mirror of
https://github.com/adulau/git-vuln-finder.git
synced 2024-11-22 10:07:11 +00:00
fixed problem of definition of tagmap
This commit is contained in:
parent
ba558d34e4
commit
a597d1e6fc
4 changed files with 91 additions and 72 deletions
|
@ -73,8 +73,8 @@ def main():
|
||||||
repo_heads_names = [h.name for h in repo_heads]
|
repo_heads_names = [h.name for h in repo_heads]
|
||||||
print(repo_heads_names, file=sys.stderr)
|
print(repo_heads_names, file=sys.stderr)
|
||||||
origin = repo.remotes.origin.url
|
origin = repo.remotes.origin.url
|
||||||
if args.t:
|
|
||||||
tagmap = {}
|
tagmap = {}
|
||||||
|
if args.t:
|
||||||
for t in repo.tags:
|
for t in repo.tags:
|
||||||
tagmap.setdefault(repo.commit(t).hexsha, []).append(str(t))
|
tagmap.setdefault(repo.commit(t).hexsha, []).append(str(t))
|
||||||
|
|
||||||
|
@ -86,8 +86,10 @@ def main():
|
||||||
ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
|
ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
|
||||||
if ret:
|
if ret:
|
||||||
rcommit = ret['commit']
|
rcommit = ret['commit']
|
||||||
_, potential_vulnerabilities = summary(rcommit,
|
_, potential_vulnerabilities = summary(repo,
|
||||||
|
rcommit,
|
||||||
branch,
|
branch,
|
||||||
|
tagmap,
|
||||||
defaultpattern,
|
defaultpattern,
|
||||||
origin=origin,
|
origin=origin,
|
||||||
vuln_match=ret['match'],
|
vuln_match=ret['match'],
|
||||||
|
@ -100,8 +102,10 @@ def main():
|
||||||
ret = find_vuln(commit, pattern=p, verbose=args.v)
|
ret = find_vuln(commit, pattern=p, verbose=args.v)
|
||||||
if ret:
|
if ret:
|
||||||
rcommit = ret['commit']
|
rcommit = ret['commit']
|
||||||
_, potential_vulnerabilities = summary(rcommit,
|
_, potential_vulnerabilities = summary(repo,
|
||||||
|
rcommit,
|
||||||
branch,
|
branch,
|
||||||
|
tagmap,
|
||||||
p,
|
p,
|
||||||
origin=origin,
|
origin=origin,
|
||||||
vuln_match=ret['match'],
|
vuln_match=ret['match'],
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
|
|
||||||
from git_vuln_finder.finder import build_pattern
|
from git_vuln_finder.pattern import build_pattern
|
||||||
from git_vuln_finder.finder import get_patterns
|
from git_vuln_finder.pattern import get_patterns
|
||||||
from git_vuln_finder.finder import find_vuln
|
from git_vuln_finder.vulnerability import find_vuln
|
||||||
from git_vuln_finder.finder import summary
|
from git_vuln_finder.vulnerability import summary
|
||||||
from git_vuln_finder.finder import extract_cve
|
from git_vuln_finder.vulnerability import extract_cve
|
||||||
|
|
76
git_vuln_finder/pattern.py
Normal file
76
git_vuln_finder/pattern.py
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
#
|
||||||
|
# Finding potential software vulnerabilities from git commit messages
|
||||||
|
#
|
||||||
|
# Software is free software released under the "GNU Affero General Public License v3.0"
|
||||||
|
#
|
||||||
|
# This software is part of cve-search.org
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
|
||||||
|
|
||||||
|
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
|
||||||
|
|
||||||
|
PATTERNS_PATH="./git_vuln_finder/patterns"
|
||||||
|
|
||||||
|
|
||||||
|
def build_pattern(pattern_file):
|
||||||
|
fp = open(pattern_file, "r")
|
||||||
|
rex = ""
|
||||||
|
try:
|
||||||
|
prefix_fp = open(pattern_file + ".prefix", "r")
|
||||||
|
rex += prefix_fp.read()
|
||||||
|
prefix_fp.close()
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
|
for line in fp.readlines():
|
||||||
|
rex += line.rstrip() + "|"
|
||||||
|
rex = rex[:-1] # We remove the extra '|
|
||||||
|
fp.close()
|
||||||
|
|
||||||
|
try:
|
||||||
|
suffix_fp = open(pattern_file + ".suffix", "r")
|
||||||
|
rex += suffix_fp.read()
|
||||||
|
suffix_fp.close()
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return rex
|
||||||
|
|
||||||
|
|
||||||
|
def get_patterns(patterns_path=PATTERNS_PATH):
|
||||||
|
patterns = {}
|
||||||
|
for root, dirs, files in os.walk(patterns_path):
|
||||||
|
path = root.split(os.sep)
|
||||||
|
for f in files:
|
||||||
|
if f.endswith(".prefix") or f.endswith(".suffix"):
|
||||||
|
continue
|
||||||
|
npath = root[len(patterns_path):].split(os.sep)
|
||||||
|
try:
|
||||||
|
npath.remove('')
|
||||||
|
except ValueError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
lang = npath[0]
|
||||||
|
severity = npath[1]
|
||||||
|
pattern_category = f
|
||||||
|
|
||||||
|
try: # FIXME: Is there a better way?
|
||||||
|
a = patterns[lang]
|
||||||
|
except KeyError:
|
||||||
|
patterns[lang] = {}
|
||||||
|
try:
|
||||||
|
a = patterns[lang][severity]
|
||||||
|
except KeyError:
|
||||||
|
patterns[lang][severity] = {}
|
||||||
|
try:
|
||||||
|
a = patterns[lang][severity][pattern_category]
|
||||||
|
except KeyError:
|
||||||
|
rex = build_pattern(root + os.sep + f)
|
||||||
|
patterns[lang][severity][pattern_category] = re.compile(rex)
|
||||||
|
|
||||||
|
return patterns
|
|
@ -10,74 +10,11 @@
|
||||||
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
|
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
|
||||||
|
|
||||||
|
|
||||||
import os
|
|
||||||
import re
|
import re
|
||||||
import sys
|
import sys
|
||||||
from langdetect import detect as langdetect
|
from langdetect import detect as langdetect
|
||||||
|
|
||||||
|
|
||||||
PATTERNS_PATH="./git_vuln_finder/patterns"
|
|
||||||
|
|
||||||
|
|
||||||
def build_pattern(pattern_file):
|
|
||||||
fp = open(pattern_file, "r")
|
|
||||||
rex = ""
|
|
||||||
try:
|
|
||||||
prefix_fp = open(pattern_file + ".prefix", "r")
|
|
||||||
rex += prefix_fp.read()
|
|
||||||
prefix_fp.close()
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
for line in fp.readlines():
|
|
||||||
rex += line.rstrip() + "|"
|
|
||||||
rex = rex[:-1] # We remove the extra '|
|
|
||||||
fp.close()
|
|
||||||
|
|
||||||
try:
|
|
||||||
suffix_fp = open(pattern_file + ".suffix", "r")
|
|
||||||
rex += suffix_fp.read()
|
|
||||||
suffix_fp.close()
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
return rex
|
|
||||||
|
|
||||||
|
|
||||||
def get_patterns(patterns_path=PATTERNS_PATH):
|
|
||||||
patterns = {}
|
|
||||||
for root, dirs, files in os.walk(patterns_path):
|
|
||||||
path = root.split(os.sep)
|
|
||||||
for f in files:
|
|
||||||
if f.endswith(".prefix") or f.endswith(".suffix"):
|
|
||||||
continue
|
|
||||||
npath = root[len(patterns_path):].split(os.sep)
|
|
||||||
try:
|
|
||||||
npath.remove('')
|
|
||||||
except ValueError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
lang = npath[0]
|
|
||||||
severity = npath[1]
|
|
||||||
pattern_category = f
|
|
||||||
|
|
||||||
try: # FIXME: Is there a better way?
|
|
||||||
a = patterns[lang]
|
|
||||||
except KeyError:
|
|
||||||
patterns[lang] = {}
|
|
||||||
try:
|
|
||||||
a = patterns[lang][severity]
|
|
||||||
except KeyError:
|
|
||||||
patterns[lang][severity] = {}
|
|
||||||
try:
|
|
||||||
a = patterns[lang][severity][pattern_category]
|
|
||||||
except KeyError:
|
|
||||||
rex = build_pattern(root + os.sep + f)
|
|
||||||
patterns[lang][severity][pattern_category] = re.compile(rex)
|
|
||||||
|
|
||||||
return patterns
|
|
||||||
|
|
||||||
|
|
||||||
def find_vuln(commit, pattern, verbose=False):
|
def find_vuln(commit, pattern, verbose=False):
|
||||||
m = pattern.search(commit.message)
|
m = pattern.search(commit.message)
|
||||||
if m:
|
if m:
|
||||||
|
@ -93,8 +30,10 @@ def find_vuln(commit, pattern, verbose=False):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def summary(commit,
|
def summary(repo,
|
||||||
|
commit,
|
||||||
branch,
|
branch,
|
||||||
|
tagmap,
|
||||||
pattern,
|
pattern,
|
||||||
origin=None,
|
origin=None,
|
||||||
vuln_match=None,
|
vuln_match=None,
|
Loading…
Reference in a new issue