노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
이지윤
fd24e2e7 1 parent 44e77a7e

db insert 수정

Inline Side-by-side
Showing 2 changed files with 39 additions and 45 deletions
...@@ -16,29 +16,20 @@ namespace VulnCrawler ...@@ -16,29 +16,20 @@ namespace VulnCrawler
16 { 16 {
17 public int VulnId { get; set; } = -1; /* 취약점 ID */ 17 public int VulnId { get; set; } = -1; /* 취약점 ID */
18 public int LenBlock { get; set; } = -1; /* 취약점 BLOCK 길이 */ 18 public int LenBlock { get; set; } = -1; /* 취약점 BLOCK 길이 */
19 - public string RepositName { get; set; } = "NULL"; /* 취약점 레파지토리 이름 */
20 public string Cve { get; set; } = "NULL"; /* 취약점 CVE */ 19 public string Cve { get; set; } = "NULL"; /* 취약점 CVE */
21 public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */ 20 public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */
22 - public string Language { get; set; } = "NULL"; /* 취약점 언어 종류 */ 21 + public int NumBlock { get; set; } = -1; /* 블록 번호 */
23 public string CodeOriBefore { get; set; } = "NULL"; /* 취약점 패치 전 원본 코드 */ 22 public string CodeOriBefore { get; set; } = "NULL"; /* 취약점 패치 전 원본 코드 */
24 public string CodeOriAfter { get; set; } = "NULL"; /* 취약점 패치 후 원본 코드 */ 23 public string CodeOriAfter { get; set; } = "NULL"; /* 취약점 패치 후 원본 코드 */
25 public string CodeAbsBefore { get; set; } = "NULL"; /* 취약점 패치 전 추상화 코드 */ 24 public string CodeAbsBefore { get; set; } = "NULL"; /* 취약점 패치 전 추상화 코드 */
26 public string CodeAbsAfter { get; set; } = "NULL"; /* 취약점 패치 후 추상화 코드 */ 25 public string CodeAbsAfter { get; set; } = "NULL"; /* 취약점 패치 후 추상화 코드 */
27 public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */ 26 public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */
28 - public int BlockNum { get; set; } = -1; /* 블록 번호 */
29 -
30 -
31 } 27 }
32 public class User 28 public class User
33 { 29 {
34 - public int UserId { get; set; } /* 유저 ID */ 30 + public int UserId { get; set; } = -1;/* 유저 ID */
35 - public string RepositName { get; set; } /* 유저 레파지토리 이름 */ 31 + public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */
36 - public string Cve { get; set; } /* 취약점 CVE */ 32 + public string VulnId { get; set; } = "NULL"; /* 취약점 vuln ID */
37 - public string CodeOriBefore { get; set; } /* 취약점 패치 전 원본 코드 */
38 - public string CodeOriAfter { get; set; } /* 취약점 패치 후 원본 코드 */
39 - public string FuncName { get; set; } /* 취약점 함수 이름 */
40 - public string DetectDate { get; set; } /* 검사 날짜 */
41 -
42 } 33 }
43 //connect 34 //connect
44 public static void Connect(AWS.Account account, string dbName) 35 public static void Connect(AWS.Account account, string dbName)
...@@ -60,22 +51,20 @@ namespace VulnCrawler ...@@ -60,22 +51,20 @@ namespace VulnCrawler
60 } 51 }
61 public static void InsertVulnData(Vuln vuln) 52 public static void InsertVulnData(Vuln vuln)
62 { 53 {
63 - // Conn.Open();
64 - //DB에 취약점 데이터가 이미 있는지 검사
65 String sql = string.Empty; 54 String sql = string.Empty;
66 - //String sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "'"; 55 + //DB에 취약점 데이터가 이미 있는지 검사
67 - //MySqlCommand cmd = new MySqlCommand(sql, Conn); 56 + /*
68 -
69 57
70 - //int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 58 + sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "' and numBlock like '" +vuln.NumBlock + "'" ;
71 - ////CVE 중복인 경우 59 + MySqlCommand cmd = new MySqlCommand(sql, Conn);
72 - //if (RecordCount > 0) 60 + int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
73 - //{ 61 + //CVE & block num 중복인 경우
74 - // Console.WriteLine("이미 cve가 존재함"); 62 + if (RecordCount > 0)
75 - //} 63 + {
76 - //CVE 중복이 아닌 경우 64 + //추가하지 않음
77 - //else 65 + return;
78 - //{ 66 + }
67 + */
79 // vulnId setting (마지막 vulnId +1) 68 // vulnId setting (마지막 vulnId +1)
80 MySqlCommand cmd = null; 69 MySqlCommand cmd = null;
81 70
...@@ -98,13 +87,10 @@ namespace VulnCrawler ...@@ -98,13 +87,10 @@ namespace VulnCrawler
98 try 87 try
99 { 88 {
100 sql = "INSERT INTO vulnInfo(vulnId, lenBlock, repositName, cve, funcName, numBlock, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " + 89 sql = "INSERT INTO vulnInfo(vulnId, lenBlock, repositName, cve, funcName, numBlock, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " +
101 - $"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.RepositName}', '{vuln.Cve}', '{vuln.FuncName}', {vuln.BlockNum}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')"; 90 + $"VALUES({last_vulnId}, {vuln.LenBlock}, '{vuln.Cve}', '{vuln.FuncName}', {vuln.NumBlock}, '{vuln.CodeOriBefore}', '{vuln.CodeOriAfter}', '{vuln.CodeAbsBefore}', '{vuln.CodeAbsAfter}', '{vuln.BlockHash}')";
102 - //sql = "INSERT INTO vulnInfo (vulnId, lenBlock, repositName, cve, funcName, codeOriBefore, codeOriAfter, codeAbsBefore, codeAbsAfter, blockHash) " +
103 - // "VALUES(" + last_vulnId + ", " + vuln.LenBlock + ", " + vuln.RepositName + ", " + vuln.Cve + ", " + vuln.FuncName + ", " + vuln.CodeOriBefore + ", " + vuln.CodeOriAfter + ", " + vuln.CodeAbsBefore + ", " + vuln.CodeAbsAfter + ", '" + vuln.BlockHash + "')";
104 Console.WriteLine(sql); 91 Console.WriteLine(sql);
105 cmd = new MySqlCommand(sql, Conn); 92 cmd = new MySqlCommand(sql, Conn);
106 cmd.ExecuteNonQuery(); 93 cmd.ExecuteNonQuery();
107 - //Conn.Close();
108 } 94 }
109 catch (Exception e) 95 catch (Exception e)
110 { 96 {
...@@ -117,13 +103,16 @@ namespace VulnCrawler ...@@ -117,13 +103,16 @@ namespace VulnCrawler
117 } 103 }
118 Console.ReadLine(); 104 Console.ReadLine();
119 } 105 }
120 - // } 106 +
121 } 107 }
122 public static void InsertUserData(User user) 108 public static void InsertUserData(User user)
123 { 109 {
124 Conn.Open(); 110 Conn.Open();
111 + String sql = string.Empty;
112 + MySqlCommand cmd = null;
113 + /*
125 //DB에 취약점 데이터가 이미 있는지 검사 114 //DB에 취약점 데이터가 이미 있는지 검사
126 - String sql = "select count(*) from vulnInfo where cve like '" + user.Cve + "'"; 115 + String sql = "select count(*) from vulnInfo where cve like '" + user. + "'";
127 MySqlCommand cmd = new MySqlCommand(sql, Conn); 116 MySqlCommand cmd = new MySqlCommand(sql, Conn);
128 int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 117 int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
129 //CVE 중복인 경우 118 //CVE 중복인 경우
...@@ -131,24 +120,33 @@ namespace VulnCrawler ...@@ -131,24 +120,33 @@ namespace VulnCrawler
131 { 120 {
132 Console.WriteLine("이미 cve가 존재함"); 121 Console.WriteLine("이미 cve가 존재함");
133 } 122 }
134 - //CVE 중복이 아닌 경우 123 + */
135 - else 124 + // userId setting (마지막 userId +1)
125 + int last_userId = 1;
126 + try
136 { 127 {
128 + sql = "select max(userId) from userInfo";
129 + cmd = new MySqlCommand(sql, Conn);
130 + last_userId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1;
131 + }
132 + catch (Exception)
133 + {
134 + last_userId = 1;
135 + }
136 +
137 //DB insert 137 //DB insert
138 try 138 try
139 { 139 {
140 - sql = "INSERT INTO userInfo (userId, repositName, cve,codeOriBefore,codeOriAfter,funcName,detectDate) " + 140 + sql = "INSERT INTO userInfo(userId, repositName, vulnInfo) " + $"VALUES({last_userId}, {user.RepositName}, '{user.VulnId}')";
141 - "VALUES(" + user.UserId + "," + user.RepositName + "," + user.Cve + "," + user.CodeOriBefore + "," + user.CodeOriAfter + "," + user.FuncName + "," + user.DetectDate + ")"; 141 + Console.WriteLine(sql);
142 cmd = new MySqlCommand(sql, Conn); 142 cmd = new MySqlCommand(sql, Conn);
143 cmd.ExecuteNonQuery(); 143 cmd.ExecuteNonQuery();
144 - Conn.Close();
145 } 144 }
146 catch (Exception e) 145 catch (Exception e)
147 { 146 {
148 Console.WriteLine(e.StackTrace); 147 Console.WriteLine(e.StackTrace);
149 } 148 }
150 } 149 }
151 - }
152 public static Vuln SearchVulnCve(string _cve) 150 public static Vuln SearchVulnCve(string _cve)
153 { 151 {
154 Vuln vuln = new Vuln(); 152 Vuln vuln = new Vuln();
...@@ -161,10 +159,9 @@ namespace VulnCrawler ...@@ -161,10 +159,9 @@ namespace VulnCrawler
161 { 159 {
162 vuln.VulnId = Convert.ToInt32(rdr["vulnId"]); 160 vuln.VulnId = Convert.ToInt32(rdr["vulnId"]);
163 vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]); 161 vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]);
164 - vuln.RepositName = Convert.ToString(rdr["repositName"]);
165 vuln.Cve = Convert.ToString(rdr["cve"]); 162 vuln.Cve = Convert.ToString(rdr["cve"]);
166 vuln.FuncName = Convert.ToString(rdr["funcName"]); 163 vuln.FuncName = Convert.ToString(rdr["funcName"]);
167 - vuln.Language = Convert.ToString(rdr["language"]); 164 + vuln.NumBlock = Convert.ToInt32(rdr["numBlock"]);
168 vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]); 165 vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]);
169 vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]); 166 vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]);
170 vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ; 167 vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ;
......
...@@ -134,15 +134,12 @@ namespace VulnCrawler ...@@ -134,15 +134,12 @@ namespace VulnCrawler
134 VulnRDS.Vuln vuln = new VulnRDS.Vuln() 134 VulnRDS.Vuln vuln = new VulnRDS.Vuln()
135 { 135 {
136 Cve = cve, 136 Cve = cve,
137 - Language = "C",
138 BlockHash = block.Hash, 137 BlockHash = block.Hash,
139 LenBlock = block.Code.Length, 138 LenBlock = block.Code.Length,
140 FuncName = Convert.ToBase64String(funcNameBytes), 139 FuncName = Convert.ToBase64String(funcNameBytes),
141 - RepositName = repoName,
142 CodeOriBefore = Convert.ToBase64String(codeOriBeforeBytes), 140 CodeOriBefore = Convert.ToBase64String(codeOriBeforeBytes),
143 CodeAbsBefore = Convert.ToBase64String(codeAbsBeforeBytes), 141 CodeAbsBefore = Convert.ToBase64String(codeAbsBeforeBytes),
144 - BlockNum = block.Num, 142 + NumBlock = block.Num,
145 -
146 }; 143 };
147 Console.WriteLine($"Vuln FuncName:{vuln.FuncName}"); 144 Console.WriteLine($"Vuln FuncName:{vuln.FuncName}");
148 /* VulnDB에 추가 */ 145 /* VulnDB에 추가 */
......