Toggle navigation
Toggle navigation
This project
Loading...
Sign in
노현종
/
2018-1-Capstone1-VulnNotti
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Snippets
Network
Create a new issue
Builds
Commits
Issue Boards
Authored by
이지윤
2018-06-10 02:31:13 +0900
Browse Files
Options
Browse Files
Download
Plain Diff
Commit
0e3e7355419a16c893eb785e1673e680087508d8
0e3e7355
2 parents
17a22d4c
bcdb9649
Merge branch 'master' of
https://github.com/yhackerbv/VulnNottiProject
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
13 additions
and
53 deletions
Vulnerablity_DB/VulnCrawler/Program.cs
Vulnerablity_DB/VulnCrawler/VulnAbstractCrawler.cs
Vulnerablity_DB/VulnCrawler/VulnC.cs
Vulnerablity_DB/VulnCrawler/VulnRDS.cs
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
Vulnerablity_DB/VulnCrawler/Program.cs
View file @
0e3e735
...
...
@@ -65,10 +65,6 @@ namespace VulnCrawler
/* 메인 동작 함수 */
public
static
void
Run
()
{
// Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록)
Regex
.
CacheSize
=
50
;
...
...
@@ -88,35 +84,6 @@ namespace VulnCrawler
{
continue
;
}
//var crawler = new VulnC();
//crawler.Init(directory);
//Tree commitTree1 = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd").Tree;
////Tree parentTree1 = crawler.Repository.Lookup<Commit>("344ba37bdc299660e1b1693b6999e5fe116893e1").Tree;
//Commit commit = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd");
//foreach (var parent in commit.Parents)
//{
// Console.WriteLine($"Parent ID:{parent.Sha}");
// Tree commitTree = commit.Tree;
// Tree parentTree = parent.Tree;
// var patch = crawler.Repository.Diff.Compare<Patch>(commitTree, parentTree.);
// foreach (var item in patch.Where(p => p.OldPath.EndsWith(".c")))
// {
// Console.WriteLine(item.Status);
// Console.WriteLine(item.Path);
// Console.WriteLine(item.Patch);
// }
// Console.ReadLine();
//}
////Console.WriteLine(patch.Content);
//Console.ReadLine();
// 템플릿 패턴화 T : VulnAbstractCrawler
VulnWorker
.
Run
<
VulnC
>(
directory
);
}
...
...
Vulnerablity_DB/VulnCrawler/VulnAbstractCrawler.cs
View file @
0e3e735
...
...
@@ -31,7 +31,7 @@ namespace VulnCrawler
public
string
FuncName
{
get
;
set
;
}
public
string
Hash
{
get
;
set
;
}
public
string
Path
{
get
;
set
;
}
public
string
Url
{
get
;
set
;
}
public
override
bool
Equals
(
object
obj
)
{
var
block
=
obj
as
UserBlock
;
...
...
@@ -131,7 +131,7 @@ namespace VulnCrawler
/// <summary>
/// 커밋에서 검색할 정규식 문자열
/// </summary>
public
string
SearchCommitPattern
=>
@"CVE[ -](
\d{4}
)[ -](\d{4,})"
;
public
string
SearchCommitPattern
=>
@"CVE[ -](
201[5-8]
)[ -](\d{4,})"
;
/// <summary>
/// 패치 코드에서 함수 찾을 정규식 패턴 문자열
/// </summary>
...
...
Vulnerablity_DB/VulnCrawler/VulnC.cs
View file @
0e3e735
...
...
@@ -891,15 +891,10 @@ namespace VulnCrawler
var
regex2
=
new
Regex
(
stringPattern
,
RegexOptions
.
Compiled
);
var
regex3
=
new
Regex
(
commentPattern2
,
RegexOptions
.
Compiled
);
var
regex4
=
new
Regex
(
commentPattern
,
RegexOptions
.
Compiled
);
bool
found3
=
false
;
bool
com
=
false
;
while
(!
reader
.
EndOfStream
)
{
string
line
=
reader
.
ReadLine
();
string
trim
=
line
.
Trim
();
if
(
commentLine
)
...
...
@@ -915,7 +910,6 @@ namespace VulnCrawler
continue
;
}
}
// /* ~ 패턴
if
(
regex3
.
IsMatch
(
trim
))
{
...
...
@@ -941,20 +935,18 @@ namespace VulnCrawler
if
(
found3
)
{
string
obStr
=
oldBuilder
.
ToString
();
Console
.
WriteLine
(
obStr
);
//Console.WriteLine(obStr);
obStr
=
Abstract
(
obStr
,
new
Dictionary
<
string
,
string
>(),
new
Dictionary
<
string
,
string
>());
byte
[]
obStrBytes
=
Encoding
.
Unicode
.
GetBytes
(
obStr
);
string
absObStrBase64
=
Convert
.
ToBase64String
(
obStrBytes
);
Console
.
WriteLine
(
obStr
);
// Console.WriteLine(obStr);
//Console.WriteLine("HASH: " + MD5HashFunc(obStr));
//Console.WriteLine(absObStrBase64);
if
(!
dict
.
ContainsKey
(
absObStrBase64
.
Length
))
{
dict
[
absObStrBase64
.
Length
]
=
new
HashSet
<
UserBlock
>();
}
string
funcName
=
new
string
(
oldBuilder
.
ToString
().
TakeWhile
(
c
=>
c
!=
'{'
).
ToArray
());
(
dict
[
absObStrBase64
.
Length
]
as
HashSet
<
UserBlock
>).
Add
(
new
UserBlock
{
Hash
=
MD5HashFunc
(
absObStrBase64
),
...
...
@@ -1090,11 +1082,11 @@ namespace VulnCrawler
if
(
found3
)
{
string
obStr
=
oldBuilder
.
ToString
();
Console
.
WriteLine
(
obStr
);
//
Console.WriteLine(obStr);
obStr
=
Abstract
(
obStr
,
new
Dictionary
<
string
,
string
>(),
new
Dictionary
<
string
,
string
>());
byte
[]
obStrBytes
=
Encoding
.
Unicode
.
GetBytes
(
obStr
);
string
absObStrBase64
=
Convert
.
ToBase64String
(
obStrBytes
);
Console
.
WriteLine
(
obStr
);
//
Console.WriteLine(obStr);
if
(!
dict
.
ContainsKey
(
absObStrBase64
.
Length
))
{
dict
[
absObStrBase64
.
Length
]
=
new
HashSet
<
UserBlock
>();
...
...
Vulnerablity_DB/VulnCrawler/VulnRDS.cs
View file @
0e3e735
...
...
@@ -67,6 +67,7 @@ namespace VulnCrawler
public
string
FileName
{
get
;
set
;
}
=
"NULL"
;
/* FileName */
public
string
FuncName
{
get
;
set
;
}
=
"NULL"
;
/* funcName */
public
string
Url
{
get
;
set
;
}
=
"NULL"
;
/* Url */
public
string
Product
{
get
;
set
;
}
}
//connect
...
...
@@ -242,7 +243,7 @@ namespace VulnCrawler
{
Connection
=
Conn
,
//db에 추가
CommandText
=
"INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url
) VALUES(@type, @year, @level, @userName, @cveName, @publish_date,@update_date, @cveDetail,@fileName, @funcName,@url
)"
CommandText
=
"INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url
, product) VALUES(@type, @year, @level, @userName, @cveName, @publish_date,@update_date, @cveDetail,@fileName, @funcName,@url,@product
)"
};
cmd
.
Parameters
.
AddWithValue
(
"@type"
,
$
"{vuln.Type}"
);
cmd
.
Parameters
.
AddWithValue
(
"@year"
,
$
"{vuln.Year}"
);
...
...
@@ -255,16 +256,16 @@ namespace VulnCrawler
cmd
.
Parameters
.
AddWithValue
(
"@fileName"
,
$
"{vuln.FileName}"
);
cmd
.
Parameters
.
AddWithValue
(
"@funcName"
,
$
"{vuln.FuncName}"
);
cmd
.
Parameters
.
AddWithValue
(
"@url"
,
$
"{vuln.Url}"
);
cmd
.
Parameters
.
AddWithValue
(
"@product"
,
$
"{vuln.Product}"
);
cmd
.
ExecuteNonQuery
();
//콘솔출력용
sql
=
"INSERT INTO vulnDetail(type, year, level, userName, cveName, publish_date,update_date, cveDetail,fileName, funcName, url) "
+
$
"VALUES({vuln.Type}, {vuln.Year}, {vuln.Level}, {vuln.UserName}, {vuln.CveName},{vuln.Publish_date}, {vuln.Update_date}, {vuln.CveDetail}, {vuln.FileName}, {vuln.FuncName}, {vuln.Url})"
;
Console
.
WriteLine
(
sql
);
//
Console.WriteLine(sql);
}
catch
(
Exception
e
)
{
Console
.
WriteLine
(
e
.
ToString
());
//
Console.WriteLine(e.ToString());
string
es
=
e
.
ToString
();
if
(
es
.
Contains
(
"Connection must be valid and open"
))
{
...
...
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
View file @
0e3e735
This diff is collapsed. Click to expand it.
Please
register
or
login
to post a comment