노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
노현종
03ffdfe3 1 parent 0c5f73a5

0411 md5

Inline Side-by-side
Showing 1 changed file with 55 additions and 26 deletions
...@@ -3,6 +3,7 @@ using System; ...@@ -3,6 +3,7 @@ using System;
3 using System.Collections.Generic; 3 using System.Collections.Generic;
4 using System.IO; 4 using System.IO;
5 using System.Linq; 5 using System.Linq;
6 +using System.Security.Cryptography;
6 using System.Text; 7 using System.Text;
7 using System.Text.RegularExpressions; 8 using System.Text.RegularExpressions;
8 using System.Threading.Tasks; 9 using System.Threading.Tasks;
...@@ -12,20 +13,10 @@ namespace VulnCrawler ...@@ -12,20 +13,10 @@ namespace VulnCrawler
12 class Program 13 class Program
13 { 14 {
14 static void Main(string[] args) { 15 static void Main(string[] args) {
15 - //if (Directory.Exists(@"c:\test")) { 16 +
16 - // DeleteDirectory(@"c:\test");
17 17
18 - //} 18 +
19 19
20 - //var co = new CloneOptions {
21 - // OnCheckoutProgress = CheckoutProcess,
22 - // OnTransferProgress = TransferProgress,
23 -
24 - // CredentialsProvider = (_url, _user, _cred) => new UsernamePasswordCredentials { Username = "yhackerbv@gmail.com", Password = "@@GUSwjdaf12@@" }
25 -
26 - //};
27 -
28 - //Repository.Clone("https://github.com/torvalds/linux.git", @"\test\", co);
29 using (var r = new Repository(@"c:\test2")) { 20 using (var r = new Repository(@"c:\test2")) {
30 var commits = r.Commits 21 var commits = r.Commits
31 .Where(c => Regex.Match(c.Message, @"CVE-20\d\d-\d{4}", RegexOptions.IgnoreCase).Success) 22 .Where(c => Regex.Match(c.Message, @"CVE-20\d\d-\d{4}", RegexOptions.IgnoreCase).Success)
...@@ -41,7 +32,7 @@ namespace VulnCrawler ...@@ -41,7 +32,7 @@ namespace VulnCrawler
41 Console.ResetColor(); 32 Console.ResetColor();
42 foreach (var parent in commit.Parents) { 33 foreach (var parent in commit.Parents) {
43 var patch = r.Diff.Compare<Patch>(parent.Tree, commit.Tree, new CompareOptions { }); 34 var patch = r.Diff.Compare<Patch>(parent.Tree, commit.Tree, new CompareOptions { });
44 - 35 +
45 var entrys = patch.Where(e => e.Path.EndsWith(".py")); 36 var entrys = patch.Where(e => e.Path.EndsWith(".py"));
46 foreach (var entry in entrys) { 37 foreach (var entry in entrys) {
47 38
...@@ -53,7 +44,7 @@ namespace VulnCrawler ...@@ -53,7 +44,7 @@ namespace VulnCrawler
53 var oldOid = entry.OldOid; 44 var oldOid = entry.OldOid;
54 Blob oldBlob = r.Lookup<Blob>(oldOid); 45 Blob oldBlob = r.Lookup<Blob>(oldOid);
55 string oldContent = oldBlob.GetContentText(); 46 string oldContent = oldBlob.GetContentText();
56 - 47 +
57 var newOid = entry.Oid; 48 var newOid = entry.Oid;
58 Blob newBlob = r.Lookup<Blob>(newOid); 49 Blob newBlob = r.Lookup<Blob>(newOid);
59 string newContent = newBlob.GetContentText(); 50 string newContent = newBlob.GetContentText();
...@@ -93,24 +84,48 @@ namespace VulnCrawler ...@@ -93,24 +84,48 @@ namespace VulnCrawler
93 StringBuilder oldBuilder = new StringBuilder(); 84 StringBuilder oldBuilder = new StringBuilder();
94 using (var reader = new StreamReader(oldBlob.GetContentStream())) { 85 using (var reader = new StreamReader(oldBlob.GetContentStream())) {
95 int readCount = 0; 86 int readCount = 0;
87 + int defSpace = 0;
96 while (!reader.EndOfStream && readCount <= oldStart + oldLines) { 88 while (!reader.EndOfStream && readCount <= oldStart + oldLines) {
89 +
97 string line = reader.ReadLine(); 90 string line = reader.ReadLine();
98 - 91 + if (defSpace > 0) {
99 - if (readCount++ >= oldStart) { 92 + if (line.Length < defSpace) {
100 - oldBuilder.AppendLine(line); 93 + continue;
94 + }
95 + string concat = line.Substring(0, defSpace);
96 + if (string.IsNullOrWhiteSpace(concat)) {
97 + string trim = line.Trim();
98 + if (trim.StartsWith("#")) {
99 + continue;
100 + }
101 +
102 + oldBuilder.Append(line);
103 + }
104 + else {
105 + continue;
106 + }
101 } 107 }
108 + if (Regex.Match(line, $@"def {methodName}\(.*\)").Success) {
109 + defSpace = line.IndexOf(methodName);
110 + oldBuilder.Append(line);
111 + }
112 +
102 } 113 }
103 -
104 -
105 - /*
106 - * CVE 탐지된 코드 순환 -> def로 시작하는 파이썬 함수만 걸러내야함
107 - * 문제는 파이썬은 c와 달리 {}가 없어서 상당히 귀찮음
108 - */
109 114
110 } 115 }
111 - 116 +
112 - string replace = Regex.Replace(oldBuilder.ToString(), " ", ""); 117 + StringBuilder sb = new StringBuilder();
113 - Console.WriteLine($"Builder: \n{replace}"); 118 + sb.Append("\"\"\"");
119 + sb.Append(@".*");
120 + sb.Append("\"\"\"");
121 + if (Regex.Match(oldBuilder.ToString(), sb.ToString()).Success) {
122 + string replace = Regex.Replace(oldBuilder.ToString(), sb.ToString(), "");
123 + replace = Regex.Replace(replace, " ", "");
124 + Console.WriteLine($"Builder: \n{replace}");
125 +
126 + string md5 = MD5HashFunc(replace);
127 + Console.WriteLine($"MD5: {md5}");
128 + }
114 129
115 } 130 }
116 Console.WriteLine("-----------"); 131 Console.WriteLine("-----------");
...@@ -125,6 +140,20 @@ namespace VulnCrawler ...@@ -125,6 +140,20 @@ namespace VulnCrawler
125 } 140 }
126 } 141 }
127 } 142 }
143 +
144 + public static string MD5HashFunc(string str) {
145 + StringBuilder MD5Str = new StringBuilder();
146 + byte[] byteArr = Encoding.ASCII.GetBytes(str);
147 + byte[] resultArr = (new MD5CryptoServiceProvider()).ComputeHash(byteArr);
148 +
149 + //for (int cnti = 1; cnti < resultArr.Length; cnti++) (2010.06.27)
150 + for (int cnti = 0; cnti < resultArr.Length; cnti++) {
151 + MD5Str.Append(resultArr[cnti].ToString("X2"));
152 + }
153 + return MD5Str.ToString();
154 + }
155 +
156 +
128 public static void DeleteDirectory(string targetDir) { 157 public static void DeleteDirectory(string targetDir) {
129 File.SetAttributes(targetDir, FileAttributes.Normal); 158 File.SetAttributes(targetDir, FileAttributes.Normal);
130 159
......