Showing
1 changed file
with
55 additions
and
26 deletions
| ... | @@ -3,6 +3,7 @@ using System; | ... | @@ -3,6 +3,7 @@ using System; |
| 3 | using System.Collections.Generic; | 3 | using System.Collections.Generic; |
| 4 | using System.IO; | 4 | using System.IO; |
| 5 | using System.Linq; | 5 | using System.Linq; |
| 6 | +using System.Security.Cryptography; | ||
| 6 | using System.Text; | 7 | using System.Text; |
| 7 | using System.Text.RegularExpressions; | 8 | using System.Text.RegularExpressions; |
| 8 | using System.Threading.Tasks; | 9 | using System.Threading.Tasks; |
| ... | @@ -12,20 +13,10 @@ namespace VulnCrawler | ... | @@ -12,20 +13,10 @@ namespace VulnCrawler |
| 12 | class Program | 13 | class Program |
| 13 | { | 14 | { |
| 14 | static void Main(string[] args) { | 15 | static void Main(string[] args) { |
| 15 | - //if (Directory.Exists(@"c:\test")) { | 16 | + |
| 16 | - // DeleteDirectory(@"c:\test"); | ||
| 17 | 17 | ||
| 18 | - //} | 18 | + |
| 19 | 19 | ||
| 20 | - //var co = new CloneOptions { | ||
| 21 | - // OnCheckoutProgress = CheckoutProcess, | ||
| 22 | - // OnTransferProgress = TransferProgress, | ||
| 23 | - | ||
| 24 | - // CredentialsProvider = (_url, _user, _cred) => new UsernamePasswordCredentials { Username = "yhackerbv@gmail.com", Password = "@@GUSwjdaf12@@" } | ||
| 25 | - | ||
| 26 | - //}; | ||
| 27 | - | ||
| 28 | - //Repository.Clone("https://github.com/torvalds/linux.git", @"\test\", co); | ||
| 29 | using (var r = new Repository(@"c:\test2")) { | 20 | using (var r = new Repository(@"c:\test2")) { |
| 30 | var commits = r.Commits | 21 | var commits = r.Commits |
| 31 | .Where(c => Regex.Match(c.Message, @"CVE-20\d\d-\d{4}", RegexOptions.IgnoreCase).Success) | 22 | .Where(c => Regex.Match(c.Message, @"CVE-20\d\d-\d{4}", RegexOptions.IgnoreCase).Success) |
| ... | @@ -41,7 +32,7 @@ namespace VulnCrawler | ... | @@ -41,7 +32,7 @@ namespace VulnCrawler |
| 41 | Console.ResetColor(); | 32 | Console.ResetColor(); |
| 42 | foreach (var parent in commit.Parents) { | 33 | foreach (var parent in commit.Parents) { |
| 43 | var patch = r.Diff.Compare<Patch>(parent.Tree, commit.Tree, new CompareOptions { }); | 34 | var patch = r.Diff.Compare<Patch>(parent.Tree, commit.Tree, new CompareOptions { }); |
| 44 | - | 35 | + |
| 45 | var entrys = patch.Where(e => e.Path.EndsWith(".py")); | 36 | var entrys = patch.Where(e => e.Path.EndsWith(".py")); |
| 46 | foreach (var entry in entrys) { | 37 | foreach (var entry in entrys) { |
| 47 | 38 | ||
| ... | @@ -53,7 +44,7 @@ namespace VulnCrawler | ... | @@ -53,7 +44,7 @@ namespace VulnCrawler |
| 53 | var oldOid = entry.OldOid; | 44 | var oldOid = entry.OldOid; |
| 54 | Blob oldBlob = r.Lookup<Blob>(oldOid); | 45 | Blob oldBlob = r.Lookup<Blob>(oldOid); |
| 55 | string oldContent = oldBlob.GetContentText(); | 46 | string oldContent = oldBlob.GetContentText(); |
| 56 | - | 47 | + |
| 57 | var newOid = entry.Oid; | 48 | var newOid = entry.Oid; |
| 58 | Blob newBlob = r.Lookup<Blob>(newOid); | 49 | Blob newBlob = r.Lookup<Blob>(newOid); |
| 59 | string newContent = newBlob.GetContentText(); | 50 | string newContent = newBlob.GetContentText(); |
| ... | @@ -93,24 +84,48 @@ namespace VulnCrawler | ... | @@ -93,24 +84,48 @@ namespace VulnCrawler |
| 93 | StringBuilder oldBuilder = new StringBuilder(); | 84 | StringBuilder oldBuilder = new StringBuilder(); |
| 94 | using (var reader = new StreamReader(oldBlob.GetContentStream())) { | 85 | using (var reader = new StreamReader(oldBlob.GetContentStream())) { |
| 95 | int readCount = 0; | 86 | int readCount = 0; |
| 87 | + int defSpace = 0; | ||
| 96 | while (!reader.EndOfStream && readCount <= oldStart + oldLines) { | 88 | while (!reader.EndOfStream && readCount <= oldStart + oldLines) { |
| 89 | + | ||
| 97 | string line = reader.ReadLine(); | 90 | string line = reader.ReadLine(); |
| 98 | - | 91 | + if (defSpace > 0) { |
| 99 | - if (readCount++ >= oldStart) { | 92 | + if (line.Length < defSpace) { |
| 100 | - oldBuilder.AppendLine(line); | 93 | + continue; |
| 94 | + } | ||
| 95 | + string concat = line.Substring(0, defSpace); | ||
| 96 | + if (string.IsNullOrWhiteSpace(concat)) { | ||
| 97 | + string trim = line.Trim(); | ||
| 98 | + if (trim.StartsWith("#")) { | ||
| 99 | + continue; | ||
| 100 | + } | ||
| 101 | + | ||
| 102 | + oldBuilder.Append(line); | ||
| 103 | + } | ||
| 104 | + else { | ||
| 105 | + continue; | ||
| 106 | + } | ||
| 101 | } | 107 | } |
| 108 | + if (Regex.Match(line, $@"def {methodName}\(.*\)").Success) { | ||
| 109 | + defSpace = line.IndexOf(methodName); | ||
| 110 | + oldBuilder.Append(line); | ||
| 111 | + } | ||
| 112 | + | ||
| 102 | } | 113 | } |
| 103 | - | ||
| 104 | - | ||
| 105 | - /* | ||
| 106 | - * CVE 탐지된 코드 순환 -> def로 시작하는 파이썬 함수만 걸러내야함 | ||
| 107 | - * 문제는 파이썬은 c와 달리 {}가 없어서 상당히 귀찮음 | ||
| 108 | - */ | ||
| 109 | 114 | ||
| 110 | } | 115 | } |
| 111 | - | 116 | + |
| 112 | - string replace = Regex.Replace(oldBuilder.ToString(), " ", ""); | 117 | + StringBuilder sb = new StringBuilder(); |
| 113 | - Console.WriteLine($"Builder: \n{replace}"); | 118 | + sb.Append("\"\"\""); |
| 119 | + sb.Append(@".*"); | ||
| 120 | + sb.Append("\"\"\""); | ||
| 121 | + if (Regex.Match(oldBuilder.ToString(), sb.ToString()).Success) { | ||
| 122 | + string replace = Regex.Replace(oldBuilder.ToString(), sb.ToString(), ""); | ||
| 123 | + replace = Regex.Replace(replace, " ", ""); | ||
| 124 | + Console.WriteLine($"Builder: \n{replace}"); | ||
| 125 | + | ||
| 126 | + string md5 = MD5HashFunc(replace); | ||
| 127 | + Console.WriteLine($"MD5: {md5}"); | ||
| 128 | + } | ||
| 114 | 129 | ||
| 115 | } | 130 | } |
| 116 | Console.WriteLine("-----------"); | 131 | Console.WriteLine("-----------"); |
| ... | @@ -125,6 +140,20 @@ namespace VulnCrawler | ... | @@ -125,6 +140,20 @@ namespace VulnCrawler |
| 125 | } | 140 | } |
| 126 | } | 141 | } |
| 127 | } | 142 | } |
| 143 | + | ||
| 144 | + public static string MD5HashFunc(string str) { | ||
| 145 | + StringBuilder MD5Str = new StringBuilder(); | ||
| 146 | + byte[] byteArr = Encoding.ASCII.GetBytes(str); | ||
| 147 | + byte[] resultArr = (new MD5CryptoServiceProvider()).ComputeHash(byteArr); | ||
| 148 | + | ||
| 149 | + //for (int cnti = 1; cnti < resultArr.Length; cnti++) (2010.06.27) | ||
| 150 | + for (int cnti = 0; cnti < resultArr.Length; cnti++) { | ||
| 151 | + MD5Str.Append(resultArr[cnti].ToString("X2")); | ||
| 152 | + } | ||
| 153 | + return MD5Str.ToString(); | ||
| 154 | + } | ||
| 155 | + | ||
| 156 | + | ||
| 128 | public static void DeleteDirectory(string targetDir) { | 157 | public static void DeleteDirectory(string targetDir) { |
| 129 | File.SetAttributes(targetDir, FileAttributes.Normal); | 158 | File.SetAttributes(targetDir, FileAttributes.Normal); |
| 130 | 159 | ... | ... |
-
Please register or login to post a comment