노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
이지윤
0e3e7355 2 parents 17a22d4c bcdb9649

Merge branch 'master' of https://github.com/yhackerbv/VulnNottiProject

Expand all
Inline Side-by-side
Showing 5 changed files with 13 additions and 53 deletions
...@@ -65,10 +65,6 @@ namespace VulnCrawler ...@@ -65,10 +65,6 @@ namespace VulnCrawler
65 65
66 /* 메인 동작 함수 */ 66 /* 메인 동작 함수 */
67 public static void Run() { 67 public static void Run() {
68 -
69 -
70 -
71 -
72 // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) 68 // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록)
73 Regex.CacheSize = 50; 69 Regex.CacheSize = 50;
74 70
...@@ -88,35 +84,6 @@ namespace VulnCrawler ...@@ -88,35 +84,6 @@ namespace VulnCrawler
88 { 84 {
89 continue; 85 continue;
90 } 86 }
91 - //var crawler = new VulnC();
92 - //crawler.Init(directory);
93 -
94 - //Tree commitTree1 = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd").Tree;
95 - ////Tree parentTree1 = crawler.Repository.Lookup<Commit>("344ba37bdc299660e1b1693b6999e5fe116893e1").Tree;
96 -
97 - //Commit commit = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd");
98 -
99 - //foreach (var parent in commit.Parents)
100 - //{
101 - // Console.WriteLine($"Parent ID:{parent.Sha}");
102 - // Tree commitTree = commit.Tree;
103 - // Tree parentTree = parent.Tree;
104 - // var patch = crawler.Repository.Diff.Compare<Patch>(commitTree, parentTree.);
105 - // foreach (var item in patch.Where(p => p.OldPath.EndsWith(".c")))
106 - // {
107 -
108 - // Console.WriteLine(item.Status);
109 - // Console.WriteLine(item.Path);
110 - // Console.WriteLine(item.Patch);
111 - // }
112 - // Console.ReadLine();
113 -
114 - //}
115 -
116 -
117 - ////Console.WriteLine(patch.Content);
118 - //Console.ReadLine();
119 -
120 // 템플릿 패턴화 T : VulnAbstractCrawler 87 // 템플릿 패턴화 T : VulnAbstractCrawler
121 VulnWorker.Run<VulnC>(directory); 88 VulnWorker.Run<VulnC>(directory);
122 } 89 }
......
...@@ -31,7 +31,7 @@ namespace VulnCrawler ...@@ -31,7 +31,7 @@ namespace VulnCrawler
31 public string FuncName { get; set; } 31 public string FuncName { get; set; }
32 public string Hash { get; set; } 32 public string Hash { get; set; }
33 public string Path { get; set; } 33 public string Path { get; set; }
34 - 34 + public string Url { get; set; }
35 public override bool Equals(object obj) 35 public override bool Equals(object obj)
36 { 36 {
37 var block = obj as UserBlock; 37 var block = obj as UserBlock;
...@@ -131,7 +131,7 @@ namespace VulnCrawler ...@@ -131,7 +131,7 @@ namespace VulnCrawler
131 /// <summary> 131 /// <summary>
132 /// 커밋에서 검색할 정규식 문자열 132 /// 커밋에서 검색할 정규식 문자열
133 /// </summary> 133 /// </summary>
134 - public string SearchCommitPattern => @"CVE[ -](\d{4})[ -](\d{4,})"; 134 + public string SearchCommitPattern => @"CVE[ -](201[5-8])[ -](\d{4,})";
135 /// <summary> 135 /// <summary>
136 /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 136 /// 패치 코드에서 함수 찾을 정규식 패턴 문자열
137 /// </summary> 137 /// </summary>
......
...@@ -891,15 +891,10 @@ namespace VulnCrawler ...@@ -891,15 +891,10 @@ namespace VulnCrawler
891 var regex2 = new Regex(stringPattern, RegexOptions.Compiled); 891 var regex2 = new Regex(stringPattern, RegexOptions.Compiled);
892 var regex3 = new Regex(commentPattern2, RegexOptions.Compiled); 892 var regex3 = new Regex(commentPattern2, RegexOptions.Compiled);
893 var regex4 = new Regex(commentPattern, RegexOptions.Compiled); 893 var regex4 = new Regex(commentPattern, RegexOptions.Compiled);
894 -
895 bool found3 = false; 894 bool found3 = false;
896 -
897 bool com = false; 895 bool com = false;
898 -
899 -
900 while (!reader.EndOfStream) 896 while (!reader.EndOfStream)
901 { 897 {
902 -
903 string line = reader.ReadLine(); 898 string line = reader.ReadLine();
904 string trim = line.Trim(); 899 string trim = line.Trim();
905 if (commentLine) 900 if (commentLine)
...@@ -915,7 +910,6 @@ namespace VulnCrawler ...@@ -915,7 +910,6 @@ namespace VulnCrawler
915 continue; 910 continue;
916 } 911 }
917 } 912 }
918 -
919 // /* ~ 패턴 913 // /* ~ 패턴
920 if (regex3.IsMatch(trim)) 914 if (regex3.IsMatch(trim))
921 { 915 {
...@@ -941,20 +935,18 @@ namespace VulnCrawler ...@@ -941,20 +935,18 @@ namespace VulnCrawler
941 if (found3) 935 if (found3)
942 { 936 {
943 string obStr = oldBuilder.ToString(); 937 string obStr = oldBuilder.ToString();
944 - Console.WriteLine(obStr); 938 + //Console.WriteLine(obStr);
945 -
946 obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>()); 939 obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>());
947 byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr); 940 byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr);
948 string absObStrBase64 = Convert.ToBase64String(obStrBytes); 941 string absObStrBase64 = Convert.ToBase64String(obStrBytes);
949 - 942 + // Console.WriteLine(obStr);
950 - Console.WriteLine(obStr); 943 + //Console.WriteLine("HASH: " + MD5HashFunc(obStr));
944 + //Console.WriteLine(absObStrBase64);
951 if (!dict.ContainsKey(absObStrBase64.Length)) 945 if (!dict.ContainsKey(absObStrBase64.Length))
952 { 946 {
953 dict[absObStrBase64.Length] = new HashSet<UserBlock>(); 947 dict[absObStrBase64.Length] = new HashSet<UserBlock>();
954 } 948 }
955 -
956 string funcName = new string(oldBuilder.ToString().TakeWhile(c => c != '{').ToArray()); 949 string funcName = new string(oldBuilder.ToString().TakeWhile(c => c != '{').ToArray());
957 -
958 (dict[absObStrBase64.Length] as HashSet<UserBlock>).Add(new UserBlock 950 (dict[absObStrBase64.Length] as HashSet<UserBlock>).Add(new UserBlock
959 { 951 {
960 Hash = MD5HashFunc(absObStrBase64), 952 Hash = MD5HashFunc(absObStrBase64),
...@@ -1090,11 +1082,11 @@ namespace VulnCrawler ...@@ -1090,11 +1082,11 @@ namespace VulnCrawler
1090 if (found3) 1082 if (found3)
1091 { 1083 {
1092 string obStr = oldBuilder.ToString(); 1084 string obStr = oldBuilder.ToString();
1093 - Console.WriteLine(obStr); 1085 + // Console.WriteLine(obStr);
1094 obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>()); 1086 obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>());
1095 byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr); 1087 byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr);
1096 string absObStrBase64 = Convert.ToBase64String(obStrBytes); 1088 string absObStrBase64 = Convert.ToBase64String(obStrBytes);
1097 - Console.WriteLine(obStr); 1089 + // Console.WriteLine(obStr);
1098 if (!dict.ContainsKey(absObStrBase64.Length)) 1090 if (!dict.ContainsKey(absObStrBase64.Length))
1099 { 1091 {
1100 dict[absObStrBase64.Length] = new HashSet<UserBlock>(); 1092 dict[absObStrBase64.Length] = new HashSet<UserBlock>();
......
...@@ -67,6 +67,7 @@ namespace VulnCrawler ...@@ -67,6 +67,7 @@ namespace VulnCrawler
67 public string FileName { get; set; } = "NULL"; /* FileName */ 67 public string FileName { get; set; } = "NULL"; /* FileName */
68 public string FuncName { get; set; } = "NULL"; /* funcName */ 68 public string FuncName { get; set; } = "NULL"; /* funcName */
69 public string Url { get; set; } = "NULL"; /* Url */ 69 public string Url { get; set; } = "NULL"; /* Url */
70 + public string Product { get; set; }
70 71
71 } 72 }
72 //connect 73 //connect
...@@ -242,7 +243,7 @@ namespace VulnCrawler ...@@ -242,7 +243,7 @@ namespace VulnCrawler
242 { 243 {
243 Connection = Conn, 244 Connection = Conn,
244 //db에 추가 245 //db에 추가
245 - CommandText = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url) VALUES(@type, @year, @level, @userName, @cveName, @publish_date,@update_date, @cveDetail,@fileName, @funcName,@url)" 246 + CommandText = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url, product) VALUES(@type, @year, @level, @userName, @cveName, @publish_date,@update_date, @cveDetail,@fileName, @funcName,@url,@product)"
246 }; 247 };
247 cmd.Parameters.AddWithValue("@type", $"{vuln.Type}"); 248 cmd.Parameters.AddWithValue("@type", $"{vuln.Type}");
248 cmd.Parameters.AddWithValue("@year", $"{vuln.Year}"); 249 cmd.Parameters.AddWithValue("@year", $"{vuln.Year}");
...@@ -255,16 +256,16 @@ namespace VulnCrawler ...@@ -255,16 +256,16 @@ namespace VulnCrawler
255 cmd.Parameters.AddWithValue("@fileName", $"{vuln.FileName}"); 256 cmd.Parameters.AddWithValue("@fileName", $"{vuln.FileName}");
256 cmd.Parameters.AddWithValue("@funcName", $"{vuln.FuncName}"); 257 cmd.Parameters.AddWithValue("@funcName", $"{vuln.FuncName}");
257 cmd.Parameters.AddWithValue("@url", $"{vuln.Url}"); 258 cmd.Parameters.AddWithValue("@url", $"{vuln.Url}");
258 - 259 + cmd.Parameters.AddWithValue("@product", $"{vuln.Product}");
259 cmd.ExecuteNonQuery(); 260 cmd.ExecuteNonQuery();
260 //콘솔출력용 261 //콘솔출력용
261 sql = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url) " + 262 sql = "INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url) " +
262 $"VALUES({vuln.Type}, {vuln.Year}, {vuln.Level}, {vuln.UserName}, {vuln.CveName},{vuln.Publish_date}, {vuln.Update_date}, {vuln.CveDetail}, {vuln.FileName}, {vuln.FuncName}, {vuln.Url})"; 263 $"VALUES({vuln.Type}, {vuln.Year}, {vuln.Level}, {vuln.UserName}, {vuln.CveName},{vuln.Publish_date}, {vuln.Update_date}, {vuln.CveDetail}, {vuln.FileName}, {vuln.FuncName}, {vuln.Url})";
263 - Console.WriteLine(sql); 264 + // Console.WriteLine(sql);
264 } 265 }
265 catch (Exception e) 266 catch (Exception e)
266 { 267 {
267 - Console.WriteLine(e.ToString()); 268 + // Console.WriteLine(e.ToString());
268 string es = e.ToString(); 269 string es = e.ToString();
269 if (es.Contains("Connection must be valid and open")) 270 if (es.Contains("Connection must be valid and open"))
270 { 271 {
......