in place merge number of CVE found via summary function

2024-11-21 17:47:06 +00:00 · 2020-01-06 15:50:50 +01:00 · 2020-01-06 15:50:50 +01:00 · 73d5349b08
commit 73d5349b08
parent 1460433429
2 changed files with 11 additions and 9 deletions
--- a/bin/finder.py
+++ b/bin/finder.py
@ -75,7 +75,7 @@ def main():
    # Initialization of the variables for the results
    found = 0
    all_potential_vulnerabilities = {}
-    cve_found = set()
+    all_cve_found = set()

    repo_heads = repo.heads
    repo_heads_names = [h.name for h in repo_heads]
@ -94,7 +94,7 @@ def main():
                ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
                if ret:
                    rcommit = ret["commit"]
-                    _, potential_vulnerabilities = summary(
+                    _, potential_vulnerabilities, cve_found = summary(
                        repo,
                        rcommit,
                        branch,
@ -106,13 +106,14 @@ def main():
                        commit_state=args.s,
                    )
                    all_potential_vulnerabilities.update(potential_vulnerabilities)
+                    all_cve_found.update(cve_found)
                    found += 1
            elif isinstance(defaultpattern, list):
                for p in defaultpattern:
                    ret = find_vuln(commit, pattern=p, verbose=args.v)
                    if ret:
                        rcommit = ret["commit"]
-                        _, potential_vulnerabilities = summary(
+                        _, potential_vulnerabilities, cve_found = summary(
                            repo,
                            rcommit,
                            branch,
@ -124,15 +125,16 @@ def main():
                            commit_state=args.s,
                        )
                        all_potential_vulnerabilities.update(potential_vulnerabilities)
+                        all_cve_found.update(cve_found)
                        found += 1

    if not args.c:
        print(json.dumps(all_potential_vulnerabilities))
    elif args.c:
-        print(json.dumps(list(cve_found)))
+        print(json.dumps(list(all_cve_found)))

    print(
-        "{} CVE referenced found in commit(s)".format(len(list(cve_found))),
+        "{} CVE referenced found in commit(s)".format(len(list(all_cve_found))),
        file=sys.stderr,
    )
    print(
--- a/git_vuln_finder/vulnerability.py
+++ b/git_vuln_finder/vulnerability.py
@ -43,7 +43,7 @@ def summary(
 ):
    potential_vulnerabilities = {}
    rcommit = commit
-    cve = extract_cve(rcommit.message)
+    cve, cve_found = extract_cve(rcommit.message)
    if origin is not None:
        origin = origin
        if origin.find("github.com"):
@ -98,7 +98,7 @@ def summary(
        else:
            potential_vulnerabilities[rcommit.hexsha]["state"] = commit_state

-    return rcommit.hexsha, potential_vulnerabilities
+    return rcommit.hexsha, potential_vulnerabilities, cve_found


 def extract_cve(commit):
@ -108,6 +108,6 @@ def extract_cve(commit):
    if m:
        for v in m:
            cve_found.add(v)
-        return m
+        return m, cve_found
    else:
-        return None
+        return None, set()