노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
이지윤
7f9306c7 1 parent 1fc32f95

VulnRDS : mysql vuln수정, CRUD Func 생성 및 수정

Inline Side-by-side
Showing 2 changed files with 264 additions and 70 deletions
...@@ -29,7 +29,18 @@ namespace VulnCrawler ...@@ -29,7 +29,18 @@ namespace VulnCrawler
29 { 29 {
30 public int UserId { get; set; } = -1;/* 유저 ID */ 30 public int UserId { get; set; } = -1;/* 유저 ID */
31 public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */ 31 public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */
32 - public string VulnId { get; set; } = "NULL"; /* 취약점 vuln ID */ 32 + public int VulnId { get; set; } = -1; /* 취약점 vuln ID */
33 + }
34 + //
35 + public class _Vuln
36 + {
37 + public int VulnId { get; set; } = -1; /* 취약점 ID */
38 + public string Cve { get; set; } = "NULL"; /* 취약점 CVE */
39 + public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */
40 + public int LenFunc { get; set; } = -1; /* 취약점 함수 길이 */
41 + public string Code { get; set; } = "NULL"; /* 취약점 소스 코드 */
42 + public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */
43 + public string Url { get; set; } = "NULL"; /* 취약점 URL */
33 } 44 }
34 //connect 45 //connect
35 public static void Connect(AWS.Account account, string dbName) 46 public static void Connect(AWS.Account account, string dbName)
...@@ -52,19 +63,6 @@ namespace VulnCrawler ...@@ -52,19 +63,6 @@ namespace VulnCrawler
52 public static void InsertVulnData(Vuln vuln) 63 public static void InsertVulnData(Vuln vuln)
53 { 64 {
54 String sql = string.Empty; 65 String sql = string.Empty;
55 - //DB에 취약점 데이터가 이미 있는지 검사
56 - /*
57 -
58 - sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "' and numBlock like '" +vuln.NumBlock + "'" ;
59 - MySqlCommand cmd = new MySqlCommand(sql, Conn);
60 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
61 - //CVE & block num 중복인 경우
62 - if (RecordCount > 0)
63 - {
64 - //추가하지 않음
65 - return;
66 - }
67 - */
68 // vulnId setting (마지막 vulnId +1) 66 // vulnId setting (마지막 vulnId +1)
69 MySqlCommand cmd = null; 67 MySqlCommand cmd = null;
70 68
...@@ -105,23 +103,65 @@ namespace VulnCrawler ...@@ -105,23 +103,65 @@ namespace VulnCrawler
105 } 103 }
106 104
107 } 105 }
106 + public static void _InsertVulnData(_Vuln vuln)
107 + {
108 + String sql = string.Empty;
109 + // vulnId setting (마지막 vulnId +1)
110 + MySqlCommand cmd = null;
111 +
112 + int last_vulnId = 1;
113 + try
114 + {
115 + sql = "select max(vulnId) from vuln_Info";
116 + cmd = new MySqlCommand(sql, Conn);
117 + last_vulnId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1;
118 + }
119 + catch (Exception)
120 + {
121 + last_vulnId = 1;
122 + }
123 +
124 + Retry:
125 +
126 + //DB insert
127 + try
128 + {
129 + cmd = new MySqlCommand();
130 + cmd.Connection = Conn;
131 + //db에 추가
132 + cmd.CommandText = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) VALUES(@vulnId, @cve, @funcName, @lenFunc, @code, @blockHash, @url)";
133 + cmd.Parameters.AddWithValue("@vulnId", last_vulnId);
134 + cmd.Parameters.AddWithValue("@cve", $"'{vuln.Cve}'");
135 + cmd.Parameters.AddWithValue("@funcName", $"'{vuln.FuncName}'");
136 + cmd.Parameters.AddWithValue("@lenFunc", $"'{vuln.LenFunc}'");
137 + cmd.Parameters.AddWithValue("@code", $"'{vuln.Code}'");
138 + cmd.Parameters.AddWithValue("@blockHash", $"'{vuln.BlockHash}'");
139 + cmd.Parameters.AddWithValue("@url", $"'{vuln.Url}'");
140 + cmd.ExecuteNonQuery();
141 + //콘솔출력용
142 + sql = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) " +
143 + $"VALUES({last_vulnId}, {vuln.Cve}, '{vuln.FuncName}', '{vuln.LenFunc}', {vuln.Code},'{vuln.BlockHash}', '{vuln.Url}')";
144 + Console.WriteLine(sql);
145 + }
146 + catch (Exception e)
147 + {
148 + Console.WriteLine(e.ToString());
149 + string es = e.ToString();
150 + if (es.Contains("Connection must be valid and open"))
151 + {
152 + Connect(Account, DbName);
153 + goto Retry;
154 + }
155 + Console.ReadLine();
156 + }
157 + }
108 public static void InsertUserData(User user) 158 public static void InsertUserData(User user)
109 { 159 {
110 Conn.Open(); 160 Conn.Open();
111 String sql = string.Empty; 161 String sql = string.Empty;
112 MySqlCommand cmd = null; 162 MySqlCommand cmd = null;
113 - /* 163 +
114 - //DB에 취약점 데이터가 이미 있는지 검사 164 + //user_id setting
115 - String sql = "select count(*) from vulnInfo where cve like '" + user. + "'";
116 - MySqlCommand cmd = new MySqlCommand(sql, Conn);
117 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
118 - //CVE 중복인 경우
119 - if (RecordCount > 0)
120 - {
121 - Console.WriteLine("이미 cve가 존재함");
122 - }
123 - */
124 - // userId setting (마지막 userId +1)
125 int last_userId = 1; 165 int last_userId = 1;
126 try 166 try
127 { 167 {
...@@ -134,65 +174,218 @@ namespace VulnCrawler ...@@ -134,65 +174,218 @@ namespace VulnCrawler
134 last_userId = 1; 174 last_userId = 1;
135 } 175 }
136 176
137 - //DB insert 177 + Retry:
178 +
179 + //insert
138 try 180 try
139 { 181 {
140 - sql = "INSERT INTO userInfo(userId, repositName, vulnInfo) " + $"VALUES({last_userId}, {user.RepositName}, '{user.VulnId}')"; 182 + cmd = new MySqlCommand();
183 + cmd.Connection = Conn;
184 + //db에 추가
185 + cmd.CommandText = "INSERT INTO userInfo(userId, repositName, vulnId) VALUES(@userId, @repositName, @vulnId)";
186 + cmd.Parameters.AddWithValue("@userId", last_userId);
187 + cmd.Parameters.AddWithValue("@repositName", $"'{user.RepositName}'");
188 + cmd.Parameters.AddWithValue("@vulnInfo", $"'{user.VulnId}'");
189 + cmd.ExecuteNonQuery();
190 + //콘솔출력용
191 + sql = "INSERT INTO userInfo(userId, repositName, vulnId) " + $"VALUES({last_userId},'{user.RepositName}','{user.VulnId}')";
141 Console.WriteLine(sql); 192 Console.WriteLine(sql);
142 - cmd = new MySqlCommand(sql, Conn);
143 - cmd.ExecuteNonQuery();
144 } 193 }
145 catch (Exception e) 194 catch (Exception e)
146 { 195 {
147 - Console.WriteLine(e.StackTrace); 196 + Console.WriteLine(e.ToString());
197 + string es = e.ToString();
198 + if (es.Contains("Connection must be valid and open"))
199 + {
200 + Connect(Account, DbName);
201 + goto Retry;
202 + }
203 + Console.ReadLine();
204 + }
205 + }
206 + public static void UpdateVulnData(int _vulnId, _Vuln vuln) {
207 + String sql = string.Empty;
208 + MySqlCommand cmd = null;
209 +
210 + Retry:
211 +
212 + //DB update
213 + try
214 + {
215 + cmd = new MySqlCommand();
216 + cmd.Connection = Conn;
217 + //해당 vuln Update
218 + cmd.CommandText = "UPDATE vuln_Info SET cve=@cve,funName=@funName,lenFunc=@lenFunc,code=@code,blockHash=@blockHash,url=@url WHERE vulnId=@vunId";
219 + cmd.Parameters.AddWithValue("@vulnId", _vulnId);
220 + cmd.Parameters.AddWithValue("@cve", $"'{vuln.Cve}'");
221 + cmd.Parameters.AddWithValue("@funcName", $"'{vuln.FuncName}'");
222 + cmd.Parameters.AddWithValue("@lenFunc", $"'{vuln.LenFunc}'");
223 + cmd.Parameters.AddWithValue("@code", $"'{vuln.Code}'");
224 + cmd.Parameters.AddWithValue("@blockHash", $"'{vuln.BlockHash}'");
225 + cmd.Parameters.AddWithValue("@url", $"'{vuln.Url}'");
226 + cmd.ExecuteNonQuery();
227 + //콘솔출력용
228 + sql = "UPDATE vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) " +
229 + $"VALUES({_vulnId}, {vuln.Cve}, '{vuln.FuncName}', '{vuln.LenFunc}', {vuln.Code},'{vuln.BlockHash}', '{vuln.Url}')";
230 + Console.WriteLine(sql);
231 + }
232 + catch (Exception e)
233 + {
234 + Console.WriteLine(e.ToString());
235 + string es = e.ToString();
236 + if (es.Contains("Connection must be valid and open"))
237 + {
238 + Connect(Account, DbName);
239 + goto Retry;
240 + }
241 + Console.ReadLine();
148 } 242 }
243 + return;
149 } 244 }
150 - public static Vuln SearchVulnCve(int _vulnId) 245 + public static void UpdateUserData(int _userId, User user)
151 { 246 {
152 - Vuln vuln = new Vuln(); 247 + String sql = string.Empty;
153 - //특정 cve 가 있는지 검사 248 + MySqlCommand cmd = null;
154 - String sql = "select * from vulnInfo where cve like '" + _vulnId + "'"; 249 +
155 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 250 + Retry:
156 - MySqlDataReader rdr = cmd.ExecuteReader(); 251 +
157 - while (rdr.Read()) 252 + //DB update
158 - { 253 + try
159 - vuln.VulnId = Convert.ToInt32(rdr["vulnId"]); 254 + {
160 - vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]); 255 + cmd = new MySqlCommand();
161 - vuln.Cve = Convert.ToString(rdr["cve"]); 256 + cmd.Connection = Conn;
162 - vuln.FuncName = Convert.ToString(rdr["funcName"]); 257 + //해당 user Update
163 - vuln.NumBlock = Convert.ToInt32(rdr["numBlock"]); 258 + cmd.CommandText = "UPDATE userInfo SET repositName=@repositName, vulnId=@vulnId WHERE userId=@userId";
164 - vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]); 259 + cmd.Parameters.AddWithValue("@userId", _userId);
165 - vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]); 260 + cmd.Parameters.AddWithValue("@repositName", $"'{user.RepositName}'");
166 - vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ; 261 + cmd.Parameters.AddWithValue("@vulnId", $"'{user.VulnId}'");
167 - vuln.CodeAbsAfter = Convert.ToString(rdr["codeAbsAfter"]); 262 +
168 - vuln.BlockHash = Convert.ToString(rdr["blockHash"]); 263 + cmd.ExecuteNonQuery();
264 + //콘솔출력용
265 + sql = "UPDATE userInfo(userId, repositName, vulnId) " +
266 + $"VALUES({_userId}, '{user.RepositName}', '{user.VulnId}')";
267 + Console.WriteLine(sql);
169 } 268 }
170 - return vuln; 269 + catch (Exception e)
270 + {
271 + Console.WriteLine(e.ToString());
272 + string es = e.ToString();
273 + if (es.Contains("Connection must be valid and open"))
274 + {
275 + Connect(Account, DbName);
276 + goto Retry;
277 + }
278 + Console.ReadLine();
279 + }
280 + return;
171 } 281 }
282 + public static _Vuln SelectVulnData(int _vulnId) {
283 + _Vuln vuln = new _Vuln();
284 + String sql = string.Empty;
285 + MySqlCommand cmd = new MySqlCommand();
286 + cmd.Connection = Conn;
287 + cmd.CommandText = "SELECT * FROM vuln_Info";
172 288
173 - public static bool CheckVulnData(int _vulnId) 289 + System.Data.DataSet ds = new System.Data.DataSet();
290 + MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM userInfo", Conn);
291 + da.Fill(ds);
292 +
293 + //vuln에 입력
294 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
295 + {
296 + vuln.VulnId = Convert.ToInt32(row["vulnId"]);
297 + vuln.Cve = Convert.ToString(row["cve"]);
298 + vuln.FuncName = Convert.ToString(row["funcName"]);
299 + vuln.LenFunc = Convert.ToInt32(row["lenFunc"]);
300 + vuln.Code = Convert.ToString(row["code"]);
301 + vuln.BlockHash = Convert.ToString(row["blockHash"]);
302 + vuln.Url = Convert.ToString(row["url"]);
303 + }
304 + //해당 vuln 반환
305 + return vuln;
306 + }
307 + public static User SelectUserData(int _userId)
174 { 308 {
175 - string sql = "select count(*) from vulnInfo where vulnId like '" + _vulnId+ "'"; 309 + User user = new User();
176 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 310 + String sql = string.Empty;
177 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 311 + MySqlCommand cmd = new MySqlCommand();
178 - if (RecordCount > 0) 312 + cmd.Connection = Conn;
179 - return true; 313 + cmd.CommandText = "SELECT * FROM userInfo";
180 - else 314 +
181 - return false; 315 + //해당 user 찾음
316 + System.Data.DataSet ds = new System.Data.DataSet();
317 + MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM userInfo", Conn);
318 + da.Fill(ds);
319 +
320 + //user에 입력
321 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
322 + {
323 + user.VulnId = Convert.ToInt32(row["vulnId"]);
324 + user.RepositName = Convert.ToString(row["repositName"]);
325 + user.UserId = Convert.ToInt32(row["userId"]);
326 + }
327 + //해당 user 반환
328 + return user;
329 + }
330 + public static void DeleteVulnData(int _vulnId) {
331 + String sql = string.Empty;
332 + MySqlCommand cmd = null;
333 +
334 + Retry:
335 +
336 + //DB insert
337 + try
338 + {
339 + cmd = new MySqlCommand();
340 + cmd.Connection = Conn;
341 + cmd.CommandText = "DELETE FROM vuln_Info WHERE vulnId=@vulnId";
342 + cmd.Parameters.AddWithValue("@vulnId", _vulnId);
343 + cmd.ExecuteNonQuery();
344 + //콘솔출력용
345 + sql = "DELETE FROM vuln_Info WHERE vulnId="+ _vulnId;
346 + Console.WriteLine(sql);
347 + }
348 + catch (Exception e)
349 + {
350 + Console.WriteLine(e.ToString());
351 + string es = e.ToString();
352 + if (es.Contains("Connection must be valid and open"))
353 + {
354 + Connect(Account, DbName);
355 + goto Retry;
356 + }
357 + Console.ReadLine();
358 + }
182 } 359 }
183 - public static bool CheckUserData(int _userId) 360 + public static void DeleteUserData(int _userId)
184 { 361 {
185 - string sql = "select count(*) from userInfo where vulnId like '" + _userId + "'"; 362 + String sql = string.Empty;
186 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 363 + MySqlCommand cmd = null;
187 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 364 +
188 - if (RecordCount > 0) 365 + Retry:
189 - return true; 366 +
190 - else 367 + try
191 - return false; 368 + {
369 + cmd = new MySqlCommand();
370 + cmd.Connection = Conn;
371 + cmd.CommandText = "DELETE FROM userInfo WHERE userId=@userId";
372 + cmd.Parameters.AddWithValue("@userId", _userId);
373 + cmd.ExecuteNonQuery();
374 + //콘솔출력용
375 + sql = "DELETE FROM userInfo WHERE userId=" + _userId;
376 + Console.WriteLine(sql);
377 + }
378 + catch (Exception e)
379 + {
380 + Console.WriteLine(e.ToString());
381 + string es = e.ToString();
382 + if (es.Contains("Connection must be valid and open"))
383 + {
384 + Connect(Account, DbName);
385 + goto Retry;
386 + }
387 + Console.ReadLine();
388 + }
192 } 389 }
193 - //public static IEnumerable<string> SearchVulnData(int _len)
194 - //{
195 - //
196 - //}
197 } 390 }
198 } 391 }
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -28,6 +28,7 @@ namespace VulnCrawler ...@@ -28,6 +28,7 @@ namespace VulnCrawler
28 continue; 28 continue;
29 } 29 }
30 foreach (var parent in commit.Parents) { 30 foreach (var parent in commit.Parents) {
31 +
31 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 32 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴
32 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); 33 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree);
33 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 34 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴
......