Skip to content

Add support for parsing Git commit messages #1992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ziadhany wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add support for parsing Git commit messages #1992

ziadhany wants to merge 7 commits into from

Conversation

@ziadhany
Copy link
Collaborator

@ziadhany ziadhany commented Aug 30, 2025
edited by pombredanne
Loading

I created an initial script to parse Git commit messages that can be easily integrated with our model. The script takes a Git repository as input, parses all commits, and returns the CVEs along with their corresponding fixed commits.

Issues:

results:

Found 192 unique CVEs
{
  "CVE-2025-4575": [
    "https://github.com/openssl/openssl/commit/0eb9acc24febb1f3f01f0320cfba9654cf66b0ac",
    "https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa"
  ],
  "CVE-2024-12797": [
    "https://github.com/openssl/openssl/commit/6ae8e947d8e3f3f03eeb7d9ad993e341791900bc",
    "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7",
    "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699",
    "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9"
  ],
  "CVE-2024-13176": [
    "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
    "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
    "https://github.com/openssl/openssl/commit/fcebf0a79a0a69f63721b66e94b01400a7de332e",
    "https://github.com/openssl/openssl/commit/78f6c35b83713d33b263fb85e3727543463d6fd5",
    "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
    "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
    "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
    "https://github.com/openssl/openssl/commit/3fc4b112da2e2107a65ae2556fb6137098e08801",
    "https://github.com/openssl/openssl/commit/f15294228451217b5e58e2b7f5ad4c7a42303212",
    "https://github.com/openssl/openssl/commit/7d8a8c20e1370e43b0cad17e47a460a6f8e81a34",
    "https://github.com/openssl/openssl/commit/63c40a66c5dc287485705d06122d3a6e74a6a203",
    "https://github.com/openssl/openssl/commit/c3144e102571517df6c15ccc049fa3660ab3cb0a"
  ],

openssl.json

ziadhany
ziadhany commented Oct 13, 2025
View reviewed changes
vulnerabilities/pipelines/v2_importers/collect_repo_fix_commits.py Outdated

def clone(self):
"""Clone the repository."""
self.repo_url = "https://github.com/torvalds/linux"
Copy link
Collaborator Author

@ziadhany ziadhany Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part should not be static

@pombredanne pombredanne mentioned this pull request Oct 15, 2025
Open
4 tasks
@ziadhany ziadhany requested a review from keshav-space October 15, 2025 14:51
keshav-space
keshav-space requested changes Oct 16, 2025
View reviewed changes
Copy link
Member

@keshav-space keshav-space left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ziadhany, see some suggestions.

@ziadhany
Add initial improver for collect repo fix commits
a500ae0 
Signed-off-by: ziad hany <ziadhany2016@gmail.com>
@ziadhany
Add CollectRepoFixCommitPipeline
2017bb8 
Add a test for CollectRepoFixCommitPipeline

Signed-off-by: ziad hany <ziadhany2016@gmail.com>
@ziadhany
Remove a test script related to fix commits and issue tracker
e1fb4e5 
Signed-off-by: ziad hany <ziadhany2016@gmail.com>
@ziadhany
Resolve requested changes
f31bca1 
Signed-off-by: ziad hany <ziadhany2016@gmail.com>
@ziadhany
Improve CollectRepoFixCommitPipeline to use input and ensure it colle…
12dc381 
…ct fixed_by_commit_patches correctly.

Signed-off-by: ziad hany <ziadhany2016@gmail.com>
@ziadhany
Update commit parsing pipeline to support collecting fix commits from…
528857e 
… multiple repositories

Signed-off-by: ziad hany <ziadhany2016@gmail.com>
@ziadhany
Copy link
Collaborator Author

ziadhany commented Jan 31, 2026
edited
Loading

This is the list of repositories I think we should collect and parse Git messages from:

@ziadhany
Update the target repositories list for parsing git commits logs
4885821 
Signed-off-by: ziad hany <ziadhany2016@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keshav-space keshav-space keshav-space requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ziadhany @keshav-space