adulau/git-vuln-finder
1
0
Fork 0
mirror of https://github.com/adulau/git-vuln-finder.git synced 2024-11-22 01:57:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

chg: [doc] README fixed

Browse source
This commit is contained in:
Alexandre Dulaunoy 2019-11-15 07:48:32 +01:00
parent 3b9ad5c846
commit 24555ffa1d
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD
1 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
README.md
View file

@ -1,7 +1,7 @@
# git-vuln-finder
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding
a software vulnerability. The search is based on a set of regular expressions against the commit messages.
a software vulnerability. The search is based on a set of regular expressions against the commit messages only.
# Requirements
@ -11,7 +11,7 @@ a software vulnerability. The search is based on a set of regular expressions ag
# Usage
~~~bash
usage: finder.py [-h] [-v] [-r R] [-o O]
usage: finder.py [-h] [-v] [-r R] [-o O] [-s S] [-p P]
Finding potential software vulnerabilities from git commit messages.
@ -20,10 +20,19 @@ optional arguments:
-v increase output verbosity
-r R git repository to analyse
-o O Output format: [json]
More info: https://github.com/cve-search/git-vuln-finder
-s S State of the commit found
-p P Matching pattern to use: [vulnpatterns, cryptopatterns,
cpatterns]
~~~
# Patterns
git-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as:
- `vulnpatterns` is a generic vulnerability pattern especially targeting web application and generic security commit message. Based on an academic paper.
- `cryptopatterns` is a vulnerability pattern for cryptographic errors mentioned in commit messages.
- `cpatterns` is a set of standard vulnerability patterns see for C/C++-like languages.
## A sample partial output from Curl git repository
~~~bash
@ -70,10 +79,12 @@ python3 finder.py -r /home/adulau/git/curl | jq .
...
~~~
# License
# License and author(s)
This software is free software and licensed under the AGPL version 3.
Copyright (c) 2019 Alexandre Dulaunoy - https://github.com/adulau/
# References
- [Notes](https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md)