git-vuln-finder v1.4 releases: Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.
git-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as:
- vulnpatterns is a generic vulnerability pattern especially targeting web applications and the generic security commit message. Based on an academic paper.
- cryptopatterns is a vulnerability pattern for cryptographic errors mentioned in commit messages.
- cpatterns is a set of standard vulnerability patterns see for C/C++-like languages.
- [poetry] prepare for v1.4 release. [Alexandre Dulaunoy]
- [doc] clean-up and a note about the GH Archive support. [Alexandre Dulaunoy]
- [authors] David added. [Alexandre Dulaunoy]
- Fix #17 [main] – set language to
unknownwhen langdetect cannot detect the language for some reasons like empty commit message or unknown language. [Alexandre Dulaunoy]
Notes: langdetect exception handler seems to be crap and do not use
a Base Exception handler. That’s why the catch-all 😉
- Create codeql.yml. [Alexandre Dulaunoy]
git clone https://github.com/cve-search/git-vuln-finder.git
pip3 install -r REQUIREMENTS
A sample partial output from a Curl git repository
Extracting CVE id(s) from git messages
Copyright (c) 2019 Alexandre Dulaunoy – https://github.com/adulau/