Toggle navigation
Toggle navigation
This project
Loading...
Sign in
노현종
/
2018-1-Capstone1-VulnNotti
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Snippets
Network
Create a new issue
Builds
Commits
Issue Boards
Authored by
노현종
2018-06-10 22:17:22 +0900
Browse Files
Options
Browse Files
Download
Plain Diff
Commit
3f450f804fa285d7afe0856c5cd2d8b61dca5193
3f450f80
2 parents
42632ac7
43ab9f58
merge
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
224 additions
and
166 deletions
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
View file @
3f450f8
...
...
@@ -224,7 +224,25 @@ namespace VulnUserCodeAnalyzer
Console
.
WriteLine
(
$
"{userName}, {repository}"
);
}
Console
.
ReadLine
();
repoPath
=
repoDir
.
FullName
;
userId
=
userName
;
<<<<<<<<<
Temporary
merge
branch
1
}
if
(!
string
.
IsNullOrWhiteSpace
(
repoPath
)
&&
!
string
.
IsNullOrWhiteSpace
(
userId
))
{
break
;
}
=========
}
if
(!
string
.
IsNullOrWhiteSpace
(
repoPath
)
&&
!
string
.
IsNullOrWhiteSpace
(
userId
))
{
break
;
}
>>>>>>>>>
Temporary
merge
branch
2
repoWatch
.
Restart
();
}
//Console.WriteLine("엔터를 누르세요");
//Console.ReadLine();
/* hashDict = 사용된 사용자 함수 정보 */
var
hashDict
=
new
Dictionary
<
int
,
HashSet
<
VulnAbstractCrawler
.
UserBlock
>>();
...
...
@@ -233,197 +251,237 @@ namespace VulnUserCodeAnalyzer
stopwatch
.
Start
();
DirectoryInfo
dirInfo
=
new
DirectoryInfo
(
repoPath
);
/* 모든 .c 파일 탐색 */
var
codeFiles
=
dirInfo
.
EnumerateFiles
(
"*.c"
,
SearchOption
.
AllDirectories
);
int
totalFileCount
=
codeFiles
.
Count
();
int
count
=
0
;
foreach
(
var
codeFile
in
codeFiles
)
{
Console
.
WriteLine
(
codeFile
.
FullName
);
using
(
var
reader
=
codeFile
.
OpenText
())
/* 모든 .c 파일 탐색 */
var
codeFiles
=
dirInfo
.
EnumerateFiles
(
"*.c"
,
SearchOption
.
AllDirectories
);
int
totalFileCount
=
codeFiles
.
Count
();
int
count
=
0
;
foreach
(
var
codeFile
in
codeFiles
)
{
/* 사용자 코드를 함수별로 나눔 */
var
dict
=
crawler
.
CrawlUserCode
(
reader
);
foreach
(
var
item
in
dict
)
Console
.
WriteLine
(
codeFile
.
FullName
);
using
(
var
reader
=
codeFile
.
OpenText
())
{
/* hashDict의 키와 item.key는 함수 블록의 코드 길이 */
if
(!
hashDict
.
ContainsKey
(
item
.
Key
))
/* 사용자 코드를 함수별로 나눔 */
var
dict
=
crawler
.
CrawlUserCode
(
reader
);
foreach
(
var
item
in
dict
)
{
hashDict
[
item
.
Key
]
=
new
HashSet
<
VulnAbstractCrawler
.
UserBlock
>();
}
/* item.Value는 각 코드 길이 마다의 블록 정보
* Bloom Filter에 코드 블록 해쉬값 기록
*/
foreach
(
var
hash
in
item
.
Value
)
{
hash
.
Path
=
codeFile
.
FullName
;
hashDict
[
item
.
Key
].
Add
(
hash
);
filter
.
Add
(
hash
.
Hash
);
/* hashDict의 키와 item.key는 함수 블록의 코드 길이 */
if
(!
hashDict
.
ContainsKey
(
item
.
Key
))
{
hashDict
[
item
.
Key
]
=
new
HashSet
<
VulnAbstractCrawler
.
UserBlock
>();
}
/* item.Value는 각 코드 길이 마다의 블록 정보
* Bloom Filter에 코드 블록 해쉬값 기록
*/
foreach
(
var
hash
in
item
.
Value
)
{
hash
.
Path
=
codeFile
.
FullName
;
hashDict
[
item
.
Key
].
Add
(
hash
);
filter
.
Add
(
hash
.
Hash
);
}
}
count
++;
double
per
=
((
double
)
count
/
(
double
)
totalFileCount
)
*
100
;
Console
.
WriteLine
(
$
"{count} / {totalFileCount} :: {per.ToString("
#
0.0
")}%, 개체 수 : {hashDict.Count}"
);
}
count
++;
double
per
=
((
double
)
count
/
(
double
)
totalFileCount
)
*
100
;
Console
.
WriteLine
(
$
"{count} / {totalFileCount} :: {per.ToString("
#
0.0
")}%, 개체 수 : {hashDict.Count}"
);
}
}
var
findBlocks
=
new
Queue
<
VulnAbstractCrawler
.
UserBlock
>();
var
vulnDict
=
new
Dictionary
<
string
,
IEnumerable
<
VulnRDS
.
_Vuln
>>();
foreach
(
var
set
in
hashDict
)
{
/* 사용자 코드의 길이 마다 DB로 부터 같은 길이의 CVE 레코드 목록 가져옴 */
var
cveList
=
VulnRDS
.
SelectVulnbyLen
(
set
.
Key
).
Select
(
v
=>
v
.
Cve
).
Distinct
();
foreach
(
var
cve
in
cveList
)
var
findBlocks
=
new
Queue
<
VulnAbstractCrawler
.
UserBlock
>();
var
vulnDict
=
new
Dictionary
<
string
,
IEnumerable
<
VulnRDS
.
_Vuln
>>();
foreach
(
var
set
in
hashDict
)
{
if
(!
vulnDict
.
ContainsKey
(
cve
))
/* 사용자 코드의 길이 마다 DB로 부터 같은 길이의 CVE 레코드 목록 가져옴 */
var
cveList
=
VulnRDS
.
SelectVulnbyLen
(
set
.
Key
).
Select
(
v
=>
v
.
Cve
).
Distinct
();
foreach
(
var
cve
in
cveList
)
{
vulnDict
[
cve
]
=
new
HashSet
<
VulnRDS
.
_Vuln
>();
var
vulnHashSet
=
vulnDict
[
cve
]
as
HashSet
<
VulnRDS
.
_Vuln
>;
/* 같은 길이의 CVE에서 또 같은 종류의 CVE 레코드 목록 가져옴
* 같은 종류의 CVE 레코드들이 사용자 코드에서 모두 포함되어야
* CVE를 가지고 있다고 인정하는 프로그램 정책 때문
*/
var
searchedCveHashList
=
VulnRDS
.
SelectVulnbyCve
(
cve
);
Console
.
WriteLine
(
$
"cve:{cve}, {searchedCveHashList.Count()}개 가져옴"
);
foreach
(
var
s
in
searchedCveHashList
)
if
(!
vulnDict
.
ContainsKey
(
cve
))
{
vulnHashSet
.
Add
(
s
);
vulnDict
[
cve
]
=
new
HashSet
<
VulnRDS
.
_Vuln
>();
var
vulnHashSet
=
vulnDict
[
cve
]
as
HashSet
<
VulnRDS
.
_Vuln
>;
/* 같은 길이의 CVE에서 또 같은 종류의 CVE 레코드 목록 가져옴
* 같은 종류의 CVE 레코드들이 사용자 코드에서 모두 포함되어야
* CVE를 가지고 있다고 인정하는 프로그램 정책 때문
*/
var
searchedCveHashList
=
VulnRDS
.
SelectVulnbyCve
(
cve
);
<<<<<<<<<
Temporary
merge
branch
1
Console
.
WriteLine
(
$
"cve:{cve}, {searchedCveHashList.Count()}개 가져옴"
);
=========
Console
.
WriteLine
(
$
"CVE:{cve}, Received Count : {searchedCveHashList.Count()}"
);
>>>>>>>>>
Temporary
merge
branch
2
foreach
(
var
s
in
searchedCveHashList
)
{
vulnHashSet
.
Add
(
s
);
}
}
}
}
}
var
findCveDict
=
new
Dictionary
<
string
,
List
<
VulnAbstractCrawler
.
UserBlock
>>();
var
findCveList
=
new
HashSet
<
string
>();
/* 본격적인 취약점 매칭 부분 */
foreach
(
var
vulnSet
in
vulnDict
)
{
//Console.WriteLine($"-----cve:{vulnSet.Key}");
bool
match
=
false
;
foreach
(
var
vuln
in
vulnSet
.
Value
)
var
findCveDict
=
new
Dictionary
<
string
,
List
<
VulnAbstractCrawler
.
UserBlock
>>();
var
findCveList
=
new
HashSet
<
string
>();
/* 본격적인 취약점 매칭 부분 */
foreach
(
var
vulnSet
in
vulnDict
)
{
/* 사용자 코드 해쉬 저장해논 bloom filter에 취약점 레코드 해쉬값들이 포함되는지 확인
* 포함이 된다는 건 해당 취약점 레코드가 사용자 코드에도 있다는 뜻(취약점)
* 같은 종류의 CVE 레코드가 전부 필터에 포함된다면 취약점으로 판단한다.
*/
if
(
filter
.
Contains
(
vuln
.
BlockHash
))
Console
.
WriteLine
(
$
"-----cve:{vulnSet.Key}"
);
bool
match
=
false
;
foreach
(
var
vuln
in
vulnSet
.
Value
)
{
if
(
hashDict
.
ContainsKey
(
vuln
.
LenFunc
))
/* 사용자 코드 해쉬 저장해논 bloom filter에 취약점 레코드 해쉬값들이 포함되는지 확인
* 포함이 된다는 건 해당 취약점 레코드가 사용자 코드에도 있다는 뜻(취약점)
* 같은 종류의 CVE 레코드가 전부 필터에 포함된다면 취약점으로 판단한다.
*/
if
(
filter
.
Contains
(
vuln
.
BlockHash
))
{
/* Bloom Filter는 아쉽게도 포함 여부만 알 수 있기에
* 포함되었음을 알았다면 검색해서 정보를 구한다. */
var
userBlock
=
hashDict
[
vuln
.
LenFunc
].
FirstOrDefault
(
b
=>
b
.
Hash
==
vuln
.
BlockHash
);
if
(
userBlock
==
null
)
{
continue
;
}
/* 해당 유저 블록을 임시 저장한다.
* 밑에서 블록 정보를 DB로 전송하기 위해서다.
*/
if
(!
findCveDict
.
ContainsKey
(
vuln
.
Cve
))
if
(
hashDict
.
ContainsKey
(
vuln
.
LenFunc
))
{
findCveDict
[
vuln
.
Cve
]
=
new
List
<
VulnAbstractCrawler
.
UserBlock
>();
<<<<<<<<<
Temporary
merge
branch
1
Console
.
WriteLine
(
"찾음"
);
=========
//Console.WriteLine("찾음");
>>>>>>>>>
Temporary
merge
branch
2
/* Bloom Filter는 아쉽게도 포함 여부만 알 수 있기에
* 포함되었음을 알았다면 검색해서 정보를 구한다. */
var
userBlock
=
hashDict
[
vuln
.
LenFunc
].
FirstOrDefault
(
b
=>
b
.
Hash
==
vuln
.
BlockHash
);
if
(
userBlock
==
null
)
{
continue
;
}
/* 해당 유저 블록을 임시 저장한다.
* 밑에서 블록 정보를 DB로 전송하기 위해서다.
*/
if
(!
findCveDict
.
ContainsKey
(
vuln
.
Cve
))
{
findCveDict
[
vuln
.
Cve
]
=
new
List
<
VulnAbstractCrawler
.
UserBlock
>();
}
userBlock
.
Url
=
vuln
.
Url
;
findCveDict
[
vuln
.
Cve
].
Add
(
userBlock
);
match
=
true
;
}
userBlock
.
Url
=
vuln
.
Url
;
findCveDict
[
vuln
.
Cve
].
Add
(
userBlock
);
match
=
true
;
}
else
{
match
=
false
;
break
;
}
}
/* 취약점 레코드가 전부 있어야 CVE 찾음 인정 */
if
(
match
)
{
<<<<<<<<<
Temporary
merge
branch
1
Console
.
WriteLine
(
$
"CVE 찾음 {vulnSet.Key}"
);
=========
Console
.
WriteLine
(
$
"Matched CVE : {vulnSet.Key}"
);
>>>>>>>>>
Temporary
merge
branch
2
/* 찾았으면 cve값을 기록함 밑에서 찾은 cve 정보 전송하기 위해 */
findCveList
.
Add
(
vulnSet
.
Key
);
}
else
{
match
=
false
;
break
;
<<<<<<<<<
Temporary
merge
branch
1
Console
.
WriteLine
(
"없음"
);
=========
Console
.
WriteLine
(
"Not"
);
>>>>>>>>>
Temporary
merge
branch
2
}
}
/* 취약점 레코드가 전부 있어야 CVE 찾음 인정 */
if
(
match
)
{
Console
.
WriteLine
(
$
"CVE 찾음 {vulnSet.Key}"
);
/* 찾았으면 cve값을 기록함 밑에서 찾은 cve 정보 전송하기 위해 */
findCveList
.
Add
(
vulnSet
.
Key
);
}
else
{
Console
.
WriteLine
(
"없음"
);
}
}
stopwatch
.
Stop
();
/* 매칭 끝 후처리 (출력, DB 전송 등) */
var
hours
=
stopwatch
.
Elapsed
.
Hours
;
var
minutes
=
stopwatch
.
Elapsed
.
Minutes
;
var
seconds
=
stopwatch
.
Elapsed
.
Seconds
;
Console
.
WriteLine
(
$
"경과 시간 {hours.ToString("
00
")}:{minutes.ToString("
00
")}:{seconds.ToString("
00
")}"
);
Console
.
WriteLine
(
$
"찾은 CVE 개수 : {findCveList.Count}"
);
var
yearMatch
=
new
Regex
(
@"CVE-(\d{4})-(\d+)"
);
foreach
(
var
cve
in
findCveList
)
{
Console
.
WriteLine
(
cve
);
var
c
=
yearMatch
.
Match
(
cve
);
int
year
=
int
.
Parse
(
c
.
Groups
[
1
].
Value
);
if
(!
CVE_JSON
.
CveDict
.
ContainsKey
(
year
))
{
continue
;
}
if
(!
CVE_JSON
.
CveDict
[
year
].
ContainsKey
(
cve
))
{
continue
;
}
var
data
=
CVE_JSON
.
CveDict
[
year
][
cve
];
stopwatch
.
Stop
();
/* 매칭 끝 후처리 (출력, DB 전송 등) */
var
hours
=
stopwatch
.
Elapsed
.
Hours
;
var
minutes
=
stopwatch
.
Elapsed
.
Minutes
;
var
seconds
=
stopwatch
.
Elapsed
.
Seconds
;
<<<<<<<<<
Temporary
merge
branch
1
Console
.
WriteLine
(
$
"경과 시간 {hours.ToString("
00
")}:{minutes.ToString("
00
")}:{seconds.ToString("
00
")}"
);
Console
.
WriteLine
(
$
"찾은 CVE 개수 : {findCveList.Count}"
);
=========
Console
.
WriteLine
(
$
"Elapsed Time : {hours.ToString("
00
")}:{minutes.ToString("
00
")}:{seconds.ToString("
00
")}"
);
Console
.
WriteLine
(
$
"Matched CVE Count : {findCveList.Count}"
);
>>>>>>>>>
Temporary
merge
branch
2
//Console.ReadLine();
/* 취약점 타입 분류 */
string
type
=
"NORMAL"
;
if
(
data
.
Detail
.
IndexOf
(
"overflow"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"OVERFLOW"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"xss"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"XSS"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"injection"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"SQLINJECTION"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"dos"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"DOS"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"Memory"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"MEMORY"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"CSRF"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
var
yearMatch
=
new
Regex
(
@"CVE-(\d{4})-(\d+)"
);
foreach
(
var
cve
in
findCveList
)
{
type
=
"CSRF"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"inclusion"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"FILEINCLUSION"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"EXCUTE"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"EXCUTE"
;
}
var
urlBytes
=
Convert
.
FromBase64String
(
findCveDict
[
cve
].
FirstOrDefault
().
Url
);
string
url
=
Encoding
.
Unicode
.
GetString
(
urlBytes
);
Console
.
WriteLine
(
cve
);
var
c
=
yearMatch
.
Match
(
cve
);
int
year
=
int
.
Parse
(
c
.
Groups
[
1
].
Value
);
if
(!
CVE_JSON
.
CveDict
.
ContainsKey
(
year
))
{
continue
;
}
if
(!
CVE_JSON
.
CveDict
[
year
].
ContainsKey
(
cve
))
{
continue
;
}
var
data
=
CVE_JSON
.
CveDict
[
year
][
cve
];
/* DB 전송 */
VulnRDS
.
InsertVulnDetail
(
new
VulnRDS
.
Vuln_detail
{
CveName
=
data
.
Code
,
Type
=
type
,
Level
=
data
.
Level
.
ToString
(),
Year
=
data
.
Year
.
ToString
(),
CveDetail
=
data
.
Detail
,
Publish_date
=
data
.
Publish_Date
.
ToString
(
"yyyy-MM-dd"
),
Update_date
=
data
.
Update_Date
.
ToString
(
"yyyy-MM-dd"
),
UserName
=
"samsung"
,
Url
=
url
,
FileName
=
findCveDict
[
cve
].
FirstOrDefault
().
Path
.
Replace
(
@"C:\code"
,
""
),
FuncName
=
findCveDict
[
cve
].
FirstOrDefault
().
FuncName
,
Product
=
data
.
Type
,
});
Console
.
WriteLine
(
"추가 완료"
);
/* 취약점 타입 분류 */
string
type
=
"NORMAL"
;
if
(
data
.
Detail
.
IndexOf
(
"overflow"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"OVERFLOW"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"xss"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"XSS"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"injection"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"SQLINJECTION"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"dos"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"DOS"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"Memory"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"MEMORY"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"CSRF"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"CSRF"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"inclusion"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"FILEINCLUSION"
;
}
else
if
(
data
.
Detail
.
IndexOf
(
"EXCUTE"
,
StringComparison
.
CurrentCultureIgnoreCase
)
>
0
)
{
type
=
"EXCUTE"
;
}
var
urlBytes
=
Convert
.
FromBase64String
(
findCveDict
[
cve
].
FirstOrDefault
().
Url
);
string
url
=
Encoding
.
Unicode
.
GetString
(
urlBytes
);
<<<<<<<<<
Temporary
merge
branch
1
Console
.
WriteLine
(
findCveDict
[
cve
].
FirstOrDefault
().
Path
.
Replace
(
repoPath
,
""
));
/* DB 전송 */
VulnRDS
.
InsertVulnDetail
(
new
VulnRDS
.
Vuln_detail
=========
//Console.WriteLine(findCveDict[cve].FirstOrDefault().Path.Replace(repoPath, ""));
var
vulnDetail
=
new
VulnRDS
.
Vuln_detail
>>>>>>>>>
Temporary
merge
branch
2
{
CveName
=
data
.
Code
,
Type
=
type
,
Level
=
data
.
Level
.
ToString
(),
Year
=
data
.
Year
.
ToString
(),
CveDetail
=
data
.
Detail
,
Publish_date
=
data
.
Publish_Date
.
ToString
(
"yyyy-MM-dd"
),
Update_date
=
data
.
Update_Date
.
ToString
(
"yyyy-MM-dd"
),
UserName
=
userId
,
Url
=
url
,
FileName
=
findCveDict
[
cve
].
FirstOrDefault
().
Path
.
Replace
(
repoPath
,
""
),
FuncName
=
findCveDict
[
cve
].
FirstOrDefault
().
FuncName
,
Product
=
data
.
Type
,
<<<<<<<<<
Temporary
merge
branch
1
});
Console
.
WriteLine
(
"추가 완료"
);
=========
};
/* DB 전송 */
VulnRDS
.
InsertVulnDetail
(
vulnDetail
);
Console
.
WriteLine
(
$
"Added CVE: {vulnDetail.CveName}, Type: {vulnDetail.Type}, CVSS: {vulnDetail.Level}"
);
>>>>>>>>>
Temporary
merge
branch
2
}
}
}
}
...
...
Please
register
or
login
to post a comment