노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
노현종
03ffdfe3 1 parent 0c5f73a5

0411 md5

Inline Side-by-side
Showing 1 changed file with 55 additions and 26 deletions
......@@ -3,6 +3,7 @@ using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
......@@ -12,20 +13,10 @@ namespace VulnCrawler
class Program
{
static void Main(string[] args) {
//if (Directory.Exists(@"c:\test")) {
// DeleteDirectory(@"c:\test");
//}
//var co = new CloneOptions {
// OnCheckoutProgress = CheckoutProcess,
// OnTransferProgress = TransferProgress,
// CredentialsProvider = (_url, _user, _cred) => new UsernamePasswordCredentials { Username = "yhackerbv@gmail.com", Password = "@@GUSwjdaf12@@" }
//};
//Repository.Clone("https://github.com/torvalds/linux.git", @"\test\", co);
using (var r = new Repository(@"c:\test2")) {
var commits = r.Commits
.Where(c => Regex.Match(c.Message, @"CVE-20\d\d-\d{4}", RegexOptions.IgnoreCase).Success)
......@@ -41,7 +32,7 @@ namespace VulnCrawler
Console.ResetColor();
foreach (var parent in commit.Parents) {
var patch = r.Diff.Compare<Patch>(parent.Tree, commit.Tree, new CompareOptions { });
var entrys = patch.Where(e => e.Path.EndsWith(".py"));
foreach (var entry in entrys) {
......@@ -53,7 +44,7 @@ namespace VulnCrawler
var oldOid = entry.OldOid;
Blob oldBlob = r.Lookup<Blob>(oldOid);
string oldContent = oldBlob.GetContentText();
var newOid = entry.Oid;
Blob newBlob = r.Lookup<Blob>(newOid);
string newContent = newBlob.GetContentText();
......@@ -93,24 +84,48 @@ namespace VulnCrawler
StringBuilder oldBuilder = new StringBuilder();
using (var reader = new StreamReader(oldBlob.GetContentStream())) {
int readCount = 0;
int defSpace = 0;
while (!reader.EndOfStream && readCount <= oldStart + oldLines) {
string line = reader.ReadLine();
if (readCount++ >= oldStart) {
oldBuilder.AppendLine(line);
if (defSpace > 0) {
if (line.Length < defSpace) {
continue;
}
string concat = line.Substring(0, defSpace);
if (string.IsNullOrWhiteSpace(concat)) {
string trim = line.Trim();
if (trim.StartsWith("#")) {
continue;
}
oldBuilder.Append(line);
}
else {
continue;
}
}
if (Regex.Match(line, $@"def {methodName}\(.*\)").Success) {
defSpace = line.IndexOf(methodName);
oldBuilder.Append(line);
}
}
/*
* CVE 탐지된 코드 순환 -> def로 시작하는 파이썬 함수만 걸러내야함
* 문제는 파이썬은 c와 달리 {}가 없어서 상당히 귀찮음
*/
}
string replace = Regex.Replace(oldBuilder.ToString(), " ", "");
Console.WriteLine($"Builder: \n{replace}");
StringBuilder sb = new StringBuilder();
sb.Append("\"\"\"");
sb.Append(@".*");
sb.Append("\"\"\"");
if (Regex.Match(oldBuilder.ToString(), sb.ToString()).Success) {
string replace = Regex.Replace(oldBuilder.ToString(), sb.ToString(), "");
replace = Regex.Replace(replace, " ", "");
Console.WriteLine($"Builder: \n{replace}");
string md5 = MD5HashFunc(replace);
Console.WriteLine($"MD5: {md5}");
}
}
Console.WriteLine("-----------");
......@@ -125,6 +140,20 @@ namespace VulnCrawler
}
}
}
public static string MD5HashFunc(string str) {
StringBuilder MD5Str = new StringBuilder();
byte[] byteArr = Encoding.ASCII.GetBytes(str);
byte[] resultArr = (new MD5CryptoServiceProvider()).ComputeHash(byteArr);
//for (int cnti = 1; cnti < resultArr.Length; cnti++) (2010.06.27)
for (int cnti = 0; cnti < resultArr.Length; cnti++) {
MD5Str.Append(resultArr[cnti].ToString("X2"));
}
return MD5Str.ToString();
}
public static void DeleteDirectory(string targetDir) {
File.SetAttributes(targetDir, FileAttributes.Normal);
......