Showing
2 changed files
with
51 additions
and
57 deletions
... | @@ -16,29 +16,20 @@ namespace VulnCrawler | ... | @@ -16,29 +16,20 @@ namespace VulnCrawler |
16 | { | 16 | { |
17 | public int VulnId { get; set; } = -1; /* 취약점 ID */ | 17 | public int VulnId { get; set; } = -1; /* 취약점 ID */ |
18 | public int LenBlock { get; set; } = -1; /* 취약점 BLOCK 길이 */ | 18 | public int LenBlock { get; set; } = -1; /* 취약점 BLOCK 길이 */ |
19 | - public string RepositName { get; set; } = "NULL"; /* 취약점 레파지토리 이름 */ | ||
20 | public string Cve { get; set; } = "NULL"; /* 취약점 CVE */ | 19 | public string Cve { get; set; } = "NULL"; /* 취약점 CVE */ |
21 | public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */ | 20 | public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */ |
22 | - public string Language { get; set; } = "NULL"; /* 취약점 언어 종류 */ | 21 | + public int NumBlock { get; set; } = -1; /* 블록 번호 */ |
23 | public string CodeOriBefore { get; set; } = "NULL"; /* 취약점 패치 전 원본 코드 */ | 22 | public string CodeOriBefore { get; set; } = "NULL"; /* 취약점 패치 전 원본 코드 */ |
24 | public string CodeOriAfter { get; set; } = "NULL"; /* 취약점 패치 후 원본 코드 */ | 23 | public string CodeOriAfter { get; set; } = "NULL"; /* 취약점 패치 후 원본 코드 */ |
25 | public string CodeAbsBefore { get; set; } = "NULL"; /* 취약점 패치 전 추상화 코드 */ | 24 | public string CodeAbsBefore { get; set; } = "NULL"; /* 취약점 패치 전 추상화 코드 */ |
26 | public string CodeAbsAfter { get; set; } = "NULL"; /* 취약점 패치 후 추상화 코드 */ | 25 | public string CodeAbsAfter { get; set; } = "NULL"; /* 취약점 패치 후 추상화 코드 */ |
27 | - public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */ | 26 | + public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */ |
28 | - public int BlockNum { get; set; } = -1; /* 블록 번호 */ | ||
29 | - | ||
30 | - | ||
31 | } | 27 | } |
32 | public class User | 28 | public class User |
33 | { | 29 | { |
34 | - public int UserId { get; set; } /* 유저 ID */ | 30 | + public int UserId { get; set; } = -1;/* 유저 ID */ |
35 | - public string RepositName { get; set; } /* 유저 레파지토리 이름 */ | 31 | + public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */ |
36 | - public string Cve { get; set; } /* 취약점 CVE */ | 32 | + public string VulnId { get; set; } = "NULL"; /* 취약점 vuln ID */ |
37 | - public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */ | ||
38 | - public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */ | ||
39 | - public string FuncName { get; set; } /* 취약점 함수 이름 */ | ||
40 | - public string DetectDate { get; set; } /* 검사 날짜 */ | ||
41 | - | ||
42 | } | 33 | } |
43 | //connect | 34 | //connect |
44 | public static void Connect(AWS.Account account, string dbName) | 35 | public static void Connect(AWS.Account account, string dbName) |
... | @@ -60,22 +51,20 @@ namespace VulnCrawler | ... | @@ -60,22 +51,20 @@ namespace VulnCrawler |
60 | } | 51 | } |
61 | public static void InsertVulnData(Vuln vuln) | 52 | public static void InsertVulnData(Vuln vuln) |
62 | { | 53 | { |
63 | - // Conn.Open(); | ||
64 | - //DB에 취약점 데이터가 이미 있는지 검사 | ||
65 | String sql = string.Empty; | 54 | String sql = string.Empty; |
66 | - //String sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "'"; | 55 | + //DB에 취약점 데이터가 이미 있는지 검사 |
67 | - //MySqlCommand cmd = new MySqlCommand(sql, Conn); | 56 | + /* |
68 | - | 57 | + |
69 | - | 58 | + sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "' and numBlock like '" +vuln.NumBlock + "'" ; |
70 | - //int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); | 59 | + MySqlCommand cmd = new MySqlCommand(sql, Conn); |
71 | - ////CVE 중복인 경우 | 60 | + int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); |
72 | - //if (RecordCount > 0) | 61 | + //CVE & block num 중복인 경우 |
73 | - //{ | 62 | + if (RecordCount > 0) |
74 | - // Console.WriteLine("이미 cve가 존재함"); | 63 | + { |
75 | - //} | 64 | + //추가하지 않음 |
76 | - //CVE 중복이 아닌 경우 | 65 | + return; |
77 | - //else | 66 | + } |
78 | - //{ | 67 | + */ |
79 | // vulnId setting (마지막 vulnId +1) | 68 | // vulnId setting (마지막 vulnId +1) |
80 | MySqlCommand cmd = null; | 69 | MySqlCommand cmd = null; |
81 | 70 | ||
... | @@ -91,20 +80,17 @@ namespace VulnCrawler | ... | @@ -91,20 +80,17 @@ namespace VulnCrawler |
91 | { | 80 | { |
92 | last_vulnId = 1; | 81 | last_vulnId = 1; |
93 | } | 82 | } |
94 | - | 83 | + |
95 | Retry: | 84 | Retry: |
96 | 85 | ||
97 | //DB insert | 86 | //DB insert |
98 | try | 87 | try |
99 | { | 88 | { |
100 | sql = "INSERT INTO vulnInfo(vulnId, lenBlock, repositName, cve, funcName, numBlock, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " + | 89 | sql = "INSERT INTO vulnInfo(vulnId, lenBlock, repositName, cve, funcName, numBlock, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " + |
101 | - $"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.RepositName}', '{vuln.Cve}', '{vuln.FuncName}', {vuln.BlockNum}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')"; | 90 | + $"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.Cve}', '{vuln.FuncName}', {vuln.NumBlock}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')"; |
102 | - //sql = "INSERT INTO vulnInfo (vulnId, lenBlock, repositName, cve, funcName, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " + | ||
103 | - // "VALUES(" + last_vulnId + ", " + vuln.LenBlock + ", " + vuln.RepositName + ", " + vuln.Cve + ", " + vuln.FuncName + ", " + vuln.CodeOriBefore + ", " + vuln.CodeOriAfter + ", " + vuln.CodeAbsBefore + ", " + vuln.CodeAbsAfter + ", '" + vuln.BlockHash + "')"; | ||
104 | Console.WriteLine(sql); | 91 | Console.WriteLine(sql); |
105 | cmd = new MySqlCommand(sql, Conn); | 92 | cmd = new MySqlCommand(sql, Conn); |
106 | cmd.ExecuteNonQuery(); | 93 | cmd.ExecuteNonQuery(); |
107 | - //Conn.Close(); | ||
108 | } | 94 | } |
109 | catch (Exception e) | 95 | catch (Exception e) |
110 | { | 96 | { |
... | @@ -117,13 +103,16 @@ namespace VulnCrawler | ... | @@ -117,13 +103,16 @@ namespace VulnCrawler |
117 | } | 103 | } |
118 | Console.ReadLine(); | 104 | Console.ReadLine(); |
119 | } | 105 | } |
120 | - // } | 106 | + |
121 | } | 107 | } |
122 | public static void InsertUserData(User user) | 108 | public static void InsertUserData(User user) |
123 | { | 109 | { |
124 | Conn.Open(); | 110 | Conn.Open(); |
111 | + String sql = string.Empty; | ||
112 | + MySqlCommand cmd = null; | ||
113 | + /* | ||
125 | //DB에 취약점 데이터가 이미 있는지 검사 | 114 | //DB에 취약점 데이터가 이미 있는지 검사 |
126 | - String sql = "select count(*) from vulnInfo where cve like '" + user.Cve + "'"; | 115 | + String sql = "select count(*) from vulnInfo where cve like '" + user. + "'"; |
127 | MySqlCommand cmd = new MySqlCommand(sql, Conn); | 116 | MySqlCommand cmd = new MySqlCommand(sql, Conn); |
128 | int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); | 117 | int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); |
129 | //CVE 중복인 경우 | 118 | //CVE 중복인 경우 |
... | @@ -131,22 +120,31 @@ namespace VulnCrawler | ... | @@ -131,22 +120,31 @@ namespace VulnCrawler |
131 | { | 120 | { |
132 | Console.WriteLine("이미 cve가 존재함"); | 121 | Console.WriteLine("이미 cve가 존재함"); |
133 | } | 122 | } |
134 | - //CVE 중복이 아닌 경우 | 123 | + */ |
135 | - else | 124 | + // userId setting (마지막 userId +1) |
125 | + int last_userId = 1; | ||
126 | + try | ||
127 | + { | ||
128 | + sql = "select max(userId) from userInfo"; | ||
129 | + cmd = new MySqlCommand(sql, Conn); | ||
130 | + last_userId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1; | ||
131 | + } | ||
132 | + catch (Exception) | ||
136 | { | 133 | { |
137 | - //DB insert | 134 | + last_userId = 1; |
138 | - try | 135 | + } |
139 | - { | 136 | + |
140 | - sql = "INSERT INTO userInfo (userId, repositName, cve,codeOriBefore,codeOriAfter,funcName,detectDate) " + | 137 | + //DB insert |
141 | - "VALUES(" + user.UserId + "," + user.RepositName + "," + user.Cve + "," + user.CodeOriBefore + "," + user.CodeOriAfter + "," + user.FuncName + "," + user.DetectDate + ")"; | 138 | + try |
142 | - cmd = new MySqlCommand(sql, Conn); | 139 | + { |
143 | - cmd.ExecuteNonQuery(); | 140 | + sql = "INSERT INTO userInfo(userId, repositName, vulnInfo) " + $"VALUES({last_userId}, {user.RepositName}, '{user.VulnId}')"; |
144 | - Conn.Close(); | 141 | + Console.WriteLine(sql); |
145 | - } | 142 | + cmd = new MySqlCommand(sql, Conn); |
146 | - catch (Exception e) | 143 | + cmd.ExecuteNonQuery(); |
147 | - { | 144 | + } |
148 | - Console.WriteLine(e.StackTrace); | 145 | + catch (Exception e) |
149 | - } | 146 | + { |
147 | + Console.WriteLine(e.StackTrace); | ||
150 | } | 148 | } |
151 | } | 149 | } |
152 | public static Vuln SearchVulnCve(string _cve) | 150 | public static Vuln SearchVulnCve(string _cve) |
... | @@ -161,10 +159,9 @@ namespace VulnCrawler | ... | @@ -161,10 +159,9 @@ namespace VulnCrawler |
161 | { | 159 | { |
162 | vuln.VulnId = Convert.ToInt32(rdr["vulnId"]); | 160 | vuln.VulnId = Convert.ToInt32(rdr["vulnId"]); |
163 | vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]); | 161 | vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]); |
164 | - vuln.RepositName = Convert.ToString(rdr["repositName"]); | ||
165 | vuln.Cve = Convert.ToString(rdr["cve"]); | 162 | vuln.Cve = Convert.ToString(rdr["cve"]); |
166 | vuln.FuncName = Convert.ToString(rdr["funcName"]); | 163 | vuln.FuncName = Convert.ToString(rdr["funcName"]); |
167 | - vuln.Language = Convert.ToString(rdr["language"]); | 164 | + vuln.NumBlock = Convert.ToInt32(rdr["numBlock"]); |
168 | vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]); | 165 | vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]); |
169 | vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]); | 166 | vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]); |
170 | vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ; | 167 | vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ; | ... | ... |
... | @@ -134,15 +134,12 @@ namespace VulnCrawler | ... | @@ -134,15 +134,12 @@ namespace VulnCrawler |
134 | VulnRDS.Vuln vuln = new VulnRDS.Vuln() | 134 | VulnRDS.Vuln vuln = new VulnRDS.Vuln() |
135 | { | 135 | { |
136 | Cve = cve, | 136 | Cve = cve, |
137 | - Language = "C", | ||
138 | BlockHash = block.Hash, | 137 | BlockHash = block.Hash, |
139 | LenBlock = block.Code.Length, | 138 | LenBlock = block.Code.Length, |
140 | FuncName = Convert.ToBase64String(funcNameBytes), | 139 | FuncName = Convert.ToBase64String(funcNameBytes), |
141 | - RepositName = repoName, | ||
142 | CodeOriBefore = Convert.ToBase64String(codeOriBeforeBytes), | 140 | CodeOriBefore = Convert.ToBase64String(codeOriBeforeBytes), |
143 | CodeAbsBefore = Convert.ToBase64String(codeAbsBeforeBytes), | 141 | CodeAbsBefore = Convert.ToBase64String(codeAbsBeforeBytes), |
144 | - BlockNum = block.Num, | 142 | + NumBlock = block.Num, |
145 | - | ||
146 | }; | 143 | }; |
147 | Console.WriteLine($"Vuln FuncName:{vuln.FuncName}"); | 144 | Console.WriteLine($"Vuln FuncName:{vuln.FuncName}"); |
148 | /* VulnDB에 추가 */ | 145 | /* VulnDB에 추가 */ | ... | ... |
-
Please register or login to post a comment