Toggle navigation
Toggle navigation
This project
Loading...
Sign in
노현종
/
2018-1-Capstone1-VulnNotti
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Snippets
Network
Create a new issue
Builds
Commits
Issue Boards
Authored by
노현종
2018-06-12 16:44:35 +0900
Browse Files
Options
Browse Files
Download
Email Patches
Plain Diff
Commit
6df230dff376f87a6e2531a017635f1a7c0b3615
6df230df
1 parent
b9e7d792
Final 정리
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
149 additions
and
32 deletions
Vulnerablity_DB/VulnCrawler/VulnAbstractCrawler.cs
Vulnerablity_DB/VulnCrawler/VulnWorker.cs
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
Vulnerablity_DB/VulnCrawler/VulnAbstractCrawler.cs
View file @
6df230d
...
...
@@ -210,6 +210,72 @@ namespace VulnCrawler
}
}
}
/// <summary>
/// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출
/// </summary>
/// <param name="oldBlob">패치 전 파일 Blob</param>
/// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param>
/// <returns></returns>
public
virtual
IEnumerable
<(
string
methodName
,
IList
<
Block
>
blocks
)>
ProcessBlocks
(
Blob
oldBlob
,
IDictionary
<
string
,
IEnumerable
<
string
>>
table
)
{
foreach
(
var
item
in
table
)
{
var
methodTable
=
new
Dictionary
<
string
,
string
>();
var
varTable
=
new
Dictionary
<
string
,
string
>();
// 메서드 이름
string
methodName
=
item
.
Key
;
// 패치 전 원본 파일 스트림
Stream
oldStream
=
oldBlob
.
GetContentStream
();
// 패치 전 원본 함수 구하고
string
func
=
GetOriginalFunc
(
oldStream
,
methodName
);
Console
.
WriteLine
(
func
);
string
bs
=
string
.
Empty
;
string
md5
=
string
.
Empty
;
if
(
item
.
Value
.
Count
()
!=
0
)
{
Console
.
WriteLine
(
"크리티컬 변수 목록"
);
Console
.
ForegroundColor
=
ConsoleColor
.
Cyan
;
foreach
(
var
c
in
item
.
Value
)
{
Console
.
WriteLine
(
c
);
}
Console
.
ResetColor
();
Console
.
WriteLine
(
"-------------------"
);
// 크리티컬 블록 추출
var
blocks
=
GetCriticalBlocks
(
func
,
item
.
Value
).
ToList
();
if
(
blocks
==
null
)
{
continue
;
}
foreach
(
var
block
in
blocks
)
{
block
.
CriticalList
=
item
.
Value
;
block
.
AbsCode
=
Abstract
(
block
.
Code
,
varTable
,
methodTable
);
block
.
Hash
=
MD5HashFunc
(
block
.
AbsCode
);
}
/* 추상화 및 정규화 */
foreach
(
var
block
in
blocks
)
{
string
code
=
block
.
Code
;
}
foreach
(
var
var
in
varTable
)
{
Console
.
WriteLine
(
$
"{var.Key}, {var.Value}"
);
}
yield
return
(
methodName
,
blocks
);
}
}
}
/// <summary>
/// 주석 제거 함수
/// </summary>
...
...
Vulnerablity_DB/VulnCrawler/VulnWorker.cs
View file @
6df230d
...
...
@@ -65,7 +65,7 @@ namespace VulnCrawler
break
;
}
catch
(
Exception
e
)
catch
(
Exception
)
{
break
;
//Console.WriteLine(e.ToString());
...
...
@@ -95,42 +95,92 @@ namespace VulnCrawler
// 출력
if
(
regs
.
Count
>
0
)
{
/* 패치된 코드들에서 Method로 나누고 크리티컬 변수로 뽑아옴 Dictionary 구조 (키 = 함수명) */
///* 패치된 코드들에서 Method로 나누고 크리티컬 변수로 뽑아옴 Dictionary 구조 (키 = 함수명) */
//var table = self.ExtractGitCriticalMethodTable(entry.Patch);
///* 크리티컬 메서드 테이블과 패치 전 파일에서 Process 하고 tuple로 가져옴 */
//foreach (var tuple in self.Process(oldBlob, table))
//{
// /* 메서드 이름, 원본 함수 코드, 블록 리스트(크리티컬 포함) */
// (var methodName, var oriFunc, var blocks) = tuple;
// if (string.IsNullOrWhiteSpace(oriFunc))
// {
// continue;
// }
// string abstractCode = self.Abstract(oriFunc, new Dictionary<string, string>(), new Dictionary<string, string>());
// byte[] funcNameBytes = Encoding.Unicode.GetBytes(methodName);
// byte[] absCodeBytes = Encoding.Unicode.GetBytes(abstractCode);
// byte[] commitUrlBytes = Encoding.Unicode.GetBytes(commitUrl);
// byte[] funcBytes = Encoding.Unicode.GetBytes(oriFunc);
// string absCodeBase64 = Convert.ToBase64String(absCodeBytes);
// VulnRDS._Vuln vuln = new VulnRDS._Vuln()
// {
// LenFunc = absCodeBase64.Length,
// Cve = cve,
// BlockHash = VulnAbstractCrawler.MD5HashFunc(absCodeBase64),
// FuncName = Convert.ToBase64String(funcNameBytes),
// Code = Convert.ToBase64String(funcBytes),
// Url = Convert.ToBase64String(commitUrlBytes),
// };
// /* VulnDB에 추가 */
// //VulnRDS._InsertVulnData(vuln);
//}
Console
.
BackgroundColor
=
ConsoleColor
.
DarkBlue
;
Console
.
WriteLine
(
$
"Old Content: \n{oldContent}"
);
Console
.
ResetColor
();
Console
.
ForegroundColor
=
ConsoleColor
.
Blue
;
Console
.
WriteLine
(
$
"status: {entry.Status.ToString()}"
);
Console
.
WriteLine
(
$
"added: {entry.LinesAdded.ToString()}, deleted: {entry.LinesDeleted.ToString()}"
);
Console
.
WriteLine
(
$
"old path: {entry.OldPath.ToString()}, new path: {entry.Path.ToString()}"
);
Console
.
ResetColor
();
Console
.
Write
(
$
"CVE: "
);
Console
.
ForegroundColor
=
ConsoleColor
.
Red
;
Console
.
Write
(
$
"{cve}"
);
Console
.
WriteLine
(
""
);
Console
.
ResetColor
();
Console
.
ForegroundColor
=
ConsoleColor
.
Yellow
;
Console
.
WriteLine
(
$
"Commit Message: {commitMsg}"
);
Console
.
ResetColor
();
Console
.
BackgroundColor
=
ConsoleColor
.
DarkRed
;
Console
.
WriteLine
(
$
"Patched: \n{entry.Patch}"
);
Console
.
ResetColor
();
var
table
=
self
.
ExtractGitCriticalMethodTable
(
entry
.
Patch
);
/* 크리티컬 메서드 테이블과 패치 전 파일에서 Process 하고 tuple로 가져옴 */
foreach
(
var
tuple
in
self
.
Process
(
oldBlob
,
table
))
foreach
(
var
tuple
in
self
.
ProcessBlocks
(
oldBlob
,
table
))
{
/* 메서드 이름, 원본 함수 코드, 블록 리스트(크리티컬 포함) */
(
var
methodName
,
var
oriFunc
,
var
blocks
)
=
tuple
;
if
(
string
.
IsNullOrWhiteSpace
(
oriFunc
))
(
var
methodName
,
var
blocks
)
=
tuple
;
Console
.
BackgroundColor
=
ConsoleColor
.
DarkRed
;
Console
.
WriteLine
(
$
"메서드 이름 : {methodName}"
);
Console
.
ResetColor
();
//Console.ForegroundColor = ConsoleColor.Blue;
//foreach (var c in )
//{
// Console.WriteLine(c);
//}
//Console.ResetColor();
foreach
(
var
block
in
blocks
)
{
continue
;
if
(
block
.
HasCritical
)
{
Console
.
BackgroundColor
=
ConsoleColor
.
DarkMagenta
;
}
string
abstractCode
=
self
.
Abstract
(
oriFunc
,
new
Dictionary
<
string
,
string
>(),
new
Dictionary
<
string
,
string
>());
byte
[]
funcNameBytes
=
Encoding
.
Unicode
.
GetBytes
(
methodName
);
byte
[]
absCodeBytes
=
Encoding
.
Unicode
.
GetBytes
(
abstractCode
);
byte
[]
commitUrlBytes
=
Encoding
.
Unicode
.
GetBytes
(
commitUrl
);
byte
[]
funcBytes
=
Encoding
.
Unicode
.
GetBytes
(
oriFunc
);
string
absCodeBase64
=
Convert
.
ToBase64String
(
absCodeBytes
);
VulnRDS
.
_Vuln
vuln
=
new
VulnRDS
.
_Vuln
()
else
{
LenFunc
=
absCodeBase64
.
Length
,
Cve
=
cve
,
BlockHash
=
VulnAbstractCrawler
.
MD5HashFunc
(
absCodeBase64
),
FuncName
=
Convert
.
ToBase64String
(
funcNameBytes
),
Code
=
Convert
.
ToBase64String
(
funcBytes
),
Url
=
Convert
.
ToBase64String
(
commitUrlBytes
),
};
/* VulnDB에 추가 */
//VulnRDS._InsertVulnData(vuln);
Console
.
BackgroundColor
=
ConsoleColor
.
DarkGreen
;
}
Console
.
WriteLine
(
$
"=====block({block.Num}, {block.HasCritical.ToString()})"
);
Console
.
WriteLine
(
block
.
Code
);
Console
.
ResetColor
();
Console
.
WriteLine
(
$
"AbsCode = \n{block.AbsCode}"
);
Console
.
WriteLine
(
$
"MD5 = {block.Hash}"
);
}
Console
.
ReadLine
();
}
}
else
...
...
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
View file @
6df230d
...
...
@@ -144,6 +144,7 @@ namespace VulnUserCodeAnalyzer
}
static
void
Main
(
string
[]
args
)
{
Console
.
WriteLine
(
"Start: Code Analyze Server"
);
/* 연도별 CVE JSON 파일 로드 */
CVE_JSON
.
AutoLoad
();
/* 크롤러 타입 */
...
...
Please
register
or
login
to post a comment
