adulau/git-vuln-finder
1
0
Fork 0
mirror of https://github.com/adulau/git-vuln-finder.git synced 2024-11-22 10:07:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

chg: [doc] README fixed

Browse source
This commit is contained in:
Alexandre Dulaunoy 2019-11-15 07:48:32 +01:00
parent 3b9ad5c846
commit 24555ffa1d
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD
1 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
README.md
View file

@ -1,7 +1,7 @@
# git-vuln-finder # git-vuln-finder
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding
a software vulnerability. The search is based on a set of regular expressions against the commit messages. a software vulnerability. The search is based on a set of regular expressions against the commit messages only.
# Requirements # Requirements
@ -11,7 +11,7 @@ a software vulnerability. The search is based on a set of regular expressions ag
# Usage # Usage
~~~bash ~~~bash
usage: finder.py [-h] [-v] [-r R] [-o O] usage: finder.py [-h] [-v] [-r R] [-o O] [-s S] [-p P]
Finding potential software vulnerabilities from git commit messages. Finding potential software vulnerabilities from git commit messages.
@ -20,10 +20,19 @@ optional arguments:
-v increase output verbosity -v increase output verbosity
-r R git repository to analyse -r R git repository to analyse
-o O Output format: [json] -o O Output format: [json]
-s S State of the commit found
More info: https://github.com/cve-search/git-vuln-finder -p P Matching pattern to use: [vulnpatterns, cryptopatterns,
cpatterns]
~~~ ~~~
# Patterns
git-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as:
- `vulnpatterns` is a generic vulnerability pattern especially targeting web application and generic security commit message. Based on an academic paper.
- `cryptopatterns` is a vulnerability pattern for cryptographic errors mentioned in commit messages.
- `cpatterns` is a set of standard vulnerability patterns see for C/C++-like languages.
## A sample partial output from Curl git repository ## A sample partial output from Curl git repository
~~~bash ~~~bash
@ -70,10 +79,12 @@ python3 finder.py -r /home/adulau/git/curl | jq .
... ...
~~~ ~~~
# License # License and author(s)
This software is free software and licensed under the AGPL version 3. This software is free software and licensed under the AGPL version 3.
Copyright (c) 2019 Alexandre Dulaunoy - https://github.com/adulau/
# References # References
- [Notes](https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md) - [Notes](https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md)