in place merge number of CVE found via summary function

This commit is contained in:
Cédric Bonhomme 2020-01-06 15:50:50 +01:00
parent 1460433429
commit 73d5349b08
Signed by untrusted user who does not match committer: cedric
GPG key ID: A1CB94DE57B7A70D
2 changed files with 11 additions and 9 deletions

View file

@ -75,7 +75,7 @@ def main():
# Initialization of the variables for the results
found = 0
all_potential_vulnerabilities = {}
cve_found = set()
all_cve_found = set()
repo_heads = repo.heads
repo_heads_names = [h.name for h in repo_heads]
@ -94,7 +94,7 @@ def main():
ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
if ret:
rcommit = ret["commit"]
_, potential_vulnerabilities = summary(
_, potential_vulnerabilities, cve_found = summary(
repo,
rcommit,
branch,
@ -106,13 +106,14 @@ def main():
commit_state=args.s,
)
all_potential_vulnerabilities.update(potential_vulnerabilities)
all_cve_found.update(cve_found)
found += 1
elif isinstance(defaultpattern, list):
for p in defaultpattern:
ret = find_vuln(commit, pattern=p, verbose=args.v)
if ret:
rcommit = ret["commit"]
_, potential_vulnerabilities = summary(
_, potential_vulnerabilities, cve_found = summary(
repo,
rcommit,
branch,
@ -124,15 +125,16 @@ def main():
commit_state=args.s,
)
all_potential_vulnerabilities.update(potential_vulnerabilities)
all_cve_found.update(cve_found)
found += 1
if not args.c:
print(json.dumps(all_potential_vulnerabilities))
elif args.c:
print(json.dumps(list(cve_found)))
print(json.dumps(list(all_cve_found)))
print(
"{} CVE referenced found in commit(s)".format(len(list(cve_found))),
"{} CVE referenced found in commit(s)".format(len(list(all_cve_found))),
file=sys.stderr,
)
print(

View file

@ -43,7 +43,7 @@ def summary(
):
potential_vulnerabilities = {}
rcommit = commit
cve = extract_cve(rcommit.message)
cve, cve_found = extract_cve(rcommit.message)
if origin is not None:
origin = origin
if origin.find("github.com"):
@ -98,7 +98,7 @@ def summary(
else:
potential_vulnerabilities[rcommit.hexsha]["state"] = commit_state
return rcommit.hexsha, potential_vulnerabilities
return rcommit.hexsha, potential_vulnerabilities, cve_found
def extract_cve(commit):
@ -108,6 +108,6 @@ def extract_cve(commit):
if m:
for v in m:
cve_found.add(v)
return m
return m, cve_found
else:
return None
return None, set()