adulau/git-vuln-finder
1
0
Fork 0
mirror of https://github.com/adulau/git-vuln-finder.git synced 2024-11-22 10:07:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

in place merge number of CVE found via summary function

Browse source
This commit is contained in:
Cédric Bonhomme 2020-01-06 15:50:50 +01:00
parent 1460433429
commit 73d5349b08
No known key found for this signature in database
GPG key ID: A1CB94DE57B7A70D
2 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
bin/finder.py
View file

@ -75,7 +75,7 @@ def main():
# Initialization of the variables for the results # Initialization of the variables for the results
found = 0 found = 0
all_potential_vulnerabilities = {} all_potential_vulnerabilities = {}
cve_found = set() all_cve_found = set()
repo_heads = repo.heads repo_heads = repo.heads
repo_heads_names = [h.name for h in repo_heads] repo_heads_names = [h.name for h in repo_heads]
@ -94,7 +94,7 @@ def main():
ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v) ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
if ret: if ret:
rcommit = ret["commit"] rcommit = ret["commit"]
_, potential_vulnerabilities = summary( _, potential_vulnerabilities, cve_found = summary(
repo, repo,
rcommit, rcommit,
branch, branch,
@ -106,13 +106,14 @@ def main():
commit_state=args.s, commit_state=args.s,
) )
all_potential_vulnerabilities.update(potential_vulnerabilities) all_potential_vulnerabilities.update(potential_vulnerabilities)
all_cve_found.update(cve_found)
found += 1 found += 1
elif isinstance(defaultpattern, list): elif isinstance(defaultpattern, list):
for p in defaultpattern: for p in defaultpattern:
ret = find_vuln(commit, pattern=p, verbose=args.v) ret = find_vuln(commit, pattern=p, verbose=args.v)
if ret: if ret:
rcommit = ret["commit"] rcommit = ret["commit"]
_, potential_vulnerabilities = summary( _, potential_vulnerabilities, cve_found = summary(
repo, repo,
rcommit, rcommit,
branch, branch,
@ -124,15 +125,16 @@ def main():
commit_state=args.s, commit_state=args.s,
) )
all_potential_vulnerabilities.update(potential_vulnerabilities) all_potential_vulnerabilities.update(potential_vulnerabilities)
all_cve_found.update(cve_found)
found += 1 found += 1
if not args.c: if not args.c:
print(json.dumps(all_potential_vulnerabilities)) print(json.dumps(all_potential_vulnerabilities))
elif args.c: elif args.c:
print(json.dumps(list(cve_found))) print(json.dumps(list(all_cve_found)))
print( print(
"{} CVE referenced found in commit(s)".format(len(list(cve_found))), "{} CVE referenced found in commit(s)".format(len(list(all_cve_found))),
file=sys.stderr, file=sys.stderr,
) )
print( print(

8
git_vuln_finder/vulnerability.py
View file

@ -43,7 +43,7 @@ def summary(
): ):
potential_vulnerabilities = {} potential_vulnerabilities = {}
rcommit = commit rcommit = commit
cve = extract_cve(rcommit.message) cve, cve_found = extract_cve(rcommit.message)
if origin is not None: if origin is not None:
origin = origin origin = origin
if origin.find("github.com"): if origin.find("github.com"):
@ -98,7 +98,7 @@ def summary(
else: else:
potential_vulnerabilities[rcommit.hexsha]["state"] = commit_state potential_vulnerabilities[rcommit.hexsha]["state"] = commit_state
return rcommit.hexsha, potential_vulnerabilities return rcommit.hexsha, potential_vulnerabilities, cve_found
def extract_cve(commit): def extract_cve(commit):
@ -108,6 +108,6 @@ def extract_cve(commit):
if m: if m:
for v in m: for v in m:
cve_found.add(v) cve_found.add(v)
return m return m, cve_found
else: else:
return None return None, set()