Showing
17 changed files
with
146 additions
and
160 deletions
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/.DS_Store
deleted
100644 → 0
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/.DS_Store
deleted
100644 → 0
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/assets/.DS_Store
deleted
100644 → 0
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
VulnNotti/material-dashboard-html-v2.0.0/material-dashboard-html-v2.0.0/BS4/docs/.DS_Store
deleted
100644 → 0
No preview for this file type
No preview for this file type
| ... | @@ -65,6 +65,10 @@ namespace VulnCrawler | ... | @@ -65,6 +65,10 @@ namespace VulnCrawler |
| 65 | 65 | ||
| 66 | /* 메인 동작 함수 */ | 66 | /* 메인 동작 함수 */ |
| 67 | public static void Run() { | 67 | public static void Run() { |
| 68 | + | ||
| 69 | + | ||
| 70 | + | ||
| 71 | + | ||
| 68 | // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) | 72 | // Repository 폴더들이 있는 주소를 지정하면 하위 폴더 목록을 가져옴(Repository 목록) |
| 69 | Regex.CacheSize = 50; | 73 | Regex.CacheSize = 50; |
| 70 | 74 | ||
| ... | @@ -80,17 +84,46 @@ namespace VulnCrawler | ... | @@ -80,17 +84,46 @@ namespace VulnCrawler |
| 80 | // Repository 목록 만큼 반복함. | 84 | // Repository 목록 만큼 반복함. |
| 81 | foreach (var directory in directorys) { | 85 | foreach (var directory in directorys) { |
| 82 | /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */ | 86 | /* 폴더 중에 linux가 있으면 잠깐 넘어감 (너무 커서 테스트 힘듦) */ |
| 83 | - if (directory.Contains("linux")) | 87 | + if (directory.Contains("~")) |
| 84 | { | 88 | { |
| 85 | - // continue; | 89 | + continue; |
| 86 | } | 90 | } |
| 91 | + //var crawler = new VulnC(); | ||
| 92 | + //crawler.Init(directory); | ||
| 93 | + | ||
| 94 | + //Tree commitTree1 = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd").Tree; | ||
| 95 | + ////Tree parentTree1 = crawler.Repository.Lookup<Commit>("344ba37bdc299660e1b1693b6999e5fe116893e1").Tree; | ||
| 96 | + | ||
| 97 | + //Commit commit = crawler.Repository.Lookup<Commit>("e589db7a6a9c8f1557007f2cc765ee28ad7a1edd"); | ||
| 98 | + | ||
| 99 | + //foreach (var parent in commit.Parents) | ||
| 100 | + //{ | ||
| 101 | + // Console.WriteLine($"Parent ID:{parent.Sha}"); | ||
| 102 | + // Tree commitTree = commit.Tree; | ||
| 103 | + // Tree parentTree = parent.Tree; | ||
| 104 | + // var patch = crawler.Repository.Diff.Compare<Patch>(commitTree, parentTree.); | ||
| 105 | + // foreach (var item in patch.Where(p => p.OldPath.EndsWith(".c"))) | ||
| 106 | + // { | ||
| 107 | + | ||
| 108 | + // Console.WriteLine(item.Status); | ||
| 109 | + // Console.WriteLine(item.Path); | ||
| 110 | + // Console.WriteLine(item.Patch); | ||
| 111 | + // } | ||
| 112 | + // Console.ReadLine(); | ||
| 113 | + | ||
| 114 | + //} | ||
| 115 | + | ||
| 116 | + | ||
| 117 | + ////Console.WriteLine(patch.Content); | ||
| 118 | + //Console.ReadLine(); | ||
| 119 | + | ||
| 87 | // 템플릿 패턴화 T : VulnAbstractCrawler | 120 | // 템플릿 패턴화 T : VulnAbstractCrawler |
| 88 | VulnWorker.Run<VulnC>(directory); | 121 | VulnWorker.Run<VulnC>(directory); |
| 89 | } | 122 | } |
| 90 | stopwatch.Stop(); | 123 | stopwatch.Stop(); |
| 91 | - var hours = stopwatch.Elapsed.TotalHours; | 124 | + var hours = stopwatch.Elapsed.Hours; |
| 92 | - var minutes = stopwatch.Elapsed.TotalMinutes; | 125 | + var minutes = stopwatch.Elapsed.Minutes; |
| 93 | - var seconds = stopwatch.Elapsed.TotalSeconds; | 126 | + var seconds = stopwatch.Elapsed.Seconds; |
| 94 | 127 | ||
| 95 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); | 128 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); |
| 96 | 129 | ... | ... |
| ... | @@ -131,14 +131,15 @@ namespace VulnCrawler | ... | @@ -131,14 +131,15 @@ namespace VulnCrawler |
| 131 | /// <summary> | 131 | /// <summary> |
| 132 | /// 커밋에서 검색할 정규식 문자열 | 132 | /// 커밋에서 검색할 정규식 문자열 |
| 133 | /// </summary> | 133 | /// </summary> |
| 134 | - public string SearchCommitPattern => @"CVE[ -]\d{4}[ -]\d{4}"; | 134 | + public string SearchCommitPattern => @"CVE[ -](\d{4})[ -](\d{4,})"; |
| 135 | /// <summary> | 135 | /// <summary> |
| 136 | /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 | 136 | /// 패치 코드에서 함수 찾을 정규식 패턴 문자열 |
| 137 | /// </summary> | 137 | /// </summary> |
| 138 | protected abstract string RegexFuncPattern { get; } | 138 | protected abstract string RegexFuncPattern { get; } |
| 139 | + protected abstract string UserRegexFuncPattern { get; } | ||
| 139 | protected abstract string Extension { get; } | 140 | protected abstract string Extension { get; } |
| 140 | public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { | 141 | public virtual IEnumerable<PatchEntryChanges> GetPatchEntryChanges(Patch patch) { |
| 141 | - return patch.Where(e => e.Path.EndsWith(Extension)).ToList(); | 142 | + return patch.Where(e => e.Path.EndsWith(Extension) && e.Status == ChangeKind.Modified).ToList(); |
| 142 | } | 143 | } |
| 143 | /// <summary> | 144 | /// <summary> |
| 144 | /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 | 145 | /// 정규식을 이용하여 @@ -\d,\d +\d,\d @@ MethodName(): 이런 패턴을 찾고 |
| ... | @@ -158,108 +159,11 @@ namespace VulnCrawler | ... | @@ -158,108 +159,11 @@ namespace VulnCrawler |
| 158 | public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader); | 159 | public abstract IDictionary<int, IEnumerable<UserBlock>> CrawlUserCode(StreamReader reader); |
| 159 | 160 | ||
| 160 | protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList); | 161 | protected abstract IList<Block> GetCriticalBlocks(string srcCode, IEnumerable<string> criticalList); |
| 161 | - /// <summary> | ||
| 162 | - /// 성능 개선을 위한 | ||
| 163 | - /// 코드 라인 위치 기반 취약 원본 함수 추출 테스트용 함수 곧 삭제 예정 | ||
| 164 | - /// </summary> | ||
| 165 | - public string GetOriginalFuncTest(Stream oldStream, string methodName, int start) | ||
| 166 | - { | ||
| 167 | - StringBuilder oldBuilder = new StringBuilder(); | ||
| 168 | - | ||
| 169 | - using (var reader = new StreamReader(oldStream)) | ||
| 170 | - { | ||
| 171 | - bool found = false; | ||
| 172 | - bool found2 = false; | ||
| 173 | - bool commentLine = false; | ||
| 174 | - int bracketCount = -1; | ||
| 175 | - string stringPattern = @"[""].*[""]"; | ||
| 176 | - string commentPattern = @"\/\*.+\*\/"; | ||
| 177 | - string commentPattern2 = @"\/\*"; | ||
| 178 | - string commentPattern3 = @"\*\/"; | ||
| 179 | - int readCount = 0; | ||
| 180 | - Queue<string> tempQ = new Queue<string>(); | ||
| 181 | - while (!reader.EndOfStream) | ||
| 182 | - { | ||
| 183 | - string line = reader.ReadLine(); | ||
| 184 | - if (readCount++ < start) | ||
| 185 | - { | ||
| 186 | - tempQ.Enqueue(line); | ||
| 187 | - continue; | ||
| 188 | - } | ||
| 189 | - Stack<string> tempStack = new Stack<string>(); | ||
| 190 | - while (tempQ.Count > 0) | ||
| 191 | - { | ||
| 192 | - string s = tempQ.Dequeue(); | ||
| 193 | - tempStack.Push(s); | ||
| 194 | - string method = Regex.Escape(methodName); | ||
| 195 | - if (Regex.Match(s, $"{method}").Success) | ||
| 196 | - { | ||
| 197 | - break; | ||
| 198 | - } | ||
| 199 | - } | ||
| 200 | - while (tempStack.Count > 0) | ||
| 201 | - { | ||
| 202 | - string s = tempStack.Pop(); | ||
| 203 | - string trim = s.Trim(); | ||
| 204 | - if (commentLine) | ||
| 205 | - { | ||
| 206 | - if (Regex.IsMatch(trim, commentPattern3)) | ||
| 207 | - { | ||
| 208 | - commentLine = false; | ||
| 209 | - trim = Regex.Split(trim, commentPattern3)[1]; | ||
| 210 | - } | ||
| 211 | - continue; | ||
| 212 | - } | ||
| 213 | - string removeString = Regex.Replace(trim, stringPattern, ""); | ||
| 214 | - // /* ~ 패턴 | ||
| 215 | - if (Regex.IsMatch(trim, commentPattern2)) | ||
| 216 | - { | ||
| 217 | - // /* ~ */ 패턴이 아닌 경우 | ||
| 218 | - if (!Regex.IsMatch(trim, commentPattern)) | ||
| 219 | - { | ||
| 220 | - commentLine = true; | ||
| 221 | - } | ||
| 222 | - trim = Regex.Split(trim, "/*")[0]; | ||
| 223 | - } | ||
| 224 | - if (string.IsNullOrWhiteSpace(trim)) | ||
| 225 | - { | ||
| 226 | - continue; | ||
| 227 | - } | ||
| 228 | - int openBracketCount = removeString.Count(c => c == '{'); | ||
| 229 | - int closeBracketCount = removeString.Count(c => c == '}'); | ||
| 230 | - int subtract = openBracketCount - closeBracketCount; | ||
| 231 | - bracketCount += subtract; | ||
| 232 | - // 메서드 시작 괄호 찾은 경우 | ||
| 233 | - if (found2) | ||
| 234 | - { | ||
| 235 | - // 괄호가 모두 닫혔으니 종료 | ||
| 236 | - if (bracketCount < 0) | ||
| 237 | - { | ||
| 238 | - // Console.WriteLine("괄호끝"); | ||
| 239 | - break; | ||
| 240 | - } | ||
| 241 | - // oldBuilder.AppendLine(line); | ||
| 242 | - } | ||
| 243 | - else | ||
| 244 | - { | ||
| 245 | - if (openBracketCount > 0) | ||
| 246 | - { | ||
| 247 | - found2 = true; | ||
| 248 | - } | ||
| 249 | - | ||
| 250 | - } | ||
| 251 | - oldBuilder.AppendLine(s); | ||
| 252 | - } | ||
| 253 | - } | ||
| 254 | - } | ||
| 255 | - Console.WriteLine("찾음"); | ||
| 256 | - Console.WriteLine(oldBuilder.ToString()); | ||
| 257 | - Console.ReadLine(); | ||
| 258 | 162 | ||
| 259 | - return oldBuilder.ToString(); | ||
| 260 | - } | ||
| 261 | public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode); | 163 | public abstract IDictionary<string, IEnumerable<string>> ExtractGitCriticalMethodTable(string srcCode); |
| 262 | 164 | ||
| 165 | + public abstract IDictionary<string, string> CrawlCode(StreamReader reader); | ||
| 166 | + | ||
| 263 | public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict); | 167 | public abstract string Abstract(string blockCode, IDictionary<string, string> dict, IDictionary<string, string> methodDict); |
| 264 | /// <summary> | 168 | /// <summary> |
| 265 | /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출 | 169 | /// 패치 전 코드 파일과 크리티컬 메서드 테이블로 부터 크리티컬 블록 추출 |
| ... | @@ -268,54 +172,42 @@ namespace VulnCrawler | ... | @@ -268,54 +172,42 @@ namespace VulnCrawler |
| 268 | /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param> | 172 | /// <param name="table">크리티컬 메서드 테이블(Key: 메서드 이름, Value: 변수 리스트)</param> |
| 269 | /// <returns></returns> | 173 | /// <returns></returns> |
| 270 | public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) { | 174 | public virtual IEnumerable<(string methodName, string oriFunc, IList<Block> blocks)> Process(Blob oldBlob, IDictionary<string, IEnumerable<string>> table) { |
| 175 | + | ||
| 176 | + // 패치 전 원본 파일 스트림 | ||
| 177 | + Stream oldStream = oldBlob.GetContentStream(); | ||
| 178 | + using (var reader = new StreamReader(oldStream)) | ||
| 179 | + { | ||
| 180 | + var dict = CrawlCode(reader); | ||
| 181 | + | ||
| 271 | foreach (var item in table) | 182 | foreach (var item in table) |
| 272 | { | 183 | { |
| 273 | var methodTable = new Dictionary<string, string>(); | 184 | var methodTable = new Dictionary<string, string>(); |
| 274 | var varTable = new Dictionary<string, string>(); | 185 | var varTable = new Dictionary<string, string>(); |
| 275 | // 메서드 이름 | 186 | // 메서드 이름 |
| 276 | string methodName = item.Key; | 187 | string methodName = item.Key; |
| 277 | - // 패치 전 원본 파일 스트림 | 188 | + |
| 278 | - Stream oldStream = oldBlob.GetContentStream(); | ||
| 279 | // 패치 전 원본 함수 구하고 | 189 | // 패치 전 원본 함수 구하고 |
| 280 | - string func = GetOriginalFunc(oldStream, methodName); | 190 | + string func = string.Empty; |
| 191 | + | ||
| 281 | 192 | ||
| 282 | - string bs = string.Empty; | 193 | + foreach (var pair in dict) |
| 283 | - string md5 = string.Empty; | ||
| 284 | - if (item.Value.Count() != 0) | ||
| 285 | { | 194 | { |
| 286 | - //Console.WriteLine("크리티컬 변수 목록"); | 195 | + if (pair.Key.Contains(methodName)) |
| 287 | - //Console.ForegroundColor = ConsoleColor.Cyan; | 196 | + { |
| 288 | - //foreach (var c in item.Value) | 197 | + func = pair.Value; |
| 289 | - //{ | 198 | + break; |
| 290 | - // Console.WriteLine(c); | 199 | + } |
| 291 | - //} | 200 | + } |
| 292 | - //Console.ResetColor(); | ||
| 293 | - //Console.WriteLine("-------------------"); | ||
| 294 | - // 크리티컬 블록 추출 | ||
| 295 | - var blocks = new List<Block>(); | ||
| 296 | - //var blocks = GetCriticalBlocks(func, item.Value).ToList(); | ||
| 297 | - //if (blocks == null) | ||
| 298 | - //{ | ||
| 299 | - // continue; | ||
| 300 | - //} | ||
| 301 | - //foreach (var block in blocks) | ||
| 302 | - //{ | ||
| 303 | 201 | ||
| 304 | - // block.CriticalList = item.Value; | ||
| 305 | - // /* 추상화 및 정규화 */ | ||
| 306 | - // block.AbsCode = Abstract(block.Code, varTable, methodTable); | ||
| 307 | - // block.Hash = MD5HashFunc(block.AbsCode); | ||
| 308 | 202 | ||
| 309 | - //} | ||
| 310 | - /* 추상화 변환 테이블 출력 */ | ||
| 311 | - //foreach (var var in varTable) | ||
| 312 | - //{ | ||
| 313 | - // Console.WriteLine($"{var.Key}, {var.Value}"); | ||
| 314 | - //} | ||
| 315 | 203 | ||
| 204 | + | ||
| 205 | + // 크리티컬 블록 추출 | ||
| 206 | + var blocks = new List<Block>(); | ||
| 316 | yield return (methodName, func, blocks); | 207 | yield return (methodName, func, blocks); |
| 317 | - } | ||
| 318 | 208 | ||
| 209 | + | ||
| 210 | + } | ||
| 319 | } | 211 | } |
| 320 | } | 212 | } |
| 321 | /// <summary> | 213 | /// <summary> |
| ... | @@ -349,7 +241,7 @@ namespace VulnCrawler | ... | @@ -349,7 +241,7 @@ namespace VulnCrawler |
| 349 | var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase); | 241 | var match = Regex.Match(msg, SearchCommitPattern, RegexOptions.IgnoreCase); |
| 350 | 242 | ||
| 351 | if (match.Success) { | 243 | if (match.Success) { |
| 352 | - return match.Value; | 244 | + return $"CVE-{match.Groups[1].Value}-{match.Groups[2].Value}"; |
| 353 | } | 245 | } |
| 354 | return string.Empty; | 246 | return string.Empty; |
| 355 | } | 247 | } | ... | ... |
This diff is collapsed. Click to expand it.
| ... | @@ -16,6 +16,9 @@ namespace VulnCrawler | ... | @@ -16,6 +16,9 @@ namespace VulnCrawler |
| 16 | protected override string Extension => ".py"; | 16 | protected override string Extension => ".py"; |
| 17 | protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; | 17 | protected override string RegexFuncPattern => $@"@@ \-(?<{OldStart}>\d+),(?<{OldLines}>\d+) \+(?<{NewStart}>\d+),(?<{NewLines}>\d+) @@ def (?<{MethodName}>\w+)"; |
| 18 | protected override string ReservedFileName => "PyReserved.txt"; | 18 | protected override string ReservedFileName => "PyReserved.txt"; |
| 19 | + | ||
| 20 | + protected override string UserRegexFuncPattern => throw new NotImplementedException(); | ||
| 21 | + | ||
| 19 | public override MatchCollection GetMatches(string patchCode) { | 22 | public override MatchCollection GetMatches(string patchCode) { |
| 20 | //var regs = Regex.Matches(patchCode, RegexFuncPattern); | 23 | //var regs = Regex.Matches(patchCode, RegexFuncPattern); |
| 21 | var regs = MethodExtractor.Matches(patchCode); | 24 | var regs = MethodExtractor.Matches(patchCode); |
| ... | @@ -85,5 +88,10 @@ namespace VulnCrawler | ... | @@ -85,5 +88,10 @@ namespace VulnCrawler |
| 85 | { | 88 | { |
| 86 | throw new NotImplementedException(); | 89 | throw new NotImplementedException(); |
| 87 | } | 90 | } |
| 91 | + | ||
| 92 | + public override IDictionary<string, string> CrawlCode(StreamReader reader) | ||
| 93 | + { | ||
| 94 | + throw new NotImplementedException(); | ||
| 95 | + } | ||
| 88 | } | 96 | } |
| 89 | } | 97 | } | ... | ... |
| ... | @@ -30,7 +30,6 @@ namespace VulnCrawler | ... | @@ -30,7 +30,6 @@ namespace VulnCrawler |
| 30 | } | 30 | } |
| 31 | foreach (var commit in commits) { | 31 | foreach (var commit in commits) { |
| 32 | // 커밋 메시지 | 32 | // 커밋 메시지 |
| 33 | - | ||
| 34 | count++; | 33 | count++; |
| 35 | double per = ((double)count / (double)totalCount) * 100; | 34 | double per = ((double)count / (double)totalCount) * 100; |
| 36 | 35 | ||
| ... | @@ -46,23 +45,35 @@ namespace VulnCrawler | ... | @@ -46,23 +45,35 @@ namespace VulnCrawler |
| 46 | string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}"; | 45 | string commitUrl = $"{crawler.PushUrl}/commit/{commit.Sha}"; |
| 47 | 46 | ||
| 48 | foreach (var parent in commit.Parents) { | 47 | foreach (var parent in commit.Parents) { |
| 49 | - | ||
| 50 | try | 48 | try |
| 51 | { | 49 | { |
| 50 | + | ||
| 51 | + | ||
| 52 | // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 | 52 | // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 |
| 53 | var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); | 53 | var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); |
| 54 | + | ||
| 54 | // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 | 55 | // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 |
| 55 | // (실질적인 코드 변경 커밋만 보기 위해서) | 56 | // (실질적인 코드 변경 커밋만 보기 위해서) |
| 56 | var entrys = crawler.GetPatchEntryChanges(patch); | 57 | var entrys = crawler.GetPatchEntryChanges(patch); |
| 58 | + if (entrys.Count() > 100) | ||
| 59 | + { | ||
| 60 | + // continue; | ||
| 61 | + } | ||
| 57 | /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */ | 62 | /* C:\VulnC\linux 라면 linux만 뽑아서 repoName에 저장 */ |
| 58 | var dsp = dirPath.Split(Path.DirectorySeparatorChar); | 63 | var dsp = dirPath.Split(Path.DirectorySeparatorChar); |
| 59 | string repoName = dsp[dsp.Length - 1]; | 64 | string repoName = dsp[dsp.Length - 1]; |
| 60 | // 현재 커밋에 대한 패치 엔트리 배열을 출력함 | 65 | // 현재 커밋에 대한 패치 엔트리 배열을 출력함 |
| 61 | PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl); | 66 | PrintPatchEntrys(entrys, crawler, message, cve, repoName, commitUrl); |
| 62 | // Console.ReadLine(); | 67 | // Console.ReadLine(); |
| 68 | + break; | ||
| 69 | + | ||
| 70 | + } | ||
| 71 | + catch(Exception e) | ||
| 72 | + { | ||
| 73 | + break; | ||
| 74 | + //Console.WriteLine(e.ToString()); | ||
| 75 | + //Console.ReadLine(); | ||
| 63 | } | 76 | } |
| 64 | - catch(Exception) | ||
| 65 | - { } | ||
| 66 | } | 77 | } |
| 67 | } | 78 | } |
| 68 | } | 79 | } |
| ... | @@ -133,7 +144,7 @@ namespace VulnCrawler | ... | @@ -133,7 +144,7 @@ namespace VulnCrawler |
| 133 | #endregion | 144 | #endregion |
| 134 | 145 | ||
| 135 | } | 146 | } |
| 136 | - catch (Exception e) | 147 | + catch (Exception) |
| 137 | { | 148 | { |
| 138 | continue; | 149 | continue; |
| 139 | } | 150 | } | ... | ... |
| ... | @@ -9,6 +9,9 @@ using System.Text; | ... | @@ -9,6 +9,9 @@ using System.Text; |
| 9 | using System.Text.RegularExpressions; | 9 | using System.Text.RegularExpressions; |
| 10 | using System.Threading.Tasks; | 10 | using System.Threading.Tasks; |
| 11 | using VulnCrawler; | 11 | using VulnCrawler; |
| 12 | +using Newtonsoft.Json; | ||
| 13 | +using Newtonsoft.Json.Linq; | ||
| 14 | + | ||
| 12 | 15 | ||
| 13 | namespace VulnUserCodeAnalyzer | 16 | namespace VulnUserCodeAnalyzer |
| 14 | { | 17 | { |
| ... | @@ -16,12 +19,19 @@ namespace VulnUserCodeAnalyzer | ... | @@ -16,12 +19,19 @@ namespace VulnUserCodeAnalyzer |
| 16 | { | 19 | { |
| 17 | static void Main(string[] args) | 20 | static void Main(string[] args) |
| 18 | { | 21 | { |
| 22 | + //string json = File.ReadAllText(@"C:\Users\haena\Downloads\cvelist-master\2018\5xxx\CVE-2018-5004.json"); | ||
| 23 | + //JObject jobj = JObject.Parse(json); | ||
| 24 | + //Console.WriteLine(jobj["CVE_data_meta"].ToString()); | ||
| 25 | + | ||
| 26 | + | ||
| 19 | var crawler = new VulnC(); | 27 | var crawler = new VulnC(); |
| 20 | - //var bytes = Convert.FromBase64String("dgBvAGkAZAAgAGsAdgBtAF8AbQBtAHUAXwBuAGUAdwBfAGMAcgAzACgAcwB0AHIAdQBjAHQAIABrAHYAbQBfAHYAYwBwAHUAIAAqAHYAYwBwAHUAKQANAAoAewANAAoACQBtAG0AdQBfAGYAcgBlAGUAXwByAG8AbwB0AHMAKAB2AGMAcAB1ACkAOwANAAoAfQANAAoA"); | 28 | + //var bytes = Convert.FromBase64String("cwB0AGEAdABpAGMAIABpAG4AdAAgAGMAaABhAGMAaABhADIAMABfAHAAbwBsAHkAMQAzADAANQBfAGMAaQBwAGgAZQByACgARQBWAFAAXwBDAEkAUABIAEUAUgBfAEMAVABYACAAKgBjAHQAeAAsACAAdQBuAHMAaQBnAG4AZQBkACAAYwBoAGEAcgAgACoAbwB1AHQALAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBvAG4AcwB0ACAAdQBuAHMAaQBnAG4AZQBkACAAYwBoAGEAcgAgACoAaQBuACwAIABzAGkAegBlAF8AdAAgAGwAZQBuACkADQAKAHsADQAKACAAIAAgACAARQBWAFAAXwBDAEgAQQBDAEgAQQBfAEEARQBBAEQAXwBDAFQAWAAgACoAYQBjAHQAeAAgAD0AIABhAGUAYQBkAF8AZABhAHQAYQAoAGMAdAB4ACkAOwANAAoAIAAgACAAIABzAGkAegBlAF8AdAAgAHIAZQBtACwAIABwAGwAZQBuACAAPQAgAGEAYwB0AHgALQA+AHQAbABzAF8AcABhAHkAbABvAGEAZABfAGwAZQBuAGcAdABoADsADQAKACAAIAAgACAAcwB0AGEAdABpAGMAIABjAG8AbgBzAHQAIAB1AG4AcwBpAGcAbgBlAGQAIABjAGgAYQByACAAegBlAHIAbwBbAFAATwBMAFkAMQAzADAANQBfAEIATABPAEMASwBfAFMASQBaAEUAXQAgAD0AIAB7ACAAMAAgAH0AOwANAAoAIAAgACAAIABpAGYAIAAoACEAYQBjAHQAeAAtAD4AbQBhAGMAXwBpAG4AaQB0AGUAZAApACAAewANAAoAIAAgACAAIAAgACAAIAAgAGEAYwB0AHgALQA+AGsAZQB5AC4AYwBvAHUAbgB0AGUAcgBbADAAXQAgAD0AIAAwADsADQAKACAAIAAgACAAIAAgACAAIABtAGUAbQBzAGUAdAAoAGEAYwB0AHgALQA+AGsAZQB5AC4AYgB1AGYALAAgADAALAAgAHMAaQB6AGUAbwBmACgAYQBjAHQAeAAtAD4AawBlAHkALgBiAHUAZgApACkAOwANAAoAIAAgACAAIAAgACAAIAAgAEMAaABhAEMAaABhADIAMABfAGMAdAByADMAMgAoAGEAYwB0AHgALQA+AGsAZQB5AC4AYgB1AGYALAAgAGEAYwB0AHgALQA+AGsAZQB5AC4AYgB1AGYALAAgAEMASABBAEMASABBAF8AQgBMAEsAXwBTAEkAWgBFACwADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABhAGMAdAB4AC0APgBrAGUAeQAuAGsAZQB5AC4AZAAsACAAYQBjAHQAeAAtAD4AawBlAHkALgBjAG8AdQBuAHQAZQByACkAOwANAAoAIAAgACAAIAAgACAAIAAgAFAAbwBsAHkAMQAzADAANQBfAEkAbgBpAHQAKABQAE8ATABZADEAMwAwADUAXwBjAHQAeAAoAGEAYwB0AHgAKQAsACAAYQBjAHQAeAAtAD4AawBlAHkALgBiAHUAZgApADsADQAKACAAIAAgACAAIAAgACAAIABhAGMAdAB4AC0APgBrAGUAeQAuAGMAbwB1AG4AdABlAHIAWwAwAF0AIAA9ACAAMQA7AA0ACgAgACAAIAAgACAAIAAgACAAYQBjAHQAeAAtAD4AawBlAHkALgBwAGEAcgB0AGkAYQBsAF8AbABlAG4AIAA9ACAAMAA7AA0ACgAgACAAIAAgACAAIAAgACAAYQBjAHQAeAAtAD4AbABlAG4ALgBhAGEAZAAgAD0AIABhAGMAdAB4AC0APgBsAGUAbgAuAHQAZQB4AHQAIAA9ACAAMAA7AA0ACgAgACAAIAAgACAAIAAgACAAYQBjAHQAeAAtAD4AbQBhAGMAXwBpAG4AaQB0AGUAZAAgAD0AIAAxADsADQAKACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUABvAGwAeQAxADMAMAA1AF8AVQBwAGQAYQB0AGUAKABQAE8ATABZADEAMwAwADUAXwBjAHQAeAAoAGEAYwB0AHgAKQAsACAAaQBuACwAIABsAGUAbgApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGEAYwB0AHgALQA+AGwAZQBuAC4AYQBhAGQAIAArAD0AIABsAGUAbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABhAGMAdAB4AC0APgBhAGEAZAAgAD0AIAAxADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAAbABlAG4AOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAcgBlAG0AIAA9ACAAKABzAGkAegBlAF8AdAApAGEAYwB0AHgALQA+AGwAZQBuAC4AYQBhAGQAIAAlACAAUABPAEwAWQAxADMAMAA1AF8AQgBMAE8AQwBLAF8AUwBJAFoARQApACkADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABQAG8AbAB5ADEAMwAwADUAXwBVAHAAZABhAHQAZQAoAFAATwBMAFkAMQAzADAANQBfAGMAdAB4ACgAYQBjAHQAeAApACwAIAB6AGUAcgBvACwADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAATwBMAFkAMQAzADAANQBfAEIATABPAEMASwBfAFMASQBaAEUAIAAtACAAcgBlAG0AKQA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGEAYwB0AHgALQA+AGEAYQBkACAAPQAgADAAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoA"); |
| 21 | //var str = Encoding.Unicode.GetString(bytes); | 29 | //var str = Encoding.Unicode.GetString(bytes); |
| 22 | 30 | ||
| 23 | //Console.WriteLine(str); | 31 | //Console.WriteLine(str); |
| 24 | - //Console.WriteLine(crawler.Abstract(str, new Dictionary<string, string>(), new Dictionary<string, string>())); | 32 | + //var abs = crawler.Abstract(str, new Dictionary<string, string>(), new Dictionary<string, string>()); |
| 33 | + //Console.WriteLine(abs); | ||
| 34 | + //Console.WriteLine(VulnAbstractCrawler.MD5HashFunc(abs)); | ||
| 25 | //Console.ReadLine(); | 35 | //Console.ReadLine(); |
| 26 | 36 | ||
| 27 | // default usage | 37 | // default usage |
| ... | @@ -63,16 +73,19 @@ namespace VulnUserCodeAnalyzer | ... | @@ -63,16 +73,19 @@ namespace VulnUserCodeAnalyzer |
| 63 | var hashDict = new Dictionary<int, HashSet<VulnAbstractCrawler.UserBlock>>(); | 73 | var hashDict = new Dictionary<int, HashSet<VulnAbstractCrawler.UserBlock>>(); |
| 64 | Stopwatch stopwatch = new Stopwatch(); | 74 | Stopwatch stopwatch = new Stopwatch(); |
| 65 | stopwatch.Start(); | 75 | stopwatch.Start(); |
| 66 | - DirectoryInfo dirInfo = new DirectoryInfo(@"c:\code"); | 76 | + DirectoryInfo dirInfo = new DirectoryInfo(@"C:\code"); |
| 67 | var codeFiles = dirInfo.EnumerateFiles("*.c", SearchOption.AllDirectories); | 77 | var codeFiles = dirInfo.EnumerateFiles("*.c", SearchOption.AllDirectories); |
| 68 | int totalFileCount = codeFiles.Count(); | 78 | int totalFileCount = codeFiles.Count(); |
| 69 | int count = 0; | 79 | int count = 0; |
| 70 | foreach (var codeFile in codeFiles) | 80 | foreach (var codeFile in codeFiles) |
| 71 | { | 81 | { |
| 82 | + // Process.Start(codeFile.FullName); | ||
| 72 | Console.WriteLine(codeFile.FullName); | 83 | Console.WriteLine(codeFile.FullName); |
| 73 | using (var reader = codeFile.OpenText()) | 84 | using (var reader = codeFile.OpenText()) |
| 74 | { | 85 | { |
| 75 | var dict = crawler.CrawlUserCode(reader); | 86 | var dict = crawler.CrawlUserCode(reader); |
| 87 | + | ||
| 88 | + | ||
| 76 | foreach (var item in dict) | 89 | foreach (var item in dict) |
| 77 | { | 90 | { |
| 78 | if (!hashDict.ContainsKey(item.Key)) | 91 | if (!hashDict.ContainsKey(item.Key)) |
| ... | @@ -82,20 +95,23 @@ namespace VulnUserCodeAnalyzer | ... | @@ -82,20 +95,23 @@ namespace VulnUserCodeAnalyzer |
| 82 | foreach (var hash in item.Value) | 95 | foreach (var hash in item.Value) |
| 83 | { | 96 | { |
| 84 | hash.Path = codeFile.FullName; | 97 | hash.Path = codeFile.FullName; |
| 98 | + | ||
| 85 | hashDict[item.Key].Add(hash); | 99 | hashDict[item.Key].Add(hash); |
| 86 | filter.Add(hash.Hash); | 100 | filter.Add(hash.Hash); |
| 87 | } | 101 | } |
| 88 | } | 102 | } |
| 89 | count++; | 103 | count++; |
| 90 | double per = ((double)count / (double)totalFileCount) * 100; | 104 | double per = ((double)count / (double)totalFileCount) * 100; |
| 91 | - Console.Clear(); | 105 | + //Console.Clear(); |
| 92 | Console.WriteLine($"{count} / {totalFileCount} :: {per.ToString("#0.0")}%, 개체 수 : {hashDict.Count}"); | 106 | Console.WriteLine($"{count} / {totalFileCount} :: {per.ToString("#0.0")}%, 개체 수 : {hashDict.Count}"); |
| 93 | - if (count > 100) | 107 | + //if (count > 100) |
| 94 | - { | 108 | + //{ |
| 95 | - break; | 109 | + // break; |
| 96 | - } | 110 | + //} |
| 97 | } | 111 | } |
| 98 | } | 112 | } |
| 113 | + // Console.ReadLine(); | ||
| 114 | + | ||
| 99 | var findBlocks = new Queue<VulnAbstractCrawler.UserBlock>(); | 115 | var findBlocks = new Queue<VulnAbstractCrawler.UserBlock>(); |
| 100 | var vulnDict = new Dictionary<string, IEnumerable<VulnRDS._Vuln>>(); | 116 | var vulnDict = new Dictionary<string, IEnumerable<VulnRDS._Vuln>>(); |
| 101 | foreach (var set in hashDict) | 117 | foreach (var set in hashDict) |
| ... | @@ -106,8 +122,14 @@ namespace VulnUserCodeAnalyzer | ... | @@ -106,8 +122,14 @@ namespace VulnUserCodeAnalyzer |
| 106 | if (!vulnDict.ContainsKey(cve)) | 122 | if (!vulnDict.ContainsKey(cve)) |
| 107 | { | 123 | { |
| 108 | vulnDict[cve] = new HashSet<VulnRDS._Vuln>(); | 124 | vulnDict[cve] = new HashSet<VulnRDS._Vuln>(); |
| 109 | - // SQL CVE 목록 가져와야 함 | 125 | + var vulnHashSet = vulnDict[cve] as HashSet<VulnRDS._Vuln>; |
| 110 | - // 가져와서 각 CVE 마다 vulnDict에 추가 | 126 | + var searchedCveHashList = VulnRDS.SelectVulnbyCve(cve); |
| 127 | + Console.WriteLine($"cve:{cve}, {searchedCveHashList.Count()}개 가져옴"); | ||
| 128 | + foreach (var s in searchedCveHashList) | ||
| 129 | + { | ||
| 130 | + vulnHashSet.Add(s); | ||
| 131 | + } | ||
| 132 | + | ||
| 111 | } | 133 | } |
| 112 | } | 134 | } |
| 113 | } | 135 | } |
| ... | @@ -118,6 +140,7 @@ namespace VulnUserCodeAnalyzer | ... | @@ -118,6 +140,7 @@ namespace VulnUserCodeAnalyzer |
| 118 | bool match = false; | 140 | bool match = false; |
| 119 | foreach (var vuln in vulnSet.Value) | 141 | foreach (var vuln in vulnSet.Value) |
| 120 | { | 142 | { |
| 143 | + | ||
| 121 | if (filter.Contains(vuln.BlockHash)) | 144 | if (filter.Contains(vuln.BlockHash)) |
| 122 | { | 145 | { |
| 123 | Console.WriteLine($"필터 확인 : {vuln.BlockHash}"); | 146 | Console.WriteLine($"필터 확인 : {vuln.BlockHash}"); |
| ... | @@ -137,13 +160,17 @@ namespace VulnUserCodeAnalyzer | ... | @@ -137,13 +160,17 @@ namespace VulnUserCodeAnalyzer |
| 137 | else | 160 | else |
| 138 | { | 161 | { |
| 139 | match = false; | 162 | match = false; |
| 140 | - break; | 163 | + // break; |
| 141 | } | 164 | } |
| 142 | } | 165 | } |
| 143 | if (match) | 166 | if (match) |
| 144 | { | 167 | { |
| 145 | Console.WriteLine($"CVE 찾음 {vulnSet.Key}"); | 168 | Console.WriteLine($"CVE 찾음 {vulnSet.Key}"); |
| 146 | } | 169 | } |
| 170 | + else | ||
| 171 | + { | ||
| 172 | + Console.WriteLine("없음"); | ||
| 173 | + } | ||
| 147 | } | 174 | } |
| 148 | 175 | ||
| 149 | stopwatch.Stop(); | 176 | stopwatch.Stop(); |
| ... | @@ -151,13 +178,20 @@ namespace VulnUserCodeAnalyzer | ... | @@ -151,13 +178,20 @@ namespace VulnUserCodeAnalyzer |
| 151 | 178 | ||
| 152 | 179 | ||
| 153 | 180 | ||
| 154 | - var hours = stopwatch.Elapsed.TotalHours; | 181 | + var hours = stopwatch.Elapsed.Hours; |
| 155 | - var minutes = stopwatch.Elapsed.TotalMinutes; | 182 | + var minutes = stopwatch.Elapsed.Minutes; |
| 156 | - var seconds = stopwatch.Elapsed.TotalSeconds; | 183 | + var seconds = stopwatch.Elapsed.Seconds; |
| 157 | 184 | ||
| 158 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); | 185 | Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}"); |
| 159 | 186 | ||
| 160 | 187 | ||
| 188 | + // CVE JSON 검색 | ||
| 189 | + | ||
| 190 | + foreach (var vuln in findBlocks) | ||
| 191 | + { | ||
| 192 | + | ||
| 193 | + } | ||
| 194 | + | ||
| 161 | // 블룸 필터 테스트 | 195 | // 블룸 필터 테스트 |
| 162 | //while(true) | 196 | //while(true) |
| 163 | //{ | 197 | //{ | ... | ... |
| ... | @@ -33,6 +33,9 @@ | ... | @@ -33,6 +33,9 @@ |
| 33 | </PropertyGroup> | 33 | </PropertyGroup> |
| 34 | <ItemGroup> | 34 | <ItemGroup> |
| 35 | <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> | 35 | <Reference Include="MySql.Data, Version=8.0.10.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL" /> |
| 36 | + <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL"> | ||
| 37 | + <HintPath>..\packages\Newtonsoft.Json.11.0.2\lib\net45\Newtonsoft.Json.dll</HintPath> | ||
| 38 | + </Reference> | ||
| 36 | <Reference Include="System" /> | 39 | <Reference Include="System" /> |
| 37 | <Reference Include="System.Core" /> | 40 | <Reference Include="System.Core" /> |
| 38 | <Reference Include="System.Xml.Linq" /> | 41 | <Reference Include="System.Xml.Linq" /> |
| ... | @@ -49,6 +52,7 @@ | ... | @@ -49,6 +52,7 @@ |
| 49 | </ItemGroup> | 52 | </ItemGroup> |
| 50 | <ItemGroup> | 53 | <ItemGroup> |
| 51 | <None Include="App.config" /> | 54 | <None Include="App.config" /> |
| 55 | + <None Include="packages.config" /> | ||
| 52 | </ItemGroup> | 56 | </ItemGroup> |
| 53 | <ItemGroup> | 57 | <ItemGroup> |
| 54 | <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj"> | 58 | <ProjectReference Include="..\VulnCrawler\VulnCrawler.csproj"> | ... | ... |
-
Please register or login to post a comment