mirror of
https://github.com/adulau/git-vuln-finder.git
synced 2024-11-22 01:57:08 +00:00
added pyproject.toml file
This commit is contained in:
parent
dcb0fcc0a5
commit
0b31bc36b2
15 changed files with 614 additions and 0 deletions
6
git_vuln_finder/__init__.py
Normal file
6
git_vuln_finder/__init__.py
Normal file
|
@ -0,0 +1,6 @@
|
|||
|
||||
from git_vuln_finder.finder import build_pattern
|
||||
from git_vuln_finder.finder import get_patterns
|
||||
from git_vuln_finder.finder import find_vuln
|
||||
from git_vuln_finder.finder import summary
|
||||
from git_vuln_finder.finder import extract_cve
|
BIN
git_vuln_finder/__pycache__/__init__.cpython-38.pyc
Normal file
BIN
git_vuln_finder/__pycache__/__init__.cpython-38.pyc
Normal file
Binary file not shown.
BIN
git_vuln_finder/__pycache__/finder.cpython-38.pyc
Normal file
BIN
git_vuln_finder/__pycache__/finder.cpython-38.pyc
Normal file
Binary file not shown.
164
git_vuln_finder/finder.py
Normal file
164
git_vuln_finder/finder.py
Normal file
|
@ -0,0 +1,164 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Finding potential software vulnerabilities from git commit messages
|
||||
#
|
||||
# Software is free software released under the "GNU Affero General Public License v3.0"
|
||||
#
|
||||
# This software is part of cve-search.org
|
||||
#
|
||||
# Copyright (c) 2019 Alexandre Dulaunoy - a@foo.be
|
||||
|
||||
|
||||
import os
|
||||
import re
|
||||
import git
|
||||
import json
|
||||
import sys
|
||||
import typing
|
||||
from langdetect import detect as langdetect
|
||||
|
||||
|
||||
PATTERNS_PATH="./git_vuln_finder/patterns"
|
||||
|
||||
|
||||
def build_pattern(pattern_file):
|
||||
fp = open(pattern_file, "r")
|
||||
rex = ""
|
||||
try:
|
||||
prefix_fp = open(pattern_file + ".prefix", "r")
|
||||
rex += prefix_fp.read()
|
||||
prefix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
for line in fp.readlines():
|
||||
rex += line.rstrip() + "|"
|
||||
rex = rex[:-1] # We remove the extra '|
|
||||
fp.close()
|
||||
|
||||
try:
|
||||
suffix_fp = open(pattern_file + ".suffix", "r")
|
||||
rex += suffix_fp.read()
|
||||
suffix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
return rex
|
||||
|
||||
|
||||
def get_patterns(patterns_path=PATTERNS_PATH):
|
||||
patterns = {}
|
||||
for root, dirs, files in os.walk(patterns_path):
|
||||
path = root.split(os.sep)
|
||||
for f in files:
|
||||
if f.endswith(".prefix") or f.endswith(".suffix"):
|
||||
continue
|
||||
npath = root[len(patterns_path):].split(os.sep)
|
||||
try:
|
||||
npath.remove('')
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
lang = npath[0]
|
||||
severity = npath[1]
|
||||
pattern_category = f
|
||||
|
||||
try: # FIXME: Is there a better way?
|
||||
a = patterns[lang]
|
||||
except KeyError:
|
||||
patterns[lang] = {}
|
||||
try:
|
||||
a = patterns[lang][severity]
|
||||
except KeyError:
|
||||
patterns[lang][severity] = {}
|
||||
try:
|
||||
a = patterns[lang][severity][pattern_category]
|
||||
except KeyError:
|
||||
rex = build_pattern(root + os.sep + f)
|
||||
patterns[lang][severity][pattern_category] = re.compile(rex)
|
||||
|
||||
return patterns
|
||||
|
||||
|
||||
def find_vuln(commit, pattern, versbose=False):
|
||||
m = pattern.search(commit.message)
|
||||
if m:
|
||||
if versbose:
|
||||
print("Match found: {}".format(m.group(0)), file=sys.stderr)
|
||||
print(commit.message, file=sys.stderr)
|
||||
print("---", file=sys.stderr)
|
||||
ret = {}
|
||||
ret['commit'] = commit
|
||||
ret['match'] = m.groups()
|
||||
return ret
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def summary(commit,
|
||||
branch,
|
||||
pattern,
|
||||
origin=None,
|
||||
vuln_match=None,
|
||||
tags_matching=False,
|
||||
commit_state="under-review"
|
||||
):
|
||||
potential_vulnerabilities = {}
|
||||
rcommit = commit
|
||||
cve = extract_cve(rcommit.message)
|
||||
if origin is not None:
|
||||
origin = origin
|
||||
if origin.find('github.com'):
|
||||
origin_github_api = origin.split(':')[1]
|
||||
(org_name, repo_name) = origin_github_api.split('/', 1)
|
||||
if repo_name.find('.git$'):
|
||||
repo_name = re.sub(r".git$","", repo_name)
|
||||
origin_github_api = 'https://api.github.com/repos/{}/{}/commits/{}'.format(org_name, repo_name, rcommit.hexsha)
|
||||
|
||||
else:
|
||||
origin = 'git origin unknown'
|
||||
# deduplication if similar commits on different branches
|
||||
if rcommit.hexsha in potential_vulnerabilities:
|
||||
potential_vulnerabilities[rcommit.hexsha]['branches'].append(branch)
|
||||
else:
|
||||
potential_vulnerabilities[rcommit.hexsha] = {}
|
||||
potential_vulnerabilities[rcommit.hexsha]['message'] = rcommit.message
|
||||
potential_vulnerabilities[rcommit.hexsha]['language'] = langdetect(rcommit.message)
|
||||
potential_vulnerabilities[rcommit.hexsha]['commit-id'] = rcommit.hexsha
|
||||
potential_vulnerabilities[rcommit.hexsha]['summary'] = rcommit.summary
|
||||
potential_vulnerabilities[rcommit.hexsha]['stats'] = rcommit.stats.total
|
||||
potential_vulnerabilities[rcommit.hexsha]['author'] = rcommit.author.name
|
||||
potential_vulnerabilities[rcommit.hexsha]['author-email'] = rcommit.author.email
|
||||
potential_vulnerabilities[rcommit.hexsha]['authored_date'] = rcommit.authored_date
|
||||
potential_vulnerabilities[rcommit.hexsha]['committed_date'] = rcommit.committed_date
|
||||
potential_vulnerabilities[rcommit.hexsha]['branches'] = []
|
||||
potential_vulnerabilities[rcommit.hexsha]['branches'].append(branch)
|
||||
potential_vulnerabilities[rcommit.hexsha]['pattern-selected'] = pattern.pattern
|
||||
potential_vulnerabilities[rcommit.hexsha]['pattern-matches'] = vuln_match
|
||||
potential_vulnerabilities[rcommit.hexsha]['origin'] = origin
|
||||
if origin_github_api:
|
||||
potential_vulnerabilities[commit.hexsha]['origin-github-api'] = origin_github_api
|
||||
potential_vulnerabilities[rcommit.hexsha]['tags'] = []
|
||||
if tags_matching:
|
||||
if repo.commit(rcommit).hexsha in tagmap:
|
||||
potential_vulnerabilities[rcommit.hexsha]['tags'] = tagmap[repo.commit(rcommit).hexsha]
|
||||
if cve: potential_vulnerabilities[rcommit.hexsha]['cve'] = cve
|
||||
if cve:
|
||||
potential_vulnerabilities[rcommit.hexsha]['state'] = "cve-assigned"
|
||||
else:
|
||||
potential_vulnerabilities[rcommit.hexsha]['state'] = commit_state
|
||||
|
||||
return rcommit.hexsha, potential_vulnerabilities
|
||||
|
||||
|
||||
def extract_cve(commit):
|
||||
cve_found = set()
|
||||
cve_find = re.compile(r'CVE-[1-2]\d{1,4}-\d{1,7}', re.IGNORECASE)
|
||||
m = cve_find.findall(commit)
|
||||
if m:
|
||||
for v in m:
|
||||
cve_found.add(v)
|
||||
return m
|
||||
else:
|
||||
return None
|
4
git_vuln_finder/patterns/en/medium/c
Normal file
4
git_vuln_finder/patterns/en/medium/c
Normal file
|
@ -0,0 +1,4 @@
|
|||
double[-| ]free
|
||||
buffer overflow
|
||||
double free
|
||||
race[-| ]condition
|
1
git_vuln_finder/patterns/en/medium/c.prefix
Normal file
1
git_vuln_finder/patterns/en/medium/c.prefix
Normal file
|
@ -0,0 +1 @@
|
|||
(?i)(
|
1
git_vuln_finder/patterns/en/medium/c.suffix
Normal file
1
git_vuln_finder/patterns/en/medium/c.suffix
Normal file
|
@ -0,0 +1 @@
|
|||
)
|
55
git_vuln_finder/patterns/en/medium/crypto
Normal file
55
git_vuln_finder/patterns/en/medium/crypto
Normal file
|
@ -0,0 +1,55 @@
|
|||
assessment
|
||||
lack of
|
||||
bad
|
||||
vulnerable
|
||||
missing
|
||||
unproper
|
||||
unsuitable
|
||||
breakable
|
||||
broken
|
||||
weak
|
||||
incorrect
|
||||
replace
|
||||
assessment
|
||||
pen([\s-]?)test
|
||||
pentest
|
||||
penetration([\s-]?)test
|
||||
report
|
||||
vulnerablity
|
||||
replace
|
||||
fix
|
||||
issue
|
||||
fixes
|
||||
add
|
||||
remove
|
||||
check){s1,}
|
||||
(crypto
|
||||
cryptographic
|
||||
cryptography
|
||||
encipherement
|
||||
encryption
|
||||
ciphers
|
||||
cipher
|
||||
AES
|
||||
DES
|
||||
3DES
|
||||
cipher
|
||||
GPG
|
||||
PGP
|
||||
OpenSSL
|
||||
SSH
|
||||
wireguard
|
||||
VPN
|
||||
CBC
|
||||
ECB
|
||||
CTR
|
||||
key[.|,|\s]
|
||||
private([\s-]?)key
|
||||
public([\s-]?)key size
|
||||
length
|
||||
strenght
|
||||
generation
|
||||
randomness
|
||||
entropy
|
||||
prng
|
||||
rng
|
1
git_vuln_finder/patterns/en/medium/crypto.prefix
Normal file
1
git_vuln_finder/patterns/en/medium/crypto.prefix
Normal file
|
@ -0,0 +1 @@
|
|||
.*(
|
1
git_vuln_finder/patterns/en/medium/crypto.suffix
Normal file
1
git_vuln_finder/patterns/en/medium/crypto.suffix
Normal file
|
@ -0,0 +1 @@
|
|||
){1,}
|
30
git_vuln_finder/patterns/en/medium/vuln
Normal file
30
git_vuln_finder/patterns/en/medium/vuln
Normal file
|
@ -0,0 +1,30 @@
|
|||
denial of service
|
||||
\bXXE\b
|
||||
remote code execution
|
||||
\bopen redirect
|
||||
OSVDB
|
||||
\bvuln
|
||||
\bCVE\b
|
||||
\bXSS\b
|
||||
\bReDoS\b
|
||||
\bNVD\b
|
||||
malicious
|
||||
x−frame−options
|
||||
attack
|
||||
cross site
|
||||
exploit
|
||||
malicious
|
||||
directory traversal
|
||||
\bRCE\b
|
||||
\bdos\b
|
||||
\bXSRF \b
|
||||
\bXSS\b
|
||||
clickjack
|
||||
session.fixation
|
||||
hijack
|
||||
\badvisory
|
||||
\binsecure
|
||||
security
|
||||
\bcross−origin\b
|
||||
unauthori[z|s]ed
|
||||
infinite loop
|
1
git_vuln_finder/patterns/en/medium/vuln.prefix
Normal file
1
git_vuln_finder/patterns/en/medium/vuln.prefix
Normal file
|
@ -0,0 +1 @@
|
|||
(?i)(
|
1
git_vuln_finder/patterns/en/medium/vuln.suffix
Normal file
1
git_vuln_finder/patterns/en/medium/vuln.suffix
Normal file
|
@ -0,0 +1 @@
|
|||
)
|
290
poetry.lock
generated
Normal file
290
poetry.lock
generated
Normal file
|
@ -0,0 +1,290 @@
|
|||
[[package]]
|
||||
category = "dev"
|
||||
description = "Code coverage measurement for Python"
|
||||
name = "coverage"
|
||||
optional = false
|
||||
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
|
||||
version = "5.0.1"
|
||||
|
||||
[package.extras]
|
||||
toml = ["toml"]
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "Discover and load entry points from installed packages."
|
||||
name = "entrypoints"
|
||||
optional = false
|
||||
python-versions = ">=2.7"
|
||||
version = "0.3"
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "the modular source code checker: pep8, pyflakes and co"
|
||||
name = "flake8"
|
||||
optional = false
|
||||
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
|
||||
version = "3.7.9"
|
||||
|
||||
[package.dependencies]
|
||||
entrypoints = ">=0.3.0,<0.4.0"
|
||||
mccabe = ">=0.6.0,<0.7.0"
|
||||
pycodestyle = ">=2.5.0,<2.6.0"
|
||||
pyflakes = ">=2.1.0,<2.2.0"
|
||||
|
||||
[[package]]
|
||||
category = "main"
|
||||
description = "Git Object Database"
|
||||
name = "gitdb2"
|
||||
optional = false
|
||||
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
|
||||
version = "2.0.6"
|
||||
|
||||
[package.dependencies]
|
||||
smmap2 = ">=2.0.0"
|
||||
|
||||
[[package]]
|
||||
category = "main"
|
||||
description = "Python Git Library"
|
||||
name = "gitpython"
|
||||
optional = false
|
||||
python-versions = ">=3.0, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
|
||||
version = "3.0.5"
|
||||
|
||||
[package.dependencies]
|
||||
gitdb2 = ">=2.0.0"
|
||||
|
||||
[[package]]
|
||||
category = "main"
|
||||
description = "Language detection library ported from Google's language-detection."
|
||||
name = "langdetect"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
version = "1.0.7"
|
||||
|
||||
[package.dependencies]
|
||||
six = "*"
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "McCabe checker, plugin for flake8"
|
||||
name = "mccabe"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
version = "0.6.1"
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "Optional static typing for Python"
|
||||
name = "mypy"
|
||||
optional = false
|
||||
python-versions = ">=3.5"
|
||||
version = "0.750"
|
||||
|
||||
[package.dependencies]
|
||||
mypy-extensions = ">=0.4.0,<0.5.0"
|
||||
typed-ast = ">=1.4.0,<1.5.0"
|
||||
typing-extensions = ">=3.7.4"
|
||||
|
||||
[package.extras]
|
||||
dmypy = ["psutil (>=4.0)"]
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "Experimental type system extensions for programs checked with the mypy typechecker."
|
||||
name = "mypy-extensions"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
version = "0.4.3"
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "unittest2 with plugins, the succesor to nose"
|
||||
name = "nose2"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
version = "0.9.1"
|
||||
|
||||
[package.dependencies]
|
||||
coverage = ">=4.4.1"
|
||||
six = ">=1.7"
|
||||
|
||||
[package.extras]
|
||||
coverage_plugin = ["coverage (>=4.4.1)"]
|
||||
doc = ["Sphinx (>=1.6.5)", "sphinx-rtd-theme", "mock"]
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "Python style guide checker"
|
||||
name = "pycodestyle"
|
||||
optional = false
|
||||
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
|
||||
version = "2.5.0"
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "passive checker of Python programs"
|
||||
name = "pyflakes"
|
||||
optional = false
|
||||
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
|
||||
version = "2.1.1"
|
||||
|
||||
[[package]]
|
||||
category = "main"
|
||||
description = "Python 2 and 3 compatibility utilities"
|
||||
name = "six"
|
||||
optional = false
|
||||
python-versions = ">=2.6, !=3.0.*, !=3.1.*"
|
||||
version = "1.13.0"
|
||||
|
||||
[[package]]
|
||||
category = "main"
|
||||
description = "A pure Python implementation of a sliding window memory map manager"
|
||||
name = "smmap2"
|
||||
optional = false
|
||||
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
|
||||
version = "2.0.5"
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "a fork of Python 2 and 3 ast modules with type comment support"
|
||||
name = "typed-ast"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
version = "1.4.0"
|
||||
|
||||
[[package]]
|
||||
category = "dev"
|
||||
description = "Backported and Experimental Type Hints for Python 3.5+"
|
||||
name = "typing-extensions"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
version = "3.7.4.1"
|
||||
|
||||
[metadata]
|
||||
content-hash = "4fd05852a9f3844298b1c0dbc4ab61ddbb77f4a42602c42982e19e531a7883d6"
|
||||
python-versions = "^3.6"
|
||||
|
||||
[metadata.files]
|
||||
coverage = [
|
||||
{file = "coverage-5.0.1-cp27-cp27m-macosx_10_12_x86_64.whl", hash = "sha256:c90bda74e16bcd03861b09b1d37c0a4158feda5d5a036bb2d6e58de6ff65793e"},
|
||||
{file = "coverage-5.0.1-cp27-cp27m-macosx_10_13_intel.whl", hash = "sha256:bb3d29df5d07d5399d58a394d0ef50adf303ab4fbf66dfd25b9ef258effcb692"},
|
||||
{file = "coverage-5.0.1-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:1ca43dbd739c0fc30b0a3637a003a0d2c7edc1dd618359d58cc1e211742f8bd1"},
|
||||
{file = "coverage-5.0.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:591506e088901bdc25620c37aec885e82cc896528f28c57e113751e3471fc314"},
|
||||
{file = "coverage-5.0.1-cp27-cp27m-win32.whl", hash = "sha256:a50b0888d8a021a3342d36a6086501e30de7d840ab68fca44913e97d14487dc1"},
|
||||
{file = "coverage-5.0.1-cp27-cp27m-win_amd64.whl", hash = "sha256:c792d3707a86c01c02607ae74364854220fb3e82735f631cd0a345dea6b4cee5"},
|
||||
{file = "coverage-5.0.1-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:f425f50a6dd807cb9043d15a4fcfba3b5874a54d9587ccbb748899f70dc18c47"},
|
||||
{file = "coverage-5.0.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:25b8f60b5c7da71e64c18888f3067d5b6f1334b9681876b2fb41eea26de881ae"},
|
||||
{file = "coverage-5.0.1-cp35-cp35m-macosx_10_12_x86_64.whl", hash = "sha256:7362a7f829feda10c7265b553455de596b83d1623b3d436b6d3c51c688c57bf6"},
|
||||
{file = "coverage-5.0.1-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:fcd4459fe35a400b8f416bc57906862693c9f88b66dc925e7f2a933e77f6b18b"},
|
||||
{file = "coverage-5.0.1-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:40fbfd6b044c9db13aeec1daf5887d322c710d811f944011757526ef6e323fd9"},
|
||||
{file = "coverage-5.0.1-cp35-cp35m-win32.whl", hash = "sha256:7f2675750c50151f806070ec11258edf4c328340916c53bac0adbc465abd6b1e"},
|
||||
{file = "coverage-5.0.1-cp35-cp35m-win_amd64.whl", hash = "sha256:24bcfa86fd9ce86b73a8368383c39d919c497a06eebb888b6f0c12f13e920b1a"},
|
||||
{file = "coverage-5.0.1-cp36-cp36m-macosx_10_13_x86_64.whl", hash = "sha256:eeafb646f374988c22c8e6da5ab9fb81367ecfe81c70c292623373d2a021b1a1"},
|
||||
{file = "coverage-5.0.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:2ca2cd5264e84b2cafc73f0045437f70c6378c0d7dbcddc9ee3fe192c1e29e5d"},
|
||||
{file = "coverage-5.0.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:2cc707fc9aad2592fc686d63ef72dc0031fc98b6fb921d2f5395d9ab84fbc3ef"},
|
||||
{file = "coverage-5.0.1-cp36-cp36m-win32.whl", hash = "sha256:04b961862334687549eb91cd5178a6fbe977ad365bddc7c60f2227f2f9880cf4"},
|
||||
{file = "coverage-5.0.1-cp36-cp36m-win_amd64.whl", hash = "sha256:232f0b52a5b978288f0bbc282a6c03fe48cd19a04202df44309919c142b3bb9c"},
|
||||
{file = "coverage-5.0.1-cp37-cp37m-macosx_10_13_x86_64.whl", hash = "sha256:cfce79ce41cc1a1dc7fc85bb41eeeb32d34a4cf39a645c717c0550287e30ff06"},
|
||||
{file = "coverage-5.0.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:46c9c6a1d1190c0b75ec7c0f339088309952b82ae8d67a79ff1319eb4e749b96"},
|
||||
{file = "coverage-5.0.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:1cbb88b34187bdb841f2599770b7e6ff8e259dc3bb64fc7893acf44998acf5f8"},
|
||||
{file = "coverage-5.0.1-cp37-cp37m-win32.whl", hash = "sha256:ff3936dd5feaefb4f91c8c1f50a06c588b5dc69fba4f7d9c79a6617ad80bb7df"},
|
||||
{file = "coverage-5.0.1-cp37-cp37m-win_amd64.whl", hash = "sha256:65bead1ac8c8930cf92a1ccaedcce19a57298547d5d1db5c9d4d068a0675c38b"},
|
||||
{file = "coverage-5.0.1-cp38-cp38-macosx_10_13_x86_64.whl", hash = "sha256:348630edea485f4228233c2f310a598abf8afa5f8c716c02a9698089687b6085"},
|
||||
{file = "coverage-5.0.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:960d7f42277391e8b1c0b0ae427a214e1b31a1278de6b73f8807b20c2e913bba"},
|
||||
{file = "coverage-5.0.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:0101888bd1592a20ccadae081ba10e8b204d20235d18d05c6f7d5e904a38fc10"},
|
||||
{file = "coverage-5.0.1-cp38-cp38m-win32.whl", hash = "sha256:c0fff2733f7c2950f58a4fd09b5db257b00c6fec57bf3f68c5bae004d804b407"},
|
||||
{file = "coverage-5.0.1-cp38-cp38m-win_amd64.whl", hash = "sha256:5f622f19abda4e934938e24f1d67599249abc201844933a6f01aaa8663094489"},
|
||||
{file = "coverage-5.0.1-cp39-cp39m-win32.whl", hash = "sha256:2714160a63da18aed9340c70ed514973971ee7e665e6b336917ff4cca81a25b1"},
|
||||
{file = "coverage-5.0.1-cp39-cp39m-win_amd64.whl", hash = "sha256:b7dbc5e8c39ea3ad3db22715f1b5401cd698a621218680c6daf42c2f9d36e205"},
|
||||
{file = "coverage-5.0.1.tar.gz", hash = "sha256:5ac71bba1e07eab403b082c4428f868c1c9e26a21041436b4905c4c3d4e49b08"},
|
||||
]
|
||||
entrypoints = [
|
||||
{file = "entrypoints-0.3-py2.py3-none-any.whl", hash = "sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19"},
|
||||
{file = "entrypoints-0.3.tar.gz", hash = "sha256:c70dd71abe5a8c85e55e12c19bd91ccfeec11a6e99044204511f9ed547d48451"},
|
||||
]
|
||||
flake8 = [
|
||||
{file = "flake8-3.7.9-py2.py3-none-any.whl", hash = "sha256:49356e766643ad15072a789a20915d3c91dc89fd313ccd71802303fd67e4deca"},
|
||||
{file = "flake8-3.7.9.tar.gz", hash = "sha256:45681a117ecc81e870cbf1262835ae4af5e7a8b08e40b944a8a6e6b895914cfb"},
|
||||
]
|
||||
gitdb2 = [
|
||||
{file = "gitdb2-2.0.6-py2.py3-none-any.whl", hash = "sha256:96bbb507d765a7f51eb802554a9cfe194a174582f772e0d89f4e87288c288b7b"},
|
||||
{file = "gitdb2-2.0.6.tar.gz", hash = "sha256:1b6df1433567a51a4a9c1a5a0de977aa351a405cc56d7d35f3388bad1f630350"},
|
||||
]
|
||||
gitpython = [
|
||||
{file = "GitPython-3.0.5-py3-none-any.whl", hash = "sha256:c155c6a2653593ccb300462f6ef533583a913e17857cfef8fc617c246b6dc245"},
|
||||
{file = "GitPython-3.0.5.tar.gz", hash = "sha256:9c2398ffc3dcb3c40b27324b316f08a4f93ad646d5a6328cafbb871aa79f5e42"},
|
||||
]
|
||||
langdetect = [
|
||||
{file = "langdetect-1.0.7.zip", hash = "sha256:91a170d5f0ade380db809b3ba67f08e95fe6c6c8641f96d67a51ff7e98a9bf30"},
|
||||
]
|
||||
mccabe = [
|
||||
{file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"},
|
||||
{file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"},
|
||||
]
|
||||
mypy = [
|
||||
{file = "mypy-0.750-cp35-cp35m-macosx_10_6_x86_64.whl", hash = "sha256:de9ec8dba773b78c49e7bec9a35c9b6fc5235682ad1fc2105752ae7c22f4b931"},
|
||||
{file = "mypy-0.750-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:3294821b5840d51a3cd7a2bb63b40fc3f901f6a3cfb3c6046570749c4c7ef279"},
|
||||
{file = "mypy-0.750-cp35-cp35m-win_amd64.whl", hash = "sha256:6992133c95a2847d309b4b0c899d7054adc60481df6f6b52bb7dee3d5fd157f7"},
|
||||
{file = "mypy-0.750-cp36-cp36m-macosx_10_6_x86_64.whl", hash = "sha256:41696a7d912ce16fdc7c141d87e8db5144d4be664a0c699a2b417d393994b0c2"},
|
||||
{file = "mypy-0.750-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:c87ac7233c629f305602f563db07f5221950fe34fe30af072ac838fa85395f78"},
|
||||
{file = "mypy-0.750-cp36-cp36m-win_amd64.whl", hash = "sha256:83fa87f556e60782c0fc3df1b37b7b4a840314ba1ac27f3e1a1e10cb37c89c17"},
|
||||
{file = "mypy-0.750-cp37-cp37m-macosx_10_6_x86_64.whl", hash = "sha256:30e123b24931f02c5d99307406658ac8f9cd6746f0d45a3dcac2fe5fbdd60939"},
|
||||
{file = "mypy-0.750-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:02d9bdd3398b636723ecb6c5cfe9773025a9ab7f34612c1cde5c7f2292e2d768"},
|
||||
{file = "mypy-0.750-cp37-cp37m-win_amd64.whl", hash = "sha256:088f758a50af31cf8b42688118077292370c90c89232c783ba7979f39ea16646"},
|
||||
{file = "mypy-0.750-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:4f42675fa278f3913340bb8c3371d191319704437758d7c4a8440346c293ecb2"},
|
||||
{file = "mypy-0.750-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:f385a0accf353ca1bca4bbf473b9d83ed18d923fdb809d3a70a385da23e25b6a"},
|
||||
{file = "mypy-0.750-cp38-cp38-win_amd64.whl", hash = "sha256:54d205ccce6ed930a8a2ccf48404896d456e8b87812e491cb907a355b1a9c640"},
|
||||
{file = "mypy-0.750-py3-none-any.whl", hash = "sha256:28e9fbc96d13397a7ddb7fad7b14f373f91b5cff538e0772e77c270468df083c"},
|
||||
{file = "mypy-0.750.tar.gz", hash = "sha256:6ecbd0e8e371333027abca0922b0c2c632a5b4739a0c61ffbd0733391e39144c"},
|
||||
]
|
||||
mypy-extensions = [
|
||||
{file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"},
|
||||
{file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"},
|
||||
]
|
||||
nose2 = [
|
||||
{file = "nose2-0.9.1-py2.py3-none-any.whl", hash = "sha256:31d8beb00aed3ccc6efb1742bb90227d883e471715188249f594310676e0ef0e"},
|
||||
{file = "nose2-0.9.1.tar.gz", hash = "sha256:0ede156fd7974fa40893edeca0b709f402c0ccacd7b81b22e76f73c116d1b999"},
|
||||
]
|
||||
pycodestyle = [
|
||||
{file = "pycodestyle-2.5.0-py2.py3-none-any.whl", hash = "sha256:95a2219d12372f05704562a14ec30bc76b05a5b297b21a5dfe3f6fac3491ae56"},
|
||||
{file = "pycodestyle-2.5.0.tar.gz", hash = "sha256:e40a936c9a450ad81df37f549d676d127b1b66000a6c500caa2b085bc0ca976c"},
|
||||
]
|
||||
pyflakes = [
|
||||
{file = "pyflakes-2.1.1-py2.py3-none-any.whl", hash = "sha256:17dbeb2e3f4d772725c777fabc446d5634d1038f234e77343108ce445ea69ce0"},
|
||||
{file = "pyflakes-2.1.1.tar.gz", hash = "sha256:d976835886f8c5b31d47970ed689944a0262b5f3afa00a5a7b4dc81e5449f8a2"},
|
||||
]
|
||||
six = [
|
||||
{file = "six-1.13.0-py2.py3-none-any.whl", hash = "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd"},
|
||||
{file = "six-1.13.0.tar.gz", hash = "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"},
|
||||
]
|
||||
smmap2 = [
|
||||
{file = "smmap2-2.0.5-py2.py3-none-any.whl", hash = "sha256:0555a7bf4df71d1ef4218e4807bbf9b201f910174e6e08af2e138d4e517b4dde"},
|
||||
{file = "smmap2-2.0.5.tar.gz", hash = "sha256:29a9ffa0497e7f2be94ca0ed1ca1aa3cd4cf25a1f6b4f5f87f74b46ed91d609a"},
|
||||
]
|
||||
typed-ast = [
|
||||
{file = "typed_ast-1.4.0-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:262c247a82d005e43b5b7f69aff746370538e176131c32dda9cb0f324d27141e"},
|
||||
{file = "typed_ast-1.4.0-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:71211d26ffd12d63a83e079ff258ac9d56a1376a25bc80b1cdcdf601b855b90b"},
|
||||
{file = "typed_ast-1.4.0-cp35-cp35m-win32.whl", hash = "sha256:630968c5cdee51a11c05a30453f8cd65e0cc1d2ad0d9192819df9978984529f4"},
|
||||
{file = "typed_ast-1.4.0-cp35-cp35m-win_amd64.whl", hash = "sha256:ffde2fbfad571af120fcbfbbc61c72469e72f550d676c3342492a9dfdefb8f12"},
|
||||
{file = "typed_ast-1.4.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:4e0b70c6fc4d010f8107726af5fd37921b666f5b31d9331f0bd24ad9a088e631"},
|
||||
{file = "typed_ast-1.4.0-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:bc6c7d3fa1325a0c6613512a093bc2a2a15aeec350451cbdf9e1d4bffe3e3233"},
|
||||
{file = "typed_ast-1.4.0-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:cc34a6f5b426748a507dd5d1de4c1978f2eb5626d51326e43280941206c209e1"},
|
||||
{file = "typed_ast-1.4.0-cp36-cp36m-win32.whl", hash = "sha256:d896919306dd0aa22d0132f62a1b78d11aaf4c9fc5b3410d3c666b818191630a"},
|
||||
{file = "typed_ast-1.4.0-cp36-cp36m-win_amd64.whl", hash = "sha256:354c16e5babd09f5cb0ee000d54cfa38401d8b8891eefa878ac772f827181a3c"},
|
||||
{file = "typed_ast-1.4.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:95bd11af7eafc16e829af2d3df510cecfd4387f6453355188342c3e79a2ec87a"},
|
||||
{file = "typed_ast-1.4.0-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:18511a0b3e7922276346bcb47e2ef9f38fb90fd31cb9223eed42c85d1312344e"},
|
||||
{file = "typed_ast-1.4.0-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:d7c45933b1bdfaf9f36c579671fec15d25b06c8398f113dab64c18ed1adda01d"},
|
||||
{file = "typed_ast-1.4.0-cp37-cp37m-win32.whl", hash = "sha256:d755f03c1e4a51e9b24d899561fec4ccaf51f210d52abdf8c07ee2849b212a36"},
|
||||
{file = "typed_ast-1.4.0-cp37-cp37m-win_amd64.whl", hash = "sha256:2b907eb046d049bcd9892e3076c7a6456c93a25bebfe554e931620c90e6a25b0"},
|
||||
{file = "typed_ast-1.4.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:fdc1c9bbf79510b76408840e009ed65958feba92a88833cdceecff93ae8fff66"},
|
||||
{file = "typed_ast-1.4.0-cp38-cp38-manylinux1_i686.whl", hash = "sha256:7954560051331d003b4e2b3eb822d9dd2e376fa4f6d98fee32f452f52dd6ebb2"},
|
||||
{file = "typed_ast-1.4.0-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:48e5b1e71f25cfdef98b013263a88d7145879fbb2d5185f2a0c79fa7ebbeae47"},
|
||||
{file = "typed_ast-1.4.0-cp38-cp38-win32.whl", hash = "sha256:1170afa46a3799e18b4c977777ce137bb53c7485379d9706af8a59f2ea1aa161"},
|
||||
{file = "typed_ast-1.4.0-cp38-cp38-win_amd64.whl", hash = "sha256:838997f4310012cf2e1ad3803bce2f3402e9ffb71ded61b5ee22617b3a7f6b6e"},
|
||||
{file = "typed_ast-1.4.0.tar.gz", hash = "sha256:66480f95b8167c9c5c5c87f32cf437d585937970f3fc24386f313a4c97b44e34"},
|
||||
]
|
||||
typing-extensions = [
|
||||
{file = "typing_extensions-3.7.4.1-py2-none-any.whl", hash = "sha256:910f4656f54de5993ad9304959ce9bb903f90aadc7c67a0bef07e678014e892d"},
|
||||
{file = "typing_extensions-3.7.4.1-py3-none-any.whl", hash = "sha256:cf8b63fedea4d89bab840ecbb93e75578af28f76f66c35889bd7065f5af88575"},
|
||||
{file = "typing_extensions-3.7.4.1.tar.gz", hash = "sha256:091ecc894d5e908ac75209f10d5b4f118fbdb2eb1ede6a63544054bb1edb41f2"},
|
||||
]
|
59
pyproject.toml
Normal file
59
pyproject.toml
Normal file
|
@ -0,0 +1,59 @@
|
|||
[tool.poetry]
|
||||
name = "git-vuln-finder"
|
||||
version = "1.0.0"
|
||||
description = "Finding potential software vulnerabilities from git commit messages."
|
||||
authors = [
|
||||
"Alexandre Dulaunoy <a@foo.be>"
|
||||
]
|
||||
license = "GPL-3.0-or-later"
|
||||
|
||||
readme = "README.md"
|
||||
|
||||
homepage = "https://github.com/cve-search/git-vuln-finder"
|
||||
repository = "https://github.com/cve-search/git-vuln-finder"
|
||||
documentation = ""
|
||||
|
||||
keywords = [
|
||||
"git",
|
||||
"cve",
|
||||
"scanner",
|
||||
"cve-search",
|
||||
"cve-scanning",
|
||||
"software-vulnerability",
|
||||
"software-vulnerabilities"
|
||||
]
|
||||
|
||||
classifiers = [
|
||||
"Development Status :: 5 - Production/Stable",
|
||||
"Environment :: Console",
|
||||
"Intended Audience :: Developers",
|
||||
"Intended Audience :: Science/Research",
|
||||
"Topic :: Security",
|
||||
"Operating System :: OS Independent",
|
||||
"Programming Language :: Python :: 3.7",
|
||||
"Programming Language :: Python :: 3.8",
|
||||
"License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)"
|
||||
]
|
||||
|
||||
include = [
|
||||
"AUTHORS",
|
||||
"COPYING",
|
||||
"bin/*"
|
||||
]
|
||||
|
||||
[tool.poetry.scripts]
|
||||
finder = "bin.finder:main"
|
||||
|
||||
[tool.poetry.dependencies]
|
||||
python = "^3.6"
|
||||
langdetect = "^1.0.7"
|
||||
gitpython = "^3.0.5"
|
||||
|
||||
[tool.poetry.dev-dependencies]
|
||||
mypy = "^0.750"
|
||||
flake8 = "^3.7.9"
|
||||
nose2 = "^0.9.1"
|
||||
|
||||
[build-system]
|
||||
requires = ["poetry>=0.12"]
|
||||
build-backend = "poetry.masonry.api"
|
Loading…
Reference in a new issue