mirror of
https://github.com/cve-search/git-vuln-finder.git
synced 2024-11-25 16:27:20 +00:00
updated README.
This commit is contained in:
parent
18121a735f
commit
e10ab62c71
2 changed files with 52 additions and 2 deletions
48
README.md
48
README.md
|
@ -32,6 +32,43 @@ Python 3.8.0 (default, Dec 11 2019, 21:43:13)
|
||||||
Type "help", "copyright", "credits" or "license" for more information.
|
Type "help", "copyright", "credits" or "license" for more information.
|
||||||
>>> from git_vuln_finder import find
|
>>> from git_vuln_finder import find
|
||||||
>>> all_potential_vulnerabilities, all_cve_found, found = find("~/git/curl")
|
>>> all_potential_vulnerabilities, all_cve_found, found = find("~/git/curl")
|
||||||
|
|
||||||
|
>>> [commit for commit, summary in all_potential_vulnerabilities.items() if summary['state'] == 'cve-assigned']
|
||||||
|
['9069838b30fb3b48af0123e39f664cea683254a5', 'facb0e4662415b5f28163e853dc6742ac5fafb3d',
|
||||||
|
... snap ...
|
||||||
|
'8a75dbeb2305297640453029b7905ef51b87e8dd', '1dc43de0dccc2ea7da6dddb7b98f8d7dcf323914', '192c4f788d48f82c03e9cef40013f34370e90737', '2eb8dcf26cb37f09cffe26909a646e702dbcab66', 'fa1ae0abcde5df8d0b3283299e3f246bedf7692c', 'c11c30a8c8d727dcf5634fa0cc6ee0b4b77ddc3d', '75ca568fa1c19de4c5358fed246686de8467c238', 'a20daf90e358c1476a325ea665d533f7a27e3364', '042cc1f69ec0878f542667cb684378869f859911']
|
||||||
|
>>> print(json.dumps(all_potential_vulnerabilities['9069838b30fb3b48af0123e39f664cea683254a5'], sort_keys=True, indent=4, separators=(",", ": ")))
|
||||||
|
{
|
||||||
|
"author": "Daniel Stenberg",
|
||||||
|
"author-email": "daniel@haxx.se",
|
||||||
|
"authored_date": 1567544372,
|
||||||
|
"branches": [
|
||||||
|
"master"
|
||||||
|
],
|
||||||
|
"commit-id": "9069838b30fb3b48af0123e39f664cea683254a5",
|
||||||
|
"committed_date": 1568009674,
|
||||||
|
"cve": [
|
||||||
|
"CVE-2019-5481",
|
||||||
|
"CVE-2019-5481"
|
||||||
|
],
|
||||||
|
"language": "en",
|
||||||
|
"message": "security:read_data fix bad realloc()\n\n... that could end up a double-free\n\nCVE-2019-5481\nBug: https://curl.haxx.se/docs/CVE-2019-5481.html\n",
|
||||||
|
"origin": "https://github.com/curl/curl.git",
|
||||||
|
"origin-github-api": "https://api.github.com/repos///github.com/curl/curl/commits/9069838b30fb3b48af0123e39f664cea683254a5",
|
||||||
|
"pattern-matches": [
|
||||||
|
"double-free"
|
||||||
|
],
|
||||||
|
"pattern-selected": "(?i)(double[-| ]free|buffer overflow|double free|race[-| ]condition)",
|
||||||
|
"state": "cve-assigned",
|
||||||
|
"stats": {
|
||||||
|
"deletions": 4,
|
||||||
|
"files": 1,
|
||||||
|
"insertions": 2,
|
||||||
|
"lines": 6
|
||||||
|
},
|
||||||
|
"summary": "security:read_data fix bad realloc()",
|
||||||
|
"tags": []
|
||||||
|
}
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
|
||||||
|
@ -181,22 +218,33 @@ ploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF \b|\bXSS\b|clickjack
|
||||||
}
|
}
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
|
||||||
|
#Running the tests
|
||||||
|
|
||||||
|
~~~bash
|
||||||
|
$ pytest
|
||||||
|
~~~
|
||||||
|
|
||||||
|
|
||||||
# License and author(s)
|
# License and author(s)
|
||||||
|
|
||||||
This software is free software and licensed under the AGPL version 3.
|
This software is free software and licensed under the AGPL version 3.
|
||||||
|
|
||||||
Copyright (c) 2019-2020 Alexandre Dulaunoy - https://github.com/adulau/
|
Copyright (c) 2019-2020 Alexandre Dulaunoy - https://github.com/adulau/
|
||||||
|
|
||||||
|
|
||||||
# Acknowledgment
|
# Acknowledgment
|
||||||
|
|
||||||
- Thanks to [Jean-Louis Huynen](https://github.com/gallypette) for the discussions about the crypto vulnerability patterns.
|
- Thanks to [Jean-Louis Huynen](https://github.com/gallypette) for the discussions about the crypto vulnerability patterns.
|
||||||
- Thanks to [Sebastien Tricaud](https://github.com/stricaud) for the discussions regarding native language, commit messages and external patterns.
|
- Thanks to [Sebastien Tricaud](https://github.com/stricaud) for the discussions regarding native language, commit messages and external patterns.
|
||||||
|
|
||||||
|
|
||||||
# Contributing
|
# Contributing
|
||||||
|
|
||||||
We welcome contributions for the software and especially additional vulnerability patterns. Every contributors will be added in the [AUTHORS file](./AUTHORS) and
|
We welcome contributions for the software and especially additional vulnerability patterns. Every contributors will be added in the [AUTHORS file](./AUTHORS) and
|
||||||
collectively own this open source software. The contributors acknowledge the [Developer Certificate of Origin](https://developercertificate.org/).
|
collectively own this open source software. The contributors acknowledge the [Developer Certificate of Origin](https://developercertificate.org/).
|
||||||
|
|
||||||
|
|
||||||
# References
|
# References
|
||||||
|
|
||||||
- [Notes](https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md)
|
- [Notes](https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md)
|
||||||
|
|
|
@ -24,15 +24,17 @@ keywords = [
|
||||||
]
|
]
|
||||||
|
|
||||||
classifiers = [
|
classifiers = [
|
||||||
"Development Status :: 5 - Production/Stable",
|
"Development Status :: 4 - Beta Copy",
|
||||||
"Environment :: Console",
|
"Environment :: Console",
|
||||||
"Intended Audience :: Developers",
|
"Intended Audience :: Developers",
|
||||||
|
"Intended Audience :: Information Technology",
|
||||||
"Intended Audience :: Science/Research",
|
"Intended Audience :: Science/Research",
|
||||||
"Topic :: Security",
|
"Topic :: Security",
|
||||||
"Operating System :: OS Independent",
|
"Operating System :: OS Independent",
|
||||||
|
"Programming Language :: Python :: 3.6",
|
||||||
"Programming Language :: Python :: 3.7",
|
"Programming Language :: Python :: 3.7",
|
||||||
"Programming Language :: Python :: 3.8",
|
"Programming Language :: Python :: 3.8",
|
||||||
"License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)"
|
"License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)"
|
||||||
]
|
]
|
||||||
|
|
||||||
include = [
|
include = [
|
||||||
|
|
Loading…
Reference in a new issue