ + {file = "langdetect-1.0.7.zip", hash = "sha256:91a170d5f0ade380db809b3ba67f08e95fe6c6c8641f96d67a51ff7e98a9bf30"}, +] +mccabe = [ + {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, + {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, +] +mypy = [ + {file = "mypy-0.750-cp35-cp35m-macosx_10_6_x86_64.whl", hash = "sha256:de9ec8dba773b78c49e7bec9a35c9b6fc5235682ad1fc2105752ae7c22f4b931"}, + {file = "mypy-0.750-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:3294821b5840d51a3cd7a2bb63b40fc3f901f6a3cfb3c6046570749c4c7ef279"}, + {file = "mypy-0.750-cp35-cp35m-win_amd64.whl", hash = "sha256:6992133c95a2847d309b4b0c899d7054adc60481df6f6b52bb7dee3d5fd157f7"}, + {file = "mypy-0.750-cp36-cp36m-macosx_10_6_x86_64.whl", hash = "sha256:41696a7d912ce16fdc7c141d87e8db5144d4be664a0c699a2b417d393994b0c2"}, + {file = "mypy-0.750-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:c87ac7233c629f305602f563db07f5221950fe34fe30af072ac838fa85395f78"}, + {file = "mypy-0.750-cp36-cp36m-win_amd64.whl", hash = "sha256:83fa87f556e60782c0fc3df1b37b7b4a840314ba1ac27f3e1a1e10cb37c89c17"}, + {file = "mypy-0.750-cp37-cp37m-macosx_10_6_x86_64.whl", hash = "sha256:30e123b24931f02c5d99307406658ac8f9cd6746f0d45a3dcac2fe5fbdd60939"}, + {file = "mypy-0.750-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:02d9bdd3398b636723ecb6c5cfe9773025a9ab7f34612c1cde5c7f2292e2d768"}, + {file = "mypy-0.750-cp37-cp37m-win_amd64.whl", hash = "sha256:088f758a50af31cf8b42688118077292370c90c89232c783ba7979f39ea16646"}, + {file = "mypy-0.750-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:4f42675fa278f3913340bb8c3371d191319704437758d7c4a8440346c293ecb2"}, + {file = "mypy-0.750-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:f385a0accf353ca1bca4bbf473b9d83ed18d923fdb809d3a70a385da23e25b6a"}, + {file = "mypy-0.750-cp38-cp38-win_amd64.whl", hash = "sha256:54d205ccce6ed930a8a2ccf48404896d456e8b87812e491cb907a355b1a9c640"}, + {file = "mypy-0.750-py3-none-any.whl", hash = "sha256:28e9fbc96d13397a7ddb7fad7b14f373f91b5cff538e0772e77c270468df083c"}, + {file = "mypy-0.750.tar.gz", hash = "sha256:6ecbd0e8e371333027abca0922b0c2c632a5b4739a0c61ffbd0733391e39144c"}, +] +mypy-extensions = [ + {file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"}, + {file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"}, +] +nose2 = [ + {file = "nose2-0.9.1-py2.py3-none-any.whl", hash = "sha256:31d8beb00aed3ccc6efb1742bb90227d883e471715188249f594310676e0ef0e"}, + {file = "nose2-0.9.1.tar.gz", hash = "sha256:0ede156fd7974fa40893edeca0b709f402c0ccacd7b81b22e76f73c116d1b999"}, +] +pycodestyle = [ + {file = "pycodestyle-2.5.0-py2.py3-none-any.whl", hash = "sha256:95a2219d12372f05704562a14ec30bc76b05a5b297b21a5dfe3f6fac3491ae56"}, + {file = "pycodestyle-2.5.0.tar.gz", hash = "sha256:e40a936c9a450ad81df37f549d676d127b1b66000a6c500caa2b085bc0ca976c"}, +] +pyflakes = [ + {file = "pyflakes-2.1.1-py2.py3-none-any.whl", hash = "sha256:17dbeb2e3f4d772725c777fabc446d5634d1038f234e77343108ce445ea69ce0"}, + {file = "pyflakes-2.1.1.tar.gz", hash = "sha256:d976835886f8c5b31d47970ed689944a0262b5f3afa00a5a7b4dc81e5449f8a2"}, +] +six = [ + {file = "six-1.13.0-py2.py3-none-any.whl", hash = "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd"}, + {file = "six-1.13.0.tar.gz", hash = "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"}, +] +smmap2 = [ + {file = "smmap2-2.0.5-py2.py3-none-any.whl", hash = "sha256:0555a7bf4df71d1ef4218e4807bbf9b201f910174e6e08af2e138d4e517b4dde"}, + {file = "smmap2-2.0.5.tar.gz", hash = "sha256:29a9ffa0497e7f2be94ca0ed1ca1aa3cd4cf25a1f6b4f5f87f74b46ed91d609a"}, +] +typed-ast = [ + {file = "typed_ast-1.4.0-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:262c247a82d005e43b5b7f69aff746370538e176131c32dda9cb0f324d27141e"}, + {file = "typed_ast-1.4.0-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:71211d26ffd12d63a83e079ff258ac9d56a1376a25bc80b1cdcdf601b855b90b"}, + {file = "typed_ast-1.4.0-cp35-cp35m-win32.whl", hash = "sha256:630968c5cdee51a11c05a30453f8cd65e0cc1d2ad0d9192819df9978984529f4"}, + {file = "typed_ast-1.4.0-cp35-cp35m-win_amd64.whl", hash = "sha256:ffde2fbfad571af120fcbfbbc61c72469e72f550d676c3342492a9dfdefb8f12"}, + {file = "typed_ast-1.4.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:4e0b70c6fc4d010f8107726af5fd37921b666f5b31d9331f0bd24ad9a088e631"}, + {file = "typed_ast-1.4.0-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:bc6c7d3fa1325a0c6613512a093bc2a2a15aeec350451cbdf9e1d4bffe3e3233"}, + {file = "typed_ast-1.4.0-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:cc34a6f5b426748a507dd5d1de4c1978f2eb5626d51326e43280941206c209e1"}, + {file = "typed_ast-1.4.0-cp36-cp36m-win32.whl", hash = "sha256:d896919306dd0aa22d0132f62a1b78d11aaf4c9fc5b3410d3c666b818191630a"}, + {file = "typed_ast-1.4.0-cp36-cp36m-win_amd64.whl", hash = "sha256:354c16e5babd09f5cb0ee000d54cfa38401d8b8891eefa878ac772f827181a3c"}, + {file = "typed_ast-1.4.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:95bd11af7eafc16e829af2d3df510cecfd4387f6453355188342c3e79a2ec87a"}, + {file = "typed_ast-1.4.0-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:18511a0b3e7922276346bcb47e2ef9f38fb90fd31cb9223eed42c85d1312344e"}, + {file = "typed_ast-1.4.0-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:d7c45933b1bdfaf9f36c579671fec15d25b06c8398f113dab64c18ed1adda01d"}, + {file = "typed_ast-1.4.0-cp37-cp37m-win32.whl", hash = "sha256:d755f03c1e4a51e9b24d899561fec4ccaf51f210d52abdf8c07ee2849b212a36"}, + {file = "typed_ast-1.4.0-cp37-cp37m-win_amd64.whl", hash = "sha256:2b907eb046d049bcd9892e3076c7a6456c93a25bebfe554e931620c90e6a25b0"}, + {file = "typed_ast-1.4.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:fdc1c9bbf79510b76408840e009ed65958feba92a88833cdceecff93ae8fff66"}, + {file = "typed_ast-1.4.0-cp38-cp38-manylinux1_i686.whl", hash = "sha256:7954560051331d003b4e2b3eb822d9dd2e376fa4f6d98fee32f452f52dd6ebb2"}, + {file = "typed_ast-1.4.0-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:48e5b1e71f25cfdef98b013263a88d7145879fbb2d5185f2a0c79fa7ebbeae47"}, + {file = "typed_ast-1.4.0-cp38-cp38-win32.whl", hash = "sha256:1170afa46a3799e18b4c977777ce137bb53c7485379d9706af8a59f2ea1aa161"}, + {file = "typed_ast-1.4.0-cp38-cp38-win_amd64.whl", hash = "sha256:838997f4310012cf2e1ad3803bce2f3402e9ffb71ded61b5ee22617b3a7f6b6e"}, + {file = "typed_ast-1.4.0.tar.gz", hash = "sha256:66480f95b8167c9c5c5c87f32cf437d585937970f3fc24386f313a4c97b44e34"}, +] +typing-extensions = [ + {file = "typing_extensions-3.7.4.1-py2-none-any.whl", hash = "sha256:910f4656f54de5993ad9304959ce9bb903f90aadc7c67a0bef07e678014e892d"}, + {file = "typing_extensions-3.7.4.1-py3-none-any.whl", hash = "sha256:cf8b63fedea4d89bab840ecbb93e75578af28f76f66c35889bd7065f5af88575"}, + {file = "typing_extensions-3.7.4.1.tar.gz", hash = "sha256:091ecc894d5e908ac75209f10d5b4f118fbdb2eb1ede6a63544054bb1edb41f2"}, +] diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..d68b00e --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,59 @@ +[tool.poetry] +name = "git-vuln-finder" +version = "1.0.0" +description = "Finding potential software vulnerabilities from git commit messages." +authors = [ + "Alexandre Dulaunoy " +] +license = "GPL-3.0-or-later" + +readme = "README.md" + +homepage = "https://github.com/cve-search/git-vuln-finder" +repository = "https://github.com/cve-search/git-vuln-finder" +documentation = "" + +keywords = [ + "git", + "cve", + "scanner", + "cve-search", + "cve-scanning", + "software-vulnerability", + "software-vulnerabilities" +] + +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Environment :: Console", + "Intended Audience :: Developers", + "Intended Audience :: Science/Research", + "Topic :: Security", + "Operating System :: OS Independent", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)" +] + +include = [ + "AUTHORS", + "COPYING", + "bin/*" +] + +[tool.poetry.scripts] +finder = "bin.finder:main" + +[tool.poetry.dependencies] +python = "^3.6" +langdetect = "^1.0.7" +gitpython = "^3.0.5" + +[tool.poetry.dev-dependencies] +mypy = "^0.750" +flake8 = "^3.7.9" +nose2 = "^0.9.1" + +[build-system] +requires = ["poetry>=0.12"] +build-backend = "poetry.masonry.api"