노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
노현종
db24d945 2 parents 99c3c080 fd24e2e7

180601

Inline Side-by-side
Showing 2 changed files with 54 additions and 104 deletions
...@@ -16,73 +16,20 @@ namespace VulnCrawler ...@@ -16,73 +16,20 @@ namespace VulnCrawler
16 { 16 {
17 public int VulnId { get; set; } = -1; /* 취약점 ID */ 17 public int VulnId { get; set; } = -1; /* 취약점 ID */
18 public int LenBlock { get; set; } = -1; /* 취약점 BLOCK 길이 */ 18 public int LenBlock { get; set; } = -1; /* 취약점 BLOCK 길이 */
19 - public string RepositName { get; set; } = "NULL"; /* 취약점 레파지토리 이름 */
20 public string Cve { get; set; } = "NULL"; /* 취약점 CVE */ 19 public string Cve { get; set; } = "NULL"; /* 취약점 CVE */
21 public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */ 20 public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */
22 - public string Language { get; set; } = "NULL"; /* 취약점 언어 종류 */ 21 + public int NumBlock { get; set; } = -1; /* 블록 번호 */
23 public string CodeOriBefore { get; set; } = "NULL"; /* 취약점 패치 전 원본 코드 */ 22 public string CodeOriBefore { get; set; } = "NULL"; /* 취약점 패치 전 원본 코드 */
24 public string CodeOriAfter { get; set; } = "NULL"; /* 취약점 패치 후 원본 코드 */ 23 public string CodeOriAfter { get; set; } = "NULL"; /* 취약점 패치 후 원본 코드 */
25 public string CodeAbsBefore { get; set; } = "NULL"; /* 취약점 패치 전 추상화 코드 */ 24 public string CodeAbsBefore { get; set; } = "NULL"; /* 취약점 패치 전 추상화 코드 */
26 public string CodeAbsAfter { get; set; } = "NULL"; /* 취약점 패치 후 추상화 코드 */ 25 public string CodeAbsAfter { get; set; } = "NULL"; /* 취약점 패치 후 추상화 코드 */
27 - public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */ 26 + public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */
28 - public int BlockNum { get; set; } = -1; /* 블록 번호 */
29 - // 생성자
30 - public Vuln()
31 - {
32 - }
33 - public Vuln(int _lenBlock, string _repositName, string _cve, string _funcName, string _language, string _codeOriBefore, string _codeOriAfter, string _codeAbsBefore, string _codeAbsAfter, string _blockHash)
34 - {
35 - //임의의 VulnId
36 - VulnId = -1;
37 - LenBlock = _lenBlock;
38 - RepositName = _repositName;
39 - Cve = _cve;
40 - FuncName = _funcName;
41 - Language = _language;
42 - CodeOriBefore = _codeOriBefore;
43 - CodeOriAfter = _codeOriAfter;
44 - CodeAbsBefore = _codeAbsBefore;
45 - CodeAbsAfter = _codeAbsAfter;
46 - BlockHash = _blockHash;
47 - }
48 - public Vuln(int _vulnId, int _lenBlock, string _repositName, string _cve, string _funcName, string _language, string _codeOriBefore, string _codeOriAfter, string _codeAbsBefore, string _codeAbsAfter, string _blockHash)
49 - {
50 - VulnId = _vulnId;
51 - LenBlock = _lenBlock;
52 - RepositName = _repositName;
53 - Cve = _cve;
54 - FuncName = _funcName;
55 - Language = _language;
56 - CodeOriBefore = _codeOriBefore;
57 - CodeOriAfter = _codeOriAfter;
58 - CodeAbsBefore = _codeAbsBefore;
59 - CodeAbsAfter = _codeAbsAfter;
60 - BlockHash = _blockHash;
61 - }
62 } 27 }
63 public class User 28 public class User
64 { 29 {
65 - public int UserId { get; set; } /* 유저 ID */ 30 + public int UserId { get; set; } = -1;/* 유저 ID */
66 - public string RepositName { get; set; } /* 유저 레파지토리 이름 */ 31 + public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */
67 - public string Cve { get; set; } /* 취약점 CVE */ 32 + public string VulnId { get; set; } = "NULL"; /* 취약점 vuln ID */
68 - public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */
69 - public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */
70 - public string FuncName { get; set; } /* 취약점 함수 이름 */
71 - public string DetectDate { get; set; } /* 검사 날짜 */
72 - // 생성자
73 - public User()
74 - {
75 - }
76 - public User(int _UserId, string _RepositName, string _Cve, string _CodeOriBefore, string _CodeOriAfter, string _FuncName, string _DetectDate)
77 - {
78 - UserId = _UserId;
79 - RepositName = _RepositName;
80 - Cve = _Cve;
81 - CodeOriBefore = _CodeOriBefore;
82 - CodeOriAfter = _CodeOriAfter;
83 - FuncName = _FuncName;
84 - DetectDate = _DetectDate;
85 - }
86 } 33 }
87 //connect 34 //connect
88 public static void Connect(AWS.Account account, string dbName) 35 public static void Connect(AWS.Account account, string dbName)
...@@ -104,22 +51,20 @@ namespace VulnCrawler ...@@ -104,22 +51,20 @@ namespace VulnCrawler
104 } 51 }
105 public static void InsertVulnData(Vuln vuln) 52 public static void InsertVulnData(Vuln vuln)
106 { 53 {
107 - // Conn.Open();
108 - //DB에 취약점 데이터가 이미 있는지 검사
109 String sql = string.Empty; 54 String sql = string.Empty;
110 - //String sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "'"; 55 + //DB에 취약점 데이터가 이미 있는지 검사
111 - //MySqlCommand cmd = new MySqlCommand(sql, Conn); 56 + /*
112 - 57 +
113 - 58 + sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "' and numBlock like '" +vuln.NumBlock + "'" ;
114 - //int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 59 + MySqlCommand cmd = new MySqlCommand(sql, Conn);
115 - ////CVE 중복인 경우 60 + int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
116 - //if (RecordCount > 0) 61 + //CVE & block num 중복인 경우
117 - //{ 62 + if (RecordCount > 0)
118 - // Console.WriteLine("이미 cve가 존재함"); 63 + {
119 - //} 64 + //추가하지 않음
120 - //CVE 중복이 아닌 경우 65 + return;
121 - //else 66 + }
122 - //{ 67 + */
123 // vulnId setting (마지막 vulnId +1) 68 // vulnId setting (마지막 vulnId +1)
124 MySqlCommand cmd = null; 69 MySqlCommand cmd = null;
125 70
...@@ -135,20 +80,17 @@ namespace VulnCrawler ...@@ -135,20 +80,17 @@ namespace VulnCrawler
135 { 80 {
136 last_vulnId = 1; 81 last_vulnId = 1;
137 } 82 }
138 - 83 +
139 Retry: 84 Retry:
140 85
141 //DB insert 86 //DB insert
142 try 87 try
143 { 88 {
144 sql = "INSERT INTO vulnInfo(vulnId, lenBlock, repositName, cve, funcName, numBlock, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " + 89 sql = "INSERT INTO vulnInfo(vulnId, lenBlock, repositName, cve, funcName, numBlock, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " +
145 - $"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.RepositName}', '{vuln.Cve}', '{vuln.FuncName}', {vuln.BlockNum}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')"; 90 + $"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.Cve}', '{vuln.FuncName}', {vuln.NumBlock}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')";
146 - //sql = "INSERT INTO vulnInfo (vulnId, lenBlock, repositName, cve, funcName, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " +
147 - // "VALUES(" + last_vulnId + ", " + vuln.LenBlock + ", " + vuln.RepositName + ", " + vuln.Cve + ", " + vuln.FuncName + ", " + vuln.CodeOriBefore + ", " + vuln.CodeOriAfter + ", " + vuln.CodeAbsBefore + ", " + vuln.CodeAbsAfter + ", '" + vuln.BlockHash + "')";
148 Console.WriteLine(sql); 91 Console.WriteLine(sql);
149 - // cmd = new MySqlCommand(sql, Conn); 92 + cmd = new MySqlCommand(sql, Conn);
150 - // cmd.ExecuteNonQuery(); 93 + cmd.ExecuteNonQuery();
151 - //Conn.Close();
152 } 94 }
153 catch (Exception e) 95 catch (Exception e)
154 { 96 {
...@@ -161,13 +103,16 @@ namespace VulnCrawler ...@@ -161,13 +103,16 @@ namespace VulnCrawler
161 } 103 }
162 Console.ReadLine(); 104 Console.ReadLine();
163 } 105 }
164 - // } 106 +
165 } 107 }
166 public static void InsertUserData(User user) 108 public static void InsertUserData(User user)
167 { 109 {
168 Conn.Open(); 110 Conn.Open();
111 + String sql = string.Empty;
112 + MySqlCommand cmd = null;
113 + /*
169 //DB에 취약점 데이터가 이미 있는지 검사 114 //DB에 취약점 데이터가 이미 있는지 검사
170 - String sql = "select count(*) from vulnInfo where cve like '" + user.Cve + "'"; 115 + String sql = "select count(*) from vulnInfo where cve like '" + user. + "'";
171 MySqlCommand cmd = new MySqlCommand(sql, Conn); 116 MySqlCommand cmd = new MySqlCommand(sql, Conn);
172 int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 117 int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
173 //CVE 중복인 경우 118 //CVE 중복인 경우
...@@ -175,22 +120,31 @@ namespace VulnCrawler ...@@ -175,22 +120,31 @@ namespace VulnCrawler
175 { 120 {
176 Console.WriteLine("이미 cve가 존재함"); 121 Console.WriteLine("이미 cve가 존재함");
177 } 122 }
178 - //CVE 중복이 아닌 경우 123 + */
179 - else 124 + // userId setting (마지막 userId +1)
125 + int last_userId = 1;
126 + try
180 { 127 {
181 - //DB insert 128 + sql = "select max(userId) from userInfo";
182 - try 129 + cmd = new MySqlCommand(sql, Conn);
183 - { 130 + last_userId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1;
184 - sql = "INSERT INTO userInfo (userId, repositName, cve,codeOriBefore,codeOriAfter,funcName,detectDate) " + 131 + }
185 - "VALUES(" + user.UserId + "," + user.RepositName + "," + user.Cve + "," + user.CodeOriBefore + "," + user.CodeOriAfter + "," + user.FuncName + "," + user.DetectDate + ")"; 132 + catch (Exception)
186 - cmd = new MySqlCommand(sql, Conn); 133 + {
187 - cmd.ExecuteNonQuery(); 134 + last_userId = 1;
188 - Conn.Close(); 135 + }
189 - } 136 +
190 - catch (Exception e) 137 + //DB insert
191 - { 138 + try
192 - Console.WriteLine(e.StackTrace); 139 + {
193 - } 140 + sql = "INSERT INTO userInfo(userId, repositName, vulnInfo) " + $"VALUES({last_userId}, {user.RepositName}, '{user.VulnId}')";
141 + Console.WriteLine(sql);
142 + cmd = new MySqlCommand(sql, Conn);
143 + cmd.ExecuteNonQuery();
144 + }
145 + catch (Exception e)
146 + {
147 + Console.WriteLine(e.StackTrace);
194 } 148 }
195 } 149 }
196 public static Vuln SearchVulnCve(string _cve) 150 public static Vuln SearchVulnCve(string _cve)
...@@ -205,10 +159,9 @@ namespace VulnCrawler ...@@ -205,10 +159,9 @@ namespace VulnCrawler
205 { 159 {
206 vuln.VulnId = Convert.ToInt32(rdr["vulnId"]); 160 vuln.VulnId = Convert.ToInt32(rdr["vulnId"]);
207 vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]); 161 vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]);
208 - vuln.RepositName = Convert.ToString(rdr["repositName"]);
209 vuln.Cve = Convert.ToString(rdr["cve"]); 162 vuln.Cve = Convert.ToString(rdr["cve"]);
210 vuln.FuncName = Convert.ToString(rdr["funcName"]); 163 vuln.FuncName = Convert.ToString(rdr["funcName"]);
211 - vuln.Language = Convert.ToString(rdr["language"]); 164 + vuln.NumBlock = Convert.ToInt32(rdr["numBlock"]);
212 vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]); 165 vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]);
213 vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]); 166 vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]);
214 vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ; 167 vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ;
......
...@@ -134,19 +134,16 @@ namespace VulnCrawler ...@@ -134,19 +134,16 @@ namespace VulnCrawler
134 VulnRDS.Vuln vuln = new VulnRDS.Vuln() 134 VulnRDS.Vuln vuln = new VulnRDS.Vuln()
135 { 135 {
136 Cve = cve, 136 Cve = cve,
137 - Language = "C",
138 BlockHash = block.Hash, 137 BlockHash = block.Hash,
139 LenBlock = block.Code.Length, 138 LenBlock = block.Code.Length,
140 FuncName = Convert.ToBase64String(funcNameBytes), 139 FuncName = Convert.ToBase64String(funcNameBytes),
141 - RepositName = repoName,
142 CodeOriBefore = Convert.ToBase64String(codeOriBeforeBytes), 140 CodeOriBefore = Convert.ToBase64String(codeOriBeforeBytes),
143 CodeAbsBefore = Convert.ToBase64String(codeAbsBeforeBytes), 141 CodeAbsBefore = Convert.ToBase64String(codeAbsBeforeBytes),
144 - BlockNum = block.Num, 142 + NumBlock = block.Num,
145 -
146 }; 143 };
147 Console.WriteLine($"Vuln FuncName:{vuln.FuncName}"); 144 Console.WriteLine($"Vuln FuncName:{vuln.FuncName}");
148 /* VulnDB에 추가 */ 145 /* VulnDB에 추가 */
149 - //VulnRDS.InsertVulnData(vuln); 146 + VulnRDS.InsertVulnData(vuln);
150 } 147 }
151 } 148 }
152 } 149 }
......