mirror of
https://github.com/adulau/git-vuln-finder.git
synced 2024-11-25 03:27:10 +00:00
fixed problem of definition of tagmap
This commit is contained in:
parent
ba558d34e4
commit
a597d1e6fc
4 changed files with 91 additions and 72 deletions
|
@ -73,8 +73,8 @@ def main():
|
|||
repo_heads_names = [h.name for h in repo_heads]
|
||||
print(repo_heads_names, file=sys.stderr)
|
||||
origin = repo.remotes.origin.url
|
||||
tagmap = {}
|
||||
if args.t:
|
||||
tagmap = {}
|
||||
for t in repo.tags:
|
||||
tagmap.setdefault(repo.commit(t).hexsha, []).append(str(t))
|
||||
|
||||
|
@ -86,8 +86,10 @@ def main():
|
|||
ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
|
||||
if ret:
|
||||
rcommit = ret['commit']
|
||||
_, potential_vulnerabilities = summary(rcommit,
|
||||
_, potential_vulnerabilities = summary(repo,
|
||||
rcommit,
|
||||
branch,
|
||||
tagmap,
|
||||
defaultpattern,
|
||||
origin=origin,
|
||||
vuln_match=ret['match'],
|
||||
|
@ -100,8 +102,10 @@ def main():
|
|||
ret = find_vuln(commit, pattern=p, verbose=args.v)
|
||||
if ret:
|
||||
rcommit = ret['commit']
|
||||
_, potential_vulnerabilities = summary(rcommit,
|
||||
_, potential_vulnerabilities = summary(repo,
|
||||
rcommit,
|
||||
branch,
|
||||
tagmap,
|
||||
p,
|
||||
origin=origin,
|
||||
vuln_match=ret['match'],
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
from git_vuln_finder.finder import build_pattern
|
||||
from git_vuln_finder.finder import get_patterns
|
||||
from git_vuln_finder.finder import find_vuln
|
||||
from git_vuln_finder.finder import summary
|
||||
from git_vuln_finder.finder import extract_cve
|
||||
from git_vuln_finder.pattern import build_pattern
|
||||
from git_vuln_finder.pattern import get_patterns
|
||||
from git_vuln_finder.vulnerability import find_vuln
|
||||
from git_vuln_finder.vulnerability import summary
|
||||
from git_vuln_finder.vulnerability import extract_cve
|
||||
|
|
76
git_vuln_finder/pattern.py
Normal file
76
git_vuln_finder/pattern.py
Normal file
|
@ -0,0 +1,76 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Finding potential software vulnerabilities from git commit messages
|
||||
#
|
||||
# Software is free software released under the "GNU Affero General Public License v3.0"
|
||||
#
|
||||
# This software is part of cve-search.org
|
||||
#
|
||||
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
|
||||
|
||||
|
||||
import os
|
||||
import re
|
||||
|
||||
|
||||
PATTERNS_PATH="./git_vuln_finder/patterns"
|
||||
|
||||
|
||||
def build_pattern(pattern_file):
|
||||
fp = open(pattern_file, "r")
|
||||
rex = ""
|
||||
try:
|
||||
prefix_fp = open(pattern_file + ".prefix", "r")
|
||||
rex += prefix_fp.read()
|
||||
prefix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
for line in fp.readlines():
|
||||
rex += line.rstrip() + "|"
|
||||
rex = rex[:-1] # We remove the extra '|
|
||||
fp.close()
|
||||
|
||||
try:
|
||||
suffix_fp = open(pattern_file + ".suffix", "r")
|
||||
rex += suffix_fp.read()
|
||||
suffix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
return rex
|
||||
|
||||
|
||||
def get_patterns(patterns_path=PATTERNS_PATH):
|
||||
patterns = {}
|
||||
for root, dirs, files in os.walk(patterns_path):
|
||||
path = root.split(os.sep)
|
||||
for f in files:
|
||||
if f.endswith(".prefix") or f.endswith(".suffix"):
|
||||
continue
|
||||
npath = root[len(patterns_path):].split(os.sep)
|
||||
try:
|
||||
npath.remove('')
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
lang = npath[0]
|
||||
severity = npath[1]
|
||||
pattern_category = f
|
||||
|
||||
try: # FIXME: Is there a better way?
|
||||
a = patterns[lang]
|
||||
except KeyError:
|
||||
patterns[lang] = {}
|
||||
try:
|
||||
a = patterns[lang][severity]
|
||||
except KeyError:
|
||||
patterns[lang][severity] = {}
|
||||
try:
|
||||
a = patterns[lang][severity][pattern_category]
|
||||
except KeyError:
|
||||
rex = build_pattern(root + os.sep + f)
|
||||
patterns[lang][severity][pattern_category] = re.compile(rex)
|
||||
|
||||
return patterns
|
|
@ -10,74 +10,11 @@
|
|||
# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
|
||||
|
||||
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
from langdetect import detect as langdetect
|
||||
|
||||
|
||||
PATTERNS_PATH="./git_vuln_finder/patterns"
|
||||
|
||||
|
||||
def build_pattern(pattern_file):
|
||||
fp = open(pattern_file, "r")
|
||||
rex = ""
|
||||
try:
|
||||
prefix_fp = open(pattern_file + ".prefix", "r")
|
||||
rex += prefix_fp.read()
|
||||
prefix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
for line in fp.readlines():
|
||||
rex += line.rstrip() + "|"
|
||||
rex = rex[:-1] # We remove the extra '|
|
||||
fp.close()
|
||||
|
||||
try:
|
||||
suffix_fp = open(pattern_file + ".suffix", "r")
|
||||
rex += suffix_fp.read()
|
||||
suffix_fp.close()
|
||||
except:
|
||||
pass
|
||||
|
||||
return rex
|
||||
|
||||
|
||||
def get_patterns(patterns_path=PATTERNS_PATH):
|
||||
patterns = {}
|
||||
for root, dirs, files in os.walk(patterns_path):
|
||||
path = root.split(os.sep)
|
||||
for f in files:
|
||||
if f.endswith(".prefix") or f.endswith(".suffix"):
|
||||
continue
|
||||
npath = root[len(patterns_path):].split(os.sep)
|
||||
try:
|
||||
npath.remove('')
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
lang = npath[0]
|
||||
severity = npath[1]
|
||||
pattern_category = f
|
||||
|
||||
try: # FIXME: Is there a better way?
|
||||
a = patterns[lang]
|
||||
except KeyError:
|
||||
patterns[lang] = {}
|
||||
try:
|
||||
a = patterns[lang][severity]
|
||||
except KeyError:
|
||||
patterns[lang][severity] = {}
|
||||
try:
|
||||
a = patterns[lang][severity][pattern_category]
|
||||
except KeyError:
|
||||
rex = build_pattern(root + os.sep + f)
|
||||
patterns[lang][severity][pattern_category] = re.compile(rex)
|
||||
|
||||
return patterns
|
||||
|
||||
|
||||
def find_vuln(commit, pattern, verbose=False):
|
||||
m = pattern.search(commit.message)
|
||||
if m:
|
||||
|
@ -93,8 +30,10 @@ def find_vuln(commit, pattern, verbose=False):
|
|||
return None
|
||||
|
||||
|
||||
def summary(commit,
|
||||
def summary(repo,
|
||||
commit,
|
||||
branch,
|
||||
tagmap,
|
||||
pattern,
|
||||
origin=None,
|
||||
vuln_match=None,
|
Loading…
Reference in a new issue