노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
이경수
d7897d5f 2 parents f9b44bd6 481a43a6

Merge branch 'master' of https://github.com/yhackerbv/VulnNottiProject

Inline Side-by-side
Showing 22 changed files with 904 additions and 153 deletions
1 -<?xml version="1.0" encoding="utf-8"?> 1 +<?xml version="1.0" encoding="utf-8"?>
2 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> 2 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" /> 3 <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
4 <PropertyGroup> 4 <PropertyGroup>
5 <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration> 5 <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
6 <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform> 6 <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
7 - <ProjectGuid>8b3ec7f4-6106-4f2f-9a57-d10e4bbd93e8</ProjectGuid> 7 + <ProjectGuid>{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}</ProjectGuid>
8 <OutputType>Library</OutputType> 8 <OutputType>Library</OutputType>
9 <AppDesignerFolder>Properties</AppDesignerFolder> 9 <AppDesignerFolder>Properties</AppDesignerFolder>
10 <RootNamespace>AWS_Center</RootNamespace> 10 <RootNamespace>AWS_Center</RootNamespace>
...@@ -30,24 +30,19 @@ ...@@ -30,24 +30,19 @@
30 <WarningLevel>4</WarningLevel> 30 <WarningLevel>4</WarningLevel>
31 </PropertyGroup> 31 </PropertyGroup>
32 <ItemGroup> 32 <ItemGroup>
33 - <Reference Include="System"/> 33 + <Reference Include="MySql.Data, Version=8.0.11.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" />
34 - 34 + <Reference Include="System" />
35 - <Reference Include="System.Core"/> 35 + <Reference Include="System.Core" />
36 - <Reference Include="System.Xml.Linq"/> 36 + <Reference Include="System.Xml.Linq" />
37 - <Reference Include="System.Data.DataSetExtensions"/> 37 + <Reference Include="System.Data.DataSetExtensions" />
38 - 38 + <Reference Include="Microsoft.CSharp" />
39 - 39 + <Reference Include="System.Data" />
40 - <Reference Include="Microsoft.CSharp"/> 40 + <Reference Include="System.Net.Http" />
41 - 41 + <Reference Include="System.Xml" />
42 - <Reference Include="System.Data"/>
43 -
44 - <Reference Include="System.Net.Http"/>
45 -
46 - <Reference Include="System.Xml"/>
47 </ItemGroup> 42 </ItemGroup>
48 <ItemGroup> 43 <ItemGroup>
49 <Compile Include="Class1.cs" /> 44 <Compile Include="Class1.cs" />
50 <Compile Include="Properties\AssemblyInfo.cs" /> 45 <Compile Include="Properties\AssemblyInfo.cs" />
51 </ItemGroup> 46 </ItemGroup>
52 <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> 47 <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
53 - </Project> 48 +</Project>
...\ No newline at end of file ...\ No newline at end of file
......
1 +
2 +Microsoft Visual Studio Solution File, Format Version 12.00
3 +# Visual Studio 15
4 +VisualStudioVersion = 15.0.27428.2037
5 +MinimumVisualStudioVersion = 10.0.40219.1
6 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AWS_Center", "AWS_Center.csproj", "{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}"
7 +EndProject
8 +Global
9 + GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 + Debug|Any CPU = Debug|Any CPU
11 + Release|Any CPU = Release|Any CPU
12 + EndGlobalSection
13 + GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 + {8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 + {8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 + {8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 + {8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Release|Any CPU.Build.0 = Release|Any CPU
18 + EndGlobalSection
19 + GlobalSection(SolutionProperties) = preSolution
20 + HideSolutionNode = FALSE
21 + EndGlobalSection
22 + GlobalSection(ExtensibilityGlobals) = postSolution
23 + SolutionGuid = {EEBEFAA7-7268-4494-ADAF-291BB2AF8588}
24 + EndGlobalSection
25 +EndGlobal
...@@ -3,7 +3,7 @@ using System.Collections.Generic; ...@@ -3,7 +3,7 @@ using System.Collections.Generic;
3 using System.Linq; 3 using System.Linq;
4 using System.Text; 4 using System.Text;
5 using System.Threading.Tasks; 5 using System.Threading.Tasks;
6 - 6 +using MySql.Data.MySqlClient;
7 7
8 // 참고(C# mysql 연결) 8 // 참고(C# mysql 연결)
9 #region MySql 연결 9 #region MySql 연결
...@@ -40,6 +40,8 @@ namespace AWS_Center ...@@ -40,6 +40,8 @@ namespace AWS_Center
40 { 40 {
41 public static class VulnRDS 41 public static class VulnRDS
42 { 42 {
43 + public static MySqlConnection Conn { get; set; }
44 +
43 public class Vuln 45 public class Vuln
44 { 46 {
45 public int Len { get; set; } /* 발견된 취약점 함수 PreFunc 부분의 코드 길이 */ 47 public int Len { get; set; } /* 발견된 취약점 함수 PreFunc 부분의 코드 길이 */
...@@ -54,10 +56,30 @@ namespace AWS_Center ...@@ -54,10 +56,30 @@ namespace AWS_Center
54 // 생성자 56 // 생성자
55 public Vuln() 57 public Vuln()
56 { 58 {
57 - 59 +
60 +
58 } 61 }
59 62
60 - 63 +
64 + }
65 +
66 + //connect
67 + public static void Connect()
68 + {
69 + MySqlConnectionStringBuilder builder = new MySqlConnectionStringBuilder()
70 + {
71 + Server = "vulndb.cby38wfppa7l.us-east-2.rds.amazonaws.com",
72 + UserID = "yhackerbv",
73 + Password = "guswhd12",
74 + Database = "vuln",
75 + Port = 3306,
76 + };
77 + string strConn = builder.ToString();
78 + builder = null;
79 + Conn = new MySqlConnection(strConn);
80 +
81 +
82 +
61 } 83 }
62 public static void InsertVulnData(int _len, string _repoName, string _cve, string _funcName, 84 public static void InsertVulnData(int _len, string _repoName, string _cve, string _funcName,
63 string _preFunc, string _afterFunc, string _hash) 85 string _preFunc, string _afterFunc, string _hash)
...@@ -66,11 +88,16 @@ namespace AWS_Center ...@@ -66,11 +88,16 @@ namespace AWS_Center
66 * DB에 취약점 데이터가 이미 있는지 검사해야함 88 * DB에 취약점 데이터가 이미 있는지 검사해야함
67 * 89 *
68 */ 90 */
69 - }
70 91
71 - public static IEnumerable<string> SearchVulnData(int _len) 92 + Conn.Open();
72 - { 93 +
94 +
73 95
74 } 96 }
97 +
98 + //public static IEnumerable<string> SearchVulnData(int _len)
99 + //{
100 + //
101 + //}
75 } 102 }
76 } 103 }
......
1 +<?xml version="1.0" encoding="utf-8" ?>
2 +<configuration>
3 + <startup>
4 + <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
5 + </startup>
6 +</configuration>
...\ No newline at end of file ...\ No newline at end of file
1 +using System;
2 +using System.Collections.Generic;
3 +using System.Linq;
4 +using System.Text;
5 +using System.Threading.Tasks;
6 +using MySql.Data.MySqlClient;
7 +
8 +namespace Tester
9 +{
10 + class Program
11 + {
12 + static void Main(string[] args)
13 + {
14 +
15 +
16 + }
17 + }
18 +}
19 +
20 +
21 +namespace AWS_Center
22 +{
23 + public static class VulnRDS
24 + {
25 + public static MySqlConnection Conn { get; set; }
26 +
27 + public class Vuln
28 + {
29 + public int VulnId { get; set; } /* 취약점 ID */
30 + public int LenBlock { get; set; } /* 취약점 BLOCK 길이 */
31 + public string RepositName { get; set; } /* 취약점 레파지토리 이름 */
32 + public string Cve { get; set; } /* 취약점 CVE */
33 + public string FuncName { get; set; } /* 취약점 함수 이름 */
34 + public string Language { get; set; } /* 취약점 언어 종류 */
35 + public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */
36 + public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */
37 + public string CodeAbsBefore { get; set; } /* 취약점 패치 전 추상화 코드 */
38 + public string CodeAbsAfter { get; set; } /* 취약점 패치 후 추상화 코드 */
39 + public string BlockHash { get; set; } /* 취약점 블록 해시 값 */
40 + // 생성자
41 + public Vuln()
42 + {
43 +
44 +
45 + }
46 + }
47 +
48 + public class User
49 + {
50 + public int UserId { get; set; } /* 유저 ID */
51 + public string RepositName { get; set; } /* 유저 레파지토리 이름 */
52 + public string Cve { get; set; } /* 취약점 CVE */
53 + public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */
54 + public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */
55 + public string FuncName { get; set; } /* 취약점 함수 이름 */
56 + public string DetectDate { get; set; } /* 검사 날짜 */
57 + // 생성자
58 + public User()
59 + {
60 +
61 +
62 + }
63 +
64 + }
65 + //connect
66 + public static void Connect()
67 + {
68 + MySqlConnectionStringBuilder builder = new MySqlConnectionStringBuilder()
69 + {
70 + Server = "vulndb.cby38wfppa7l.us-east-2.rds.amazonaws.com",
71 + UserID = "yhackerbv",
72 + Password = "guswhd12",
73 + Database = "vuln",
74 + Port = 3306,
75 + };
76 + string strConn = builder.ToString();
77 + builder = null;
78 + Conn = new MySqlConnection(strConn);
79 + }
80 + public static void InsertVulnData(Vuln vuln)
81 + {
82 + /*
83 + * DB에 취약점 데이터가 이미 있는지 검사해야함
84 + *
85 + */
86 +
87 + Conn.Open();
88 +
89 + }
90 +
91 + //public static IEnumerable<string> SearchVulnData(int _len)
92 + //{
93 + //
94 + //}
95 + }
96 +}
1 +using System.Reflection;
2 +using System.Runtime.CompilerServices;
3 +using System.Runtime.InteropServices;
4 +
5 +// 어셈블리에 대한 일반 정보는 다음 특성 집합을 통해
6 +// 제어됩니다. 어셈블리와 관련된 정보를 수정하려면
7 +// 이러한 특성 값을 변경하세요.
8 +[assembly: AssemblyTitle("Tester")]
9 +[assembly: AssemblyDescription("")]
10 +[assembly: AssemblyConfiguration("")]
11 +[assembly: AssemblyCompany("")]
12 +[assembly: AssemblyProduct("Tester")]
13 +[assembly: AssemblyCopyright("Copyright © 2018")]
14 +[assembly: AssemblyTrademark("")]
15 +[assembly: AssemblyCulture("")]
16 +
17 +// ComVisible을 false로 설정하면 이 어셈블리의 형식이 COM 구성 요소에
18 +// 표시되지 않습니다. COM에서 이 어셈블리의 형식에 액세스하려면
19 +// 해당 형식에 대해 ComVisible 특성을 true로 설정하세요.
20 +[assembly: ComVisible(false)]
21 +
22 +// 이 프로젝트가 COM에 노출되는 경우 다음 GUID는 typelib의 ID를 나타냅니다.
23 +[assembly: Guid("ac204ded-c47f-46fe-b357-01c71849ea76")]
24 +
25 +// 어셈블리의 버전 정보는 다음 네 가지 값으로 구성됩니다.
26 +//
27 +// 주 버전
28 +// 부 버전
29 +// 빌드 번호
30 +// 수정 버전
31 +//
32 +// 모든 값을 지정하거나 아래와 같이 '*'를 사용하여 빌드 번호 및 수정 번호가 자동으로
33 +// 지정되도록 할 수 있습니다.
34 +// [assembly: AssemblyVersion("1.0.*")]
35 +[assembly: AssemblyVersion("1.0.0.0")]
36 +[assembly: AssemblyFileVersion("1.0.0.0")]
1 +<?xml version="1.0" encoding="utf-8"?>
2 +<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 + <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
4 + <PropertyGroup>
5 + <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
6 + <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
7 + <ProjectGuid>{AC204DED-C47F-46FE-B357-01C71849EA76}</ProjectGuid>
8 + <OutputType>Exe</OutputType>
9 + <RootNamespace>Tester</RootNamespace>
10 + <AssemblyName>Tester</AssemblyName>
11 + <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
12 + <FileAlignment>512</FileAlignment>
13 + <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
14 + </PropertyGroup>
15 + <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 + <PlatformTarget>AnyCPU</PlatformTarget>
17 + <DebugSymbols>true</DebugSymbols>
18 + <DebugType>full</DebugType>
19 + <Optimize>false</Optimize>
20 + <OutputPath>bin\Debug\</OutputPath>
21 + <DefineConstants>DEBUG;TRACE</DefineConstants>
22 + <ErrorReport>prompt</ErrorReport>
23 + <WarningLevel>4</WarningLevel>
24 + </PropertyGroup>
25 + <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 + <PlatformTarget>AnyCPU</PlatformTarget>
27 + <DebugType>pdbonly</DebugType>
28 + <Optimize>true</Optimize>
29 + <OutputPath>bin\Release\</OutputPath>
30 + <DefineConstants>TRACE</DefineConstants>
31 + <ErrorReport>prompt</ErrorReport>
32 + <WarningLevel>4</WarningLevel>
33 + </PropertyGroup>
34 + <ItemGroup>
35 + <Reference Include="MySql.Data, Version=8.0.11.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" />
36 + <Reference Include="System" />
37 + <Reference Include="System.Core" />
38 + <Reference Include="System.Xml.Linq" />
39 + <Reference Include="System.Data.DataSetExtensions" />
40 + <Reference Include="Microsoft.CSharp" />
41 + <Reference Include="System.Data" />
42 + <Reference Include="System.Net.Http" />
43 + <Reference Include="System.Xml" />
44 + </ItemGroup>
45 + <ItemGroup>
46 + <Compile Include="Program.cs" />
47 + <Compile Include="Properties\AssemblyInfo.cs" />
48 + </ItemGroup>
49 + <ItemGroup>
50 + <None Include="App.config" />
51 + </ItemGroup>
52 + <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
53 +</Project>
...\ No newline at end of file ...\ No newline at end of file
...@@ -66,16 +66,17 @@ namespace VulnCrawler ...@@ -66,16 +66,17 @@ namespace VulnCrawler
66 } 66 }
67 public static void Run() { 67 public static void Run() {
68 // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) 68 // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록)
69 +
69 70
70 // var fields = VulnWorker.GetCriticalVariant(@"return _is_safe_url(url, host) and _is_safe_url(url.replace('\\', '/'), host)"); 71 // var fields = VulnWorker.GetCriticalVariant(@"return _is_safe_url(url, host) and _is_safe_url(url.replace('\\', '/'), host)");
71 var c = new VulnC(); 72 var c = new VulnC();
72 - var fields = c.ExtractCriticalVariant(@"!DoReadFile (infile, &ds64_chunk, sizeof (DS64Chunk), &bcount) ||/* aaaa */"); 73 + var fields = c.ExtractCriticalVariant(@"if (s->session->peer != s->session->sess_cert->peer_key->x509)");
73 foreach (var item in fields) 74 foreach (var item in fields)
74 { 75 {
75 Console.WriteLine(item); 76 Console.WriteLine(item);
76 } 77 }
77 // return; 78 // return;
78 - var directorys = Directory.GetDirectories(@"c:\VulnPy"); 79 + var directorys = Directory.GetDirectories(@"c:\VulnC");
79 if (directorys.Length == 0) { 80 if (directorys.Length == 0) {
80 Console.WriteLine("Repository 목록 찾기 실패"); 81 Console.WriteLine("Repository 목록 찾기 실패");
81 return; 82 return;
...@@ -83,7 +84,7 @@ namespace VulnCrawler ...@@ -83,7 +84,7 @@ namespace VulnCrawler
83 // Repository 목록 만큼 반복함. 84 // Repository 목록 만큼 반복함.
84 foreach (var directory in directorys) { 85 foreach (var directory in directorys) {
85 // 템플릿 패턴화 T : VulnAbstractCrawler 86 // 템플릿 패턴화 T : VulnAbstractCrawler
86 - VulnWorker.Run<VulnPython>(directory); 87 + VulnWorker.Run<VulnC>(directory);
87 } 88 }
88 } 89 }
89 90
......
...@@ -10,14 +10,23 @@ using System.Threading.Tasks; ...@@ -10,14 +10,23 @@ using System.Threading.Tasks;
10 10
11 namespace VulnCrawler 11 namespace VulnCrawler
12 { 12 {
13 +
13 // 추상 클래스 14 // 추상 클래스
14 public abstract class VulnAbstractCrawler 15 public abstract class VulnAbstractCrawler
15 { 16 {
17 + public class Block
18 + {
19 + public int Num { get; set; }
20 + public bool HasCritical { get; set; }
21 + public string Code { get; set; }
22 + public string Hash { get; set; }
23 + public IEnumerable<string> CriticalList { get; set; }
16 24
25 + }
26 + protected Regex extractMethodLine;
17 protected HashSet<string> ReservedList { get; } 27 protected HashSet<string> ReservedList { get; }
18 protected abstract string ReservedFileName { get; } 28 protected abstract string ReservedFileName { get; }
19 // = { "if", "return", "break", "while", "typedef" }; 29 // = { "if", "return", "break", "while", "typedef" };
20 -
21 /// <summary> 30 /// <summary>
22 /// 생성자 31 /// 생성자
23 /// 경로를 입력받아서(path) 32 /// 경로를 입력받아서(path)
...@@ -25,34 +34,28 @@ namespace VulnCrawler ...@@ -25,34 +34,28 @@ namespace VulnCrawler
25 /// 커밋 목록을 검색함 34 /// 커밋 목록을 검색함
26 /// </summary> 35 /// </summary>
27 /// <param name="path"></param> 36 /// <param name="path"></param>
28 - public VulnAbstractCrawler() { 37 + public VulnAbstractCrawler()
38 + {
39 + extractMethodLine = new Regex(RegexFuncPattern);
29 ReservedList = new HashSet<string>(); 40 ReservedList = new HashSet<string>();
30 LoadReservedList(); 41 LoadReservedList();
31 -
32 } 42 }
33 -
34 -
35 // 소멸자 43 // 소멸자
36 ~VulnAbstractCrawler() { 44 ~VulnAbstractCrawler() {
37 -
38 Repository?.Dispose(); 45 Repository?.Dispose();
39 -
40 } 46 }
41 -
42 private void LoadReservedList() 47 private void LoadReservedList()
43 { 48 {
44 try 49 try
45 { 50 {
46 var lines = File.ReadLines(ReservedFileName, Encoding.Default); 51 var lines = File.ReadLines(ReservedFileName, Encoding.Default);
47 foreach (var item in lines) 52 foreach (var item in lines)
48 - { 53 + {
49 -
50 if (string.IsNullOrWhiteSpace(item)) 54 if (string.IsNullOrWhiteSpace(item))
51 { 55 {
52 continue; 56 continue;
53 } 57 }
54 - ReservedList.Add(item); 58 + ReservedList.Add(item);
55 -
56 } 59 }
57 } 60 }
58 catch(FileNotFoundException) 61 catch(FileNotFoundException)
...@@ -61,7 +64,6 @@ namespace VulnCrawler ...@@ -61,7 +64,6 @@ namespace VulnCrawler
61 } 64 }
62 } 65 }
63 protected virtual Regex MethodExtractor => new Regex(RegexFuncPattern); 66 protected virtual Regex MethodExtractor => new Regex(RegexFuncPattern);
64 -
65 #region 메서드 패턴 정규식 그룹 67 #region 메서드 패턴 정규식 그룹
66 // 정규식 그룹화 68 // 정규식 그룹화
67 // @@ -oldStart,oldLines +newStart,newLines @@ MethodName(): 69 // @@ -oldStart,oldLines +newStart,newLines @@ MethodName():
...@@ -73,7 +75,9 @@ namespace VulnCrawler ...@@ -73,7 +75,9 @@ namespace VulnCrawler
73 #endregion 75 #endregion
74 76
75 public void Init(string path) { 77 public void Init(string path) {
78 + Console.WriteLine("로딩중");
76 Repository = new Repository(path); 79 Repository = new Repository(path);
80 + Console.WriteLine("로딩 완료");
77 Commits = SearchCommits(); 81 Commits = SearchCommits();
78 } 82 }
79 /// <summary> 83 /// <summary>
...@@ -88,7 +92,7 @@ namespace VulnCrawler ...@@ -88,7 +92,7 @@ namespace VulnCrawler
88 /// <summary> 92 /// <summary>
89 /// 커밋에서 검색할 정규식 문자열 93 /// 커밋에서 검색할 정규식 문자열
90 /// </summary> 94 /// </summary>
91 - public string SearchCommitPattern => @"CVE-20\d\d-\d{4}"; 95 + public string SearchCommitPattern => @"CVE[ -]\d{4}[ -]\d{4}";
92 /// <summary> 96 /// <summary>
93 /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 97 /// 패치 코드에서 함수 찾을 정규식 패턴 문자열
94 /// </summary> 98 /// </summary>
...@@ -112,21 +116,170 @@ namespace VulnCrawler ...@@ -112,21 +116,170 @@ namespace VulnCrawler
112 /// <returns>함수 문자열</returns> 116 /// <returns>함수 문자열</returns>
113 protected abstract string GetOriginalFunc(Stream oldStream, string methodName); 117 protected abstract string GetOriginalFunc(Stream oldStream, string methodName);
114 118
119 + protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList);
120 + /// <summary>
121 + /// 성능 개선을 위한
122 + /// 코드 라인 위치 기반 취약 원본 함수 추출 테스트용 함수 곧 삭제 예정
123 + /// </summary>
124 + public string GetOriginalFuncTest(Stream oldStream, string methodName, int start)
125 + {
126 + StringBuilder oldBuilder = new StringBuilder();
127 +
128 + using (var reader = new StreamReader(oldStream))
129 + {
130 +
131 +
132 + bool found = false;
133 + bool found2 = false;
134 + bool commentLine = false;
135 + int bracketCount = -1;
136 + string stringPattern = @"[""].*[""]";
137 + string commentPattern = @"\/\*.+\*\/";
138 + string commentPattern2 = @"\/\*";
139 + string commentPattern3 = @"\*\/";
140 + int readCount = 0;
141 + Queue<string> tempQ = new Queue<string>();
142 + while (!reader.EndOfStream)
143 + {
144 + string line = reader.ReadLine();
145 +
146 +
147 + if (readCount++ < start)
148 + {
149 + tempQ.Enqueue(line);
150 + continue;
151 + }
152 + Stack<string> tempStack = new Stack<string>();
153 + while (tempQ.Count > 0)
154 + {
155 + string s = tempQ.Dequeue();
156 + tempStack.Push(s);
157 + string method = Regex.Escape(methodName);
158 + if (Regex.Match(s, $"{method}").Success)
159 + {
160 +
161 + break;
162 + }
163 + }
164 +
165 + while (tempStack.Count > 0)
166 + {
167 + string s = tempStack.Pop();
168 + string trim = s.Trim();
169 +
170 + if (commentLine)
171 + {
172 + if (Regex.IsMatch(trim, commentPattern3))
173 + {
174 + commentLine = false;
175 + trim = Regex.Split(trim, commentPattern3)[1];
176 + }
177 + continue;
178 + }
179 +
180 +
181 + string removeString = Regex.Replace(trim, stringPattern, "");
182 +
183 + // /* ~ 패턴
184 + if (Regex.IsMatch(trim, commentPattern2))
185 + {
186 +
187 + // /* ~ */ 패턴이 아닌 경우
188 + if (!Regex.IsMatch(trim, commentPattern))
189 + {
190 + commentLine = true;
191 + }
192 + trim = Regex.Split(trim, "/*")[0];
193 +
194 + }
195 + if (string.IsNullOrWhiteSpace(trim))
196 + {
197 + continue;
198 + }
199 +
200 + int openBracketCount = removeString.Count(c => c == '{');
201 + int closeBracketCount = removeString.Count(c => c == '}');
202 + int subtract = openBracketCount - closeBracketCount;
203 + bracketCount += subtract;
204 + // 메서드 시작 괄호 찾은 경우
205 + if (found2)
206 + {
207 + // 괄호가 모두 닫혔으니 종료
208 + if (bracketCount < 0)
209 + {
210 + Console.WriteLine("괄호끝");
211 + break;
212 + }
213 + // oldBuilder.AppendLine(line);
214 + }
215 + else
216 + {
217 + if (openBracketCount > 0)
218 + {
219 + found2 = true;
220 + }
221 +
222 + }
223 + oldBuilder.AppendLine(s);
224 + }
225 +
226 +
227 + }
228 +
229 + }
230 + Console.WriteLine("찾음");
231 + Console.WriteLine(oldBuilder.ToString());
232 + Console.ReadLine();
233 +
234 + return oldBuilder.ToString();
235 + }
236 +
237 +
238 + public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode);
115 239
116 /// <summary> 240 /// <summary>
117 - /// 실제 프로세스 241 + /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출
118 /// </summary> 242 /// </summary>
119 - /// <param name="oldStream"></param> 243 + /// <param name="oldBlob">패치 전 파일 Blob</param>
120 - /// <param name="methodName"></param> 244 + /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param>
121 /// <returns></returns> 245 /// <returns></returns>
122 - public virtual (string originalFunc, string hash) Process(Stream oldStream, string methodName) { 246 + public virtual IEnumerable<(string methodName, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) {
123 - // 패치 전 원본 함수 구하고 247 + foreach (var item in table)
124 - string func = GetOriginalFunc(oldStream, methodName); 248 + {
125 - // 주석 제거하고 249 + // 메서드 이름
126 - func = RemoveComment(func); 250 + string methodName = item.Key;
127 - // 해쉬하고 251 + // 패치 전 원본 파일 스트림
128 - string md5 = MD5HashFunc(func); 252 + Stream oldStream = oldBlob.GetContentStream();
129 - return (func, md5); 253 + // 패치 전 원본 함수 구하고
254 + string func = GetOriginalFunc(oldStream, methodName);
255 + Console.WriteLine(func);
256 + string bs = string.Empty;
257 + string md5 = string.Empty;
258 + if (item.Value.Count() != 0)
259 + {
260 + Console.WriteLine("크리티컬 변수 목록");
261 + Console.ForegroundColor = ConsoleColor.Cyan;
262 + foreach (var c in item.Value)
263 + {
264 + Console.WriteLine(c);
265 + }
266 + Console.ResetColor();
267 + Console.WriteLine("-------------------");
268 + // 크리티컬 블록 추출
269 + var blocks = GetCriticalBlocks(func, item.Value).ToList();
270 + if (blocks == null)
271 + {
272 + continue;
273 + }
274 + foreach (var block in blocks)
275 + {
276 + block.Hash = MD5HashFunc(block.Code);
277 + block.CriticalList = item.Value;
278 + }
279 + yield return (methodName, blocks);
280 + }
281 +
282 + }
130 } 283 }
131 /// <summary> 284 /// <summary>
132 /// 주석 제거 함수 285 /// 주석 제거 함수
...@@ -142,6 +295,7 @@ namespace VulnCrawler ...@@ -142,6 +295,7 @@ namespace VulnCrawler
142 /// <returns>커밋 목록</returns> 295 /// <returns>커밋 목록</returns>
143 public virtual IEnumerable<Commit> SearchCommits() { 296 public virtual IEnumerable<Commit> SearchCommits() {
144 // where => 조건에 맞는 것을 찾음(CVE-20\d\d-\d{4}로 시작하는 커밋만 골라냄) 297 // where => 조건에 맞는 것을 찾음(CVE-20\d\d-\d{4}로 시작하는 커밋만 골라냄)
298 + Console.WriteLine(Repository.Commits.Count());
145 var commits = Repository.Commits 299 var commits = Repository.Commits
146 .Where(c => Regex.Match(c.Message, SearchCommitPattern, RegexOptions.IgnoreCase).Success) 300 .Where(c => Regex.Match(c.Message, SearchCommitPattern, RegexOptions.IgnoreCase).Success)
147 .ToList(); 301 .ToList();
...@@ -183,7 +337,7 @@ namespace VulnCrawler ...@@ -183,7 +337,7 @@ namespace VulnCrawler
183 // 메서드 정규식 패턴 337 // 메서드 정규식 패턴
184 string methodPattern = @"([a-zA-Z0-9_\.]+)\s*\("; 338 string methodPattern = @"([a-zA-Z0-9_\.]+)\s*\(";
185 // 변수 정규식 패턴 339 // 변수 정규식 패턴
186 - string fieldPattern = @"^*?[a-zA-Z0-9_\.\[\]]+"; 340 + string fieldPattern = @"^*?[a-zA-Z0-9_\.\[\]\-\>]+";
187 341
188 string invalidPattern = @"^[\d\.]+"; 342 string invalidPattern = @"^[\d\.]+";
189 343
...@@ -216,11 +370,11 @@ namespace VulnCrawler ...@@ -216,11 +370,11 @@ namespace VulnCrawler
216 var method = met as Match; 370 var method = met as Match;
217 if (method.Success) 371 if (method.Success)
218 { 372 {
219 - Console.WriteLine(method.Groups[1].Value); 373 + // Console.WriteLine(method.Groups[1].Value);
220 methodSets.Add(method.Groups[1].Value); // aaaa 374 methodSets.Add(method.Groups[1].Value); // aaaa
221 } 375 }
222 } 376 }
223 - Console.WriteLine("----"); 377 + // Console.WriteLine("----");
224 var vars = Regex.Matches(line, fieldPattern) 378 var vars = Regex.Matches(line, fieldPattern)
225 .Cast<Match>() 379 .Cast<Match>()
226 .Where(m => { 380 .Where(m => {
...@@ -243,6 +397,12 @@ namespace VulnCrawler ...@@ -243,6 +397,12 @@ namespace VulnCrawler
243 { 397 {
244 return false; 398 return false;
245 } 399 }
400 +
401 + /* 알파벳이 하나도 없으면 넘어감 */
402 + if(!m.Value.Any(c => char.IsLetter(c)))
403 + {
404 + return false;
405 + }
246 return true; 406 return true;
247 }) 407 })
248 .Distinct(new MatchComparer()); 408 .Distinct(new MatchComparer());
......
...@@ -10,18 +10,14 @@ namespace VulnCrawler ...@@ -10,18 +10,14 @@ namespace VulnCrawler
10 { 10 {
11 public class VulnC : VulnAbstractCrawler 11 public class VulnC : VulnAbstractCrawler
12 { 12 {
13 - 13 +// protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ (?<{MethodName}>(static)?( const )? [\w]+ [\w]+\([\w \*\,\t\n]*[\)\,])";
14 - protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ (?<{MethodName}>(static)? [\w]+ [\w]+)\([\w \*\,\t\n]*\)"; 14 + protected override string RegexFuncPattern => $@"(?<{MethodName}>(unsigned|static)?( const )? [\w]+ [\w]+\(([\w \*\,\t\n])*[\)\,])";
15 -
16 protected override string Extension => ".c"; 15 protected override string Extension => ".c";
17 -
18 protected override string ReservedFileName => "CReserved.txt"; 16 protected override string ReservedFileName => "CReserved.txt";
19 -
20 public override MatchCollection GetMatches(string patchCode) { 17 public override MatchCollection GetMatches(string patchCode) {
21 var regs = Regex.Matches(patchCode, RegexFuncPattern); 18 var regs = Regex.Matches(patchCode, RegexFuncPattern);
22 return regs; 19 return regs;
23 } 20 }
24 -
25 public override string RemoveComment(string original) { 21 public override string RemoveComment(string original) {
26 string txt = Regex.Replace(original, Environment.NewLine, ""); 22 string txt = Regex.Replace(original, Environment.NewLine, "");
27 23
...@@ -36,49 +32,332 @@ namespace VulnCrawler ...@@ -36,49 +32,332 @@ namespace VulnCrawler
36 return replace; 32 return replace;
37 } 33 }
38 34
35 + public override IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode)
36 + {
37 + var table = new Dictionary<string, IEnumerable<string>>();
38 + string prevMethodName = string.Empty;
39 + StringBuilder builder = new StringBuilder();
40 + // 라인으로 나누고 @@가 시작하는 곳까지 생략
41 + var split = Regex.Split(srcCode, "\n").SkipWhile(s => !s.StartsWith("@@")).ToArray();
42 + for(int i = 0; i < split.Length; i++)
43 + {
44 + string line = split[i].Trim();
45 + // 문자열 제거
46 + line = Regex.Replace(line, @""".+""", "");
47 +
48 + var methodMatch = extractMethodLine.Match(line);
49 + string methodName = methodMatch.Groups[MethodName].Value.Trim();
50 + // 추가된, 제거된 라인인지 확인
51 + if (Regex.IsMatch(line, @"^[+-]\s"))
52 + {
53 + // 주석문인지 확인
54 + if (Regex.IsMatch(line, @"^[+-]\s*(\*|\/\*|\*\/)"))
55 + {
56 + continue;
57 + }
58 + Console.WriteLine(line);
59 + builder.AppendLine(line);
60 + continue;
61 + }
62 + // 메서드 매칭이 성공했거나 마지막 문단일 경우
63 + if (methodMatch.Success || i == split.Length - 1)
64 + {
65 + if (string.IsNullOrWhiteSpace(prevMethodName))
66 + {
67 + builder.Clear();
68 + prevMethodName = methodName;
69 + continue;
70 + }
71 + if (methodName.Contains("return"))
72 + {
73 + continue;
74 + }
75 + if (methodName.Contains("="))
76 + {
77 + continue;
78 + }
79 + if (!table.ContainsKey(prevMethodName))
80 + {
81 + table[prevMethodName] = new HashSet<string>();
82 + }
83 + var list = table[prevMethodName] as HashSet<string>;
84 + foreach (var b in Regex.Split(builder.ToString(), "\n"))
85 + {
86 + // 각 수집된 라인 별로 크리티컬 변수 선정
87 + foreach (var var in ExtractCriticalVariant(b))
88 + {
89 + if (string.IsNullOrWhiteSpace(var))
90 + {
91 + continue;
92 + }
93 + list.Add(var);
94 + }
95 + }
96 + prevMethodName = methodName;
97 + builder.Clear();
98 + }
99 + }
100 + return table;
101 + }
39 protected override string GetOriginalFunc(Stream oldStream, string methodName) { 102 protected override string GetOriginalFunc(Stream oldStream, string methodName) {
40 StringBuilder oldBuilder = new StringBuilder(); 103 StringBuilder oldBuilder = new StringBuilder();
104 + string method = Regex.Escape(methodName);
41 using (var reader = new StreamReader(oldStream)) { 105 using (var reader = new StreamReader(oldStream)) {
42 -
43 bool found = false; 106 bool found = false;
107 + bool found2 = false;
108 + bool commentLine = false;
44 int bracketCount = -1; 109 int bracketCount = -1;
110 + string stringPattern = @"[""].*[""]";
111 + string commentPattern = @"\/\*.+\*\/";
112 + string commentPattern2 = @"\/\*";
113 + string commentPattern3 = @"\*\/";
45 while (!reader.EndOfStream) { 114 while (!reader.EndOfStream) {
46 string line = reader.ReadLine(); 115 string line = reader.ReadLine();
47 - 116 + // 메서드를 찾은 경우
48 if (found) 117 if (found)
49 { 118 {
50 - 119 + string trim = line.Trim();
51 - int openBracketCount = line.Count(c => c == '{'); 120 + // 범위 주석 진행되고 있으면 넘어감
52 - int closeBracketCount = line.Count(c => c == '}'); 121 + if (commentLine)
53 - 122 + {
54 - if (bracketCount == -1) 123 + // 혹시 범위 주석이 끝났는지 체크
124 + if (Regex.IsMatch(trim, commentPattern3))
125 + {
126 + commentLine = false;
127 + trim = Regex.Split(trim, commentPattern3)[1];
128 + }
129 + else
130 + {
131 + continue;
132 + }
133 + }
134 + // "" 문자열 제거
135 + string removeString = Regex.Replace(trim, stringPattern, "");
136 + // /* ~ 패턴
137 + if (Regex.IsMatch(trim, commentPattern2))
55 { 138 {
139 +
140 + // /* ~ */ 패턴이 아닌 경우
141 + if (!Regex.IsMatch(trim, commentPattern))
142 + {
143 + commentLine = true;
144 + }
145 + trim = Regex.Split(trim, "/*")[0];
56 146
57 } 147 }
58 - if (line.Count(c => c == '{') > 0) 148 + // 비어있는 경우 넘어감
149 + if (string.IsNullOrWhiteSpace(trim))
150 + {
151 + continue;
152 + }
153 + int openBracketCount = removeString.Count(c => c == '{');
154 + int closeBracketCount = removeString.Count(c => c == '}');
155 + int subtract = openBracketCount - closeBracketCount;
156 + bracketCount += subtract;
157 + // 메서드 시작 괄호 찾은 경우
158 + if (found2)
159 + {
160 + oldBuilder.AppendLine(line);
161 + // 괄호가 모두 닫혔으니 종료
162 + if (bracketCount < 0)
163 + {
164 + break;
165 + }
166 + }
167 + else // 메서드는 찾았으나 아직 시작 괄호를 못찾은 경우
168 + {
169 + oldBuilder.AppendLine(line);
170 + if (openBracketCount > 0)
171 + {
172 + found2 = true;
173 + }
174 + else
175 + {
176 + //아직 { 괄호를 못찾았는데 );를 만났다면 메서드 선언 부분이니 넘어감
177 + if (trim.EndsWith(");"))
178 + {
179 + found = false;
180 + oldBuilder.Clear();
181 + continue;
182 + }
183 + }
184 + }
185 + }
186 + // 아직 메서드를 못찾은 경우
187 + else
188 + {
189 + // 메서드 찾았는지 확인
190 + if (Regex.Match(line, $"{method}").Success)
59 { 191 {
192 + string trim = line.Trim();
193 + // 주석으로 시작했다면 넘어감
194 + if (trim.StartsWith("//"))
195 + {
196 + continue;
197 + }
60 198
199 + if (trim.StartsWith("/*"))
200 + {
201 + continue;
202 + }
203 +
204 + // 혹시 메서드가 문자열 사이에 있다면 넘어감..
205 + if (Regex.Match(trim, $@"""[.]*({method})").Success)
206 + {
207 + continue;
208 + }
209 + // 만약 찾은 메서드 라인에서 중괄호 {가 시작된 경우
210 + if (Regex.Match(trim, $@"{method}\s*" + @"\{").Success)
211 + {
212 + // 동시에 } 닫히기까지 한 경우 드물겠지만..
213 + if (trim.EndsWith("}"))
214 + {
215 + oldBuilder.AppendLine(line);
216 + break;
217 + }
218 + found2 = true;
219 + }
220 + // 메서드 찾음
221 + found = true;
222 + oldBuilder.AppendLine(line);
61 } 223 }
62 } 224 }
225 + }
226 + }
227 + return oldBuilder.ToString();
228 + }
63 229
64 - if (Regex.Match(line, $@"{methodName}").Success) { 230 + protected override IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList)
65 - found = true; 231 + {
66 - int openBracketCount = line.Count(c => c == '{'); 232 + // srcCode = Regex.Replace(srcCode, @"if.+\n\{", @"if.+\{", RegexOptions.Multiline);
67 - int closeBracketCount = line.Count(c => c == '}'); 233 +
68 - int subtract = openBracketCount - closeBracketCount; 234 + var split = srcCode.Split('\n');
69 - oldBuilder.AppendLine(line); 235 + int bracketCount = 0;
236 + var blockList = new List<Block>();
237 + StringBuilder builder = new StringBuilder();
238 + var crList = criticalList as HashSet<string>;
239 + if (crList == null)
240 + {
241 + return null;
242 + }
243 + bool hasIf = false;
244 + bool mainLine = true; /* 현재 라인이 메인 코드 라인인지 */
245 + bool criticalBlock = false; /* 현재 라인이 크리티컬 블록 라인인지 */
246 + int blockNum = 1; /* 블록 번호 */
247 + foreach (var line in split)
248 + {
249 + bool hasRight = false;
250 +
251 + string trim = line.Trim();
252 +
253 + /* 중괄호 수 세기 */
254 + int openBracketCount = trim.Count(c => c == '{');
255 + int closeBracketCount = trim.Count(c => c == '}');
256 + //if (!hasIf)
257 + //{
258 + // if (Regex.IsMatch(trim, @"^if.+\)$"))
259 + // {
260 + // // Console.WriteLine("if 들어감");
261 + // hasIf = true;
262 + // }
263 + //}
264 + //else
265 + //{
266 + // if (!Regex.IsMatch(trim, @"^\{"))
267 + // {
268 + // openBracketCount++;
269 + // }
270 + // hasIf = false;
271 + //}
272 +
273 +
274 +
275 + int subtract = openBracketCount - closeBracketCount;
276 + bracketCount += subtract;
70 277
71 - if (subtract < 0) 278 +
279 + if (trim.Equals("}"))
280 + {
281 + builder.AppendLine(line);
282 + hasRight = true;
283 + }
284 + /* 중괄호 연산 결과 1이라는 것은 메인 라인 */
285 + if (bracketCount == 1)
286 + {
287 + /*
288 + * 깊이가 1인데 mainLine이
289 + * false 이면 넘어왔다는 것이니 현재까지 코드
290 + * blockList에 추가
291 + */
292 + if (!mainLine)
293 + {
294 + string s = builder.ToString();
295 + if (!string.IsNullOrWhiteSpace(s))
296 + {
297 + blockList.Add(new Block() { HasCritical = criticalBlock, Code = s, Num = blockNum });
298 + blockNum++;
299 + criticalBlock = false;
300 + builder.Clear();
301 + }
302 + }
303 + mainLine = true;
304 + }
305 + /* 2 이상이라는 건 메인 라인 X */
306 + else if(bracketCount >= 2)
307 + {
308 + /*
309 + * 깊이가 2 이상인데 mainLine이
310 + * true면 넘어왔다는 것이니 현재까지 코드
311 + * blockList에 추가
312 + */
313 + if (mainLine)
314 + {
315 + string s = builder.ToString();
316 + if (!string.IsNullOrWhiteSpace(s))
72 { 317 {
73 - break; 318 + blockList.Add(new Block() { HasCritical = criticalBlock, Code = s, Num = blockNum });
319 + blockNum++;
320 + criticalBlock = false;
321 + builder.Clear();
74 } 322 }
75 - bracketCount = subtract;
76 } 323 }
324 + mainLine = false;
325 + }
326 + /* 이도 저도 아니면 그냥 넘어감 */
327 + else
328 + {
329 + continue;
330 + }
331 + /* 현재 코드 라인에서 변수 추출시켜서 크리티컬 리스트와 대조 */
332 + foreach (var var in ExtractCriticalVariant(line))
333 + {
334 + /* 크리티컬 리스트에 추출한 변수가 들어있다면 추가 */
335 + if (criticalList.Contains(var))
336 + {
337 + criticalBlock = true;
338 + break;
339 + }
340 + }
77 341
342 + if (!hasRight)
343 + {
344 + builder.AppendLine(line);
345 +
78 } 346 }
347 +
348 + }
79 349
350 + /* 마지막 남은게 있을 수 있으니 추가 */
351 + string fs = builder.ToString();
352 + if (!string.IsNullOrWhiteSpace(fs))
353 + {
354 + blockList.Add(new Block() { HasCritical = criticalBlock, Code = fs, Num = blockNum });
355 + blockNum++;
356 + criticalBlock = false;
357 + builder.Clear();
80 } 358 }
81 - return oldBuilder.ToString(); 359 +
360 + return blockList;
82 } 361 }
83 } 362 }
84 } 363 }
......
...@@ -8,9 +8,6 @@ using System.Text.RegularExpressions; ...@@ -8,9 +8,6 @@ using System.Text.RegularExpressions;
8 using System.Threading.Tasks; 8 using System.Threading.Tasks;
9 namespace VulnCrawler 9 namespace VulnCrawler
10 { 10 {
11 -
12 -
13 -
14 /// <summary> 11 /// <summary>
15 /// 파이썬 크롤러 12 /// 파이썬 크롤러
16 /// </summary> 13 /// </summary>
...@@ -68,5 +65,15 @@ namespace VulnCrawler ...@@ -68,5 +65,15 @@ namespace VulnCrawler
68 } 65 }
69 return replace; 66 return replace;
70 } 67 }
68 +
69 + public override IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode)
70 + {
71 + throw new NotImplementedException();
72 + }
73 +
74 + protected override IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList)
75 + {
76 + throw new NotImplementedException();
77 + }
71 } 78 }
72 } 79 }
......
...@@ -17,6 +17,7 @@ namespace VulnCrawler ...@@ -17,6 +17,7 @@ namespace VulnCrawler
17 var crawler = new T(); 17 var crawler = new T();
18 crawler.Init(dirPath); 18 crawler.Init(dirPath);
19 var commits = crawler.Commits; 19 var commits = crawler.Commits;
20 + Console.WriteLine(commits.Count());
20 foreach (var commit in commits) { 21 foreach (var commit in commits) {
21 // 커밋 메시지 22 // 커밋 메시지
22 string message = commit.Message; 23 string message = commit.Message;
...@@ -33,6 +34,8 @@ namespace VulnCrawler ...@@ -33,6 +34,8 @@ namespace VulnCrawler
33 // 현재 커밋에 대한 패치 엔트리 배열을 출력함 34 // 현재 커밋에 대한 패치 엔트리 배열을 출력함
34 PrintPatchEntrys(entrys, crawler, message, cve); 35 PrintPatchEntrys(entrys, crawler, message, cve);
35 } 36 }
37 + Console.ReadLine();
38 +
36 } 39 }
37 } 40 }
38 41
...@@ -42,82 +45,144 @@ namespace VulnCrawler ...@@ -42,82 +45,144 @@ namespace VulnCrawler
42 foreach (var entry in entrys) { 45 foreach (var entry in entrys) {
43 // 기존 소스코드 46 // 기존 소스코드
44 var oldOid = entry.OldOid; 47 var oldOid = entry.OldOid;
45 - Blob oldBlob = self.Repository.Lookup<Blob>(oldOid);
46 - string oldContent = oldBlob.GetContentText();
47 -
48 - // 변경된 소스코드
49 - var newOid = entry.Oid;
50 - Blob newBlob = self.Repository.Lookup<Blob>(newOid);
51 - string newContent = newBlob.GetContentText();
52 -
53 - var regs = self.GetMatches(entry.Patch);
54 -
55 - #region 패치 코드 출력
56 - // 패치 전 코드 (oldContent)
57 - // 패치 후 코드 (newContent)
58 - // 패치 코드 (entry.Patch)
59 - // 출력
60 - //if (regs.Count > 0) {
61 - // Console.BackgroundColor = ConsoleColor.DarkBlue;
62 - // Console.WriteLine($"Old Content: \n{oldContent}");
63 - // Console.ResetColor();
64 -
65 - // Console.BackgroundColor = ConsoleColor.DarkMagenta;
66 - // Console.WriteLine($"New Content: \n{newContent}");
67 - // Console.ResetColor();
68 - // Console.BackgroundColor = ConsoleColor.DarkRed;
69 - // Console.WriteLine($"Patched: \n{entry.Patch}");
70 -
71 - // Console.ResetColor();
72 - // Console.WriteLine("-----------");
73 - // Console.WriteLine(regs.Count);
74 -
75 - //}
76 -
77 - // 패치 코드에서 매칭된 파이썬 함수들로부터
78 - // 패치 전 코드 파일(oldBlob)을 탐색하여 원본 파이썬 함수 가져오고(originalFunc)
79 - //
80 -#endregion
81 -
82 - foreach (var reg in regs) {
83 - var match = reg as Match;
84 - string methodName = match.Groups[VulnAbstractCrawler.MethodName].Value;
85 -
86 - string originalFunc, md5;
87 -
88 - (originalFunc, md5) = self.Process(oldBlob.GetContentStream(),
89 - match.Groups[VulnAbstractCrawler.MethodName].Value);
90 -
91 - #region 현재 패치 엔트리 정보 출력(추가된 , 삭제된 , 패치 이전 경로, 패치 경로)
92 - Console.ForegroundColor = ConsoleColor.Blue;
93 - Console.WriteLine($"status: {entry.Status.ToString()}");
94 - Console.WriteLine($"added: {entry.LinesAdded.ToString()}, deleted: {entry.LinesDeleted.ToString()}");
95 - Console.WriteLine($"old path: {entry.OldPath.ToString()}, new path: {entry.Path.ToString()}");
96 - Console.ResetColor();
97 -
98 -
99 - Console.Write($"CVE: ");
100 - Console.ForegroundColor = ConsoleColor.Red;
101 - Console.Write($"{cve}");
102 - Console.WriteLine("");
103 - Console.ResetColor();
104 - Console.ForegroundColor = ConsoleColor.Yellow;
105 - Console.WriteLine($"Commit Message: {commitMsg}");
106 - Console.ResetColor();
107 -
108 - // 패치 전 원본 함수
109 - Console.WriteLine($"Original Func: {originalFunc}");
110 - // 해쉬 후
111 - Console.WriteLine($"Original Func MD5: {md5}");
112 - Console.BackgroundColor = ConsoleColor.DarkRed;
113 - Console.WriteLine($"Patched: \n{entry.Patch}");
114 -
115 - Console.ResetColor();
116 - Console.WriteLine("==============================");
117 48
49 + try
50 + {
51 + Blob oldBlob = self.Repository.Lookup<Blob>(oldOid);
52 + string oldContent = oldBlob.GetContentText();
53 +
54 + // 변경된 소스코드
55 + var newOid = entry.Oid;
56 + Blob newBlob = self.Repository.Lookup<Blob>(newOid);
57 + string newContent = newBlob.GetContentText();
58 + var regs = self.GetMatches(entry.Patch);
59 + #region 패치 코드 출력
60 + // 패치 전 코드 (oldContent)
61 + // 패치 후 코드 (newContent)
62 + // 패치 코드 (entry.Patch)
63 + // 출력
64 + if (regs.Count > 0)
65 + {
66 + Console.BackgroundColor = ConsoleColor.DarkBlue;
67 + Console.WriteLine($"Old Content: \n{oldContent}");
68 + Console.ResetColor();
69 +
70 + //Console.BackgroundColor = ConsoleColor.DarkMagenta;
71 + //Console.WriteLine($"New Content: \n{newContent}");
72 + //Console.ResetColor();
73 +
74 + Console.ForegroundColor = ConsoleColor.Blue;
75 + Console.WriteLine($"status: {entry.Status.ToString()}");
76 + Console.WriteLine($"added: {entry.LinesAdded.ToString()}, deleted: {entry.LinesDeleted.ToString()}");
77 + Console.WriteLine($"old path: {entry.OldPath.ToString()}, new path: {entry.Path.ToString()}");
78 + Console.ResetColor();
79 +
80 +
81 + Console.Write($"CVE: ");
82 + Console.ForegroundColor = ConsoleColor.Red;
83 + Console.Write($"{cve}");
84 + Console.WriteLine("");
85 + Console.ResetColor();
86 + Console.ForegroundColor = ConsoleColor.Yellow;
87 + Console.WriteLine($"Commit Message: {commitMsg}");
88 + Console.ResetColor();
89 + Console.BackgroundColor = ConsoleColor.DarkRed;
90 + Console.WriteLine($"Patched: \n{entry.Patch}");
91 + Console.ResetColor();
92 + var table = self.ExtractGitCriticalMethodTable(entry.Patch);
93 + foreach (var tuple in self.Process(oldBlob, table))
94 + {
95 + (var methodName, var blocks) = tuple;
96 + Console.BackgroundColor = ConsoleColor.DarkRed;
97 + Console.WriteLine($"메서드 이름 : {methodName}");
98 + Console.ResetColor();
99 + //Console.ForegroundColor = ConsoleColor.Blue;
100 + //foreach (var c in )
101 + //{
102 + // Console.WriteLine(c);
103 + //}
104 + //Console.ResetColor();
105 + foreach (var block in blocks)
106 + {
107 +
108 + if (block.HasCritical)
109 + {
110 + Console.BackgroundColor = ConsoleColor.DarkMagenta;
111 + }
112 + else
113 + {
114 + Console.BackgroundColor = ConsoleColor.DarkGreen;
115 + }
116 + Console.WriteLine($"=====block({block.Num}, {block.HasCritical.ToString()})");
117 + Console.WriteLine(block.Code);
118 + Console.ResetColor();
119 + Console.WriteLine($"MD5 = {block.Hash}");
120 + }
121 +
122 + }
123 +
124 +
125 + //foreach (var item in table)
126 + //{
127 + // Console.WriteLine($"Method : {item.Key}");
128 + // //foreach (var b in item.Value)
129 + // //{
130 + // // Console.WriteLine($"--{b}");
131 + // //}
132 +
133 + //}
134 + // Console.ReadLine();
135 + }
136 + else
137 + {
138 + continue;
139 + }
140 +
141 +
142 +
143 + // 패치 코드에서 매칭된 파이썬 함수들로부터
144 + // 패치 전 코드 파일(oldBlob)을 탐색하여 원본 파이썬 함수 가져오고(originalFunc)
145 + //
118 #endregion 146 #endregion
119 147
148 + //foreach (var reg in regs)
149 + //{
150 +
151 + // var match = reg as Match;
152 + // string methodName = match.Groups[VulnAbstractCrawler.MethodName].Value.Trim();
153 + // string originalFunc, md5;
154 + // (originalFunc, md5) = self.Process(oldBlob.GetContentStream(),
155 + // methodName);
156 +
157 +
158 +
159 + // #region 현재 패치 엔트리 정보 출력(추가된 줄 수, 삭제된 줄 수, 패치 이전 경로, 패치 후 경로)
160 +
161 +
162 + // // 패치 전 원본 함수
163 + // Console.WriteLine($"Original Func: {originalFunc}");
164 + // // 해쉬 후
165 + // Console.WriteLine($"Original Func MD5: {md5}");
166 + // //Console.BackgroundColor = ConsoleColor.DarkRed;
167 + // //Console.WriteLine($"Patched: \n{entry.Patch}");
168 +
169 + // Console.ResetColor();
170 + // Console.ForegroundColor = ConsoleColor.Red;
171 + // Console.WriteLine("==============================");
172 + // Console.ResetColor();
173 + // #endregion
174 +
175 + //}
176 + //Console.ReadLine();
177 + }
178 + catch (Exception e)
179 + {
180 + // Console.WriteLine(entry.Patch);
181 + // Console.WriteLine(e.ToString());
182 + // Console.ReadLine();
183 + continue;
120 } 184 }
185 +
121 } 186 }
122 } 187 }
123 188
......
1 +theme: jekyll-theme-midnight
...\ No newline at end of file ...\ No newline at end of file