adulau/git-vuln-finder
1
0
Fork 0
mirror of https://github.com/adulau/git-vuln-finder.git synced 2024-11-22 10:07:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

fixed problem of definition of tagmap

Browse source
This commit is contained in:
Cédric Bonhomme 2020-01-06 07:44:35 +01:00
parent ba558d34e4
commit a597d1e6fc
No known key found for this signature in database
GPG key ID: A1CB94DE57B7A70D
4 changed files with 91 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
bin/finder.py
View file

@ -73,8 +73,8 @@ def main():
repo_heads_names = [h.name for h in repo_heads] repo_heads_names = [h.name for h in repo_heads]
print(repo_heads_names, file=sys.stderr) print(repo_heads_names, file=sys.stderr)
origin = repo.remotes.origin.url origin = repo.remotes.origin.url
tagmap = {}
if args.t: if args.t:
tagmap = {}
for t in repo.tags: for t in repo.tags:
tagmap.setdefault(repo.commit(t).hexsha, []).append(str(t)) tagmap.setdefault(repo.commit(t).hexsha, []).append(str(t))
@ -86,8 +86,10 @@ def main():
ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v) ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
if ret: if ret:
rcommit = ret['commit'] rcommit = ret['commit']
_, potential_vulnerabilities = summary(rcommit, _, potential_vulnerabilities = summary(repo,
rcommit,
branch, branch,
tagmap,
defaultpattern, defaultpattern,
origin=origin, origin=origin,
vuln_match=ret['match'], vuln_match=ret['match'],
@ -100,8 +102,10 @@ def main():
ret = find_vuln(commit, pattern=p, verbose=args.v) ret = find_vuln(commit, pattern=p, verbose=args.v)
if ret: if ret:
rcommit = ret['commit'] rcommit = ret['commit']
_, potential_vulnerabilities = summary(rcommit, _, potential_vulnerabilities = summary(repo,
rcommit,
branch, branch,
tagmap,
p, p,
origin=origin, origin=origin,
vuln_match=ret['match'], vuln_match=ret['match'],

10
git_vuln_finder/__init__.py
View file

@ -1,6 +1,6 @@
from git_vuln_finder.finder import build_pattern from git_vuln_finder.pattern import build_pattern
from git_vuln_finder.finder import get_patterns from git_vuln_finder.pattern import get_patterns
from git_vuln_finder.finder import find_vuln from git_vuln_finder.vulnerability import find_vuln
from git_vuln_finder.finder import summary from git_vuln_finder.vulnerability import summary
from git_vuln_finder.finder import extract_cve from git_vuln_finder.vulnerability import extract_cve

76
git_vuln_finder/pattern.py Normal file
View file

@ -0,0 +1,76 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Finding potential software vulnerabilities from git commit messages
#
# Software is free software released under the "GNU Affero General Public License v3.0"
#
# This software is part of cve-search.org
#
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
import os
import re
PATTERNS_PATH="./git_vuln_finder/patterns"
def build_pattern(pattern_file):
fp = open(pattern_file, "r")
rex = ""
try:
prefix_fp = open(pattern_file + ".prefix", "r")
rex += prefix_fp.read()
prefix_fp.close()
except:
pass
for line in fp.readlines():
rex += line.rstrip() + "|"
rex = rex[:-1] # We remove the extra '|
fp.close()
try:
suffix_fp = open(pattern_file + ".suffix", "r")
rex += suffix_fp.read()
suffix_fp.close()
except:
pass
return rex
def get_patterns(patterns_path=PATTERNS_PATH):
patterns = {}
for root, dirs, files in os.walk(patterns_path):
path = root.split(os.sep)
for f in files:
if f.endswith(".prefix") or f.endswith(".suffix"):
continue
npath = root[len(patterns_path):].split(os.sep)
try:
npath.remove('')
except ValueError:
pass
lang = npath[0]
severity = npath[1]
pattern_category = f
try: # FIXME: Is there a better way?
a = patterns[lang]
except KeyError:
patterns[lang] = {}
try:
a = patterns[lang][severity]
except KeyError:
patterns[lang][severity] = {}
try:
a = patterns[lang][severity][pattern_category]
except KeyError:
rex = build_pattern(root + os.sep + f)
patterns[lang][severity][pattern_category] = re.compile(rex)
return patterns

67
git_vuln_finder/finder.py → git_vuln_finder/vulnerability.py
View file

@ -10,74 +10,11 @@
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
import os
import re import re
import sys import sys
from langdetect import detect as langdetect from langdetect import detect as langdetect
PATTERNS_PATH="./git_vuln_finder/patterns"
def build_pattern(pattern_file):
fp = open(pattern_file, "r")
rex = ""
try:
prefix_fp = open(pattern_file + ".prefix", "r")
rex += prefix_fp.read()
prefix_fp.close()
except:
pass
for line in fp.readlines():
rex += line.rstrip() + "|"
rex = rex[:-1] # We remove the extra '|
fp.close()
try:
suffix_fp = open(pattern_file + ".suffix", "r")
rex += suffix_fp.read()
suffix_fp.close()
except:
pass
return rex
def get_patterns(patterns_path=PATTERNS_PATH):
patterns = {}
for root, dirs, files in os.walk(patterns_path):
path = root.split(os.sep)
for f in files:
if f.endswith(".prefix") or f.endswith(".suffix"):
continue
npath = root[len(patterns_path):].split(os.sep)
try:
npath.remove('')
except ValueError:
pass
lang = npath[0]
severity = npath[1]
pattern_category = f
try: # FIXME: Is there a better way?
a = patterns[lang]
except KeyError:
patterns[lang] = {}
try:
a = patterns[lang][severity]
except KeyError:
patterns[lang][severity] = {}
try:
a = patterns[lang][severity][pattern_category]
except KeyError:
rex = build_pattern(root + os.sep + f)
patterns[lang][severity][pattern_category] = re.compile(rex)
return patterns
def find_vuln(commit, pattern, verbose=False): def find_vuln(commit, pattern, verbose=False):
m = pattern.search(commit.message) m = pattern.search(commit.message)
if m: if m:
@ -93,8 +30,10 @@ def find_vuln(commit, pattern, verbose=False):
return None return None
def summary(commit, def summary(repo,
commit,
branch, branch,
tagmap,
pattern, pattern,
origin=None, origin=None,
vuln_match=None, vuln_match=None,