노현종

180601

......@@ -16,73 +16,20 @@ namespace VulnCrawler
{
public int VulnId { get; set; } = -1; /* 취약점 ID */
public int LenBlock { get; set; } = -1; /* 취약점 BLOCK 길이 */
public string RepositName { get; set; } = "NULL"; /* 취약점 레파지토리 이름 */
public string Cve { get; set; } = "NULL"; /* 취약점 CVE */
public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */
public string Language { get; set; } = "NULL"; /* 취약점 언어 종류 */
public int NumBlock { get; set; } = -1; /* 블록 번호 */
public string CodeOriBefore { get; set; } = "NULL"; /* 취약점 패치 전 원본 코드 */
public string CodeOriAfter { get; set; } = "NULL"; /* 취약점 패치 후 원본 코드 */
public string CodeAbsBefore { get; set; } = "NULL"; /* 취약점 패치 전 추상화 코드 */
public string CodeAbsAfter { get; set; } = "NULL"; /* 취약점 패치 후 추상화 코드 */
public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */
public int BlockNum { get; set; } = -1; /* 블록 번호 */
// 생성자
public Vuln()
{
}
public Vuln(int _lenBlock, string _repositName, string _cve, string _funcName, string _language, string _codeOriBefore, string _codeOriAfter, string _codeAbsBefore, string _codeAbsAfter, string _blockHash)
{
//임의의 VulnId
VulnId = -1;
LenBlock = _lenBlock;
RepositName = _repositName;
Cve = _cve;
FuncName = _funcName;
Language = _language;
CodeOriBefore = _codeOriBefore;
CodeOriAfter = _codeOriAfter;
CodeAbsBefore = _codeAbsBefore;
CodeAbsAfter = _codeAbsAfter;
BlockHash = _blockHash;
}
public Vuln(int _vulnId, int _lenBlock, string _repositName, string _cve, string _funcName, string _language, string _codeOriBefore, string _codeOriAfter, string _codeAbsBefore, string _codeAbsAfter, string _blockHash)
{
VulnId = _vulnId;
LenBlock = _lenBlock;
RepositName = _repositName;
Cve = _cve;
FuncName = _funcName;
Language = _language;
CodeOriBefore = _codeOriBefore;
CodeOriAfter = _codeOriAfter;
CodeAbsBefore = _codeAbsBefore;
CodeAbsAfter = _codeAbsAfter;
BlockHash = _blockHash;
}
}
public class User
{
public int UserId { get; set; } /* 유저 ID */
public string RepositName { get; set; } /* 유저 레파지토리 이름 */
public string Cve { get; set; } /* 취약점 CVE */
public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */
public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */
public string FuncName { get; set; } /* 취약점 함수 이름 */
public string DetectDate { get; set; } /* 검사 날짜 */
// 생성자
public User()
{
}
public User(int _UserId, string _RepositName, string _Cve, string _CodeOriBefore, string _CodeOriAfter, string _FuncName, string _DetectDate)
{
UserId = _UserId;
RepositName = _RepositName;
Cve = _Cve;
CodeOriBefore = _CodeOriBefore;
CodeOriAfter = _CodeOriAfter;
FuncName = _FuncName;
DetectDate = _DetectDate;
}
public int UserId { get; set; } = -1;/* 유저 ID */
public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */
public string VulnId { get; set; } = "NULL"; /* 취약점 vuln ID */
}
//connect
public static void Connect(AWS.Account account, string dbName)
......@@ -104,22 +51,20 @@ namespace VulnCrawler
}
public static void InsertVulnData(Vuln vuln)
{
// Conn.Open();
//DB에 취약점 데이터가 이미 있는지 검사
String sql = string.Empty;
//String sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "'";
//MySqlCommand cmd = new MySqlCommand(sql, Conn);
//DB에 취약점 데이터가 이미 있는지 검사
/*
//int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
////CVE 중복인 경우
//if (RecordCount > 0)
//{
// Console.WriteLine("이미 cve가 존재함");
//}
//CVE 중복이 아닌 경우
//else
//{
sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "' and numBlock like '" +vuln.NumBlock + "'" ;
MySqlCommand cmd = new MySqlCommand(sql, Conn);
int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
//CVE & block num 중복인 경우
if (RecordCount > 0)
{
//추가하지 않음
return;
}
*/
// vulnId setting (마지막 vulnId +1)
MySqlCommand cmd = null;
......@@ -142,13 +87,10 @@ namespace VulnCrawler
try
{
sql = "INSERT INTO vulnInfo(vulnId, lenBlock, repositName, cve, funcName, numBlock, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " +
$"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.RepositName}', '{vuln.Cve}', '{vuln.FuncName}', {vuln.BlockNum}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')";
//sql = "INSERT INTO vulnInfo (vulnId, lenBlock, repositName, cve, funcName, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " +
// "VALUES(" + last_vulnId + ", " + vuln.LenBlock + ", " + vuln.RepositName + ", " + vuln.Cve + ", " + vuln.FuncName + ", " + vuln.CodeOriBefore + ", " + vuln.CodeOriAfter + ", " + vuln.CodeAbsBefore + ", " + vuln.CodeAbsAfter + ", '" + vuln.BlockHash + "')";
$"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.Cve}', '{vuln.FuncName}', {vuln.NumBlock}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')";
Console.WriteLine(sql);
// cmd = new MySqlCommand(sql, Conn);
// cmd.ExecuteNonQuery();
//Conn.Close();
cmd = new MySqlCommand(sql, Conn);
cmd.ExecuteNonQuery();
}
catch (Exception e)
{
......@@ -161,13 +103,16 @@ namespace VulnCrawler
}
Console.ReadLine();
}
// }
}
public static void InsertUserData(User user)
{
Conn.Open();
String sql = string.Empty;
MySqlCommand cmd = null;
/*
//DB에 취약점 데이터가 이미 있는지 검사
String sql = "select count(*) from vulnInfo where cve like '" + user.Cve + "'";
String sql = "select count(*) from vulnInfo where cve like '" + user. + "'";
MySqlCommand cmd = new MySqlCommand(sql, Conn);
int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
//CVE 중복인 경우
......@@ -175,24 +120,33 @@ namespace VulnCrawler
{
Console.WriteLine("이미 cve가 존재함");
}
//CVE 중복이 아닌 경우
else
*/
// userId setting (마지막 userId +1)
int last_userId = 1;
try
{
sql = "select max(userId) from userInfo";
cmd = new MySqlCommand(sql, Conn);
last_userId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1;
}
catch (Exception)
{
last_userId = 1;
}
//DB insert
try
{
sql = "INSERT INTO userInfo (userId, repositName, cve,codeOriBefore,codeOriAfter,funcName,detectDate) " +
"VALUES(" + user.UserId + "," + user.RepositName + "," + user.Cve + "," + user.CodeOriBefore + "," + user.CodeOriAfter + "," + user.FuncName + "," + user.DetectDate + ")";
sql = "INSERT INTO userInfo(userId, repositName, vulnInfo) " + $"VALUES({last_userId}, {user.RepositName}, '{user.VulnId}')";
Console.WriteLine(sql);
cmd = new MySqlCommand(sql, Conn);
cmd.ExecuteNonQuery();
Conn.Close();
}
catch (Exception e)
{
Console.WriteLine(e.StackTrace);
}
}
}
public static Vuln SearchVulnCve(string _cve)
{
Vuln vuln = new Vuln();
......@@ -205,10 +159,9 @@ namespace VulnCrawler
{
vuln.VulnId = Convert.ToInt32(rdr["vulnId"]);
vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]);
vuln.RepositName = Convert.ToString(rdr["repositName"]);
vuln.Cve = Convert.ToString(rdr["cve"]);
vuln.FuncName = Convert.ToString(rdr["funcName"]);
vuln.Language = Convert.ToString(rdr["language"]);
vuln.NumBlock = Convert.ToInt32(rdr["numBlock"]);
vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]);
vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]);
vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ;
......
......@@ -134,19 +134,16 @@ namespace VulnCrawler
VulnRDS.Vuln vuln = new VulnRDS.Vuln()
{
Cve = cve,
Language = "C",
BlockHash = block.Hash,
LenBlock = block.Code.Length,
FuncName = Convert.ToBase64String(funcNameBytes),
RepositName = repoName,
CodeOriBefore = Convert.ToBase64String(codeOriBeforeBytes),
CodeAbsBefore = Convert.ToBase64String(codeAbsBeforeBytes),
BlockNum = block.Num,
NumBlock = block.Num,
};
Console.WriteLine($"Vuln FuncName:{vuln.FuncName}");
/* VulnDB에 추가 */
//VulnRDS.InsertVulnData(vuln);
VulnRDS.InsertVulnData(vuln);
}
}
}
......