노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
이경수
d7897d5f 2 parents f9b44bd6 481a43a6

Merge branch 'master' of https://github.com/yhackerbv/VulnNottiProject

Expand all
Inline Side-by-side
Showing 22 changed files with 377 additions and 65 deletions
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>8b3ec7f4-6106-4f2f-9a57-d10e4bbd93e8</ProjectGuid>
<ProjectGuid>{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>AWS_Center</RootNamespace>
......@@ -30,24 +30,19 @@
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System"/>
<Reference Include="System.Core"/>
<Reference Include="System.Xml.Linq"/>
<Reference Include="System.Data.DataSetExtensions"/>
<Reference Include="Microsoft.CSharp"/>
<Reference Include="System.Data"/>
<Reference Include="System.Net.Http"/>
<Reference Include="System.Xml"/>
<Reference Include="MySql.Data, Version=8.0.11.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" />
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Net.Http" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Class1.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
</Project>
\ No newline at end of file
......

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
VisualStudioVersion = 15.0.27428.2037
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AWS_Center", "AWS_Center.csproj", "{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8B3EC7F4-6106-4F2F-9A57-D10E4BBD93E8}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {EEBEFAA7-7268-4494-ADAF-291BB2AF8588}
EndGlobalSection
EndGlobal
......@@ -3,7 +3,7 @@ using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using MySql.Data.MySqlClient;
// 참고(C# mysql 연결)
#region MySql 연결
......@@ -40,6 +40,8 @@ namespace AWS_Center
{
public static class VulnRDS
{
public static MySqlConnection Conn { get; set; }
public class Vuln
{
public int Len { get; set; } /* 발견된 취약점 함수 PreFunc 부분의 코드 길이 */
......@@ -55,10 +57,30 @@ namespace AWS_Center
public Vuln()
{
}
}
//connect
public static void Connect()
{
MySqlConnectionStringBuilder builder = new MySqlConnectionStringBuilder()
{
Server = "vulndb.cby38wfppa7l.us-east-2.rds.amazonaws.com",
UserID = "yhackerbv",
Password = "guswhd12",
Database = "vuln",
Port = 3306,
};
string strConn = builder.ToString();
builder = null;
Conn = new MySqlConnection(strConn);
}
public static void InsertVulnData(int _len, string _repoName, string _cve, string _funcName,
string _preFunc, string _afterFunc, string _hash)
{
......@@ -66,11 +88,16 @@ namespace AWS_Center
* DB에 취약점 데이터가 이미 있는지 검사해야함
*
*/
}
public static IEnumerable<string> SearchVulnData(int _len)
{
Conn.Open();
}
//public static IEnumerable<string> SearchVulnData(int _len)
//{
//
//}
}
}
......
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
</configuration>
\ No newline at end of file
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using MySql.Data.MySqlClient;
namespace Tester
{
class Program
{
static void Main(string[] args)
{
}
}
}
namespace AWS_Center
{
public static class VulnRDS
{
public static MySqlConnection Conn { get; set; }
public class Vuln
{
public int VulnId { get; set; } /* 취약점 ID */
public int LenBlock { get; set; } /* 취약점 BLOCK 길이 */
public string RepositName { get; set; } /* 취약점 레파지토리 이름 */
public string Cve { get; set; } /* 취약점 CVE */
public string FuncName { get; set; } /* 취약점 함수 이름 */
public string Language { get; set; } /* 취약점 언어 종류 */
public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */
public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */
public string CodeAbsBefore { get; set; } /* 취약점 패치 전 추상화 코드 */
public string CodeAbsAfter { get; set; } /* 취약점 패치 후 추상화 코드 */
public string BlockHash { get; set; } /* 취약점 블록 해시 값 */
// 생성자
public Vuln()
{
}
}
public class User
{
public int UserId { get; set; } /* 유저 ID */
public string RepositName { get; set; } /* 유저 레파지토리 이름 */
public string Cve { get; set; } /* 취약점 CVE */
public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */
public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */
public string FuncName { get; set; } /* 취약점 함수 이름 */
public string DetectDate { get; set; } /* 검사 날짜 */
// 생성자
public User()
{
}
}
//connect
public static void Connect()
{
MySqlConnectionStringBuilder builder = new MySqlConnectionStringBuilder()
{
Server = "vulndb.cby38wfppa7l.us-east-2.rds.amazonaws.com",
UserID = "yhackerbv",
Password = "guswhd12",
Database = "vuln",
Port = 3306,
};
string strConn = builder.ToString();
builder = null;
Conn = new MySqlConnection(strConn);
}
public static void InsertVulnData(Vuln vuln)
{
/*
* DB에 취약점 데이터가 이미 있는지 검사해야함
*
*/
Conn.Open();
}
//public static IEnumerable<string> SearchVulnData(int _len)
//{
//
//}
}
}
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// 어셈블리에 대한 일반 정보는 다음 특성 집합을 통해
// 제어됩니다. 어셈블리와 관련된 정보를 수정하려면
// 이러한 특성 값을 변경하세요.
[assembly: AssemblyTitle("Tester")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Tester")]
[assembly: AssemblyCopyright("Copyright © 2018")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// ComVisible을 false로 설정하면 이 어셈블리의 형식이 COM 구성 요소에
// 표시되지 않습니다. COM에서 이 어셈블리의 형식에 액세스하려면
// 해당 형식에 대해 ComVisible 특성을 true로 설정하세요.
[assembly: ComVisible(false)]
// 이 프로젝트가 COM에 노출되는 경우 다음 GUID는 typelib의 ID를 나타냅니다.
[assembly: Guid("ac204ded-c47f-46fe-b357-01c71849ea76")]
// 어셈블리의 버전 정보는 다음 네 가지 값으로 구성됩니다.
//
// 주 버전
// 부 버전
// 빌드 번호
// 수정 버전
//
// 모든 값을 지정하거나 아래와 같이 '*'를 사용하여 빌드 번호 및 수정 번호가 자동으로
// 지정되도록 할 수 있습니다.
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{AC204DED-C47F-46FE-B357-01C71849EA76}</ProjectGuid>
<OutputType>Exe</OutputType>
<RootNamespace>Tester</RootNamespace>
<AssemblyName>Tester</AssemblyName>
<TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="MySql.Data, Version=8.0.11.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" />
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Net.Http" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<None Include="App.config" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
\ No newline at end of file
......@@ -67,15 +67,16 @@ namespace VulnCrawler
public static void Run() {
// Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록)
// var fields = VulnWorker.GetCriticalVariant(@"return _is_safe_url(url, host) and _is_safe_url(url.replace('\\', '/'), host)");
var c = new VulnC();
var fields = c.ExtractCriticalVariant(@"!DoReadFile (infile, &ds64_chunk, sizeof (DS64Chunk), &bcount) ||/* aaaa */");
var fields = c.ExtractCriticalVariant(@"if (s->session->peer != s->session->sess_cert->peer_key->x509)");
foreach (var item in fields)
{
Console.WriteLine(item);
}
// return;
var directorys = Directory.GetDirectories(@"c:\VulnPy");
var directorys = Directory.GetDirectories(@"c:\VulnC");
if (directorys.Length == 0) {
Console.WriteLine("Repository 목록 찾기 실패");
return;
......@@ -83,7 +84,7 @@ namespace VulnCrawler
// Repository 목록 만큼 반복함.
foreach (var directory in directorys) {
// 템플릿 패턴화 T : VulnAbstractCrawler
VulnWorker.Run<VulnPython>(directory);
VulnWorker.Run<VulnC>(directory);
}
}
......
This diff is collapsed. Click to expand it.
......@@ -8,9 +8,6 @@ using System.Text.RegularExpressions;
using System.Threading.Tasks;
namespace VulnCrawler
{
/// <summary>
/// 파이썬 크롤러
/// </summary>
......@@ -68,5 +65,15 @@ namespace VulnCrawler
}
return replace;
}
public override IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode)
{
throw new NotImplementedException();
}
protected override IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList)
{
throw new NotImplementedException();
}
}
}
......
......@@ -17,6 +17,7 @@ namespace VulnCrawler
var crawler = new T();
crawler.Init(dirPath);
var commits = crawler.Commits;
Console.WriteLine(commits.Count());
foreach (var commit in commits) {
// 커밋 메시지
string message = commit.Message;
......@@ -33,6 +34,8 @@ namespace VulnCrawler
// 현재 커밋에 대한 패치 엔트리 배열을 출력함
PrintPatchEntrys(entrys, crawler, message, cve);
}
Console.ReadLine();
}
}
......@@ -42,6 +45,9 @@ namespace VulnCrawler
foreach (var entry in entrys) {
// 기존 소스코드
var oldOid = entry.OldOid;
try
{
Blob oldBlob = self.Repository.Lookup<Blob>(oldOid);
string oldContent = oldBlob.GetContentText();
......@@ -49,46 +55,22 @@ namespace VulnCrawler
var newOid = entry.Oid;
Blob newBlob = self.Repository.Lookup<Blob>(newOid);
string newContent = newBlob.GetContentText();
var regs = self.GetMatches(entry.Patch);
#region 패치 코드 출력
// 패치 전 코드 (oldContent)
// 패치 후 코드 (newContent)
// 패치 코드 (entry.Patch)
// 출력
//if (regs.Count > 0) {
// Console.BackgroundColor = ConsoleColor.DarkBlue;
// Console.WriteLine($"Old Content: \n{oldContent}");
// Console.ResetColor();
// Console.BackgroundColor = ConsoleColor.DarkMagenta;
// Console.WriteLine($"New Content: \n{newContent}");
// Console.ResetColor();
// Console.BackgroundColor = ConsoleColor.DarkRed;
// Console.WriteLine($"Patched: \n{entry.Patch}");
// Console.ResetColor();
// Console.WriteLine("-----------");
// Console.WriteLine(regs.Count);
//}
// 패치 코드에서 매칭된 파이썬 함수들로부터
// 패치 전 코드 파일(oldBlob)을 탐색하여 원본 파이썬 함수 가져오고(originalFunc)
//
#endregion
foreach (var reg in regs) {
var match = reg as Match;
string methodName = match.Groups[VulnAbstractCrawler.MethodName].Value;
string originalFunc, md5;
if (regs.Count > 0)
{
Console.BackgroundColor = ConsoleColor.DarkBlue;
Console.WriteLine($"Old Content: \n{oldContent}");
Console.ResetColor();
(originalFunc, md5) = self.Process(oldBlob.GetContentStream(),
match.Groups[VulnAbstractCrawler.MethodName].Value);
//Console.BackgroundColor = ConsoleColor.DarkMagenta;
//Console.WriteLine($"New Content: \n{newContent}");
//Console.ResetColor();
#region 현재 패치 엔트리 정보 출력(추가된 , 삭제된 , 패치 이전 경로, 패치 경로)
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine($"status: {entry.Status.ToString()}");
Console.WriteLine($"added: {entry.LinesAdded.ToString()}, deleted: {entry.LinesDeleted.ToString()}");
......@@ -104,20 +86,103 @@ namespace VulnCrawler
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine($"Commit Message: {commitMsg}");
Console.ResetColor();
// 패치 전 원본 함수
Console.WriteLine($"Original Func: {originalFunc}");
// 해쉬 후
Console.WriteLine($"Original Func MD5: {md5}");
Console.BackgroundColor = ConsoleColor.DarkRed;
Console.WriteLine($"Patched: \n{entry.Patch}");
Console.ResetColor();
var table = self.ExtractGitCriticalMethodTable(entry.Patch);
foreach (var tuple in self.Process(oldBlob, table))
{
(var methodName, var blocks) = tuple;
Console.BackgroundColor = ConsoleColor.DarkRed;
Console.WriteLine($"메서드 이름 : {methodName}");
Console.ResetColor();
//Console.ForegroundColor = ConsoleColor.Blue;
//foreach (var c in )
//{
// Console.WriteLine(c);
//}
//Console.ResetColor();
foreach (var block in blocks)
{
if (block.HasCritical)
{
Console.BackgroundColor = ConsoleColor.DarkMagenta;
}
else
{
Console.BackgroundColor = ConsoleColor.DarkGreen;
}
Console.WriteLine($"=====block({block.Num}, {block.HasCritical.ToString()})");
Console.WriteLine(block.Code);
Console.ResetColor();
Console.WriteLine("==============================");
Console.WriteLine($"MD5 = {block.Hash}");
}
}
//foreach (var item in table)
//{
// Console.WriteLine($"Method : {item.Key}");
// //foreach (var b in item.Value)
// //{
// // Console.WriteLine($"--{b}");
// //}
//}
// Console.ReadLine();
}
else
{
continue;
}
// 패치 코드에서 매칭된 파이썬 함수들로부터
// 패치 전 코드 파일(oldBlob)을 탐색하여 원본 파이썬 함수 가져오고(originalFunc)
//
#endregion
//foreach (var reg in regs)
//{
// var match = reg as Match;
// string methodName = match.Groups[VulnAbstractCrawler.MethodName].Value.Trim();
// string originalFunc, md5;
// (originalFunc, md5) = self.Process(oldBlob.GetContentStream(),
// methodName);
// #region 현재 패치 엔트리 정보 출력(추가된 줄 수, 삭제된 줄 수, 패치 이전 경로, 패치 후 경로)
// // 패치 전 원본 함수
// Console.WriteLine($"Original Func: {originalFunc}");
// // 해쉬 후
// Console.WriteLine($"Original Func MD5: {md5}");
// //Console.BackgroundColor = ConsoleColor.DarkRed;
// //Console.WriteLine($"Patched: \n{entry.Patch}");
// Console.ResetColor();
// Console.ForegroundColor = ConsoleColor.Red;
// Console.WriteLine("==============================");
// Console.ResetColor();
// #endregion
//}
//Console.ReadLine();
}
catch (Exception e)
{
// Console.WriteLine(entry.Patch);
// Console.WriteLine(e.ToString());
// Console.ReadLine();
continue;
}
}
}
......
theme: jekyll-theme-midnight
\ No newline at end of file