fixed problem of definition of tagmap

2024-11-22 14:57:20 +00:00 · 2020-01-06 07:44:35 +01:00 · 2020-01-06 07:44:35 +01:00 · a597d1e6fc
commit a597d1e6fc
parent ba558d34e4
4 changed files with 91 additions and 72 deletions
--- a/bin/finder.py
+++ b/bin/finder.py
@ -73,8 +73,8 @@ def main():
    repo_heads_names = [h.name for h in repo_heads]
    print(repo_heads_names, file=sys.stderr)
    origin = repo.remotes.origin.url
-    if args.t:
    tagmap = {}
+    if args.t:
        for t in repo.tags:
            tagmap.setdefault(repo.commit(t).hexsha, []).append(str(t))

@ -86,8 +86,10 @@ def main():
                ret = find_vuln(commit, pattern=defaultpattern, verbose=args.v)
                if ret:
                    rcommit = ret['commit']
-                    _, potential_vulnerabilities = summary(rcommit,
+                    _, potential_vulnerabilities = summary(repo,
+                                                           rcommit,
                                                           branch,
+                                                           tagmap,
                                                           defaultpattern,
                                                           origin=origin,
                                                           vuln_match=ret['match'],
@ -100,8 +102,10 @@ def main():
                    ret = find_vuln(commit, pattern=p, verbose=args.v)
                    if ret:
                        rcommit = ret['commit']
-                        _, potential_vulnerabilities = summary(rcommit,
+                        _, potential_vulnerabilities = summary(repo,
+                                                               rcommit,
                                                               branch,
+                                                               tagmap,
                                                               p,
                                                               origin=origin,
                                                               vuln_match=ret['match'],
--- a/git_vuln_finder/init.py
+++ b/git_vuln_finder/init.py
@ -1,6 +1,6 @@

-from git_vuln_finder.finder import build_pattern
-from git_vuln_finder.finder import get_patterns
-from git_vuln_finder.finder import find_vuln
-from git_vuln_finder.finder import summary
-from git_vuln_finder.finder import extract_cve
+from git_vuln_finder.pattern import build_pattern
+from git_vuln_finder.pattern import get_patterns
+from git_vuln_finder.vulnerability import find_vuln
+from git_vuln_finder.vulnerability import summary
+from git_vuln_finder.vulnerability import extract_cve
--- a/git_vuln_finder/pattern.py
+++ b/git_vuln_finder/pattern.py
@ -0,0 +1,76 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Finding potential software vulnerabilities from git commit messages
+#
+# Software is free software released under the "GNU Affero General Public License v3.0"
+#
+# This software is part of cve-search.org
+#
+# Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be
+
+
+import os
+import re
+
+
+PATTERNS_PATH="./git_vuln_finder/patterns"
+
+
+def build_pattern(pattern_file):
+    fp = open(pattern_file, "r")
+    rex = ""
+    try:
+        prefix_fp = open(pattern_file + ".prefix", "r")
+        rex += prefix_fp.read()
+        prefix_fp.close()
+    except:
+        pass
+
+    for line in fp.readlines():
+        rex += line.rstrip() + "|"
+    rex = rex[:-1] # We remove the extra '|
+    fp.close()
+
+    try:
+        suffix_fp = open(pattern_file + ".suffix", "r")
+        rex += suffix_fp.read()
+        suffix_fp.close()
+    except:
+        pass
+
+    return rex
+
+
+def get_patterns(patterns_path=PATTERNS_PATH):
+    patterns = {}
+    for root, dirs, files in os.walk(patterns_path):
+        path = root.split(os.sep)
+        for f in files:
+            if f.endswith(".prefix") or f.endswith(".suffix"):
+                continue
+            npath = root[len(patterns_path):].split(os.sep)
+            try:
+                npath.remove('')
+            except ValueError:
+                pass
+
+            lang = npath[0]
+            severity = npath[1]
+            pattern_category = f
+
+            try: # FIXME: Is there a better way?
+                a = patterns[lang]
+            except KeyError:
+                patterns[lang] = {}
+            try:
+                a = patterns[lang][severity]
+            except KeyError:
+                patterns[lang][severity] = {}
+            try:
+                a = patterns[lang][severity][pattern_category]
+            except KeyError:
+                rex = build_pattern(root + os.sep + f)
+                patterns[lang][severity][pattern_category] = re.compile(rex)
+
+    return patterns
--- a/git_vuln_finder/vulnerability.py
+++ b/git_vuln_finder/vulnerability.py
@ -10,74 +10,11 @@
 # Copyright (c) 2019-2020 Alexandre Dulaunoy - a@foo.be


-import os
 import re
 import sys
 from langdetect import detect as langdetect


-PATTERNS_PATH="./git_vuln_finder/patterns"
-
-
-def build_pattern(pattern_file):
-    fp = open(pattern_file, "r")
-    rex = ""
-    try:
-        prefix_fp = open(pattern_file + ".prefix", "r")
-        rex += prefix_fp.read()
-        prefix_fp.close()
-    except:
-        pass
-
-    for line in fp.readlines():
-        rex += line.rstrip() + "|"
-    rex = rex[:-1] # We remove the extra '|
-    fp.close()
-
-    try:
-        suffix_fp = open(pattern_file + ".suffix", "r")
-        rex += suffix_fp.read()
-        suffix_fp.close()
-    except:
-        pass
-
-    return rex
-
-
-def get_patterns(patterns_path=PATTERNS_PATH):
-    patterns = {}
-    for root, dirs, files in os.walk(patterns_path):
-        path = root.split(os.sep)
-        for f in files:
-            if f.endswith(".prefix") or f.endswith(".suffix"):
-                continue
-            npath = root[len(patterns_path):].split(os.sep)
-            try:
-                npath.remove('')
-            except ValueError:
-                pass
-
-            lang = npath[0]
-            severity = npath[1]
-            pattern_category = f
-
-            try: # FIXME: Is there a better way?
-                a = patterns[lang]
-            except KeyError:
-                patterns[lang] = {}
-            try:
-                a = patterns[lang][severity]
-            except KeyError:
-                patterns[lang][severity] = {}
-            try:
-                a = patterns[lang][severity][pattern_category]
-            except KeyError:
-                rex = build_pattern(root + os.sep + f)
-                patterns[lang][severity][pattern_category] = re.compile(rex)
-
-    return patterns
-
-
 def find_vuln(commit, pattern, verbose=False):
    m = pattern.search(commit.message)
    if m:
@ -93,8 +30,10 @@ def find_vuln(commit, pattern, verbose=False):
        return None


-def summary(commit,
+def summary(repo,
+            commit,
            branch,
+            tagmap,
            pattern,
            origin=None,
            vuln_match=None,