git-vuln-finder: Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.
git-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as:
- vulnpatterns is a generic vulnerability pattern especially targeting web applications and the generic security commit message. Based on an academic paper.
- cryptopatterns is a vulnerability pattern for cryptographic errors mentioned in commit messages.
- cpatterns is a set of standard vulnerability patterns see for C/C++-like languages.
git clone https://github.com/cve-search/git-vuln-finder.git
pip3 install -r REQUIREMENTS
A sample partial output from a Curl git repository
Extracting CVE id(s) from git messages
Copyright (c) 2019 Alexandre Dulaunoy – https://github.com/adulau/