adulau/git-vuln-finder
1
0
Fork 0
mirror of https://github.com/adulau/git-vuln-finder.git synced 2024-11-21 17:47:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

chg: [doc] How to contribute to the project

Browse source
This commit is contained in:
Alexandre Dulaunoy 2019-12-26 10:34:18 +01:00
parent 58fabc104a
commit e19606ccf6
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD
2 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
AUTHORS Normal file
View file

@ -0,0 +1,3 @@
Alexandre Dulaunoy
Jean-Louis Huynen
Sebastien Tricaud

15
README.md
View file

@ -37,9 +37,9 @@ More info: https://github.com/cve-search/git-vuln-finder
git-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as:
- `vulnpatterns` is a generic vulnerability pattern especially targeting web application and generic security commit message. Based on an academic paper.
- `cryptopatterns` is a vulnerability pattern for cryptographic errors mentioned in commit messages.
- `cpatterns` is a set of standard vulnerability patterns see for C/C++-like languages.
- [`vulnpatterns`](https://github.com/cve-search/git-vuln-finder/blob/master/patterns/en/medium/vuln) is a generic vulnerability pattern especially targeting web application and generic security commit message. Based on an academic paper.
- [`cryptopatterns`](https://github.com/cve-search/git-vuln-finder/blob/master/patterns/en/medium/crypto) is a vulnerability pattern for cryptographic errors mentioned in commit messages.
- [`cpatterns`](https://github.com/cve-search/git-vuln-finder/blob/master/patterns/en/medium/c) is a set of standard vulnerability patterns see for C/C++-like languages.
## A sample partial output from Curl git repository
@ -153,8 +153,13 @@ Copyright (c) 2019 Alexandre Dulaunoy - https://github.com/adulau/
# Acknowledgment
- Thanks to [Jean-Louis Huynen](https://github.com/gallypette) for the discussions about the crypto vulnerability pattern
- Thanks to [Sebastien Tricaud](https://github.com/stricaud) for the discussions regarding native language and commit messages
- Thanks to [Jean-Louis Huynen](https://github.com/gallypette) for the discussions about the crypto vulnerability patterns.
- Thanks to [Sebastien Tricaud](https://github.com/stricaud) for the discussions regarding native language, commit messages and external patterns.
# Contributing
We welcome contributions for the software and especially additional vulnerability patterns. Every contributors will be added in the [AUTHORS file](./AUTHORS) and
collectively own this open source software. The contributors acknowledge the [Developer Certificate of Origin](https://developercertificate.org/).
# References