Showing
11 changed files
with
46 additions
and
28 deletions
No preview for this file type
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/assets/.DS_Store
0 → 100644
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/assets/css/.DS_Store
0 → 100644
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/assets/img/.DS_Store
0 → 100644
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/assets/js/.DS_Store
0 → 100644
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/assets/scss/.DS_Store
0 → 100644
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/docs/.DS_Store
0 → 100644
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/examples/.DS_Store
0 → 100644
No preview for this file type
| ... | @@ -40,6 +40,18 @@ namespace VulnCrawler | ... | @@ -40,6 +40,18 @@ namespace VulnCrawler |
| 40 | public string Code { get; set; } = "NULL"; /* 취약점 소스 코드 */ | 40 | public string Code { get; set; } = "NULL"; /* 취약점 소스 코드 */ |
| 41 | public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */ | 41 | public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */ |
| 42 | public string Url { get; set; } = "NULL"; /* 취약점 URL */ | 42 | public string Url { get; set; } = "NULL"; /* 취약점 URL */ |
| 43 | + | ||
| 44 | + public override bool Equals(object obj) | ||
| 45 | + { | ||
| 46 | + var vuln = obj as _Vuln; | ||
| 47 | + return vuln != null && | ||
| 48 | + BlockHash == vuln.BlockHash; | ||
| 49 | + } | ||
| 50 | + | ||
| 51 | + public override int GetHashCode() | ||
| 52 | + { | ||
| 53 | + return 802558182 + EqualityComparer<string>.Default.GetHashCode(BlockHash); | ||
| 54 | + } | ||
| 43 | } | 55 | } |
| 44 | //connect | 56 | //connect |
| 45 | public static void Connect(AWS.Account account, string dbName) | 57 | public static void Connect(AWS.Account account, string dbName) |
| ... | @@ -105,7 +117,6 @@ namespace VulnCrawler | ... | @@ -105,7 +117,6 @@ namespace VulnCrawler |
| 105 | { | 117 | { |
| 106 | String sql = string.Empty; | 118 | String sql = string.Empty; |
| 107 | MySqlCommand cmd = null; | 119 | MySqlCommand cmd = null; |
| 108 | - | ||
| 109 | // vulnId setting (마지막 vulnId +1) | 120 | // vulnId setting (마지막 vulnId +1) |
| 110 | int last_vulnId = 1; | 121 | int last_vulnId = 1; |
| 111 | try | 122 | try |
| ... | @@ -124,10 +135,12 @@ namespace VulnCrawler | ... | @@ -124,10 +135,12 @@ namespace VulnCrawler |
| 124 | //DB insert | 135 | //DB insert |
| 125 | try | 136 | try |
| 126 | { | 137 | { |
| 127 | - cmd = new MySqlCommand(); | 138 | + cmd = new MySqlCommand |
| 128 | - cmd.Connection = Conn; | 139 | + { |
| 129 | - //db에 추가 | 140 | + Connection = Conn, |
| 130 | - cmd.CommandText = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) VALUES(@vulnId, @cve, @funcName, @lenFunc, @code, @blockHash, @url)"; | 141 | + //db에 추가 |
| 142 | + CommandText = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) VALUES(@vulnId, @cve, @funcName, @lenFunc, @code, @blockHash, @url)" | ||
| 143 | + }; | ||
| 131 | cmd.Parameters.AddWithValue("@vulnId", last_vulnId); | 144 | cmd.Parameters.AddWithValue("@vulnId", last_vulnId); |
| 132 | cmd.Parameters.AddWithValue("@cve", $"{vuln.Cve}"); | 145 | cmd.Parameters.AddWithValue("@cve", $"{vuln.Cve}"); |
| 133 | cmd.Parameters.AddWithValue("@funcName", $"{vuln.FuncName}"); | 146 | cmd.Parameters.AddWithValue("@funcName", $"{vuln.FuncName}"); | ... | ... |
| ... | @@ -60,25 +60,19 @@ namespace VulnUserCodeAnalyzer | ... | @@ -60,25 +60,19 @@ namespace VulnUserCodeAnalyzer |
| 60 | Console.WriteLine("연결 실패"); | 60 | Console.WriteLine("연결 실패"); |
| 61 | return; | 61 | return; |
| 62 | } | 62 | } |
| 63 | - | ||
| 64 | var hashDict = new Dictionary<int, HashSet<VulnAbstractCrawler.UserBlock>>(); | 63 | var hashDict = new Dictionary<int, HashSet<VulnAbstractCrawler.UserBlock>>(); |
| 65 | - | ||
| 66 | Stopwatch stopwatch = new Stopwatch(); | 64 | Stopwatch stopwatch = new Stopwatch(); |
| 67 | stopwatch.Start(); | 65 | stopwatch.Start(); |
| 68 | DirectoryInfo dirInfo = new DirectoryInfo(@"c:\code"); | 66 | DirectoryInfo dirInfo = new DirectoryInfo(@"c:\code"); |
| 69 | var codeFiles = dirInfo.EnumerateFiles("*.c", SearchOption.AllDirectories); | 67 | var codeFiles = dirInfo.EnumerateFiles("*.c", SearchOption.AllDirectories); |
| 70 | int totalFileCount = codeFiles.Count(); | 68 | int totalFileCount = codeFiles.Count(); |
| 71 | - | ||
| 72 | int count = 0; | 69 | int count = 0; |
| 73 | foreach (var codeFile in codeFiles) | 70 | foreach (var codeFile in codeFiles) |
| 74 | { | 71 | { |
| 75 | - | ||
| 76 | Console.WriteLine(codeFile.FullName); | 72 | Console.WriteLine(codeFile.FullName); |
| 77 | using (var reader = codeFile.OpenText()) | 73 | using (var reader = codeFile.OpenText()) |
| 78 | { | 74 | { |
| 79 | - | ||
| 80 | var dict = crawler.CrawlUserCode(reader); | 75 | var dict = crawler.CrawlUserCode(reader); |
| 81 | - | ||
| 82 | foreach (var item in dict) | 76 | foreach (var item in dict) |
| 83 | { | 77 | { |
| 84 | if (!hashDict.ContainsKey(item.Key)) | 78 | if (!hashDict.ContainsKey(item.Key)) |
| ... | @@ -92,31 +86,38 @@ namespace VulnUserCodeAnalyzer | ... | @@ -92,31 +86,38 @@ namespace VulnUserCodeAnalyzer |
| 92 | filter.Add(hash.Hash); | 86 | filter.Add(hash.Hash); |
| 93 | } | 87 | } |
| 94 | } | 88 | } |
| 95 | - | ||
| 96 | count++; | 89 | count++; |
| 97 | double per = ((double)count / (double)totalFileCount) * 100; | 90 | double per = ((double)count / (double)totalFileCount) * 100; |
| 98 | - | ||
| 99 | Console.Clear(); | 91 | Console.Clear(); |
| 100 | Console.WriteLine($"{count} / {totalFileCount} :: {per.ToString("#0.0")}%, 개체 수 : {hashDict.Count}"); | 92 | Console.WriteLine($"{count} / {totalFileCount} :: {per.ToString("#0.0")}%, 개체 수 : {hashDict.Count}"); |
| 101 | - | ||
| 102 | if (count > 100) | 93 | if (count > 100) |
| 103 | { | 94 | { |
| 104 | break; | 95 | break; |
| 105 | } | 96 | } |
| 106 | } | 97 | } |
| 107 | - | ||
| 108 | - | ||
| 109 | } | 98 | } |
| 110 | - | ||
| 111 | var findBlocks = new Queue<VulnAbstractCrawler.UserBlock>(); | 99 | var findBlocks = new Queue<VulnAbstractCrawler.UserBlock>(); |
| 112 | - | 100 | + var vulnDict = new Dictionary<string, IEnumerable<VulnRDS._Vuln>>(); |
| 113 | foreach (var set in hashDict) | 101 | foreach (var set in hashDict) |
| 114 | { | 102 | { |
| 115 | - Console.WriteLine($"-----key:{set.Key}"); | 103 | + var cveList = VulnRDS.SelectVulnbyLen(set.Key).Select(v => v.Cve).Distinct(); |
| 116 | - var vulnList = VulnRDS.SelectVulnbyLen(set.Key); | 104 | + foreach (var cve in cveList) |
| 117 | - foreach (var vuln in vulnList) | 105 | + { |
| 106 | + if (!vulnDict.ContainsKey(cve)) | ||
| 107 | + { | ||
| 108 | + vulnDict[cve] = new HashSet<VulnRDS._Vuln>(); | ||
| 109 | + // SQL CVE 목록 가져와야 함 | ||
| 110 | + // 가져와서 각 CVE 마다 vulnDict에 추가 | ||
| 111 | + } | ||
| 112 | + } | ||
| 113 | + } | ||
| 114 | + | ||
| 115 | + foreach (var vulnSet in vulnDict) | ||
| 116 | + { | ||
| 117 | + Console.WriteLine($"-----cve:{vulnSet.Key}"); | ||
| 118 | + bool match = false; | ||
| 119 | + foreach (var vuln in vulnSet.Value) | ||
| 118 | { | 120 | { |
| 119 | - // Console.WriteLine(vuln.BlockHash); | ||
| 120 | if (filter.Contains(vuln.BlockHash)) | 121 | if (filter.Contains(vuln.BlockHash)) |
| 121 | { | 122 | { |
| 122 | Console.WriteLine($"필터 확인 : {vuln.BlockHash}"); | 123 | Console.WriteLine($"필터 확인 : {vuln.BlockHash}"); |
| ... | @@ -129,16 +130,20 @@ namespace VulnUserCodeAnalyzer | ... | @@ -129,16 +130,20 @@ namespace VulnUserCodeAnalyzer |
| 129 | continue; | 130 | continue; |
| 130 | } | 131 | } |
| 131 | Console.WriteLine($"CVE:{vuln.Cve}, {userBlock.FuncName}, 블록 확인 : DB : {vuln.BlockHash}, User : {userBlock.Hash}"); | 132 | Console.WriteLine($"CVE:{vuln.Cve}, {userBlock.FuncName}, 블록 확인 : DB : {vuln.BlockHash}, User : {userBlock.Hash}"); |
| 133 | + match = true; | ||
| 132 | findBlocks.Enqueue(userBlock); | 134 | findBlocks.Enqueue(userBlock); |
| 133 | } | 135 | } |
| 134 | } | 136 | } |
| 135 | - | 137 | + else |
| 138 | + { | ||
| 139 | + match = false; | ||
| 140 | + break; | ||
| 141 | + } | ||
| 142 | + } | ||
| 143 | + if (match) | ||
| 144 | + { | ||
| 145 | + Console.WriteLine($"CVE 찾음 {vulnSet.Key}"); | ||
| 136 | } | 146 | } |
| 137 | - //foreach (var hash in set.Value) | ||
| 138 | - //{ | ||
| 139 | - | ||
| 140 | - // Console.WriteLine($"{hash.FuncName}, {hash.Hash}, {hash.Len}, {hash.Path}"); | ||
| 141 | - //} | ||
| 142 | } | 147 | } |
| 143 | 148 | ||
| 144 | stopwatch.Stop(); | 149 | stopwatch.Stop(); | ... | ... |
-
Please register or login to post a comment