Showing
4 changed files
with
233 additions
and
0 deletions
This diff is collapsed. Click to expand it.
| ... | @@ -38,8 +38,13 @@ | ... | @@ -38,8 +38,13 @@ |
| 38 | <Reference Include="LibGit2Sharp, Version=0.25.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333, processorArchitecture=MSIL"> | 38 | <Reference Include="LibGit2Sharp, Version=0.25.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333, processorArchitecture=MSIL"> |
| 39 | <HintPath>..\packages\LibGit2Sharp.0.25.0\lib\netstandard2.0\LibGit2Sharp.dll</HintPath> | 39 | <HintPath>..\packages\LibGit2Sharp.0.25.0\lib\netstandard2.0\LibGit2Sharp.dll</HintPath> |
| 40 | </Reference> | 40 | </Reference> |
| 41 | + <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> | ||
| 41 | <Reference Include="System" /> | 42 | <Reference Include="System" /> |
| 42 | <Reference Include="System.Core" /> | 43 | <Reference Include="System.Core" /> |
| 44 | + <Reference Include="System.ValueTuple, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL"> | ||
| 45 | + <HintPath>..\packages\System.ValueTuple.4.4.0\lib\net461\System.ValueTuple.dll</HintPath> | ||
| 46 | + <Private>True</Private> | ||
| 47 | + </Reference> | ||
| 43 | <Reference Include="System.Xml.Linq" /> | 48 | <Reference Include="System.Xml.Linq" /> |
| 44 | <Reference Include="System.Data.DataSetExtensions" /> | 49 | <Reference Include="System.Data.DataSetExtensions" /> |
| 45 | <Reference Include="Microsoft.CSharp" /> | 50 | <Reference Include="Microsoft.CSharp" /> |
| ... | @@ -50,6 +55,7 @@ | ... | @@ -50,6 +55,7 @@ |
| 50 | <ItemGroup> | 55 | <ItemGroup> |
| 51 | <Compile Include="Program.cs" /> | 56 | <Compile Include="Program.cs" /> |
| 52 | <Compile Include="Properties\AssemblyInfo.cs" /> | 57 | <Compile Include="Properties\AssemblyInfo.cs" /> |
| 58 | + <Compile Include="VulnPython.cs" /> | ||
| 53 | </ItemGroup> | 59 | </ItemGroup> |
| 54 | <ItemGroup> | 60 | <ItemGroup> |
| 55 | <None Include="App.config" /> | 61 | <None Include="App.config" /> | ... | ... |
Vulnerablity_DB/VulnCrawler/VulnPython.cs
0 → 100644
| 1 | +using LibGit2Sharp; | ||
| 2 | +using System; | ||
| 3 | +using System.Collections.Generic; | ||
| 4 | +using System.IO; | ||
| 5 | +using System.Linq; | ||
| 6 | +using System.Security.Cryptography; | ||
| 7 | +using System.Text; | ||
| 8 | +using System.Text.RegularExpressions; | ||
| 9 | +using System.Threading.Tasks; | ||
| 10 | + | ||
| 11 | +namespace VulnCrawler | ||
| 12 | +{ | ||
| 13 | + // 추상 클래스 | ||
| 14 | + public abstract class VulnAbstractCrawler { | ||
| 15 | + /// <summary> | ||
| 16 | + /// 생성자 | ||
| 17 | + /// 경로를 입력받아서(path) | ||
| 18 | + /// 레파지토리를 초기화하고 | ||
| 19 | + /// 커밋 목록을 검색함 | ||
| 20 | + /// </summary> | ||
| 21 | + /// <param name="path"></param> | ||
| 22 | + public VulnAbstractCrawler(string path) { | ||
| 23 | + Repository = new Repository(path); | ||
| 24 | + Commits = SearchCommits(); | ||
| 25 | + } | ||
| 26 | + | ||
| 27 | + // 소멸자 | ||
| 28 | + ~VulnAbstractCrawler() { | ||
| 29 | + | ||
| 30 | + Repository.Dispose(); | ||
| 31 | + } | ||
| 32 | + | ||
| 33 | + // 정규식 그룹화 | ||
| 34 | + // @@ -oldStart,oldLines +newStart,newLines @@ MethodName(): | ||
| 35 | + public static string OldStart => "oldStart"; | ||
| 36 | + public static string OldLines => "oldLines"; | ||
| 37 | + public static string NewStart => "newStart"; | ||
| 38 | + public static string NewLines => "newLines"; | ||
| 39 | + public static string MethodName => "methodName"; | ||
| 40 | + | ||
| 41 | + | ||
| 42 | + /// <summary> | ||
| 43 | + /// 레파지토리 | ||
| 44 | + /// </summary> | ||
| 45 | + public Repository Repository { get; private set; } | ||
| 46 | + | ||
| 47 | + /// <summary> | ||
| 48 | + /// 커밋 목록 | ||
| 49 | + /// </summary> | ||
| 50 | + public IEnumerable<Commit> Commits { get; private set; } | ||
| 51 | + /// <summary> | ||
| 52 | + /// 커밋에서 검색할 정규식 문자열 | ||
| 53 | + /// </summary> | ||
| 54 | + protected string SearchKeyword => @"CVE-20\d\d-\d{4}"; | ||
| 55 | + /// <summary> | ||
| 56 | + /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 | ||
| 57 | + /// </summary> | ||
| 58 | + protected abstract string RegexFuncPattern { get; } | ||
| 59 | + protected abstract string Extension { get; } | ||
| 60 | + public abstract IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch); | ||
| 61 | + /// <summary> | ||
| 62 | + /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 | ||
| 63 | + /// 그룹화 하여 반환함 (OldStart, OldLines, NewStart, NewLines, MethodName | ||
| 64 | + /// </summary> | ||
| 65 | + /// <param name="patchCode">찾을 코드</param> | ||
| 66 | + /// <returns>정규식 그룹 컬렉션</returns> | ||
| 67 | + public abstract MatchCollection GetMatches(string patchCode); | ||
| 68 | + /// <summary> | ||
| 69 | + /// 파일스트림으로 부터 원본 함수 구하는 함수 | ||
| 70 | + /// </summary> | ||
| 71 | + /// <param name="oldStream">파일 스트림</param> | ||
| 72 | + /// <param name="methodName">찾을 메서드 이름</param> | ||
| 73 | + /// <returns>함수 문자열</returns> | ||
| 74 | + protected abstract string GetOriginalFunc(Stream oldStream, string methodName); | ||
| 75 | + public abstract (string originalFunc, string hash) GetPatchResult(Stream oldStream, string methodName); | ||
| 76 | + /// <summary> | ||
| 77 | + /// 주석 제거 함수 | ||
| 78 | + /// </summary> | ||
| 79 | + /// <param name="original">제거할 문자열</param> | ||
| 80 | + /// <returns>결과 문자열</returns> | ||
| 81 | + public abstract string RemoveComment(string original); | ||
| 82 | + | ||
| 83 | + /// <summary> | ||
| 84 | + /// 커밋 검색 함수(정규식 사용) | ||
| 85 | + /// 정규식은 SearchKeyword 사용함 | ||
| 86 | + /// </summary> | ||
| 87 | + /// <returns>커밋 목록</returns> | ||
| 88 | + public virtual IEnumerable<Commit> SearchCommits() { | ||
| 89 | + // where => 조건에 맞는 것을 찾음(CVE-20\d\d-\d{4}로 시작하는 커밋만 골라냄) | ||
| 90 | + var commits = Repository.Commits | ||
| 91 | + .Where(c => Regex.Match(c.Message, SearchKeyword, RegexOptions.IgnoreCase).Success) | ||
| 92 | + .ToList(); | ||
| 93 | + | ||
| 94 | + return commits; | ||
| 95 | + } | ||
| 96 | + | ||
| 97 | + /// <summary> | ||
| 98 | + /// MD5 함수 | ||
| 99 | + /// </summary> | ||
| 100 | + /// <param name="str">INPUT 문자열</param> | ||
| 101 | + /// <returns>결과 문자열</returns> | ||
| 102 | + protected static string MD5HashFunc(string str) { | ||
| 103 | + StringBuilder MD5Str = new StringBuilder(); | ||
| 104 | + byte[] byteArr = Encoding.ASCII.GetBytes(str); | ||
| 105 | + byte[] resultArr = (new MD5CryptoServiceProvider()).ComputeHash(byteArr); | ||
| 106 | + for (int cnti = 0; cnti < resultArr.Length; cnti++) { | ||
| 107 | + MD5Str.Append(resultArr[cnti].ToString("X2")); | ||
| 108 | + } | ||
| 109 | + return MD5Str.ToString(); | ||
| 110 | + } | ||
| 111 | + | ||
| 112 | + } | ||
| 113 | + | ||
| 114 | + public class VulnC : VulnAbstractCrawler | ||
| 115 | + { | ||
| 116 | + public VulnC(string path) : base(path) { | ||
| 117 | + | ||
| 118 | + } | ||
| 119 | + | ||
| 120 | + protected override string RegexFuncPattern => throw new NotImplementedException(); | ||
| 121 | + | ||
| 122 | + protected override string Extension => ".c"; | ||
| 123 | + | ||
| 124 | + public override MatchCollection GetMatches(string patchCode) { | ||
| 125 | + throw new NotImplementedException(); | ||
| 126 | + } | ||
| 127 | + | ||
| 128 | + public override IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { | ||
| 129 | + throw new NotImplementedException(); | ||
| 130 | + } | ||
| 131 | + | ||
| 132 | + public override (string originalFunc, string hash) GetPatchResult(Stream oldStream, string methodName) { | ||
| 133 | + throw new NotImplementedException(); | ||
| 134 | + } | ||
| 135 | + | ||
| 136 | + public override string RemoveComment(string original) { | ||
| 137 | + throw new NotImplementedException(); | ||
| 138 | + } | ||
| 139 | + | ||
| 140 | + protected override string GetOriginalFunc(Stream oldStream, string methodName) { | ||
| 141 | + throw new NotImplementedException(); | ||
| 142 | + } | ||
| 143 | + } | ||
| 144 | + /// <summary> | ||
| 145 | + /// 파이썬 크롤러 | ||
| 146 | + /// </summary> | ||
| 147 | + public class VulnPython : VulnAbstractCrawler | ||
| 148 | + { | ||
| 149 | + public VulnPython(string path) : base(path) { | ||
| 150 | + } | ||
| 151 | + | ||
| 152 | + protected override string Extension => ".py"; | ||
| 153 | + protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; | ||
| 154 | + | ||
| 155 | + public override MatchCollection GetMatches(string patchCode) { | ||
| 156 | + var regs = Regex.Matches(patchCode, RegexFuncPattern); | ||
| 157 | + return regs; | ||
| 158 | + } | ||
| 159 | + | ||
| 160 | + protected override string GetOriginalFunc(Stream oldStream, string methodName) { | ||
| 161 | + StringBuilder oldBuilder = new StringBuilder(); | ||
| 162 | + using (var reader = new StreamReader(oldStream)) { | ||
| 163 | + int defSpace = 0; | ||
| 164 | + while (!reader.EndOfStream) { | ||
| 165 | + | ||
| 166 | + string line = reader.ReadLine(); | ||
| 167 | + if (defSpace > 0) { | ||
| 168 | + if (line.Length < defSpace) { | ||
| 169 | + continue; | ||
| 170 | + } | ||
| 171 | + string concat = line.Substring(0, defSpace); | ||
| 172 | + if (string.IsNullOrWhiteSpace(concat)) { | ||
| 173 | + string trim = line.Trim(); | ||
| 174 | + // #으로 시작한다면 주석이니 제거 | ||
| 175 | + if (trim.StartsWith("#")) { | ||
| 176 | + continue; | ||
| 177 | + } | ||
| 178 | + oldBuilder.AppendLine(line); | ||
| 179 | + } else { | ||
| 180 | + continue; | ||
| 181 | + } | ||
| 182 | + } | ||
| 183 | + if (Regex.Match(line, $@"def {methodName}\(.*\)").Success) { | ||
| 184 | + defSpace = line.IndexOf(methodName); | ||
| 185 | + oldBuilder.AppendLine(line); | ||
| 186 | + } | ||
| 187 | + | ||
| 188 | + } | ||
| 189 | + | ||
| 190 | + } | ||
| 191 | + return oldBuilder.ToString(); | ||
| 192 | + } | ||
| 193 | + | ||
| 194 | + public override IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { | ||
| 195 | + | ||
| 196 | + return patch.Where(e => e.Path.EndsWith(Extension)).ToList(); | ||
| 197 | + | ||
| 198 | + } | ||
| 199 | + | ||
| 200 | + public override string RemoveComment(string original) { | ||
| 201 | + | ||
| 202 | + string txt = Regex.Replace(original, Environment.NewLine, ""); | ||
| 203 | + | ||
| 204 | + StringBuilder sb = new StringBuilder(); | ||
| 205 | + sb.Append("\"\"\""); | ||
| 206 | + sb.Append(@".*"); | ||
| 207 | + sb.Append("\"\"\""); | ||
| 208 | + string replace = txt; | ||
| 209 | + if (Regex.Match(txt, sb.ToString()).Success) { | ||
| 210 | + replace = Regex.Replace(txt, sb.ToString(), ""); | ||
| 211 | + } | ||
| 212 | + return replace; | ||
| 213 | + } | ||
| 214 | + | ||
| 215 | + public override (string originalFunc, string hash) GetPatchResult(Stream stream, string methodName) { | ||
| 216 | + // 패치 전 원본 함수 구하고 | ||
| 217 | + string func = GetOriginalFunc(stream, methodName); | ||
| 218 | + // 주석 제거하고 | ||
| 219 | + func = RemoveComment(func); | ||
| 220 | + Console.WriteLine(func); | ||
| 221 | + // 해쉬하고 | ||
| 222 | + string md5 = MD5HashFunc(func); | ||
| 223 | + return (func, md5); | ||
| 224 | + } | ||
| 225 | + } | ||
| 226 | +} |
| ... | @@ -2,4 +2,5 @@ | ... | @@ -2,4 +2,5 @@ |
| 2 | <packages> | 2 | <packages> |
| 3 | <package id="LibGit2Sharp" version="0.25.0" targetFramework="net461" /> | 3 | <package id="LibGit2Sharp" version="0.25.0" targetFramework="net461" /> |
| 4 | <package id="LibGit2Sharp.NativeBinaries" version="1.0.210" targetFramework="net461" /> | 4 | <package id="LibGit2Sharp.NativeBinaries" version="1.0.210" targetFramework="net461" /> |
| 5 | + <package id="System.ValueTuple" version="4.4.0" targetFramework="net461" /> | ||
| 5 | </packages> | 6 | </packages> |
| ... | \ No newline at end of file | ... | \ No newline at end of file | ... | ... |
-
Please register or login to post a comment