Run evaluation of the crawling of patch commits

[elanzini]

As ground truth, we will be using the MSR2019 data published by SAP, where patch commits of vulnerabilities were manually picked for a considerable amount of vulnerabilities.

Experiment Setting:
The PatchFinder will be given as the source of input ONLY references from NVD. Once the crawling has come to an end we will be presented with the following:

ground_truth : {
    "CVE-XXXX-XXXXX" : { "patch_commit_1", "patch_commit_2", .. }
}

crawling_output : {
    "CVE-XXXX-XXXXX" : { "patch_commit_1", "patch_commit_2", .. }
}

The evaluation seems to be trivial but there is one important problem that needs to be addressed before proceeding further. All the patch commits are reported by our ground truth as github commits. This is an issue in the case of a lot of Apache projects, whose patches are often found as SVN revisions by the PatchFinder. To accommodate the evaluation, a better comparison schema needs to be implemented to check if a revision and a commit lead to the same diff. Comparing diffs would also support the case where the PatchFinder is taking .patch files from JIRA issues (e.g. CVE-2012-6612)