노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
노현종
2d98d6c9 2 parents c2b4bd6c a9f50b3e

Merge branch 'master' of https://github.com/yhackerbv/VulnNottiProject

Inline Side-by-side
Showing 2 changed files with 264 additions and 72 deletions
...@@ -29,7 +29,17 @@ namespace VulnCrawler ...@@ -29,7 +29,17 @@ namespace VulnCrawler
29 { 29 {
30 public int UserId { get; set; } = -1;/* 유저 ID */ 30 public int UserId { get; set; } = -1;/* 유저 ID */
31 public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */ 31 public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */
32 - public string VulnId { get; set; } = "NULL"; /* 취약점 vuln ID */ 32 + public int VulnId { get; set; } = -1; /* 취약점 vuln ID */
33 + }
34 + public class _Vuln
35 + {
36 + public int VulnId { get; set; } = -1; /* 취약점 ID */
37 + public string Cve { get; set; } = "NULL"; /* 취약점 CVE */
38 + public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */
39 + public int LenFunc { get; set; } = -1; /* 취약점 함수 길이 */
40 + public string Code { get; set; } = "NULL"; /* 취약점 소스 코드 */
41 + public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */
42 + public string Url { get; set; } = "NULL"; /* 취약점 URL */
33 } 43 }
34 //connect 44 //connect
35 public static void Connect(AWS.Account account, string dbName) 45 public static void Connect(AWS.Account account, string dbName)
...@@ -52,28 +62,14 @@ namespace VulnCrawler ...@@ -52,28 +62,14 @@ namespace VulnCrawler
52 public static void InsertVulnData(Vuln vuln) 62 public static void InsertVulnData(Vuln vuln)
53 { 63 {
54 String sql = string.Empty; 64 String sql = string.Empty;
55 - //DB에 취약점 데이터가 이미 있는지 검사
56 - /*
57 -
58 - sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "' and numBlock like '" +vuln.NumBlock + "'" ;
59 - MySqlCommand cmd = new MySqlCommand(sql, Conn);
60 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
61 - //CVE & block num 중복인 경우
62 - if (RecordCount > 0)
63 - {
64 - //추가하지 않음
65 - return;
66 - }
67 - */
68 - // vulnId setting (마지막 vulnId +1)
69 MySqlCommand cmd = null; 65 MySqlCommand cmd = null;
70 66
67 + // vulnId setting (마지막 vulnId +1)
71 int last_vulnId = 1; 68 int last_vulnId = 1;
72 try 69 try
73 { 70 {
74 sql = "select max(vulnId) from vulnInfo"; 71 sql = "select max(vulnId) from vulnInfo";
75 cmd = new MySqlCommand(sql, Conn); 72 cmd = new MySqlCommand(sql, Conn);
76 -
77 last_vulnId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1; 73 last_vulnId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1;
78 } 74 }
79 catch(Exception) 75 catch(Exception)
...@@ -105,23 +101,65 @@ namespace VulnCrawler ...@@ -105,23 +101,65 @@ namespace VulnCrawler
105 } 101 }
106 102
107 } 103 }
104 + public static void _InsertVulnData(_Vuln vuln)
105 + {
106 + String sql = string.Empty;
107 + // vulnId setting (마지막 vulnId +1)
108 + MySqlCommand cmd = null;
109 +
110 + int last_vulnId = 1;
111 + try
112 + {
113 + sql = "select max(vulnId) from vuln_Info";
114 + cmd = new MySqlCommand(sql, Conn);
115 + last_vulnId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1;
116 + }
117 + catch (Exception)
118 + {
119 + last_vulnId = 1;
120 + }
121 +
122 + Retry:
123 +
124 + //DB insert
125 + try
126 + {
127 + cmd = new MySqlCommand();
128 + cmd.Connection = Conn;
129 + //db에 추가
130 + cmd.CommandText = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) VALUES(@vulnId, @cve, @funcName, @lenFunc, @code, @blockHash, @url)";
131 + cmd.Parameters.AddWithValue("@vulnId", last_vulnId);
132 + cmd.Parameters.AddWithValue("@cve", $"'{vuln.Cve}'");
133 + cmd.Parameters.AddWithValue("@funcName", $"'{vuln.FuncName}'");
134 + cmd.Parameters.AddWithValue("@lenFunc", $"{vuln.LenFunc}");
135 + cmd.Parameters.AddWithValue("@code", $"'{vuln.Code}'");
136 + cmd.Parameters.AddWithValue("@blockHash", $"'{vuln.BlockHash}'");
137 + cmd.Parameters.AddWithValue("@url", $"'{vuln.Url}'");
138 + cmd.ExecuteNonQuery();
139 + //콘솔출력용
140 + sql = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) " +
141 + $"VALUES({last_vulnId}, {vuln.Cve}, '{vuln.FuncName}', '{vuln.LenFunc}', {vuln.Code},'{vuln.BlockHash}', '{vuln.Url}')";
142 + Console.WriteLine(sql);
143 + }
144 + catch (Exception e)
145 + {
146 + Console.WriteLine(e.ToString());
147 + string es = e.ToString();
148 + if (es.Contains("Connection must be valid and open"))
149 + {
150 + Connect(Account, DbName);
151 + goto Retry;
152 + }
153 + Console.ReadLine();
154 + }
155 + }
108 public static void InsertUserData(User user) 156 public static void InsertUserData(User user)
109 { 157 {
110 Conn.Open(); 158 Conn.Open();
111 String sql = string.Empty; 159 String sql = string.Empty;
112 MySqlCommand cmd = null; 160 MySqlCommand cmd = null;
113 - /* 161 +
114 - //DB에 취약점 데이터가 이미 있는지 검사 162 + //user_id setting
115 - String sql = "select count(*) from vulnInfo where cve like '" + user. + "'";
116 - MySqlCommand cmd = new MySqlCommand(sql, Conn);
117 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
118 - //CVE 중복인 경우
119 - if (RecordCount > 0)
120 - {
121 - Console.WriteLine("이미 cve가 존재함");
122 - }
123 - */
124 - // userId setting (마지막 userId +1)
125 int last_userId = 1; 163 int last_userId = 1;
126 try 164 try
127 { 165 {
...@@ -134,65 +172,218 @@ namespace VulnCrawler ...@@ -134,65 +172,218 @@ namespace VulnCrawler
134 last_userId = 1; 172 last_userId = 1;
135 } 173 }
136 174
137 - //DB insert 175 + Retry:
176 +
177 + //insert
138 try 178 try
139 { 179 {
140 - sql = "INSERT INTO userInfo(userId, repositName, vulnInfo) " + $"VALUES({last_userId}, {user.RepositName}, '{user.VulnId}')"; 180 + cmd = new MySqlCommand();
181 + cmd.Connection = Conn;
182 + //db에 추가
183 + cmd.CommandText = "INSERT INTO userInfo(userId, repositName, vulnId) VALUES(@userId, @repositName, @vulnId)";
184 + cmd.Parameters.AddWithValue("@userId", last_userId);
185 + cmd.Parameters.AddWithValue("@repositName", $"'{user.RepositName}'");
186 + cmd.Parameters.AddWithValue("@vulnInfo", $"{user.VulnId}");
187 + cmd.ExecuteNonQuery();
188 + //콘솔출력용
189 + sql = "INSERT INTO userInfo(userId, repositName, vulnId) " + $"VALUES({last_userId},'{user.RepositName}','{user.VulnId}')";
141 Console.WriteLine(sql); 190 Console.WriteLine(sql);
142 - cmd = new MySqlCommand(sql, Conn);
143 - cmd.ExecuteNonQuery();
144 } 191 }
145 catch (Exception e) 192 catch (Exception e)
146 { 193 {
147 - Console.WriteLine(e.StackTrace); 194 + Console.WriteLine(e.ToString());
195 + string es = e.ToString();
196 + if (es.Contains("Connection must be valid and open"))
197 + {
198 + Connect(Account, DbName);
199 + goto Retry;
200 + }
201 + Console.ReadLine();
148 } 202 }
149 } 203 }
150 - public static Vuln SearchVulnCve(int _vulnId) 204 + public static void UpdateVulnData(int _vulnId, _Vuln vuln) {
205 + String sql = string.Empty;
206 + MySqlCommand cmd = null;
207 +
208 + Retry:
209 +
210 + //DB update
211 + try
212 + {
213 + cmd = new MySqlCommand();
214 + cmd.Connection = Conn;
215 + //해당 vuln Update
216 + cmd.CommandText = "UPDATE vuln_Info SET cve=@cve,funcName=@funcName,lenFunc=@lenFunc,code=@code,blockHash=@blockHash,url=@url WHERE vulnId=@vulnId";
217 + cmd.Parameters.AddWithValue("@vulnId", _vulnId);
218 + cmd.Parameters.AddWithValue("@cve", $"'{vuln.Cve}'");
219 + cmd.Parameters.AddWithValue("@funcName", $"'{vuln.FuncName}'");
220 + cmd.Parameters.AddWithValue("@lenFunc", $"{vuln.LenFunc}");
221 + cmd.Parameters.AddWithValue("@code", $"'{vuln.Code}'");
222 + cmd.Parameters.AddWithValue("@blockHash", $"'{vuln.BlockHash}'");
223 + cmd.Parameters.AddWithValue("@url", $"'{vuln.Url}'");
224 + cmd.ExecuteNonQuery();
225 + //콘솔출력용
226 + sql = "UPDATE vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) " +
227 + $"VALUES({_vulnId}, {vuln.Cve}, '{vuln.FuncName}', '{vuln.LenFunc}', {vuln.Code},'{vuln.BlockHash}', '{vuln.Url}')";
228 + Console.WriteLine(sql);
229 + }
230 + catch (Exception e)
231 + {
232 + Console.WriteLine(e.ToString());
233 + string es = e.ToString();
234 + if (es.Contains("Connection must be valid and open"))
235 + {
236 + Connect(Account, DbName);
237 + goto Retry;
238 + }
239 + Console.ReadLine();
240 + }
241 + return;
242 + }
243 + public static void UpdateUserData(int _userId, User user)
151 { 244 {
152 - Vuln vuln = new Vuln(); 245 + String sql = string.Empty;
153 - //특정 cve 가 있는지 검사 246 + MySqlCommand cmd = null;
154 - String sql = "select * from vulnInfo where cve like '" + _vulnId + "'"; 247 +
155 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 248 + Retry:
156 - MySqlDataReader rdr = cmd.ExecuteReader(); 249 +
157 - while (rdr.Read()) 250 + //DB update
158 - { 251 + try
159 - vuln.VulnId = Convert.ToInt32(rdr["vulnId"]); 252 + {
160 - vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]); 253 + cmd = new MySqlCommand();
161 - vuln.Cve = Convert.ToString(rdr["cve"]); 254 + cmd.Connection = Conn;
162 - vuln.FuncName = Convert.ToString(rdr["funcName"]); 255 + //해당 user Update
163 - vuln.NumBlock = Convert.ToInt32(rdr["numBlock"]); 256 + cmd.CommandText = "UPDATE userInfo SET repositName=@repositName, vulnId=@vulnId WHERE userId=@userId";
164 - vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]); 257 + cmd.Parameters.AddWithValue("@userId", _userId);
165 - vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]); 258 + cmd.Parameters.AddWithValue("@repositName", $"'{user.RepositName}'");
166 - vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ; 259 + cmd.Parameters.AddWithValue("@vulnId", $"'{user.VulnId}'");
167 - vuln.CodeAbsAfter = Convert.ToString(rdr["codeAbsAfter"]); 260 +
168 - vuln.BlockHash = Convert.ToString(rdr["blockHash"]); 261 + cmd.ExecuteNonQuery();
262 + //콘솔출력용
263 + sql = "UPDATE userInfo(userId, repositName, vulnId) " +
264 + $"VALUES({_userId}, '{user.RepositName}', '{user.VulnId}')";
265 + Console.WriteLine(sql);
169 } 266 }
170 - return vuln; 267 + catch (Exception e)
268 + {
269 + Console.WriteLine(e.ToString());
270 + string es = e.ToString();
271 + if (es.Contains("Connection must be valid and open"))
272 + {
273 + Connect(Account, DbName);
274 + goto Retry;
275 + }
276 + Console.ReadLine();
277 + }
278 + return;
171 } 279 }
280 + public static _Vuln SelectVulnData(int _vulnId) {
281 + _Vuln vuln = new _Vuln();
282 + String sql = string.Empty;
283 + MySqlCommand cmd = new MySqlCommand();
284 + cmd.Connection = Conn;
285 + cmd.CommandText = "SELECT * FROM vuln_Info";
286 +
287 + System.Data.DataSet ds = new System.Data.DataSet();
288 + MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM userInfo", Conn);
289 + da.Fill(ds);
172 290
173 - public static bool CheckVulnData(int _vulnId) 291 + //vuln에 입력
292 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
293 + {
294 + vuln.VulnId = Convert.ToInt32(row["vulnId"]);
295 + vuln.Cve = Convert.ToString(row["cve"]);
296 + vuln.FuncName = Convert.ToString(row["funcName"]);
297 + vuln.LenFunc = Convert.ToInt32(row["lenFunc"]);
298 + vuln.Code = Convert.ToString(row["code"]);
299 + vuln.BlockHash = Convert.ToString(row["blockHash"]);
300 + vuln.Url = Convert.ToString(row["url"]);
301 + }
302 + //해당 vuln 반환
303 + return vuln;
304 + }
305 + public static User SelectUserData(int _userId)
174 { 306 {
175 - string sql = "select count(*) from vulnInfo where vulnId like '" + _vulnId+ "'"; 307 + User user = new User();
176 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 308 + String sql = string.Empty;
177 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 309 + MySqlCommand cmd = new MySqlCommand();
178 - if (RecordCount > 0) 310 + cmd.Connection = Conn;
179 - return true; 311 + cmd.CommandText = "SELECT * FROM userInfo";
180 - else 312 +
181 - return false; 313 + //해당 user 찾음
314 + System.Data.DataSet ds = new System.Data.DataSet();
315 + MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM userInfo", Conn);
316 + da.Fill(ds);
317 +
318 + //user에 입력
319 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
320 + {
321 + user.VulnId = Convert.ToInt32(row["vulnId"]);
322 + user.RepositName = Convert.ToString(row["repositName"]);
323 + user.UserId = Convert.ToInt32(row["userId"]);
324 + }
325 + //해당 user 반환
326 + return user;
327 + }
328 + public static void DeleteVulnData(int _vulnId) {
329 + String sql = string.Empty;
330 + MySqlCommand cmd = null;
331 +
332 + Retry:
333 +
334 + //DB insert
335 + try
336 + {
337 + cmd = new MySqlCommand();
338 + cmd.Connection = Conn;
339 + cmd.CommandText = "DELETE FROM vuln_Info WHERE vulnId=@vulnId";
340 + cmd.Parameters.AddWithValue("@vulnId", _vulnId);
341 + cmd.ExecuteNonQuery();
342 + //콘솔출력용
343 + sql = "DELETE FROM vuln_Info WHERE vulnId="+ _vulnId;
344 + Console.WriteLine(sql);
345 + }
346 + catch (Exception e)
347 + {
348 + Console.WriteLine(e.ToString());
349 + string es = e.ToString();
350 + if (es.Contains("Connection must be valid and open"))
351 + {
352 + Connect(Account, DbName);
353 + goto Retry;
354 + }
355 + Console.ReadLine();
356 + }
182 } 357 }
183 - public static bool CheckUserData(int _userId) 358 + public static void DeleteUserData(int _userId)
184 { 359 {
185 - string sql = "select count(*) from userInfo where vulnId like '" + _userId + "'"; 360 + String sql = string.Empty;
186 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 361 + MySqlCommand cmd = null;
187 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 362 +
188 - if (RecordCount > 0) 363 + Retry:
189 - return true; 364 +
190 - else 365 + try
191 - return false; 366 + {
367 + cmd = new MySqlCommand();
368 + cmd.Connection = Conn;
369 + cmd.CommandText = "DELETE FROM userInfo WHERE userId=@userId";
370 + cmd.Parameters.AddWithValue("@userId", _userId);
371 + cmd.ExecuteNonQuery();
372 + //콘솔출력용
373 + sql = "DELETE FROM userInfo WHERE userId=" + _userId;
374 + Console.WriteLine(sql);
375 + }
376 + catch (Exception e)
377 + {
378 + Console.WriteLine(e.ToString());
379 + string es = e.ToString();
380 + if (es.Contains("Connection must be valid and open"))
381 + {
382 + Connect(Account, DbName);
383 + goto Retry;
384 + }
385 + Console.ReadLine();
386 + }
192 } 387 }
193 - //public static IEnumerable<string> SearchVulnData(int _len)
194 - //{
195 - //
196 - //}
197 } 388 }
198 } 389 }
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -28,6 +28,7 @@ namespace VulnCrawler ...@@ -28,6 +28,7 @@ namespace VulnCrawler
28 continue; 28 continue;
29 } 29 }
30 foreach (var parent in commit.Parents) { 30 foreach (var parent in commit.Parents) {
31 +
31 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 32 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴
32 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); 33 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree);
33 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 34 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴
......