adulau/git-vuln-finder
1
0
Fork 0
mirror of https://github.com/cve-search/git-vuln-finder.git synced 2024-11-22 14:57:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
115 commits 1 branch 5 tags 388 KiB
Commit graph

115 commits

This branch
This branch
All branches
Author SHA1 Message Date
Cédric Bonhomme
d43bddd65a
added badge with temporary address 2020-01-06 18:28:24 +01:00
Cédric Bonhomme
864def653a
updated the tests 2020-01-06 18:24:30 +01:00
Cédric Bonhomme
d2b88a3e6c
updated README. 2020-01-06 18:16:47 +01:00
Cédric Bonhomme
43c8c432b8
updated gitignore 2020-01-06 18:12:57 +01:00
Cédric Bonhomme
2e1d646f99
checkout version curl-7_67_0 of curl for the tests. 2020-01-06 18:11:43 +01:00
Cédric Bonhomme
1aec0290af
checkout version curl-7_67_0 of curl for the tests. 2020-01-06 18:10:30 +01:00
Cédric Bonhomme
a4a17ba265
checkout version curl-7_67_0 of curl for the tests. 2020-01-06 18:10:09 +01:00
Cédric Bonhomme
a61719bf16
Updated README> 2020-01-06 17:04:10 +01:00
Cédric Bonhomme
4307c41173
wip 2020-01-06 17:00:36 +01:00
Cédric Bonhomme
86e9f1ff5b
wip 2020-01-06 16:58:30 +01:00
Cédric Bonhomme
29cbb7c982
checkout curl with actions/checkout@v2 2020-01-06 16:52:45 +01:00
Cédric Bonhomme
b4ead9123e
fixed tag of curl 2020-01-06 16:49:27 +01:00
Cédric Bonhomme
81786106d0
checkout a repo 2020-01-06 16:43:43 +01:00
Cédric Bonhomme
e12d253793
removed nose2 2020-01-06 16:33:55 +01:00
Cédric Bonhomme
86b58987d3
added GitHub workflow 2020-01-06 16:32:50 +01:00
Cédric Bonhomme
ceb2c63458
added basic test 2020-01-06 16:29:45 +01:00
Cédric Bonhomme
552937a7bb
Make the whole thing importable in a Python code. 2020-01-06 16:29:30 +01:00
Cédric Bonhomme
73d5349b08
in place merge number of CVE found via summary function 2020-01-06 15:50:50 +01:00
Cédric Bonhomme
1460433429
it should be safe to do that 2020-01-06 08:22:37 +01:00
Cédric Bonhomme
851d8946fd
'# FIXME: Is there a better way?': yes 2020-01-06 08:08:08 +01:00
Cédric Bonhomme
335bdff4cb
reformat a tiny with black 2020-01-06 07:50:21 +01:00
Cédric Bonhomme
a597d1e6fc
fixed problem of definition of tagmap 2020-01-06 07:44:35 +01:00
Cédric Bonhomme
ba558d34e4
typo 2020-01-05 13:08:57 +01:00
Cédric Bonhomme
caed1e9031
deleted useless file 2020-01-04 00:17:21 +01:00
Cédric Bonhomme
031b71a7de
Updated README. 2020-01-04 00:14:44 +01:00
Cédric Bonhomme
c9af36b869
updated gitignore 2020-01-04 00:09:22 +01:00
Cédric Bonhomme
19d4e87430
added .gitignore 2020-01-04 00:08:30 +01:00
Cédric Bonhomme
8e0599ec09
OK, it's for GitHub pages. 2020-01-04 00:07:17 +01:00
Cédric Bonhomme
2fa7b4583e
improved cli. removed useless import 2020-01-03 17:51:55 +01:00
Cédric Bonhomme
fe4a656412
Updated README. 2020-01-03 17:39:56 +01:00
Cédric Bonhomme
dfa15c119d
Renamed command line. 2020-01-03 17:35:04 +01:00
Cédric Bonhomme
0b31bc36b2
added pyproject.toml file 2020-01-03 16:07:40 +01:00
Cédric Bonhomme
dcb0fcc0a5
wip, but seems to be working as a cli 2020-01-03 16:06:33 +01:00
Alexandre Dulaunoy
01cedee91d Set theme jekyll-theme-minimal 2019-12-27 11:08:22 +01:00
Alexandre Dulaunoy
f845ad059a chg: [doc] logo added 2019-12-26 11:59:52 +01:00
Alexandre Dulaunoy
f22077452c new: [logos] git-vuln-finder project has its own logo 2019-12-26 11:57:28 +01:00
Alexandre Dulaunoy
e19606ccf6
chg: [doc] How to contribute to the project 2019-12-26 10:34:18 +01:00
Alexandre Dulaunoy
58fabc104a
Merge pull request #6 from stricaud/patterns 
Adding patterns to be used from external files, done this way:
 2019-12-26 10:22:40 +01:00
Sebastien Tricaud
2d1cbc220f Adding patterns to be used from external files, done this way: 
* Create a file in patterns/en/medium/ where there is one pattern per line
* If needed append .suffix and .prefix to prepend or append those chars to the regex (exactly those chars, don't add a newline char in the end!)
* Replicate the actual behavior, for now, only medium is being used, but later, we will add more severities and add them into the output information
 2019-12-24 11:42:24 -08:00
Alexandre Dulaunoy
098921df31
chg: [doc] update the READM for the v1.0 release 2019-12-24 17:28:51 +01:00
Alexandre Dulaunoy
5fd66b8dc6
new: [tags] add an option to list the tags associated to the commit 2019-12-24 17:17:21 +01:00
Alexandre Dulaunoy
2b5e91187e
Merge pull request #5 from stricaud/langdetect 
Added language detection
 2019-12-24 16:27:59 +01:00
Alexandre Dulaunoy
9c6bccc4ae
new: [github-api] Add the API link to the GitHub commit if the git repository is from GitHub 2019-12-24 16:22:02 +01:00
Sebastien Tricaud
26edaab198 Added language detection 2019-12-24 07:16:28 -08:00
Alexandre Dulaunoy
a75ecdbc87
new: [option] -c option added to output only a list of the CVE pattern found in commit messages 2019-12-24 15:38:36 +01:00
Alexandre Dulaunoy
558358c44b
chg: [doc] sample CVE id extraction added 2019-12-17 13:51:54 +01:00
Alexandre Dulaunoy
846ee3a965
new: [cve] automatic extraction of CVE id from commit message 
If one of more CVE id(s) are found in a commit message, those are added
in the finding output.

Example:

  "8c6f86c7c5350fadf22d32d6cd4712e2ad4447ba": {
    "message": "Fix an overflow bug in rsaz_512_sqr\n\nThere is an overflow bug in the x64_64 Montgomery squaring procedure used in\nexponentiation with 512-bit moduli. No EC algorithms are affected. Analysis\nsuggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a\nresult of this defect would be very difficult to perform and are not believed\nlikely. Attacks against DH512 are considered just feasible. However, for an\nattack the target would have to re-use the DH512 private key, which is not\nrecommended anyway. Also applications directly using the low level API\nBN_mod_exp may be affected if they use BN_FLG_CONSTTIME.\n\nCVE-2019-1551\n\nReviewed-by: Paul Dale <paul.dale@oracle.com>\nReviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>\n(Merged from https://github.com/openssl/openssl/pull/10574)\n",
    "commit-id": "8c6f86c7c5350fadf22d32d6cd4712e2ad4447ba",
    "summary": "Fix an overflow bug in rsaz_512_sqr",
    "stats": {
      "insertions": 197,
      "deletions": 184,
      "lines": 381,
      "files": 1
    },
    "author": "Andy Polyakov",
    "author-email": "appro@openssl.org",
    "authored_date": 1575460101,
    "committed_date": 1575635491,
    "branches": [
      "master"
    ],
    "pattern-selected": "(?i)(denial of service |\bXXE\b|remote code execution|\bopen redirect|OSVDB|\bvuln|\bCVE\b |\bXSS\b|\bReDoS\b|\bNVD\b|malicious|x−frame−options|attack|cross site |exploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF \b|\bXSS\b|clickjack|session.fixation|hijack|\badvisory|\binsecure |security |\bcross−origin\b|unauthori[z|s]ed |infinite loop)",
    "pattern-matches": [
      "attack"
    ],
    "cve": [
      "CVE-2019-1551"
    ],
    "state": "cve-assigned"
  }

The state is also updated to cve-assigned if one or more CVE are present
in the commit message.
 2019-12-17 13:37:18 +01:00
Alexandre Dulaunoy
cb850efd6a
chg: [cryptopatterns] remove FP with words starting with key like "keyboard" 2019-12-17 11:16:00 +01:00
Alexandre Dulaunoy
615027bba2
chg: [patterns] return all the groups matches and non-matches 2019-12-17 11:10:10 +01:00
Alexandre Dulaunoy
584670daf7
Merge pull request #3 from gallypette/master 
chg: [cryptopatterns] two clowns using a web interface to build regexps
 2019-12-17 10:55:43 +01:00