
Finding potential software vulnerabilities from Git commit messages - adulau
https://github.com/cve-search/git-vuln-finder
======
nograpes
In case anyone else was curious, the regular expression used is:

vulnpatterns = re.compile("(?i)(denial of service |\bXX E\b|remote code
execution|\bopen redirect|OSVDB|\bvuln|\bCVE\b
|\bXSS\b|\bReDoS\b|\bNVD\b|malicious|x−frame−options|attack|cross site
|exploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF
\b|\bXSS\b|clickjack|session.fixation|hijack|\badvisory|\binsecure |security
|\bcross−origin\b|unauthori[z|s]ed |infinite loop)")

~~~
saagarjha
This seems to be tuned towards web applications; I'd add things like
"overflow", "corruption", and "disclose".

~~~
adulau
Indeed, good point. I'll add a set of regular expressions for bugs related to
overflow, double-free or alike. Don't hesitate to make a pull-request or open
an issue if you see anything missing.

------
pedro1976
This reminds me of a paper from google, where they try to determine how risky
a change to a file is, according to its commit history. Given you use semantic
commit messages, you can just look on the number of fix() commits and infer a
risk level. Later, depending on the calculated risk, you may run a different
set of tests.

