fixed problem of definition of tagmap

This commit is contained in:
Cédric Bonhomme 2020-01-06 07:44:35 +01:00
parent ba558d34e4
commit a597d1e6fc
No known key found for this signature in database
GPG key ID: A1CB94DE57B7A70D
4 changed files with 91 additions and 72 deletions

View file

@ -73,8 +73,8 @@ def main():
repo_heads_names = [h.name for h in repo_heads]
print(repo_heads_names, file=sys.stderr)
origin = repo.remotes.origin.url
tagmap = {}
if args.t:
tagmap = {}
for t in repo.tags:
tagmap.setdefault(repo.commit(t).hexsha, []).append(str(t))
@ -86,8 +86,10 @@ def main():
ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
if ret:
rcommit = ret['commit']
_, potential_vulnerabilities = summary(rcommit,
_, potential_vulnerabilities = summary(repo,
rcommit,
branch,
tagmap,
defaultpattern,
origin=origin,
vuln_match=ret['match'],
@ -100,8 +102,10 @@ def main():
ret = find_vuln(commit, pattern=p, verbose=args.v)
if ret:
rcommit = ret['commit']
_, potential_vulnerabilities = summary(rcommit,
_, potential_vulnerabilities = summary(repo,
rcommit,
branch,
tagmap,
p,
origin=origin,
vuln_match=ret['match'],

View file

@ -1,6 +1,6 @@
from git_vuln_finder.finder import build_pattern
from git_vuln_finder.finder import get_patterns
from git_vuln_finder.finder import find_vuln
from git_vuln_finder.finder import summary
from git_vuln_finder.finder import extract_cve
from git_vuln_finder.pattern import build_pattern
from git_vuln_finder.pattern import get_patterns
from git_vuln_finder.vulnerability import find_vuln
from git_vuln_finder.vulnerability import summary
from git_vuln_finder.vulnerability import extract_cve

View file

@ -0,0 +1,76 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Finding potential software vulnerabilities from git commit messages
#
# Software is free software released under the "GNU Affero General Public License v3.0"
#
# This software is part of cve-search.org
#
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
import os
import re
PATTERNS_PATH="./git_vuln_finder/patterns"
def build_pattern(pattern_file):
fp = open(pattern_file, "r")
rex = ""
try:
prefix_fp = open(pattern_file + ".prefix", "r")
rex += prefix_fp.read()
prefix_fp.close()
except:
pass
for line in fp.readlines():
rex += line.rstrip() + "|"
rex = rex[:-1] # We remove the extra '|
fp.close()
try:
suffix_fp = open(pattern_file + ".suffix", "r")
rex += suffix_fp.read()
suffix_fp.close()
except:
pass
return rex
def get_patterns(patterns_path=PATTERNS_PATH):
patterns = {}
for root, dirs, files in os.walk(patterns_path):
path = root.split(os.sep)
for f in files:
if f.endswith(".prefix") or f.endswith(".suffix"):
continue
npath = root[len(patterns_path):].split(os.sep)
try:
npath.remove('')
except ValueError:
pass
lang = npath[0]
severity = npath[1]
pattern_category = f
try: # FIXME: Is there a better way?
a = patterns[lang]
except KeyError:
patterns[lang] = {}
try:
a = patterns[lang][severity]
except KeyError:
patterns[lang][severity] = {}
try:
a = patterns[lang][severity][pattern_category]
except KeyError:
rex = build_pattern(root + os.sep + f)
patterns[lang][severity][pattern_category] = re.compile(rex)
return patterns

View file

@ -10,74 +10,11 @@
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
import os
import re
import sys
from langdetect import detect as langdetect
PATTERNS_PATH="./git_vuln_finder/patterns"
def build_pattern(pattern_file):
fp = open(pattern_file, "r")
rex = ""
try:
prefix_fp = open(pattern_file + ".prefix", "r")
rex += prefix_fp.read()
prefix_fp.close()
except:
pass
for line in fp.readlines():
rex += line.rstrip() + "|"
rex = rex[:-1] # We remove the extra '|
fp.close()
try:
suffix_fp = open(pattern_file + ".suffix", "r")
rex += suffix_fp.read()
suffix_fp.close()
except:
pass
return rex
def get_patterns(patterns_path=PATTERNS_PATH):
patterns = {}
for root, dirs, files in os.walk(patterns_path):
path = root.split(os.sep)
for f in files:
if f.endswith(".prefix") or f.endswith(".suffix"):
continue
npath = root[len(patterns_path):].split(os.sep)
try:
npath.remove('')
except ValueError:
pass
lang = npath[0]
severity = npath[1]
pattern_category = f
try: # FIXME: Is there a better way?
a = patterns[lang]
except KeyError:
patterns[lang] = {}
try:
a = patterns[lang][severity]
except KeyError:
patterns[lang][severity] = {}
try:
a = patterns[lang][severity][pattern_category]
except KeyError:
rex = build_pattern(root + os.sep + f)
patterns[lang][severity][pattern_category] = re.compile(rex)
return patterns
def find_vuln(commit, pattern, verbose=False):
m = pattern.search(commit.message)
if m:
@ -93,8 +30,10 @@ def find_vuln(commit, pattern, verbose=False):
return None
def summary(commit,
def summary(repo,
commit,
branch,
tagmap,
pattern,
origin=None,
vuln_match=None,