Showing
17 changed files
with
386 additions
and
166 deletions
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/.DS_Store
deleted
100644 → 0
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/.DS_Store
deleted
100644 → 0
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/assets/.DS_Store
deleted
100644 → 0
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/docs/.DS_Store
deleted
100644 → 0
No preview for this file type
No preview for this file type
| ... | @@ -65,6 +65,10 @@ namespace VulnCrawler | ... | @@ -65,6 +65,10 @@ namespace VulnCrawler |
| 65 | 65 | ||
| 66 | /* 메인 동작 함수 */ | 66 | /* 메인 동작 함수 */ |
| 67 | public static void Run() { | 67 | public static void Run() { |
| 68 | + | ||
| 69 | + | ||
| 70 | + | ||
| 71 | + | ||
| 68 | // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) | 72 | // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) |
| 69 | Regex.CacheSize = 50; | 73 | Regex.CacheSize = 50; |
| 70 | 74 | ||
| ... | @@ -80,17 +84,46 @@ namespace VulnCrawler | ... | @@ -80,17 +84,46 @@ namespace VulnCrawler |
| 80 | // Repository 목록 만큼 반복함. | 84 | // Repository 목록 만큼 반복함. |
| 81 | foreach (var directory in directorys) { | 85 | foreach (var directory in directorys) { |
| 82 | /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */ | 86 | /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */ |
| 83 | - if (directory.Contains("linux")) | 87 | + if (directory.Contains("~")) |
| 84 | { | 88 | { |
| 85 | - // continue; | 89 | + continue; |
| 86 | } | 90 | } |
| 91 | + //var crawler = new VulnC(); | ||
| 92 | + //crawler.Init(directory); | ||
| 93 | + | ||
| 94 | + //Tree commitTree1 = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd").Tree; | ||
| 95 | + ////Tree parentTree1 = crawler.Repository.Lookup<Commit>("344ba37bdc299660e1b1693b6999e5fe116893e1").Tree; | ||
| 96 | + | ||
| 97 | + //Commit commit = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd"); | ||
| 98 | + | ||
| 99 | + //foreach (var parent in commit.Parents) | ||
| 100 | + //{ | ||
| 101 | + // Console.WriteLine($"Parent ID:{parent.Sha}"); | ||
| 102 | + // Tree commitTree = commit.Tree; | ||
| 103 | + // Tree parentTree = parent.Tree; | ||
| 104 | + // var patch = crawler.Repository.Diff.Compare<Patch>(commitTree, parentTree.); | ||
| 105 | + // foreach (var item in patch.Where(p => p.OldPath.EndsWith(".c"))) | ||
| 106 | + // { | ||
| 107 | + | ||
| 108 | + // Console.WriteLine(item.Status); | ||
| 109 | + // Console.WriteLine(item.Path); | ||
| 110 | + // Console.WriteLine(item.Patch); | ||
| 111 | + // } | ||
| 112 | + // Console.ReadLine(); | ||
| 113 | + | ||
| 114 | + //} | ||
| 115 | + | ||
| 116 | + | ||
| 117 | + ////Console.WriteLine(patch.Content); | ||
| 118 | + //Console.ReadLine(); | ||
| 119 | + | ||
| 87 | // 템플릿 패턴화 T : VulnAbstractCrawler | 120 | // 템플릿 패턴화 T : VulnAbstractCrawler |
| 88 | VulnWorker.Run<VulnC>(directory); | 121 | VulnWorker.Run<VulnC>(directory); |
| 89 | } | 122 | } |
| 90 | stopwatch.Stop(); | 123 | stopwatch.Stop(); |
| 91 | - var hours = stopwatch.Elapsed.TotalHours; | 124 | + var hours = stopwatch.Elapsed.Hours; |
| 92 | - var minutes = stopwatch.Elapsed.TotalMinutes; | 125 | + var minutes = stopwatch.Elapsed.Minutes; |
| 93 | - var seconds = stopwatch.Elapsed.TotalSeconds; | 126 | + var seconds = stopwatch.Elapsed.Seconds; |
| 94 | 127 | ||
| 95 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); | 128 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); |
| 96 | 129 | ... | ... |
| ... | @@ -131,14 +131,15 @@ namespace VulnCrawler | ... | @@ -131,14 +131,15 @@ namespace VulnCrawler |
| 131 | /// <summary> | 131 | /// <summary> |
| 132 | /// 커밋에서 검색할 정규식 문자열 | 132 | /// 커밋에서 검색할 정규식 문자열 |
| 133 | /// </summary> | 133 | /// </summary> |
| 134 | - public string SearchCommitPattern => @"CVE[ -]\d{4}[ -]\d{4}"; | 134 | + public string SearchCommitPattern => @"CVE[ -](\d{4})[ -](\d{4,})"; |
| 135 | /// <summary> | 135 | /// <summary> |
| 136 | /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 | 136 | /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 |
| 137 | /// </summary> | 137 | /// </summary> |
| 138 | protected abstract string RegexFuncPattern { get; } | 138 | protected abstract string RegexFuncPattern { get; } |
| 139 | + protected abstract string UserRegexFuncPattern { get; } | ||
| 139 | protected abstract string Extension { get; } | 140 | protected abstract string Extension { get; } |
| 140 | public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { | 141 | public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { |
| 141 | - return patch.Where(e => e.Path.EndsWith(Extension)).ToList(); | 142 | + return patch.Where(e => e.Path.EndsWith(Extension) && e.Status == ChangeKind.Modified).ToList(); |
| 142 | } | 143 | } |
| 143 | /// <summary> | 144 | /// <summary> |
| 144 | /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 | 145 | /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 |
| ... | @@ -158,108 +159,11 @@ namespace VulnCrawler | ... | @@ -158,108 +159,11 @@ namespace VulnCrawler |
| 158 | public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader); | 159 | public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader); |
| 159 | 160 | ||
| 160 | protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList); | 161 | protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList); |
| 161 | - /// <summary> | ||
| 162 | - /// 성능 개선을 위한 | ||
| 163 | - /// 코드 라인 위치 기반 취약 원본 함수 추출 테스트용 함수 곧 삭제 예정 | ||
| 164 | - /// </summary> | ||
| 165 | - public string GetOriginalFuncTest(Stream oldStream, string methodName, int start) | ||
| 166 | - { | ||
| 167 | - StringBuilder oldBuilder = new StringBuilder(); | ||
| 168 | - | ||
| 169 | - using (var reader = new StreamReader(oldStream)) | ||
| 170 | - { | ||
| 171 | - bool found = false; | ||
| 172 | - bool found2 = false; | ||
| 173 | - bool commentLine = false; | ||
| 174 | - int bracketCount = -1; | ||
| 175 | - string stringPattern = @"[""].*[""]"; | ||
| 176 | - string commentPattern = @"\/\*.+\*\/"; | ||
| 177 | - string commentPattern2 = @"\/\*"; | ||
| 178 | - string commentPattern3 = @"\*\/"; | ||
| 179 | - int readCount = 0; | ||
| 180 | - Queue<string> tempQ = new Queue<string>(); | ||
| 181 | - while (!reader.EndOfStream) | ||
| 182 | - { | ||
| 183 | - string line = reader.ReadLine(); | ||
| 184 | - if (readCount++ < start) | ||
| 185 | - { | ||
| 186 | - tempQ.Enqueue(line); | ||
| 187 | - continue; | ||
| 188 | - } | ||
| 189 | - Stack<string> tempStack = new Stack<string>(); | ||
| 190 | - while (tempQ.Count > 0) | ||
| 191 | - { | ||
| 192 | - string s = tempQ.Dequeue(); | ||
| 193 | - tempStack.Push(s); | ||
| 194 | - string method = Regex.Escape(methodName); | ||
| 195 | - if (Regex.Match(s, $"{method}").Success) | ||
| 196 | - { | ||
| 197 | - break; | ||
| 198 | - } | ||
| 199 | - } | ||
| 200 | - while (tempStack.Count > 0) | ||
| 201 | - { | ||
| 202 | - string s = tempStack.Pop(); | ||
| 203 | - string trim = s.Trim(); | ||
| 204 | - if (commentLine) | ||
| 205 | - { | ||
| 206 | - if (Regex.IsMatch(trim, commentPattern3)) | ||
| 207 | - { | ||
| 208 | - commentLine = false; | ||
| 209 | - trim = Regex.Split(trim, commentPattern3)[1]; | ||
| 210 | - } | ||
| 211 | - continue; | ||
| 212 | - } | ||
| 213 | - string removeString = Regex.Replace(trim, stringPattern, ""); | ||
| 214 | - // /* ~ 패턴 | ||
| 215 | - if (Regex.IsMatch(trim, commentPattern2)) | ||
| 216 | - { | ||
| 217 | - // /* ~ */ 패턴이 아닌 경우 | ||
| 218 | - if (!Regex.IsMatch(trim, commentPattern)) | ||
| 219 | - { | ||
| 220 | - commentLine = true; | ||
| 221 | - } | ||
| 222 | - trim = Regex.Split(trim, "/*")[0]; | ||
| 223 | - } | ||
| 224 | - if (string.IsNullOrWhiteSpace(trim)) | ||
| 225 | - { | ||
| 226 | - continue; | ||
| 227 | - } | ||
| 228 | - int openBracketCount = removeString.Count(c => c == '{'); | ||
| 229 | - int closeBracketCount = removeString.Count(c => c == '}'); | ||
| 230 | - int subtract = openBracketCount - closeBracketCount; | ||
| 231 | - bracketCount += subtract; | ||
| 232 | - // 메서드 시작 괄호 찾은 경우 | ||
| 233 | - if (found2) | ||
| 234 | - { | ||
| 235 | - // 괄호가 모두 닫혔으니 종료 | ||
| 236 | - if (bracketCount < 0) | ||
| 237 | - { | ||
| 238 | - // Console.WriteLine("괄호끝"); | ||
| 239 | - break; | ||
| 240 | - } | ||
| 241 | - // oldBuilder.AppendLine(line); | ||
| 242 | - } | ||
| 243 | - else | ||
| 244 | - { | ||
| 245 | - if (openBracketCount > 0) | ||
| 246 | - { | ||
| 247 | - found2 = true; | ||
| 248 | - } | ||
| 249 | - | ||
| 250 | - } | ||
| 251 | - oldBuilder.AppendLine(s); | ||
| 252 | - } | ||
| 253 | - } | ||
| 254 | - } | ||
| 255 | - Console.WriteLine("찾음"); | ||
| 256 | - Console.WriteLine(oldBuilder.ToString()); | ||
| 257 | - Console.ReadLine(); | ||
| 258 | 162 | ||
| 259 | - return oldBuilder.ToString(); | ||
| 260 | - } | ||
| 261 | public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode); | 163 | public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode); |
| 262 | 164 | ||
| 165 | + public abstract IDictionary<string, string> CrawlCode(StreamReader reader); | ||
| 166 | + | ||
| 263 | public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict); | 167 | public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict); |
| 264 | /// <summary> | 168 | /// <summary> |
| 265 | /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출 | 169 | /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출 |
| ... | @@ -268,54 +172,42 @@ namespace VulnCrawler | ... | @@ -268,54 +172,42 @@ namespace VulnCrawler |
| 268 | /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param> | 172 | /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param> |
| 269 | /// <returns></returns> | 173 | /// <returns></returns> |
| 270 | public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) { | 174 | public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) { |
| 175 | + | ||
| 176 | + // 패치 전 원본 파일 스트림 | ||
| 177 | + Stream oldStream = oldBlob.GetContentStream(); | ||
| 178 | + using (var reader = new StreamReader(oldStream)) | ||
| 179 | + { | ||
| 180 | + var dict = CrawlCode(reader); | ||
| 181 | + | ||
| 271 | foreach (var item in table) | 182 | foreach (var item in table) |
| 272 | { | 183 | { |
| 273 | var methodTable = new Dictionary<string, string>(); | 184 | var methodTable = new Dictionary<string, string>(); |
| 274 | var varTable = new Dictionary<string, string>(); | 185 | var varTable = new Dictionary<string, string>(); |
| 275 | // 메서드 이름 | 186 | // 메서드 이름 |
| 276 | string methodName = item.Key; | 187 | string methodName = item.Key; |
| 277 | - // 패치 전 원본 파일 스트림 | 188 | + |
| 278 | - Stream oldStream = oldBlob.GetContentStream(); | ||
| 279 | // 패치 전 원본 함수 구하고 | 189 | // 패치 전 원본 함수 구하고 |
| 280 | - string func = GetOriginalFunc(oldStream, methodName); | 190 | + string func = string.Empty; |
| 191 | + | ||
| 281 | 192 | ||
| 282 | - string bs = string.Empty; | 193 | + foreach (var pair in dict) |
| 283 | - string md5 = string.Empty; | ||
| 284 | - if (item.Value.Count() != 0) | ||
| 285 | { | 194 | { |
| 286 | - //Console.WriteLine("크리티컬 변수 목록"); | 195 | + if (pair.Key.Contains(methodName)) |
| 287 | - //Console.ForegroundColor = ConsoleColor.Cyan; | 196 | + { |
| 288 | - //foreach (var c in item.Value) | 197 | + func = pair.Value; |
| 289 | - //{ | 198 | + break; |
| 290 | - // Console.WriteLine(c); | 199 | + } |
| 291 | - //} | 200 | + } |
| 292 | - //Console.ResetColor(); | ||
| 293 | - //Console.WriteLine("-------------------"); | ||
| 294 | - // 크리티컬 블록 추출 | ||
| 295 | - var blocks = new List<Block>(); | ||
| 296 | - //var blocks = GetCriticalBlocks(func, item.Value).ToList(); | ||
| 297 | - //if (blocks == null) | ||
| 298 | - //{ | ||
| 299 | - // continue; | ||
| 300 | - //} | ||
| 301 | - //foreach (var block in blocks) | ||
| 302 | - //{ | ||
| 303 | 201 | ||
| 304 | - // block.CriticalList = item.Value; | ||
| 305 | - // /* 추상화 및 정규화 */ | ||
| 306 | - // block.AbsCode = Abstract(block.Code, varTable, methodTable); | ||
| 307 | - // block.Hash = MD5HashFunc(block.AbsCode); | ||
| 308 | 202 | ||
| 309 | - //} | ||
| 310 | - /* 추상화 변환 테이블 출력 */ | ||
| 311 | - //foreach (var var in varTable) | ||
| 312 | - //{ | ||
| 313 | - // Console.WriteLine($"{var.Key}, {var.Value}"); | ||
| 314 | - //} | ||
| 315 | 203 | ||
| 204 | + | ||
| 205 | + // 크리티컬 블록 추출 | ||
| 206 | + var blocks = new List<Block>(); | ||
| 316 | yield return (methodName, func, blocks); | 207 | yield return (methodName, func, blocks); |
| 317 | - } | ||
| 318 | 208 | ||
| 209 | + | ||
| 210 | + } | ||
| 319 | } | 211 | } |
| 320 | } | 212 | } |
| 321 | /// <summary> | 213 | /// <summary> |
| ... | @@ -349,7 +241,7 @@ namespace VulnCrawler | ... | @@ -349,7 +241,7 @@ namespace VulnCrawler |
| 349 | var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase); | 241 | var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase); |
| 350 | 242 | ||
| 351 | if (match.Success) { | 243 | if (match.Success) { |
| 352 | - return match.Value; | 244 | + return $"CVE-{match.Groups[1].Value}-{match.Groups[2].Value}"; |
| 353 | } | 245 | } |
| 354 | return string.Empty; | 246 | return string.Empty; |
| 355 | } | 247 | } | ... | ... |
| ... | @@ -12,7 +12,8 @@ namespace VulnCrawler | ... | @@ -12,7 +12,8 @@ namespace VulnCrawler |
| 12 | { | 12 | { |
| 13 | // protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ (?<{MethodName}>(static)?( const )? [\w]+ [\w]+\([\w \*\,\t\n]*[\)\,])"; | 13 | // protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ (?<{MethodName}>(static)?( const )? [\w]+ [\w]+\([\w \*\,\t\n]*[\)\,])"; |
| 14 | /* 함수 패턴 정규식 */ | 14 | /* 함수 패턴 정규식 */ |
| 15 | - protected override string RegexFuncPattern => $@"^[\w \*]*(?<{MethodName}>[\w\*]+ [\w\*]+\(([\w \*\,\t\n])*[\)\,])"; | 15 | + protected override string UserRegexFuncPattern => $@"^[\w \*]*(?<{MethodName}>[\w\*]+ [\w\*]+\(([\w \*\,\t\n])*[\)\,])"; |
| 16 | + protected override string RegexFuncPattern => $@"(?<{MethodName}>(unsigned|static)?( const )? [\w]+ [\w]+\(([\w \*\,\t\n])*[\)\,])"; | ||
| 16 | /* 검색 파일 타입 */ | 17 | /* 검색 파일 타입 */ |
| 17 | protected override string Extension => ".c"; | 18 | protected override string Extension => ".c"; |
| 18 | /* 예약어 파일명 */ | 19 | /* 예약어 파일명 */ |
| ... | @@ -26,8 +27,7 @@ namespace VulnCrawler | ... | @@ -26,8 +27,7 @@ namespace VulnCrawler |
| 26 | /// <param name="patchCode">패치 코드</param> | 27 | /// <param name="patchCode">패치 코드</param> |
| 27 | /// <returns></returns> | 28 | /// <returns></returns> |
| 28 | public override MatchCollection GetMatches(string patchCode) { | 29 | public override MatchCollection GetMatches(string patchCode) { |
| 29 | - var funcPattern = $@"(?<{MethodName}>(unsigned|static)?( const )? [\w]+ [\w]+\(([\w \*\,\t\n])*[\)\,])"; | 30 | + var regs = Regex.Matches(patchCode, RegexFuncPattern); |
| 30 | - var regs = Regex.Matches(patchCode, funcPattern); | ||
| 31 | return regs; | 31 | return regs; |
| 32 | } | 32 | } |
| 33 | /// <summary> | 33 | /// <summary> |
| ... | @@ -643,10 +643,239 @@ namespace VulnCrawler | ... | @@ -643,10 +643,239 @@ namespace VulnCrawler |
| 643 | return temp; | 643 | return temp; |
| 644 | } | 644 | } |
| 645 | 645 | ||
| 646 | - public override IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader) | 646 | + public override IDictionary<string, string> CrawlCode(StreamReader reader) |
| 647 | + { | ||
| 648 | + var dict = new Dictionary<string, string>(); | ||
| 649 | + StringBuilder oldBuilder = new StringBuilder(); | ||
| 650 | + | ||
| 651 | + bool found = false; | ||
| 652 | + bool found2 = false; | ||
| 653 | + bool commentLine = false; | ||
| 654 | + int bracketCount = -1; | ||
| 655 | + string stringPattern = @"[""].*[""]"; | ||
| 656 | + string commentPattern = @"\/\*.+\*\/"; | ||
| 657 | + string commentPattern2 = @"\/\*"; | ||
| 658 | + string commentPattern3 = @"\*\/"; | ||
| 659 | + var regex1 = new Regex(commentPattern3, RegexOptions.Compiled); | ||
| 660 | + var regex2 = new Regex(stringPattern, RegexOptions.Compiled); | ||
| 661 | + var regex3 = new Regex(commentPattern2, RegexOptions.Compiled); | ||
| 662 | + var regex4 = new Regex(commentPattern, RegexOptions.Compiled); | ||
| 663 | + | ||
| 664 | + bool found3 = false; | ||
| 665 | + | ||
| 666 | + bool com = false; | ||
| 667 | + | ||
| 668 | + | ||
| 669 | + while (!reader.EndOfStream) | ||
| 670 | + { | ||
| 671 | + | ||
| 672 | + string line = reader.ReadLine(); | ||
| 673 | + string trim = line.Trim(); | ||
| 674 | + if (commentLine) | ||
| 675 | + { | ||
| 676 | + // 혹시 범위 주석이 끝났는지 체크 | ||
| 677 | + if (regex1.IsMatch(trim)) | ||
| 678 | + { | ||
| 679 | + commentLine = false; | ||
| 680 | + trim = regex1.Split(trim)[1]; | ||
| 681 | + } | ||
| 682 | + else | ||
| 683 | + { | ||
| 684 | + continue; | ||
| 685 | + } | ||
| 686 | + } | ||
| 687 | + | ||
| 688 | + // /* ~ 패턴 | ||
| 689 | + if (regex3.IsMatch(trim)) | ||
| 690 | + { | ||
| 691 | + // /* ~ */ 패턴이 아닌 경우 | ||
| 692 | + if (!regex4.IsMatch(trim)) | ||
| 693 | + { | ||
| 694 | + commentLine = true; | ||
| 695 | + } | ||
| 696 | + trim = Regex.Split(trim, "/*")[0]; | ||
| 697 | + } | ||
| 698 | + if (com) | ||
| 699 | + { | ||
| 700 | + if (trim.StartsWith("*")) | ||
| 701 | + { | ||
| 702 | + continue; | ||
| 703 | + } | ||
| 704 | + else | ||
| 705 | + { | ||
| 706 | + com = false; | ||
| 707 | + } | ||
| 708 | + } | ||
| 709 | + // 메서드를 찾은 경우 | ||
| 710 | + if (found3) | ||
| 647 | { | 711 | { |
| 712 | + string obStr = oldBuilder.ToString(); | ||
| 648 | 713 | ||
| 714 | + string funcName = new string(obStr.TakeWhile(c => c != '{').ToArray()); | ||
| 649 | 715 | ||
| 716 | + if (!dict.ContainsKey(funcName)) | ||
| 717 | + { | ||
| 718 | + dict[funcName] = string.Empty; | ||
| 719 | + } | ||
| 720 | + | ||
| 721 | + | ||
| 722 | + dict[funcName] = obStr; | ||
| 723 | + oldBuilder.Clear(); | ||
| 724 | + found = false; | ||
| 725 | + found2 = false; | ||
| 726 | + found3 = false; | ||
| 727 | + bracketCount = -1; | ||
| 728 | + commentLine = false; | ||
| 729 | + } | ||
| 730 | + if (found) | ||
| 731 | + { | ||
| 732 | + // 범위 주석 진행되고 있으면 넘어감 | ||
| 733 | + if (trim.StartsWith("#")) | ||
| 734 | + { | ||
| 735 | + continue; | ||
| 736 | + } | ||
| 737 | + if (commentLine) | ||
| 738 | + { | ||
| 739 | + // 혹시 범위 주석이 끝났는지 체크 | ||
| 740 | + if (regex1.IsMatch(trim)) | ||
| 741 | + { | ||
| 742 | + commentLine = false; | ||
| 743 | + trim = regex1.Split(trim)[1]; | ||
| 744 | + } | ||
| 745 | + else | ||
| 746 | + { | ||
| 747 | + continue; | ||
| 748 | + } | ||
| 749 | + } | ||
| 750 | + // "" 문자열 제거 | ||
| 751 | + string removeString = regex2.Replace(trim, ""); | ||
| 752 | + // /* ~ 패턴 | ||
| 753 | + if (regex3.IsMatch(trim)) | ||
| 754 | + { | ||
| 755 | + // /* ~ */ 패턴이 아닌 경우 | ||
| 756 | + if (!regex4.IsMatch(trim)) | ||
| 757 | + { | ||
| 758 | + commentLine = true; | ||
| 759 | + } | ||
| 760 | + trim = Regex.Split(trim, "/*")[0]; | ||
| 761 | + } | ||
| 762 | + // 비어있는 경우 넘어감 | ||
| 763 | + if (string.IsNullOrWhiteSpace(trim)) | ||
| 764 | + { | ||
| 765 | + continue; | ||
| 766 | + } | ||
| 767 | + int openBracketCount = removeString.Count(c => c == '{'); | ||
| 768 | + int closeBracketCount = removeString.Count(c => c == '}'); | ||
| 769 | + int subtract = openBracketCount - closeBracketCount; | ||
| 770 | + bracketCount += subtract; | ||
| 771 | + // 메서드 시작 괄호 찾은 경우 | ||
| 772 | + if (found2) | ||
| 773 | + { | ||
| 774 | + oldBuilder.AppendLine(line); | ||
| 775 | + // 괄호가 모두 닫혔으니 종료 | ||
| 776 | + if (bracketCount < 0) | ||
| 777 | + { | ||
| 778 | + found3 = true; | ||
| 779 | + continue; | ||
| 780 | + } | ||
| 781 | + } | ||
| 782 | + else // 메서드는 찾았으나 아직 시작 괄호를 못찾은 경우 | ||
| 783 | + { | ||
| 784 | + oldBuilder.AppendLine(line); | ||
| 785 | + if (openBracketCount > 0) | ||
| 786 | + { | ||
| 787 | + | ||
| 788 | + found2 = true; | ||
| 789 | + } | ||
| 790 | + else | ||
| 791 | + { | ||
| 792 | + //아직 { 괄호를 못찾았는데 );를 만났다면 메서드 선언 부분이니 넘어감 | ||
| 793 | + if (trim.EndsWith(");")) | ||
| 794 | + { | ||
| 795 | + found = false; | ||
| 796 | + oldBuilder.Clear(); | ||
| 797 | + continue; | ||
| 798 | + } | ||
| 799 | + } | ||
| 800 | + } | ||
| 801 | + } | ||
| 802 | + // 아직 메서드를 못찾은 경우 | ||
| 803 | + else | ||
| 804 | + { | ||
| 805 | + //아직 { 괄호를 못찾았는데 );를 만났다면 메서드 선언 부분이니 넘어감 | ||
| 806 | + if (line.Trim().EndsWith(");")) | ||
| 807 | + { | ||
| 808 | + found = false; | ||
| 809 | + oldBuilder.Clear(); | ||
| 810 | + continue; | ||
| 811 | + } | ||
| 812 | + | ||
| 813 | + // 메서드 찾았는지 확인 | ||
| 814 | + if (Regex.IsMatch(line, UserRegexFuncPattern)) | ||
| 815 | + { | ||
| 816 | + | ||
| 817 | + // 주석으로 시작했다면 넘어감 | ||
| 818 | + if (trim.StartsWith("//")) | ||
| 819 | + { | ||
| 820 | + continue; | ||
| 821 | + } | ||
| 822 | + | ||
| 823 | + if (trim.StartsWith("/*")) | ||
| 824 | + { | ||
| 825 | + com = true; | ||
| 826 | + continue; | ||
| 827 | + } | ||
| 828 | + | ||
| 829 | + // 만약 찾은 메서드 라인에서 중괄호 {가 시작된 경우 | ||
| 830 | + if (trim.Contains("{")) | ||
| 831 | + { | ||
| 832 | + // 동시에 } 닫히기까지 한 경우 드물겠지만.. | ||
| 833 | + if (trim.EndsWith("}")) | ||
| 834 | + { | ||
| 835 | + oldBuilder.AppendLine(line); | ||
| 836 | + found3 = true; | ||
| 837 | + continue; | ||
| 838 | + } | ||
| 839 | + found2 = true; | ||
| 840 | + } | ||
| 841 | + // 메서드 찾음 | ||
| 842 | + found = true; | ||
| 843 | + oldBuilder.AppendLine(line); | ||
| 844 | + } | ||
| 845 | + } | ||
| 846 | + | ||
| 847 | + } | ||
| 848 | + | ||
| 849 | + if (found3) | ||
| 850 | + { | ||
| 851 | + string obStr = oldBuilder.ToString(); | ||
| 852 | + | ||
| 853 | + string funcName = new string(obStr.TakeWhile(c => c != '{').ToArray()); | ||
| 854 | + | ||
| 855 | + if (!dict.ContainsKey(funcName)) | ||
| 856 | + { | ||
| 857 | + dict[funcName] = string.Empty; | ||
| 858 | + } | ||
| 859 | + | ||
| 860 | + dict[funcName] = obStr; | ||
| 861 | + oldBuilder.Clear(); | ||
| 862 | + found = false; | ||
| 863 | + found2 = false; | ||
| 864 | + found3 = false; | ||
| 865 | + bracketCount = -1; | ||
| 866 | + commentLine = false; | ||
| 867 | + | ||
| 868 | + | ||
| 869 | + } | ||
| 870 | + | ||
| 871 | + | ||
| 872 | + return dict; | ||
| 873 | + | ||
| 874 | + | ||
| 875 | + } | ||
| 876 | + | ||
| 877 | + public override IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader) | ||
| 878 | + { | ||
| 650 | var dict = new Dictionary<int, IEnumerable<UserBlock>>(); | 879 | var dict = new Dictionary<int, IEnumerable<UserBlock>>(); |
| 651 | StringBuilder oldBuilder = new StringBuilder(); | 880 | StringBuilder oldBuilder = new StringBuilder(); |
| 652 | 881 | ||
| ... | @@ -667,6 +896,7 @@ namespace VulnCrawler | ... | @@ -667,6 +896,7 @@ namespace VulnCrawler |
| 667 | 896 | ||
| 668 | bool com = false; | 897 | bool com = false; |
| 669 | 898 | ||
| 899 | + | ||
| 670 | while (!reader.EndOfStream) | 900 | while (!reader.EndOfStream) |
| 671 | { | 901 | { |
| 672 | 902 | ||
| ... | @@ -711,10 +941,13 @@ namespace VulnCrawler | ... | @@ -711,10 +941,13 @@ namespace VulnCrawler |
| 711 | if (found3) | 941 | if (found3) |
| 712 | { | 942 | { |
| 713 | string obStr = oldBuilder.ToString(); | 943 | string obStr = oldBuilder.ToString(); |
| 944 | + Console.WriteLine(obStr); | ||
| 945 | + | ||
| 714 | obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>()); | 946 | obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>()); |
| 715 | byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr); | 947 | byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr); |
| 716 | string absObStrBase64 = Convert.ToBase64String(obStrBytes); | 948 | string absObStrBase64 = Convert.ToBase64String(obStrBytes); |
| 717 | 949 | ||
| 950 | + Console.WriteLine(obStr); | ||
| 718 | if (!dict.ContainsKey(absObStrBase64.Length)) | 951 | if (!dict.ContainsKey(absObStrBase64.Length)) |
| 719 | { | 952 | { |
| 720 | dict[absObStrBase64.Length] = new HashSet<UserBlock>(); | 953 | dict[absObStrBase64.Length] = new HashSet<UserBlock>(); |
| ... | @@ -819,7 +1052,7 @@ namespace VulnCrawler | ... | @@ -819,7 +1052,7 @@ namespace VulnCrawler |
| 819 | } | 1052 | } |
| 820 | 1053 | ||
| 821 | // 메서드 찾았는지 확인 | 1054 | // 메서드 찾았는지 확인 |
| 822 | - if (Regex.IsMatch(line, RegexFuncPattern)) | 1055 | + if (Regex.IsMatch(line, UserRegexFuncPattern)) |
| 823 | { | 1056 | { |
| 824 | 1057 | ||
| 825 | // 주석으로 시작했다면 넘어감 | 1058 | // 주석으로 시작했다면 넘어감 |
| ... | @@ -857,10 +1090,11 @@ namespace VulnCrawler | ... | @@ -857,10 +1090,11 @@ namespace VulnCrawler |
| 857 | if (found3) | 1090 | if (found3) |
| 858 | { | 1091 | { |
| 859 | string obStr = oldBuilder.ToString(); | 1092 | string obStr = oldBuilder.ToString(); |
| 1093 | + Console.WriteLine(obStr); | ||
| 860 | obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>()); | 1094 | obStr = Abstract(obStr, new Dictionary<string, string>(), new Dictionary<string, string>()); |
| 861 | byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr); | 1095 | byte[] obStrBytes = Encoding.Unicode.GetBytes(obStr); |
| 862 | string absObStrBase64 = Convert.ToBase64String(obStrBytes); | 1096 | string absObStrBase64 = Convert.ToBase64String(obStrBytes); |
| 863 | - | 1097 | + Console.WriteLine(obStr); |
| 864 | if (!dict.ContainsKey(absObStrBase64.Length)) | 1098 | if (!dict.ContainsKey(absObStrBase64.Length)) |
| 865 | { | 1099 | { |
| 866 | dict[absObStrBase64.Length] = new HashSet<UserBlock>(); | 1100 | dict[absObStrBase64.Length] = new HashSet<UserBlock>(); | ... | ... |
| ... | @@ -16,6 +16,9 @@ namespace VulnCrawler | ... | @@ -16,6 +16,9 @@ namespace VulnCrawler |
| 16 | protected override string Extension => ".py"; | 16 | protected override string Extension => ".py"; |
| 17 | protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; | 17 | protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; |
| 18 | protected override string ReservedFileName => "PyReserved.txt"; | 18 | protected override string ReservedFileName => "PyReserved.txt"; |
| 19 | + | ||
| 20 | + protected override string UserRegexFuncPattern => throw new NotImplementedException(); | ||
| 21 | + | ||
| 19 | public override MatchCollection GetMatches(string patchCode) { | 22 | public override MatchCollection GetMatches(string patchCode) { |
| 20 | //var regs = Regex.Matches(patchCode, RegexFuncPattern); | 23 | //var regs = Regex.Matches(patchCode, RegexFuncPattern); |
| 21 | var regs = MethodExtractor.Matches(patchCode); | 24 | var regs = MethodExtractor.Matches(patchCode); |
| ... | @@ -85,5 +88,10 @@ namespace VulnCrawler | ... | @@ -85,5 +88,10 @@ namespace VulnCrawler |
| 85 | { | 88 | { |
| 86 | throw new NotImplementedException(); | 89 | throw new NotImplementedException(); |
| 87 | } | 90 | } |
| 91 | + | ||
| 92 | + public override IDictionary<string, string> CrawlCode(StreamReader reader) | ||
| 93 | + { | ||
| 94 | + throw new NotImplementedException(); | ||
| 95 | + } | ||
| 88 | } | 96 | } |
| 89 | } | 97 | } | ... | ... |
| ... | @@ -30,7 +30,6 @@ namespace VulnCrawler | ... | @@ -30,7 +30,6 @@ namespace VulnCrawler |
| 30 | } | 30 | } |
| 31 | foreach (var commit in commits) { | 31 | foreach (var commit in commits) { |
| 32 | // 커밋 메시지 | 32 | // 커밋 메시지 |
| 33 | - | ||
| 34 | count++; | 33 | count++; |
| 35 | double per = ((double)count / (double)totalCount) * 100; | 34 | double per = ((double)count / (double)totalCount) * 100; |
| 36 | 35 | ||
| ... | @@ -46,23 +45,35 @@ namespace VulnCrawler | ... | @@ -46,23 +45,35 @@ namespace VulnCrawler |
| 46 | string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}"; | 45 | string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}"; |
| 47 | 46 | ||
| 48 | foreach (var parent in commit.Parents) { | 47 | foreach (var parent in commit.Parents) { |
| 49 | - | ||
| 50 | try | 48 | try |
| 51 | { | 49 | { |
| 50 | + | ||
| 51 | + | ||
| 52 | // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 | 52 | // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 |
| 53 | var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); | 53 | var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); |
| 54 | + | ||
| 54 | // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 | 55 | // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 |
| 55 | // (실질적인 코드 변경 커밋만 보기 위해서) | 56 | // (실질적인 코드 변경 커밋만 보기 위해서) |
| 56 | var entrys = crawler.GetPatchEntryChanges(patch); | 57 | var entrys = crawler.GetPatchEntryChanges(patch); |
| 58 | + if (entrys.Count() > 100) | ||
| 59 | + { | ||
| 60 | + // continue; | ||
| 61 | + } | ||
| 57 | /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */ | 62 | /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */ |
| 58 | var dsp = dirPath.Split(Path.DirectorySeparatorChar); | 63 | var dsp = dirPath.Split(Path.DirectorySeparatorChar); |
| 59 | string repoName = dsp[dsp.Length - 1]; | 64 | string repoName = dsp[dsp.Length - 1]; |
| 60 | // 현재 커밋에 대한 패치 엔트리 배열을 출력함 | 65 | // 현재 커밋에 대한 패치 엔트리 배열을 출력함 |
| 61 | PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl); | 66 | PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl); |
| 62 | // Console.ReadLine(); | 67 | // Console.ReadLine(); |
| 68 | + break; | ||
| 69 | + | ||
| 70 | + } | ||
| 71 | + catch(Exception e) | ||
| 72 | + { | ||
| 73 | + break; | ||
| 74 | + //Console.WriteLine(e.ToString()); | ||
| 75 | + //Console.ReadLine(); | ||
| 63 | } | 76 | } |
| 64 | - catch(Exception) | ||
| 65 | - { } | ||
| 66 | } | 77 | } |
| 67 | } | 78 | } |
| 68 | } | 79 | } |
| ... | @@ -133,7 +144,7 @@ namespace VulnCrawler | ... | @@ -133,7 +144,7 @@ namespace VulnCrawler |
| 133 | #endregion | 144 | #endregion |
| 134 | 145 | ||
| 135 | } | 146 | } |
| 136 | - catch (Exception e) | 147 | + catch (Exception) |
| 137 | { | 148 | { |
| 138 | continue; | 149 | continue; |
| 139 | } | 150 | } | ... | ... |
| ... | @@ -9,6 +9,9 @@ using System.Text; | ... | @@ -9,6 +9,9 @@ using System.Text; |
| 9 | using System.Text.RegularExpressions; | 9 | using System.Text.RegularExpressions; |
| 10 | using System.Threading.Tasks; | 10 | using System.Threading.Tasks; |
| 11 | using VulnCrawler; | 11 | using VulnCrawler; |
| 12 | +using Newtonsoft.Json; | ||
| 13 | +using Newtonsoft.Json.Linq; | ||
| 14 | + | ||
| 12 | 15 | ||
| 13 | namespace VulnUserCodeAnalyzer | 16 | namespace VulnUserCodeAnalyzer |
| 14 | { | 17 | { |
| ... | @@ -16,12 +19,19 @@ namespace VulnUserCodeAnalyzer | ... | @@ -16,12 +19,19 @@ namespace VulnUserCodeAnalyzer |
| 16 | { | 19 | { |
| 17 | static void Main(string[] args) | 20 | static void Main(string[] args) |
| 18 | { | 21 | { |
| 22 | + //string json = File.ReadAllText(@"C:\Users\haena\Downloads\cvelist-master\2018\5xxx\CVE-2018-5004.json"); | ||
| 23 | + //JObject jobj = JObject.Parse(json); | ||
| 24 | + //Console.WriteLine(jobj["CVE_data_meta"].ToString()); | ||
| 25 | + | ||
| 26 | + | ||
| 19 | var crawler = new VulnC(); | 27 | var crawler = new VulnC(); |
| 20 | - //var bytes = Convert.FromBase64String("dgBvAGkAZAAgAGsAdgBtAF8AbQBtAHUAXwBuAGUAdwBfAGMAcgAzACgAcwB0AHIAdQBjAHQAIABrAHYAbQBfAHYAYwBwAHUAIAAqAHYAYwBwAHUAKQANAAoAewANAAoACQBtAG0AdQBfAGYAcgBlAGUAXwByAG8AbwB0AHMAKAB2AGMAcAB1ACkAOwANAAoAfQANAAoA"); | 28 | + //var bytes = Convert.FromBase64String("cwB0AGEAdABpAGMAIABpAG4AdAAgAGMAaABhAGMAaABhADIAMABfAHAAbwBsAHkAMQAzADAANQBfAGMAaQBwAGgAZQByACgARQBWAFAAXwBDAEkAUABIAEUAUgBfAEMAVABYACAAKgBjAHQAeAAsACAAdQBuAHMAaQBnAG4AZQBkACAAYwBoAGEAcgAgACoAbwB1AHQALAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBvAG4AcwB0ACAAdQBuAHMAaQBnAG4AZQBkACAAYwBoAGEAcgAgACoAaQBuACwAIABzAGkAegBlAF8AdAAgAGwAZQBuACkADQAKAHsADQAKACAAIAAgACAARQBWAFAAXwBDAEgAQQBDAEgAQQBfAEEARQBBAEQAXwBDAFQAWAAgACoAYQBjAHQAeAAgAD0AIABhAGUAYQBkAF8AZABhAHQAYQAoAGMAdAB4ACkAOwANAAoAIAAgACAAIABzAGkAegBlAF8AdAAgAHIAZQBtACwAIABwAGwAZQBuACAAPQAgAGEAYwB0AHgALQA+AHQAbABzAF8AcABhAHkAbABvAGEAZABfAGwAZQBuAGcAdABoADsADQAKACAAIAAgACAAcwB0AGEAdABpAGMAIABjAG8AbgBzAHQAIAB1AG4AcwBpAGcAbgBlAGQAIABjAGgAYQByACAAegBlAHIAbwBbAFAATwBMAFkAMQAzADAANQBfAEIATABPAEMASwBfAFMASQBaAEUAXQAgAD0AIAB7ACAAMAAgAH0AOwANAAoAIAAgACAAIABpAGYAIAAoACEAYQBjAHQAeAAtAD4AbQBhAGMAXwBpAG4AaQB0AGUAZAApACAAewANAAoAIAAgACAAIAAgACAAIAAgAGEAYwB0AHgALQA+AGsAZQB5AC4AYwBvAHUAbgB0AGUAcgBbADAAXQAgAD0AIAAwADsADQAKACAAIAAgACAAIAAgACAAIABtAGUAbQBzAGUAdAAoAGEAYwB0AHgALQA+AGsAZQB5AC4AYgB1AGYALAAgADAALAAgAHMAaQB6AGUAbwBmACgAYQBjAHQAeAAtAD4AawBlAHkALgBiAHUAZgApACkAOwANAAoAIAAgACAAIAAgACAAIAAgAEMAaABhAEMAaABhADIAMABfAGMAdAByADMAMgAoAGEAYwB0AHgALQA+AGsAZQB5AC4AYgB1AGYALAAgAGEAYwB0AHgALQA+AGsAZQB5AC4AYgB1AGYALAAgAEMASABBAEMASABBAF8AQgBMAEsAXwBTAEkAWgBFACwADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABhAGMAdAB4AC0APgBrAGUAeQAuAGsAZQB5AC4AZAAsACAAYQBjAHQAeAAtAD4AawBlAHkALgBjAG8AdQBuAHQAZQByACkAOwANAAoAIAAgACAAIAAgACAAIAAgAFAAbwBsAHkAMQAzADAANQBfAEkAbgBpAHQAKABQAE8ATABZADEAMwAwADUAXwBjAHQAeAAoAGEAYwB0AHgAKQAsACAAYQBjAHQAeAAtAD4AawBlAHkALgBiAHUAZgApADsADQAKACAAIAAgACAAIAAgACAAIABhAGMAdAB4AC0APgBrAGUAeQAuAGMAbwB1AG4AdABlAHIAWwAwAF0AIAA9ACAAMQA7AA0ACgAgACAAIAAgACAAIAAgACAAYQBjAHQAeAAtAD4AawBlAHkALgBwAGEAcgB0AGkAYQBsAF8AbABlAG4AIAA9ACAAMAA7AA0ACgAgACAAIAAgACAAIAAgACAAYQBjAHQAeAAtAD4AbABlAG4ALgBhAGEAZAAgAD0AIABhAGMAdAB4AC0APgBsAGUAbgAuAHQAZQB4AHQAIAA9ACAAMAA7AA0ACgAgACAAIAAgACAAIAAgACAAYQBjAHQAeAAtAD4AbQBhAGMAXwBpAG4AaQB0AGUAZAAgAD0AIAAxADsADQAKACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUABvAGwAeQAxADMAMAA1AF8AVQBwAGQAYQB0AGUAKABQAE8ATABZADEAMwAwADUAXwBjAHQAeAAoAGEAYwB0AHgAKQAsACAAaQBuACwAIABsAGUAbgApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGEAYwB0AHgALQA+AGwAZQBuAC4AYQBhAGQAIAArAD0AIABsAGUAbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABhAGMAdAB4AC0APgBhAGEAZAAgAD0AIAAxADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAAbABlAG4AOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAcgBlAG0AIAA9ACAAKABzAGkAegBlAF8AdAApAGEAYwB0AHgALQA+AGwAZQBuAC4AYQBhAGQAIAAlACAAUABPAEwAWQAxADMAMAA1AF8AQgBMAE8AQwBLAF8AUwBJAFoARQApACkADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABQAG8AbAB5ADEAMwAwADUAXwBVAHAAZABhAHQAZQAoAFAATwBMAFkAMQAzADAANQBfAGMAdAB4ACgAYQBjAHQAeAApACwAIAB6AGUAcgBvACwADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAATwBMAFkAMQAzADAANQBfAEIATABPAEMASwBfAFMASQBaAEUAIAAtACAAcgBlAG0AKQA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGEAYwB0AHgALQA+AGEAYQBkACAAPQAgADAAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoA"); |
| 21 | //var str = Encoding.Unicode.GetString(bytes); | 29 | //var str = Encoding.Unicode.GetString(bytes); |
| 22 | 30 | ||
| 23 | //Console.WriteLine(str); | 31 | //Console.WriteLine(str); |
| 24 | - //Console.WriteLine(crawler.Abstract(str, new Dictionary<string, string>(), new Dictionary<string, string>())); | 32 | + //var abs = crawler.Abstract(str, new Dictionary<string, string>(), new Dictionary<string, string>()); |
| 33 | + //Console.WriteLine(abs); | ||
| 34 | + //Console.WriteLine(VulnAbstractCrawler.MD5HashFunc(abs)); | ||
| 25 | //Console.ReadLine(); | 35 | //Console.ReadLine(); |
| 26 | 36 | ||
| 27 | // default usage | 37 | // default usage |
| ... | @@ -63,16 +73,19 @@ namespace VulnUserCodeAnalyzer | ... | @@ -63,16 +73,19 @@ namespace VulnUserCodeAnalyzer |
| 63 | var hashDict = new Dictionary<int, HashSet<VulnAbstractCrawler.UserBlock>>(); | 73 | var hashDict = new Dictionary<int, HashSet<VulnAbstractCrawler.UserBlock>>(); |
| 64 | Stopwatch stopwatch = new Stopwatch(); | 74 | Stopwatch stopwatch = new Stopwatch(); |
| 65 | stopwatch.Start(); | 75 | stopwatch.Start(); |
| 66 | - DirectoryInfo dirInfo = new DirectoryInfo(@"c:\code"); | 76 | + DirectoryInfo dirInfo = new DirectoryInfo(@"C:\code"); |
| 67 | var codeFiles = dirInfo.EnumerateFiles("*.c", SearchOption.AllDirectories); | 77 | var codeFiles = dirInfo.EnumerateFiles("*.c", SearchOption.AllDirectories); |
| 68 | int totalFileCount = codeFiles.Count(); | 78 | int totalFileCount = codeFiles.Count(); |
| 69 | int count = 0; | 79 | int count = 0; |
| 70 | foreach (var codeFile in codeFiles) | 80 | foreach (var codeFile in codeFiles) |
| 71 | { | 81 | { |
| 82 | + // Process.Start(codeFile.FullName); | ||
| 72 | Console.WriteLine(codeFile.FullName); | 83 | Console.WriteLine(codeFile.FullName); |
| 73 | using (var reader = codeFile.OpenText()) | 84 | using (var reader = codeFile.OpenText()) |
| 74 | { | 85 | { |
| 75 | var dict = crawler.CrawlUserCode(reader); | 86 | var dict = crawler.CrawlUserCode(reader); |
| 87 | + | ||
| 88 | + | ||
| 76 | foreach (var item in dict) | 89 | foreach (var item in dict) |
| 77 | { | 90 | { |
| 78 | if (!hashDict.ContainsKey(item.Key)) | 91 | if (!hashDict.ContainsKey(item.Key)) |
| ... | @@ -82,20 +95,23 @@ namespace VulnUserCodeAnalyzer | ... | @@ -82,20 +95,23 @@ namespace VulnUserCodeAnalyzer |
| 82 | foreach (var hash in item.Value) | 95 | foreach (var hash in item.Value) |
| 83 | { | 96 | { |
| 84 | hash.Path = codeFile.FullName; | 97 | hash.Path = codeFile.FullName; |
| 98 | + | ||
| 85 | hashDict[item.Key].Add(hash); | 99 | hashDict[item.Key].Add(hash); |
| 86 | filter.Add(hash.Hash); | 100 | filter.Add(hash.Hash); |
| 87 | } | 101 | } |
| 88 | } | 102 | } |
| 89 | count++; | 103 | count++; |
| 90 | double per = ((double)count / (double)totalFileCount) * 100; | 104 | double per = ((double)count / (double)totalFileCount) * 100; |
| 91 | - Console.Clear(); | 105 | + //Console.Clear(); |
| 92 | Console.WriteLine($"{count} / {totalFileCount} :: {per.ToString("#0.0")}%, 개체 수 : {hashDict.Count}"); | 106 | Console.WriteLine($"{count} / {totalFileCount} :: {per.ToString("#0.0")}%, 개체 수 : {hashDict.Count}"); |
| 93 | - if (count > 100) | 107 | + //if (count > 100) |
| 94 | - { | 108 | + //{ |
| 95 | - break; | 109 | + // break; |
| 96 | - } | 110 | + //} |
| 97 | } | 111 | } |
| 98 | } | 112 | } |
| 113 | + // Console.ReadLine(); | ||
| 114 | + | ||
| 99 | var findBlocks = new Queue<VulnAbstractCrawler.UserBlock>(); | 115 | var findBlocks = new Queue<VulnAbstractCrawler.UserBlock>(); |
| 100 | var vulnDict = new Dictionary<string, IEnumerable<VulnRDS._Vuln>>(); | 116 | var vulnDict = new Dictionary<string, IEnumerable<VulnRDS._Vuln>>(); |
| 101 | foreach (var set in hashDict) | 117 | foreach (var set in hashDict) |
| ... | @@ -106,8 +122,14 @@ namespace VulnUserCodeAnalyzer | ... | @@ -106,8 +122,14 @@ namespace VulnUserCodeAnalyzer |
| 106 | if (!vulnDict.ContainsKey(cve)) | 122 | if (!vulnDict.ContainsKey(cve)) |
| 107 | { | 123 | { |
| 108 | vulnDict[cve] = new HashSet<VulnRDS._Vuln>(); | 124 | vulnDict[cve] = new HashSet<VulnRDS._Vuln>(); |
| 109 | - // SQL CVE 목록 가져와야 함 | 125 | + var vulnHashSet = vulnDict[cve] as HashSet<VulnRDS._Vuln>; |
| 110 | - // 가져와서 각 CVE 마다 vulnDict에 추가 | 126 | + var searchedCveHashList = VulnRDS.SelectVulnbyCve(cve); |
| 127 | + Console.WriteLine($"cve:{cve}, {searchedCveHashList.Count()}개 가져옴"); | ||
| 128 | + foreach (var s in searchedCveHashList) | ||
| 129 | + { | ||
| 130 | + vulnHashSet.Add(s); | ||
| 131 | + } | ||
| 132 | + | ||
| 111 | } | 133 | } |
| 112 | } | 134 | } |
| 113 | } | 135 | } |
| ... | @@ -118,6 +140,7 @@ namespace VulnUserCodeAnalyzer | ... | @@ -118,6 +140,7 @@ namespace VulnUserCodeAnalyzer |
| 118 | bool match = false; | 140 | bool match = false; |
| 119 | foreach (var vuln in vulnSet.Value) | 141 | foreach (var vuln in vulnSet.Value) |
| 120 | { | 142 | { |
| 143 | + | ||
| 121 | if (filter.Contains(vuln.BlockHash)) | 144 | if (filter.Contains(vuln.BlockHash)) |
| 122 | { | 145 | { |
| 123 | Console.WriteLine($"필터 확인 : {vuln.BlockHash}"); | 146 | Console.WriteLine($"필터 확인 : {vuln.BlockHash}"); |
| ... | @@ -137,13 +160,17 @@ namespace VulnUserCodeAnalyzer | ... | @@ -137,13 +160,17 @@ namespace VulnUserCodeAnalyzer |
| 137 | else | 160 | else |
| 138 | { | 161 | { |
| 139 | match = false; | 162 | match = false; |
| 140 | - break; | 163 | + // break; |
| 141 | } | 164 | } |
| 142 | } | 165 | } |
| 143 | if (match) | 166 | if (match) |
| 144 | { | 167 | { |
| 145 | Console.WriteLine($"CVE 찾음 {vulnSet.Key}"); | 168 | Console.WriteLine($"CVE 찾음 {vulnSet.Key}"); |
| 146 | } | 169 | } |
| 170 | + else | ||
| 171 | + { | ||
| 172 | + Console.WriteLine("없음"); | ||
| 173 | + } | ||
| 147 | } | 174 | } |
| 148 | 175 | ||
| 149 | stopwatch.Stop(); | 176 | stopwatch.Stop(); |
| ... | @@ -151,13 +178,20 @@ namespace VulnUserCodeAnalyzer | ... | @@ -151,13 +178,20 @@ namespace VulnUserCodeAnalyzer |
| 151 | 178 | ||
| 152 | 179 | ||
| 153 | 180 | ||
| 154 | - var hours = stopwatch.Elapsed.TotalHours; | 181 | + var hours = stopwatch.Elapsed.Hours; |
| 155 | - var minutes = stopwatch.Elapsed.TotalMinutes; | 182 | + var minutes = stopwatch.Elapsed.Minutes; |
| 156 | - var seconds = stopwatch.Elapsed.TotalSeconds; | 183 | + var seconds = stopwatch.Elapsed.Seconds; |
| 157 | 184 | ||
| 158 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); | 185 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); |
| 159 | 186 | ||
| 160 | 187 | ||
| 188 | + // CVE JSON 검색 | ||
| 189 | + | ||
| 190 | + foreach (var vuln in findBlocks) | ||
| 191 | + { | ||
| 192 | + | ||
| 193 | + } | ||
| 194 | + | ||
| 161 | // 블룸 필터 테스트 | 195 | // 블룸 필터 테스트 |
| 162 | //while(true) | 196 | //while(true) |
| 163 | //{ | 197 | //{ | ... | ... |
| ... | @@ -33,6 +33,9 @@ | ... | @@ -33,6 +33,9 @@ |
| 33 | </PropertyGroup> | 33 | </PropertyGroup> |
| 34 | <ItemGroup> | 34 | <ItemGroup> |
| 35 | <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> | 35 | <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> |
| 36 | + <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL"> | ||
| 37 | + <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath> | ||
| 38 | + </Reference> | ||
| 36 | <Reference Include="System" /> | 39 | <Reference Include="System" /> |
| 37 | <Reference Include="System.Core" /> | 40 | <Reference Include="System.Core" /> |
| 38 | <Reference Include="System.Xml.Linq" /> | 41 | <Reference Include="System.Xml.Linq" /> |
| ... | @@ -49,6 +52,7 @@ | ... | @@ -49,6 +52,7 @@ |
| 49 | </ItemGroup> | 52 | </ItemGroup> |
| 50 | <ItemGroup> | 53 | <ItemGroup> |
| 51 | <None Include="App.config" /> | 54 | <None Include="App.config" /> |
| 55 | + <None Include="packages.config" /> | ||
| 52 | </ItemGroup> | 56 | </ItemGroup> |
| 53 | <ItemGroup> | 57 | <ItemGroup> |
| 54 | <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj"> | 58 | <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj"> | ... | ... |
-
Please register or login to post a comment