Merge branch 'master' of https://github.com/yhackerbv/VulnNottiProject
Showing
10 changed files
with
239 additions
and
179 deletions
| ... | @@ -25,21 +25,14 @@ namespace DownloaderGithubClone | ... | @@ -25,21 +25,14 @@ namespace DownloaderGithubClone |
| 25 | Console.Write("Git Repository URL을 입력하세요 : "); | 25 | Console.Write("Git Repository URL을 입력하세요 : "); |
| 26 | string url = Console.ReadLine(); | 26 | string url = Console.ReadLine(); |
| 27 | //https://github.com/django/django.git | 27 | //https://github.com/django/django.git |
| 28 | - | ||
| 29 | - | ||
| 30 | string pattern = @"https://github.com/.+/(?<ProjectName>.+)\.(.+)"; | 28 | string pattern = @"https://github.com/.+/(?<ProjectName>.+)\.(.+)"; |
| 31 | - | ||
| 32 | var match = Regex.Match(url, pattern); | 29 | var match = Regex.Match(url, pattern); |
| 33 | - | ||
| 34 | if (!match.Success) { | 30 | if (!match.Success) { |
| 35 | Console.WriteLine($"패턴이 맞지 않습니다. Pattern : {pattern}"); | 31 | Console.WriteLine($"패턴이 맞지 않습니다. Pattern : {pattern}"); |
| 36 | return; | 32 | return; |
| 37 | } | 33 | } |
| 38 | - | ||
| 39 | - | ||
| 40 | string prName = match.Groups["ProjectName"].Value; | 34 | string prName = match.Groups["ProjectName"].Value; |
| 41 | Console.WriteLine(prName); | 35 | Console.WriteLine(prName); |
| 42 | - | ||
| 43 | int idx = 1; | 36 | int idx = 1; |
| 44 | string path = Path.Combine(dir, prName); | 37 | string path = Path.Combine(dir, prName); |
| 45 | if (Directory.Exists(path)) { | 38 | if (Directory.Exists(path)) { | ... | ... |
| ... | @@ -64,7 +64,7 @@ namespace VulnCrawler | ... | @@ -64,7 +64,7 @@ namespace VulnCrawler |
| 64 | } | 64 | } |
| 65 | 65 | ||
| 66 | /* 메인 동작 함수 */ | 66 | /* 메인 동작 함수 */ |
| 67 | - public static void Run() { | 67 | + public static void Run() { |
| 68 | // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) | 68 | // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) |
| 69 | Regex.CacheSize = 50; | 69 | Regex.CacheSize = 50; |
| 70 | 70 | ||
| ... | @@ -80,17 +80,17 @@ namespace VulnCrawler | ... | @@ -80,17 +80,17 @@ namespace VulnCrawler |
| 80 | // Repository 목록 만큼 반복함. | 80 | // Repository 목록 만큼 반복함. |
| 81 | foreach (var directory in directorys) { | 81 | foreach (var directory in directorys) { |
| 82 | /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */ | 82 | /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */ |
| 83 | - if (directory.Contains("linux")) | 83 | + if (directory.Contains("~")) |
| 84 | { | 84 | { |
| 85 | - // continue; | 85 | + continue; |
| 86 | } | 86 | } |
| 87 | // 템플릿 패턴화 T : VulnAbstractCrawler | 87 | // 템플릿 패턴화 T : VulnAbstractCrawler |
| 88 | VulnWorker.Run<VulnC>(directory); | 88 | VulnWorker.Run<VulnC>(directory); |
| 89 | } | 89 | } |
| 90 | stopwatch.Stop(); | 90 | stopwatch.Stop(); |
| 91 | - var hours = stopwatch.Elapsed.TotalHours; | 91 | + var hours = stopwatch.Elapsed.Hours; |
| 92 | - var minutes = stopwatch.Elapsed.TotalMinutes; | 92 | + var minutes = stopwatch.Elapsed.Minutes; |
| 93 | - var seconds = stopwatch.Elapsed.TotalSeconds; | 93 | + var seconds = stopwatch.Elapsed.Seconds; |
| 94 | 94 | ||
| 95 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); | 95 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); |
| 96 | 96 | ... | ... |
| ... | @@ -31,7 +31,7 @@ namespace VulnCrawler | ... | @@ -31,7 +31,7 @@ namespace VulnCrawler |
| 31 | public string FuncName { get; set; } | 31 | public string FuncName { get; set; } |
| 32 | public string Hash { get; set; } | 32 | public string Hash { get; set; } |
| 33 | public string Path { get; set; } | 33 | public string Path { get; set; } |
| 34 | - | 34 | + public string Url { get; set; } |
| 35 | public override bool Equals(object obj) | 35 | public override bool Equals(object obj) |
| 36 | { | 36 | { |
| 37 | var block = obj as UserBlock; | 37 | var block = obj as UserBlock; |
| ... | @@ -131,14 +131,15 @@ namespace VulnCrawler | ... | @@ -131,14 +131,15 @@ namespace VulnCrawler |
| 131 | /// <summary> | 131 | /// <summary> |
| 132 | /// 커밋에서 검색할 정규식 문자열 | 132 | /// 커밋에서 검색할 정규식 문자열 |
| 133 | /// </summary> | 133 | /// </summary> |
| 134 | - public string SearchCommitPattern => @"CVE[ -]\d{4}[ -]\d{4}"; | 134 | + public string SearchCommitPattern => @"CVE[ -](201[5-8])[ -](\d{4,})"; |
| 135 | /// <summary> | 135 | /// <summary> |
| 136 | /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 | 136 | /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 |
| 137 | /// </summary> | 137 | /// </summary> |
| 138 | protected abstract string RegexFuncPattern { get; } | 138 | protected abstract string RegexFuncPattern { get; } |
| 139 | + protected abstract string UserRegexFuncPattern { get; } | ||
| 139 | protected abstract string Extension { get; } | 140 | protected abstract string Extension { get; } |
| 140 | public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { | 141 | public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { |
| 141 | - return patch.Where(e => e.Path.EndsWith(Extension)).ToList(); | 142 | + return patch.Where(e => e.Path.EndsWith(Extension) && e.Status == ChangeKind.Modified).ToList(); |
| 142 | } | 143 | } |
| 143 | /// <summary> | 144 | /// <summary> |
| 144 | /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 | 145 | /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 |
| ... | @@ -158,108 +159,11 @@ namespace VulnCrawler | ... | @@ -158,108 +159,11 @@ namespace VulnCrawler |
| 158 | public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader); | 159 | public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader); |
| 159 | 160 | ||
| 160 | protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList); | 161 | protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList); |
| 161 | - /// <summary> | ||
| 162 | - /// 성능 개선을 위한 | ||
| 163 | - /// 코드 라인 위치 기반 취약 원본 함수 추출 테스트용 함수 곧 삭제 예정 | ||
| 164 | - /// </summary> | ||
| 165 | - public string GetOriginalFuncTest(Stream oldStream, string methodName, int start) | ||
| 166 | - { | ||
| 167 | - StringBuilder oldBuilder = new StringBuilder(); | ||
| 168 | - | ||
| 169 | - using (var reader = new StreamReader(oldStream)) | ||
| 170 | - { | ||
| 171 | - bool found = false; | ||
| 172 | - bool found2 = false; | ||
| 173 | - bool commentLine = false; | ||
| 174 | - int bracketCount = -1; | ||
| 175 | - string stringPattern = @"[""].*[""]"; | ||
| 176 | - string commentPattern = @"\/\*.+\*\/"; | ||
| 177 | - string commentPattern2 = @"\/\*"; | ||
| 178 | - string commentPattern3 = @"\*\/"; | ||
| 179 | - int readCount = 0; | ||
| 180 | - Queue<string> tempQ = new Queue<string>(); | ||
| 181 | - while (!reader.EndOfStream) | ||
| 182 | - { | ||
| 183 | - string line = reader.ReadLine(); | ||
| 184 | - if (readCount++ < start) | ||
| 185 | - { | ||
| 186 | - tempQ.Enqueue(line); | ||
| 187 | - continue; | ||
| 188 | - } | ||
| 189 | - Stack<string> tempStack = new Stack<string>(); | ||
| 190 | - while (tempQ.Count > 0) | ||
| 191 | - { | ||
| 192 | - string s = tempQ.Dequeue(); | ||
| 193 | - tempStack.Push(s); | ||
| 194 | - string method = Regex.Escape(methodName); | ||
| 195 | - if (Regex.Match(s, $"{method}").Success) | ||
| 196 | - { | ||
| 197 | - break; | ||
| 198 | - } | ||
| 199 | - } | ||
| 200 | - while (tempStack.Count > 0) | ||
| 201 | - { | ||
| 202 | - string s = tempStack.Pop(); | ||
| 203 | - string trim = s.Trim(); | ||
| 204 | - if (commentLine) | ||
| 205 | - { | ||
| 206 | - if (Regex.IsMatch(trim, commentPattern3)) | ||
| 207 | - { | ||
| 208 | - commentLine = false; | ||
| 209 | - trim = Regex.Split(trim, commentPattern3)[1]; | ||
| 210 | - } | ||
| 211 | - continue; | ||
| 212 | - } | ||
| 213 | - string removeString = Regex.Replace(trim, stringPattern, ""); | ||
| 214 | - // /* ~ 패턴 | ||
| 215 | - if (Regex.IsMatch(trim, commentPattern2)) | ||
| 216 | - { | ||
| 217 | - // /* ~ */ 패턴이 아닌 경우 | ||
| 218 | - if (!Regex.IsMatch(trim, commentPattern)) | ||
| 219 | - { | ||
| 220 | - commentLine = true; | ||
| 221 | - } | ||
| 222 | - trim = Regex.Split(trim, "/*")[0]; | ||
| 223 | - } | ||
| 224 | - if (string.IsNullOrWhiteSpace(trim)) | ||
| 225 | - { | ||
| 226 | - continue; | ||
| 227 | - } | ||
| 228 | - int openBracketCount = removeString.Count(c => c == '{'); | ||
| 229 | - int closeBracketCount = removeString.Count(c => c == '}'); | ||
| 230 | - int subtract = openBracketCount - closeBracketCount; | ||
| 231 | - bracketCount += subtract; | ||
| 232 | - // 메서드 시작 괄호 찾은 경우 | ||
| 233 | - if (found2) | ||
| 234 | - { | ||
| 235 | - // 괄호가 모두 닫혔으니 종료 | ||
| 236 | - if (bracketCount < 0) | ||
| 237 | - { | ||
| 238 | - // Console.WriteLine("괄호끝"); | ||
| 239 | - break; | ||
| 240 | - } | ||
| 241 | - // oldBuilder.AppendLine(line); | ||
| 242 | - } | ||
| 243 | - else | ||
| 244 | - { | ||
| 245 | - if (openBracketCount > 0) | ||
| 246 | - { | ||
| 247 | - found2 = true; | ||
| 248 | - } | ||
| 249 | - | ||
| 250 | - } | ||
| 251 | - oldBuilder.AppendLine(s); | ||
| 252 | - } | ||
| 253 | - } | ||
| 254 | - } | ||
| 255 | - Console.WriteLine("찾음"); | ||
| 256 | - Console.WriteLine(oldBuilder.ToString()); | ||
| 257 | - Console.ReadLine(); | ||
| 258 | 162 | ||
| 259 | - return oldBuilder.ToString(); | ||
| 260 | - } | ||
| 261 | public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode); | 163 | public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode); |
| 262 | 164 | ||
| 165 | + public abstract IDictionary<string, string> CrawlCode(StreamReader reader); | ||
| 166 | + | ||
| 263 | public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict); | 167 | public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict); |
| 264 | /// <summary> | 168 | /// <summary> |
| 265 | /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출 | 169 | /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출 |
| ... | @@ -268,54 +172,42 @@ namespace VulnCrawler | ... | @@ -268,54 +172,42 @@ namespace VulnCrawler |
| 268 | /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param> | 172 | /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param> |
| 269 | /// <returns></returns> | 173 | /// <returns></returns> |
| 270 | public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) { | 174 | public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) { |
| 271 | - foreach (var item in table) | 175 | + |
| 176 | + // 패치 전 원본 파일 스트림 | ||
| 177 | + Stream oldStream = oldBlob.GetContentStream(); | ||
| 178 | + using (var reader = new StreamReader(oldStream)) | ||
| 272 | { | 179 | { |
| 273 | - var methodTable = new Dictionary<string, string>(); | 180 | + var dict = CrawlCode(reader); |
| 274 | - var varTable = new Dictionary<string, string>(); | 181 | + |
| 275 | - // 메서드 이름 | 182 | + foreach (var item in table) |
| 276 | - string methodName = item.Key; | ||
| 277 | - // 패치 전 원본 파일 스트림 | ||
| 278 | - Stream oldStream = oldBlob.GetContentStream(); | ||
| 279 | - // 패치 전 원본 함수 구하고 | ||
| 280 | - string func = GetOriginalFunc(oldStream, methodName); | ||
| 281 | - | ||
| 282 | - string bs = string.Empty; | ||
| 283 | - string md5 = string.Empty; | ||
| 284 | - if (item.Value.Count() != 0) | ||
| 285 | { | 183 | { |
| 286 | - //Console.WriteLine("크리티컬 변수 목록"); | 184 | + var methodTable = new Dictionary<string, string>(); |
| 287 | - //Console.ForegroundColor = ConsoleColor.Cyan; | 185 | + var varTable = new Dictionary<string, string>(); |
| 288 | - //foreach (var c in item.Value) | 186 | + // 메서드 이름 |
| 289 | - //{ | 187 | + string methodName = item.Key; |
| 290 | - // Console.WriteLine(c); | 188 | + |
| 291 | - //} | 189 | + // 패치 전 원본 함수 구하고 |
| 292 | - //Console.ResetColor(); | 190 | + string func = string.Empty; |
| 293 | - //Console.WriteLine("-------------------"); | 191 | + |
| 192 | + | ||
| 193 | + foreach (var pair in dict) | ||
| 194 | + { | ||
| 195 | + if (pair.Key.Contains(methodName)) | ||
| 196 | + { | ||
| 197 | + func = pair.Value; | ||
| 198 | + break; | ||
| 199 | + } | ||
| 200 | + } | ||
| 201 | + | ||
| 202 | + | ||
| 203 | + | ||
| 204 | + | ||
| 294 | // 크리티컬 블록 추출 | 205 | // 크리티컬 블록 추출 |
| 295 | var blocks = new List<Block>(); | 206 | var blocks = new List<Block>(); |
| 296 | - //var blocks = GetCriticalBlocks(func, item.Value).ToList(); | ||
| 297 | - //if (blocks == null) | ||
| 298 | - //{ | ||
| 299 | - // continue; | ||
| 300 | - //} | ||
| 301 | - //foreach (var block in blocks) | ||
| 302 | - //{ | ||
| 303 | - | ||
| 304 | - // block.CriticalList = item.Value; | ||
| 305 | - // /* 추상화 및 정규화 */ | ||
| 306 | - // block.AbsCode = Abstract(block.Code, varTable, methodTable); | ||
| 307 | - // block.Hash = MD5HashFunc(block.AbsCode); | ||
| 308 | - | ||
| 309 | - //} | ||
| 310 | - /* 추상화 변환 테이블 출력 */ | ||
| 311 | - //foreach (var var in varTable) | ||
| 312 | - //{ | ||
| 313 | - // Console.WriteLine($"{var.Key}, {var.Value}"); | ||
| 314 | - //} | ||
| 315 | - | ||
| 316 | yield return (methodName, func, blocks); | 207 | yield return (methodName, func, blocks); |
| 208 | + | ||
| 209 | + | ||
| 317 | } | 210 | } |
| 318 | - | ||
| 319 | } | 211 | } |
| 320 | } | 212 | } |
| 321 | /// <summary> | 213 | /// <summary> |
| ... | @@ -349,7 +241,7 @@ namespace VulnCrawler | ... | @@ -349,7 +241,7 @@ namespace VulnCrawler |
| 349 | var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase); | 241 | var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase); |
| 350 | 242 | ||
| 351 | if (match.Success) { | 243 | if (match.Success) { |
| 352 | - return match.Value; | 244 | + return $"CVE-{match.Groups[1].Value}-{match.Groups[2].Value}"; |
| 353 | } | 245 | } |
| 354 | return string.Empty; | 246 | return string.Empty; |
| 355 | } | 247 | } | ... | ... |
This diff is collapsed. Click to expand it.
| ... | @@ -16,6 +16,9 @@ namespace VulnCrawler | ... | @@ -16,6 +16,9 @@ namespace VulnCrawler |
| 16 | protected override string Extension => ".py"; | 16 | protected override string Extension => ".py"; |
| 17 | protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; | 17 | protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; |
| 18 | protected override string ReservedFileName => "PyReserved.txt"; | 18 | protected override string ReservedFileName => "PyReserved.txt"; |
| 19 | + | ||
| 20 | + protected override string UserRegexFuncPattern => throw new NotImplementedException(); | ||
| 21 | + | ||
| 19 | public override MatchCollection GetMatches(string patchCode) { | 22 | public override MatchCollection GetMatches(string patchCode) { |
| 20 | //var regs = Regex.Matches(patchCode, RegexFuncPattern); | 23 | //var regs = Regex.Matches(patchCode, RegexFuncPattern); |
| 21 | var regs = MethodExtractor.Matches(patchCode); | 24 | var regs = MethodExtractor.Matches(patchCode); |
| ... | @@ -85,5 +88,10 @@ namespace VulnCrawler | ... | @@ -85,5 +88,10 @@ namespace VulnCrawler |
| 85 | { | 88 | { |
| 86 | throw new NotImplementedException(); | 89 | throw new NotImplementedException(); |
| 87 | } | 90 | } |
| 91 | + | ||
| 92 | + public override IDictionary<string, string> CrawlCode(StreamReader reader) | ||
| 93 | + { | ||
| 94 | + throw new NotImplementedException(); | ||
| 95 | + } | ||
| 88 | } | 96 | } |
| 89 | } | 97 | } | ... | ... |
| ... | @@ -53,6 +53,23 @@ namespace VulnCrawler | ... | @@ -53,6 +53,23 @@ namespace VulnCrawler |
| 53 | return 802558182 + EqualityComparer<string>.Default.GetHashCode(BlockHash); | 53 | return 802558182 + EqualityComparer<string>.Default.GetHashCode(BlockHash); |
| 54 | } | 54 | } |
| 55 | } | 55 | } |
| 56 | + public class Vuln_detail | ||
| 57 | + { | ||
| 58 | + public int Index { get; set; } = -1; /* index key */ | ||
| 59 | + public string Type { get; set; } = "NULL"; /* type */ | ||
| 60 | + public string Year { get; set; } = "NULL"; /* year */ | ||
| 61 | + public string Level { get; set; } = "NULL"; /* level */ | ||
| 62 | + public string UserName { get; set; } = "NULL"; /* user name */ | ||
| 63 | + public string Publish_date { get; set; } = "NULL"; /* Publish_date */ | ||
| 64 | + public string Update_date { get; set; } = "NULL"; /* Update_date */ | ||
| 65 | + public string CveDetail { get; set; } = "NULL"; /* cveDetail */ | ||
| 66 | + public string CveName { get; set; } = "NULL"; /* cve name */ | ||
| 67 | + public string FileName { get; set; } = "NULL"; /* FileName */ | ||
| 68 | + public string FuncName { get; set; } = "NULL"; /* funcName */ | ||
| 69 | + public string Url { get; set; } = "NULL"; /* Url */ | ||
| 70 | + public string Product { get; set; } | ||
| 71 | + | ||
| 72 | + } | ||
| 56 | //connect | 73 | //connect |
| 57 | public static void Connect(AWS.Account account, string dbName) | 74 | public static void Connect(AWS.Account account, string dbName) |
| 58 | { | 75 | { |
| ... | @@ -129,9 +146,7 @@ namespace VulnCrawler | ... | @@ -129,9 +146,7 @@ namespace VulnCrawler |
| 129 | { | 146 | { |
| 130 | last_vulnId = 1; | 147 | last_vulnId = 1; |
| 131 | } | 148 | } |
| 132 | - | ||
| 133 | Retry: | 149 | Retry: |
| 134 | - | ||
| 135 | //DB insert | 150 | //DB insert |
| 136 | try | 151 | try |
| 137 | { | 152 | { |
| ... | @@ -216,6 +231,50 @@ namespace VulnCrawler | ... | @@ -216,6 +231,50 @@ namespace VulnCrawler |
| 216 | Console.ReadLine(); | 231 | Console.ReadLine(); |
| 217 | } | 232 | } |
| 218 | } | 233 | } |
| 234 | + public static void InsertVulnDetail(Vuln_detail vuln) | ||
| 235 | + { | ||
| 236 | + String sql = string.Empty; | ||
| 237 | + MySqlCommand cmd = null; | ||
| 238 | + Retry: | ||
| 239 | + //DB insert | ||
| 240 | + try | ||
| 241 | + { | ||
| 242 | + cmd = new MySqlCommand | ||
| 243 | + { | ||
| 244 | + Connection = Conn, | ||
| 245 | + //db에 추가 | ||
| 246 | + CommandText = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url, product) VALUES(@type, @year, @level, @userName, @cveName, @publish_date,@update_date, @cveDetail,@fileName, @funcName,@url,@product)" | ||
| 247 | + }; | ||
| 248 | + cmd.Parameters.AddWithValue("@type", $"{vuln.Type}"); | ||
| 249 | + cmd.Parameters.AddWithValue("@year", $"{vuln.Year}"); | ||
| 250 | + cmd.Parameters.AddWithValue("@level", $"{vuln.Level}"); | ||
| 251 | + cmd.Parameters.AddWithValue("@userName", $"{vuln.UserName}"); | ||
| 252 | + cmd.Parameters.AddWithValue("@cveName", $"{vuln.CveName}"); | ||
| 253 | + cmd.Parameters.AddWithValue("@publish_date", $"{vuln.Publish_date}"); | ||
| 254 | + cmd.Parameters.AddWithValue("@update_date", $"{vuln.Update_date}"); | ||
| 255 | + cmd.Parameters.AddWithValue("@cveDetail", $"{vuln.CveDetail}"); | ||
| 256 | + cmd.Parameters.AddWithValue("@fileName", $"{vuln.FileName}"); | ||
| 257 | + cmd.Parameters.AddWithValue("@funcName", $"{vuln.FuncName}"); | ||
| 258 | + cmd.Parameters.AddWithValue("@url", $"{vuln.Url}"); | ||
| 259 | + cmd.Parameters.AddWithValue("@product", $"{vuln.Product}"); | ||
| 260 | + cmd.ExecuteNonQuery(); | ||
| 261 | + //콘솔출력용 | ||
| 262 | + sql = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url) " + | ||
| 263 | + $"VALUES({vuln.Type}, {vuln.Year}, {vuln.Level}, {vuln.UserName}, {vuln.CveName},{vuln.Publish_date}, {vuln.Update_date}, {vuln.CveDetail}, {vuln.FileName}, {vuln.FuncName}, {vuln.Url})"; | ||
| 264 | + // Console.WriteLine(sql); | ||
| 265 | + } | ||
| 266 | + catch (Exception e) | ||
| 267 | + { | ||
| 268 | + // Console.WriteLine(e.ToString()); | ||
| 269 | + string es = e.ToString(); | ||
| 270 | + if (es.Contains("Connection must be valid and open")) | ||
| 271 | + { | ||
| 272 | + Connect(Account, DbName); | ||
| 273 | + goto Retry; | ||
| 274 | + } | ||
| 275 | + } | ||
| 276 | + } | ||
| 277 | + | ||
| 219 | public static void UpdateVulnData(int _vulnId, _Vuln vuln) { | 278 | public static void UpdateVulnData(int _vulnId, _Vuln vuln) { |
| 220 | String sql = string.Empty; | 279 | String sql = string.Empty; |
| 221 | MySqlCommand cmd = null; | 280 | MySqlCommand cmd = null; |
| ... | @@ -401,33 +460,118 @@ namespace VulnCrawler | ... | @@ -401,33 +460,118 @@ namespace VulnCrawler |
| 401 | Console.ReadLine(); | 460 | Console.ReadLine(); |
| 402 | } | 461 | } |
| 403 | } | 462 | } |
| 404 | - public static List<_Vuln> SelectVulnbyLen(int _lenFunc) | 463 | + public static IEnumerable<_Vuln> SelectVulnbyLen(int _lenFunc) |
| 405 | { | 464 | { |
| 406 | - var list = new List<_Vuln>(); | ||
| 407 | String sql = string.Empty; | 465 | String sql = string.Empty; |
| 408 | MySqlCommand cmd = new MySqlCommand(); | 466 | MySqlCommand cmd = new MySqlCommand(); |
| 409 | cmd.Connection = Conn; | 467 | cmd.Connection = Conn; |
| 410 | cmd.CommandText = "SELECT * FROM vuln_Info where lenFunc=" + _lenFunc; | 468 | cmd.CommandText = "SELECT * FROM vuln_Info where lenFunc=" + _lenFunc; |
| 411 | 469 | ||
| 412 | System.Data.DataSet ds = new System.Data.DataSet(); | 470 | System.Data.DataSet ds = new System.Data.DataSet(); |
| 413 | - MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM vuln_Info where lenFunc=" + _lenFunc, Conn); | 471 | + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn); |
| 414 | da.Fill(ds); | 472 | da.Fill(ds); |
| 415 | 473 | ||
| 416 | //vuln에 입력 | 474 | //vuln에 입력 |
| 417 | foreach (System.Data.DataRow row in ds.Tables[0].Rows) | 475 | foreach (System.Data.DataRow row in ds.Tables[0].Rows) |
| 418 | { | 476 | { |
| 419 | - _Vuln vuln = new _Vuln(); | 477 | + _Vuln vuln = new _Vuln |
| 420 | - vuln.VulnId = Convert.ToInt32(row["vulnId"]); | 478 | + { |
| 421 | - vuln.Cve = Convert.ToString(row["cve"]); | 479 | + VulnId = Convert.ToInt32(row["vulnId"]), |
| 422 | - vuln.FuncName = Convert.ToString(row["funcName"]); | 480 | + Cve = Convert.ToString(row["cve"]), |
| 423 | - vuln.LenFunc = Convert.ToInt32(row["lenFunc"]); | 481 | + FuncName = Convert.ToString(row["funcName"]), |
| 424 | - vuln.Code = Convert.ToString(row["code"]); | 482 | + LenFunc = Convert.ToInt32(row["lenFunc"]), |
| 425 | - vuln.BlockHash = Convert.ToString(row["blockHash"]); | 483 | + Code = Convert.ToString(row["code"]), |
| 426 | - vuln.Url = Convert.ToString(row["url"]); | 484 | + BlockHash = Convert.ToString(row["blockHash"]), |
| 427 | - list.Add(vuln); | 485 | + Url = Convert.ToString(row["url"]) |
| 486 | + }; | ||
| 487 | + yield return vuln; | ||
| 488 | + } | ||
| 489 | + } | ||
| 490 | + public static IEnumerable<_Vuln> SelectVulnbyCve(string _cve) | ||
| 491 | + { | ||
| 492 | + String sql = string.Empty; | ||
| 493 | + MySqlCommand cmd = new MySqlCommand(); | ||
| 494 | + cmd.Connection = Conn; | ||
| 495 | + cmd.CommandText = $"SELECT * FROM vuln_Info where cve='" + _cve + $"'"; | ||
| 496 | + | ||
| 497 | + System.Data.DataSet ds = new System.Data.DataSet(); | ||
| 498 | + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn); | ||
| 499 | + da.Fill(ds); | ||
| 500 | + //vuln에 입력 | ||
| 501 | + foreach (System.Data.DataRow row in ds.Tables[0].Rows) | ||
| 502 | + { | ||
| 503 | + _Vuln vuln = new _Vuln | ||
| 504 | + { | ||
| 505 | + VulnId = Convert.ToInt32(row["vulnId"]), | ||
| 506 | + Cve = Convert.ToString(row["cve"]), | ||
| 507 | + FuncName = Convert.ToString(row["funcName"]), | ||
| 508 | + LenFunc = Convert.ToInt32(row["lenFunc"]), | ||
| 509 | + Code = Convert.ToString(row["code"]), | ||
| 510 | + BlockHash = Convert.ToString(row["blockHash"]), | ||
| 511 | + Url = Convert.ToString(row["url"]) | ||
| 512 | + }; | ||
| 513 | + yield return vuln; | ||
| 514 | + } | ||
| 515 | + } | ||
| 516 | + public static IEnumerable<string> SelectRepositbyName(string _username) | ||
| 517 | + { | ||
| 518 | + String sql = string.Empty; | ||
| 519 | + MySqlCommand cmd = new MySqlCommand(); | ||
| 520 | + cmd.Connection = Conn; | ||
| 521 | + cmd.CommandText = "SELECT repository FROM vuln.auth_user WHERE username = '" + _username + "'"; | ||
| 522 | + string a = null; | ||
| 523 | + | ||
| 524 | + //sql console write 확인용 | ||
| 525 | + Console.Write(cmd.CommandText); | ||
| 526 | + | ||
| 527 | + System.Data.DataSet ds = new System.Data.DataSet(); | ||
| 528 | + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn); | ||
| 529 | + da.Fill(ds); | ||
| 530 | + //string을 넣음 | ||
| 531 | + foreach (System.Data.DataRow row in ds.Tables[0].Rows) | ||
| 532 | + { | ||
| 533 | + a = Convert.ToString(row["repository"]); | ||
| 534 | + yield return a; | ||
| 535 | + } | ||
| 536 | + } | ||
| 537 | + public static IEnumerable<(string userName, string repository)> SelectAllReposit() | ||
| 538 | + { | ||
| 539 | + String sql = string.Empty; | ||
| 540 | + MySqlCommand cmd = new MySqlCommand | ||
| 541 | + { | ||
| 542 | + Connection = Conn, | ||
| 543 | + CommandText = "SELECT username, repository FROM vuln.auth_user " | ||
| 544 | + }; | ||
| 545 | + System.Data.DataSet ds = new System.Data.DataSet(); | ||
| 546 | + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn); | ||
| 547 | + da.Fill(ds); | ||
| 548 | + //vuln에 입력 | ||
| 549 | + foreach (System.Data.DataRow row in ds.Tables[0].Rows) | ||
| 550 | + { | ||
| 551 | + string repo = Convert.ToString(row["repository"]); | ||
| 552 | + string user = Convert.ToString(row["username"]); | ||
| 553 | + yield return (user, repo); | ||
| 554 | + } | ||
| 555 | + } | ||
| 556 | + public static IEnumerable<string> SelectReposit_detail() | ||
| 557 | + { | ||
| 558 | + String sql = string.Empty; | ||
| 559 | + MySqlCommand cmd = new MySqlCommand(); | ||
| 560 | + cmd.Connection = Conn; | ||
| 561 | + cmd.CommandText = "SELECT url FROM vulnDetail "; | ||
| 562 | + string a = null; | ||
| 563 | + | ||
| 564 | + System.Data.DataSet ds = new System.Data.DataSet(); | ||
| 565 | + MySqlDataAdapter da = new MySqlDataAdapter(cmd.CommandText, Conn); | ||
| 566 | + da.Fill(ds); | ||
| 567 | + //vuln에 입력 | ||
| 568 | + foreach (System.Data.DataRow row in ds.Tables[0].Rows) | ||
| 569 | + { | ||
| 570 | + a = Convert.ToString(row["url"]); | ||
| 571 | + Console.WriteLine(a); | ||
| 572 | + | ||
| 573 | + yield return a; | ||
| 428 | } | 574 | } |
| 429 | - //해당 list 반환 | ||
| 430 | - return list; | ||
| 431 | } | 575 | } |
| 432 | 576 | ||
| 433 | } | 577 | } | ... | ... |
| ... | @@ -30,7 +30,6 @@ namespace VulnCrawler | ... | @@ -30,7 +30,6 @@ namespace VulnCrawler |
| 30 | } | 30 | } |
| 31 | foreach (var commit in commits) { | 31 | foreach (var commit in commits) { |
| 32 | // 커밋 메시지 | 32 | // 커밋 메시지 |
| 33 | - | ||
| 34 | count++; | 33 | count++; |
| 35 | double per = ((double)count / (double)totalCount) * 100; | 34 | double per = ((double)count / (double)totalCount) * 100; |
| 36 | 35 | ||
| ... | @@ -46,23 +45,35 @@ namespace VulnCrawler | ... | @@ -46,23 +45,35 @@ namespace VulnCrawler |
| 46 | string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}"; | 45 | string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}"; |
| 47 | 46 | ||
| 48 | foreach (var parent in commit.Parents) { | 47 | foreach (var parent in commit.Parents) { |
| 49 | - | ||
| 50 | try | 48 | try |
| 51 | { | 49 | { |
| 50 | + | ||
| 51 | + | ||
| 52 | // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 | 52 | // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 |
| 53 | var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); | 53 | var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); |
| 54 | + | ||
| 54 | // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 | 55 | // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 |
| 55 | // (실질적인 코드 변경 커밋만 보기 위해서) | 56 | // (실질적인 코드 변경 커밋만 보기 위해서) |
| 56 | var entrys = crawler.GetPatchEntryChanges(patch); | 57 | var entrys = crawler.GetPatchEntryChanges(patch); |
| 58 | + if (entrys.Count() > 100) | ||
| 59 | + { | ||
| 60 | + // continue; | ||
| 61 | + } | ||
| 57 | /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */ | 62 | /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */ |
| 58 | var dsp = dirPath.Split(Path.DirectorySeparatorChar); | 63 | var dsp = dirPath.Split(Path.DirectorySeparatorChar); |
| 59 | string repoName = dsp[dsp.Length - 1]; | 64 | string repoName = dsp[dsp.Length - 1]; |
| 60 | // 현재 커밋에 대한 패치 엔트리 배열을 출력함 | 65 | // 현재 커밋에 대한 패치 엔트리 배열을 출력함 |
| 61 | PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl); | 66 | PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl); |
| 62 | // Console.ReadLine(); | 67 | // Console.ReadLine(); |
| 68 | + break; | ||
| 69 | + | ||
| 70 | + } | ||
| 71 | + catch(Exception e) | ||
| 72 | + { | ||
| 73 | + break; | ||
| 74 | + //Console.WriteLine(e.ToString()); | ||
| 75 | + //Console.ReadLine(); | ||
| 63 | } | 76 | } |
| 64 | - catch(Exception) | ||
| 65 | - { } | ||
| 66 | } | 77 | } |
| 67 | } | 78 | } |
| 68 | } | 79 | } |
| ... | @@ -133,7 +144,7 @@ namespace VulnCrawler | ... | @@ -133,7 +144,7 @@ namespace VulnCrawler |
| 133 | #endregion | 144 | #endregion |
| 134 | 145 | ||
| 135 | } | 146 | } |
| 136 | - catch (Exception e) | 147 | + catch (Exception) |
| 137 | { | 148 | { |
| 138 | continue; | 149 | continue; |
| 139 | } | 150 | } | ... | ... |
This diff is collapsed. Click to expand it.
| ... | @@ -33,8 +33,14 @@ | ... | @@ -33,8 +33,14 @@ |
| 33 | </PropertyGroup> | 33 | </PropertyGroup> |
| 34 | <ItemGroup> | 34 | <ItemGroup> |
| 35 | <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> | 35 | <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> |
| 36 | + <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL"> | ||
| 37 | + <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath> | ||
| 38 | + </Reference> | ||
| 36 | <Reference Include="System" /> | 39 | <Reference Include="System" /> |
| 37 | <Reference Include="System.Core" /> | 40 | <Reference Include="System.Core" /> |
| 41 | + <Reference Include="System.ValueTuple, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL"> | ||
| 42 | + <HintPath>..\packages\System.ValueTuple.4.5.0\lib\net461\System.ValueTuple.dll</HintPath> | ||
| 43 | + </Reference> | ||
| 38 | <Reference Include="System.Xml.Linq" /> | 44 | <Reference Include="System.Xml.Linq" /> |
| 39 | <Reference Include="System.Data.DataSetExtensions" /> | 45 | <Reference Include="System.Data.DataSetExtensions" /> |
| 40 | <Reference Include="Microsoft.CSharp" /> | 46 | <Reference Include="Microsoft.CSharp" /> |
| ... | @@ -49,6 +55,7 @@ | ... | @@ -49,6 +55,7 @@ |
| 49 | </ItemGroup> | 55 | </ItemGroup> |
| 50 | <ItemGroup> | 56 | <ItemGroup> |
| 51 | <None Include="App.config" /> | 57 | <None Include="App.config" /> |
| 58 | + <None Include="packages.config" /> | ||
| 52 | </ItemGroup> | 59 | </ItemGroup> |
| 53 | <ItemGroup> | 60 | <ItemGroup> |
| 54 | <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj"> | 61 | <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj"> | ... | ... |
-
Please register or login to post a comment