mirror of
https://github.com/adulau/git-vuln-finder.git
synced 2024-11-22 01:57:08 +00:00
Adding patterns to be used from external files, done this way:
* Create a file in patterns/en/medium/ where there is one pattern per line * If needed append .suffix and .prefix to prepend or append those chars to the regex (exactly those chars, don't add a newline char in the end!) * Replicate the actual behavior, for now, only medium is being used, but later, we will add more severities and add them into the output information
This commit is contained in:
parent
098921df31
commit
2d1cbc220f
10 changed files with 155 additions and 3 deletions
|
@ -10,6 +10,7 @@
|
|||
# Copyright (c) 2019 Alexandre Dulaunoy - a@foo.be
|
||||
|
||||
|
||||
import os
|
||||
import re
|
||||
import git
|
||||
import json
|
||||
|
@ -18,6 +19,8 @@ import argparse
|
|||
import typing
|
||||
from langdetect import detect as langdetect
|
||||
|
||||
PATTERNS_PATH="../patterns"
|
||||
|
||||
parser = argparse.ArgumentParser(description = "Finding potential software vulnerabilities from git commit messages.", epilog = "More info: https://github.com/cve-search/git-vuln-finder")
|
||||
parser.add_argument("-v", help="increase output verbosity", action="store_true")
|
||||
parser.add_argument("-r", type=str, help="git repository to analyse")
|
||||
|
@ -28,14 +31,68 @@ parser.add_argument("-c", help="output only a list of the CVE pattern found in c
|
|||
parser.add_argument("-t", help="Include tags matching a specific commit", action="store_true")
|
||||
args = parser.parse_args()
|
||||
|
||||
vulnpatterns = re.compile("(?i)(denial of service |\bXXE\b|remote code execution|\bopen redirect|OSVDB|\bvuln|\bCVE\b |\bXSS\b|\bReDoS\b|\bNVD\b|malicious|x−frame−options|attack|cross site |exploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF \b|\bXSS\b|clickjack|session.fixation|hijack|\badvisory|\binsecure |security |\bcross−origin\b|unauthori[z|s]ed |infinite loop)")
|
||||
|
||||
cryptopatterns = re.compile(".*(assessment|lack of|bad|vulnerable|missing|unproper|unsuitable|breakable|broken|weak|incorrect|replace|assessment|pen([\s-]?)test|pentest|penetration([\s-]?)test|report|vulnerablity|replace|fix|issue|fixes|add|remove|check){1,} (crypto|cryptographic|cryptography|encipherement|encryption|ciphers|cipher|AES|DES|3DES|cipher|GPG|PGP|OpenSSL|SSH|wireguard|VPN|CBC|ECB|CTR|key[.|,|\s]|private([\s-]?)key|public([\s-]?)key size|length|strenght|generation|randomness|entropy|prng|rng){1,}")
|
||||
def build_pattern(pattern_file):
|
||||
fp = open(pattern_file, "r")
|
||||
rex = ""
|
||||
try:
|
||||
prefix_fp = open(pattern_file + ".prefix", "r")
|
||||
rex += prefix_fp.read()
|
||||
prefix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
for line in fp.readlines():
|
||||
rex += line.rstrip() + "|"
|
||||
rex = rex[:-1] # We remove the extra '|
|
||||
fp.close()
|
||||
|
||||
try:
|
||||
suffix_fp = open(pattern_file + ".suffix", "r")
|
||||
rex += suffix_fp.read()
|
||||
suffix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
return rex
|
||||
|
||||
def get_patterns(patterns_path=PATTERNS_PATH):
|
||||
patterns = {}
|
||||
for root, dirs, files in os.walk(patterns_path):
|
||||
path = root.split(os.sep)
|
||||
for f in files:
|
||||
if f.endswith(".prefix") or f.endswith(".suffix"):
|
||||
continue
|
||||
npath = root[len(patterns_path):].split(os.sep)
|
||||
try:
|
||||
npath.remove('')
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
lang = npath[0]
|
||||
severity = npath[1]
|
||||
pattern_category = f
|
||||
|
||||
try: # FIXME: Is there a better way?
|
||||
a = patterns[lang]
|
||||
except KeyError:
|
||||
patterns[lang] = {}
|
||||
try:
|
||||
a = patterns[lang][severity]
|
||||
except KeyError:
|
||||
patterns[lang][severity] = {}
|
||||
try:
|
||||
a = patterns[lang][severity][pattern_category]
|
||||
except KeyError:
|
||||
rex = build_pattern(root + os.sep + f)
|
||||
patterns[lang][severity][pattern_category] = re.compile(rex)
|
||||
|
||||
return patterns
|
||||
|
||||
cpatterns = re.compile("(?i)(double[-| ]free|buffer overflow|double free|race[-| ]condition)")
|
||||
patterns = get_patterns()
|
||||
vulnpatterns = patterns["en"]["medium"]["vuln"]
|
||||
cryptopatterns = patterns["en"]["medium"]["crypto"]
|
||||
cpatterns = patterns["en"]["medium"]["c"]
|
||||
|
||||
if args.p == "vulnpatterns":
|
||||
defaultpattern = vulnpatterns
|
||||
|
|
4
patterns/en/medium/c
Normal file
4
patterns/en/medium/c
Normal file
|
@ -0,0 +1,4 @@
|
|||
double[-| ]free
|
||||
buffer overflow
|
||||
double free
|
||||
race[-| ]condition
|
1
patterns/en/medium/c.prefix
Normal file
1
patterns/en/medium/c.prefix
Normal file
|
@ -0,0 +1 @@
|
|||
(?i)(
|
1
patterns/en/medium/c.suffix
Normal file
1
patterns/en/medium/c.suffix
Normal file
|
@ -0,0 +1 @@
|
|||
)
|
55
patterns/en/medium/crypto
Normal file
55
patterns/en/medium/crypto
Normal file
|
@ -0,0 +1,55 @@
|
|||
assessment
|
||||
lack of
|
||||
bad
|
||||
vulnerable
|
||||
missing
|
||||
unproper
|
||||
unsuitable
|
||||
breakable
|
||||
broken
|
||||
weak
|
||||
incorrect
|
||||
replace
|
||||
assessment
|
||||
pen([\s-]?)test
|
||||
pentest
|
||||
penetration([\s-]?)test
|
||||
report
|
||||
vulnerablity
|
||||
replace
|
||||
fix
|
||||
issue
|
||||
fixes
|
||||
add
|
||||
remove
|
||||
check){s1,}
|
||||
(crypto
|
||||
cryptographic
|
||||
cryptography
|
||||
encipherement
|
||||
encryption
|
||||
ciphers
|
||||
cipher
|
||||
AES
|
||||
DES
|
||||
3DES
|
||||
cipher
|
||||
GPG
|
||||
PGP
|
||||
OpenSSL
|
||||
SSH
|
||||
wireguard
|
||||
VPN
|
||||
CBC
|
||||
ECB
|
||||
CTR
|
||||
key[.|,|\s]
|
||||
private([\s-]?)key
|
||||
public([\s-]?)key size
|
||||
length
|
||||
strenght
|
||||
generation
|
||||
randomness
|
||||
entropy
|
||||
prng
|
||||
rng
|
1
patterns/en/medium/crypto.prefix
Normal file
1
patterns/en/medium/crypto.prefix
Normal file
|
@ -0,0 +1 @@
|
|||
.*(
|
1
patterns/en/medium/crypto.suffix
Normal file
1
patterns/en/medium/crypto.suffix
Normal file
|
@ -0,0 +1 @@
|
|||
){1,}
|
30
patterns/en/medium/vuln
Normal file
30
patterns/en/medium/vuln
Normal file
|
@ -0,0 +1,30 @@
|
|||
denial of service
|
||||
\bXXE\b
|
||||
remote code execution
|
||||
\bopen redirect
|
||||
OSVDB
|
||||
\bvuln
|
||||
\bCVE\b
|
||||
\bXSS\b
|
||||
\bReDoS\b
|
||||
\bNVD\b
|
||||
malicious
|
||||
x−frame−options
|
||||
attack
|
||||
cross site
|
||||
exploit
|
||||
malicious
|
||||
directory traversal
|
||||
\bRCE\b
|
||||
\bdos\b
|
||||
\bXSRF \b
|
||||
\bXSS\b
|
||||
clickjack
|
||||
session.fixation
|
||||
hijack
|
||||
\badvisory
|
||||
\binsecure
|
||||
security
|
||||
\bcross−origin\b
|
||||
unauthori[z|s]ed
|
||||
infinite loop
|
1
patterns/en/medium/vuln.prefix
Normal file
1
patterns/en/medium/vuln.prefix
Normal file
|
@ -0,0 +1 @@
|
|||
(?i)(
|
1
patterns/en/medium/vuln.suffix
Normal file
1
patterns/en/medium/vuln.suffix
Normal file
|
@ -0,0 +1 @@
|
|||
)
|
Loading…
Reference in a new issue