노현종 / 2018-1-Capstone1-VulnNotti

Go to a project
Toggle navigation Toggle navigation pinning
이지윤
7f9306c7 1 parent 1fc32f95

VulnRDS : mysql vuln수정, CRUD Func 생성 및 수정

Inline Side-by-side
Showing 2 changed files with 261 additions and 67 deletions
...@@ -29,7 +29,18 @@ namespace VulnCrawler ...@@ -29,7 +29,18 @@ namespace VulnCrawler
29 { 29 {
30 public int UserId { get; set; } = -1;/* 유저 ID */ 30 public int UserId { get; set; } = -1;/* 유저 ID */
31 public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */ 31 public string RepositName { get; set; } = "NULL"; /* 유저 레파지토리 이름 */
32 - public string VulnId { get; set; } = "NULL"; /* 취약점 vuln ID */ 32 + public int VulnId { get; set; } = -1; /* 취약점 vuln ID */
33 + }
34 + //
35 + public class _Vuln
36 + {
37 + public int VulnId { get; set; } = -1; /* 취약점 ID */
38 + public string Cve { get; set; } = "NULL"; /* 취약점 CVE */
39 + public string FuncName { get; set; } = "NULL"; /* 취약점 함수 이름 */
40 + public int LenFunc { get; set; } = -1; /* 취약점 함수 길이 */
41 + public string Code { get; set; } = "NULL"; /* 취약점 소스 코드 */
42 + public string BlockHash { get; set; } = "NULL";/* 취약점 블록 해시 값 */
43 + public string Url { get; set; } = "NULL"; /* 취약점 URL */
33 } 44 }
34 //connect 45 //connect
35 public static void Connect(AWS.Account account, string dbName) 46 public static void Connect(AWS.Account account, string dbName)
...@@ -52,19 +63,6 @@ namespace VulnCrawler ...@@ -52,19 +63,6 @@ namespace VulnCrawler
52 public static void InsertVulnData(Vuln vuln) 63 public static void InsertVulnData(Vuln vuln)
53 { 64 {
54 String sql = string.Empty; 65 String sql = string.Empty;
55 - //DB에 취약점 데이터가 이미 있는지 검사
56 - /*
57 -
58 - sql = "select count(*) from vulnInfo where cve like '" + vuln.Cve + "' and numBlock like '" +vuln.NumBlock + "'" ;
59 - MySqlCommand cmd = new MySqlCommand(sql, Conn);
60 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
61 - //CVE & block num 중복인 경우
62 - if (RecordCount > 0)
63 - {
64 - //추가하지 않음
65 - return;
66 - }
67 - */
68 // vulnId setting (마지막 vulnId +1) 66 // vulnId setting (마지막 vulnId +1)
69 MySqlCommand cmd = null; 67 MySqlCommand cmd = null;
70 68
...@@ -105,23 +103,65 @@ namespace VulnCrawler ...@@ -105,23 +103,65 @@ namespace VulnCrawler
105 } 103 }
106 104
107 } 105 }
106 + public static void _InsertVulnData(_Vuln vuln)
107 + {
108 + String sql = string.Empty;
109 + // vulnId setting (마지막 vulnId +1)
110 + MySqlCommand cmd = null;
111 +
112 + int last_vulnId = 1;
113 + try
114 + {
115 + sql = "select max(vulnId) from vuln_Info";
116 + cmd = new MySqlCommand(sql, Conn);
117 + last_vulnId = (Convert.ToInt32(cmd.ExecuteScalar())) + 1;
118 + }
119 + catch (Exception)
120 + {
121 + last_vulnId = 1;
122 + }
123 +
124 + Retry:
125 +
126 + //DB insert
127 + try
128 + {
129 + cmd = new MySqlCommand();
130 + cmd.Connection = Conn;
131 + //db에 추가
132 + cmd.CommandText = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) VALUES(@vulnId, @cve, @funcName, @lenFunc, @code, @blockHash, @url)";
133 + cmd.Parameters.AddWithValue("@vulnId", last_vulnId);
134 + cmd.Parameters.AddWithValue("@cve", $"'{vuln.Cve}'");
135 + cmd.Parameters.AddWithValue("@funcName", $"'{vuln.FuncName}'");
136 + cmd.Parameters.AddWithValue("@lenFunc", $"'{vuln.LenFunc}'");
137 + cmd.Parameters.AddWithValue("@code", $"'{vuln.Code}'");
138 + cmd.Parameters.AddWithValue("@blockHash", $"'{vuln.BlockHash}'");
139 + cmd.Parameters.AddWithValue("@url", $"'{vuln.Url}'");
140 + cmd.ExecuteNonQuery();
141 + //콘솔출력용
142 + sql = "INSERT INTO vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) " +
143 + $"VALUES({last_vulnId}, {vuln.Cve}, '{vuln.FuncName}', '{vuln.LenFunc}', {vuln.Code},'{vuln.BlockHash}', '{vuln.Url}')";
144 + Console.WriteLine(sql);
145 + }
146 + catch (Exception e)
147 + {
148 + Console.WriteLine(e.ToString());
149 + string es = e.ToString();
150 + if (es.Contains("Connection must be valid and open"))
151 + {
152 + Connect(Account, DbName);
153 + goto Retry;
154 + }
155 + Console.ReadLine();
156 + }
157 + }
108 public static void InsertUserData(User user) 158 public static void InsertUserData(User user)
109 { 159 {
110 Conn.Open(); 160 Conn.Open();
111 String sql = string.Empty; 161 String sql = string.Empty;
112 MySqlCommand cmd = null; 162 MySqlCommand cmd = null;
113 - /* 163 +
114 - //DB에 취약점 데이터가 이미 있는지 검사 164 + //user_id setting
115 - String sql = "select count(*) from vulnInfo where cve like '" + user. + "'";
116 - MySqlCommand cmd = new MySqlCommand(sql, Conn);
117 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar());
118 - //CVE 중복인 경우
119 - if (RecordCount > 0)
120 - {
121 - Console.WriteLine("이미 cve가 존재함");
122 - }
123 - */
124 - // userId setting (마지막 userId +1)
125 int last_userId = 1; 165 int last_userId = 1;
126 try 166 try
127 { 167 {
...@@ -134,65 +174,218 @@ namespace VulnCrawler ...@@ -134,65 +174,218 @@ namespace VulnCrawler
134 last_userId = 1; 174 last_userId = 1;
135 } 175 }
136 176
137 - //DB insert 177 + Retry:
178 +
179 + //insert
138 try 180 try
139 { 181 {
140 - sql = "INSERT INTO userInfo(userId, repositName, vulnInfo) " + $"VALUES({last_userId}, {user.RepositName}, '{user.VulnId}')"; 182 + cmd = new MySqlCommand();
183 + cmd.Connection = Conn;
184 + //db에 추가
185 + cmd.CommandText = "INSERT INTO userInfo(userId, repositName, vulnId) VALUES(@userId, @repositName, @vulnId)";
186 + cmd.Parameters.AddWithValue("@userId", last_userId);
187 + cmd.Parameters.AddWithValue("@repositName", $"'{user.RepositName}'");
188 + cmd.Parameters.AddWithValue("@vulnInfo", $"'{user.VulnId}'");
189 + cmd.ExecuteNonQuery();
190 + //콘솔출력용
191 + sql = "INSERT INTO userInfo(userId, repositName, vulnId) " + $"VALUES({last_userId},'{user.RepositName}','{user.VulnId}')";
141 Console.WriteLine(sql); 192 Console.WriteLine(sql);
142 - cmd = new MySqlCommand(sql, Conn); 193 + }
194 + catch (Exception e)
195 + {
196 + Console.WriteLine(e.ToString());
197 + string es = e.ToString();
198 + if (es.Contains("Connection must be valid and open"))
199 + {
200 + Connect(Account, DbName);
201 + goto Retry;
202 + }
203 + Console.ReadLine();
204 + }
205 + }
206 + public static void UpdateVulnData(int _vulnId, _Vuln vuln) {
207 + String sql = string.Empty;
208 + MySqlCommand cmd = null;
209 +
210 + Retry:
211 +
212 + //DB update
213 + try
214 + {
215 + cmd = new MySqlCommand();
216 + cmd.Connection = Conn;
217 + //해당 vuln Update
218 + cmd.CommandText = "UPDATE vuln_Info SET cve=@cve,funName=@funName,lenFunc=@lenFunc,code=@code,blockHash=@blockHash,url=@url WHERE vulnId=@vunId";
219 + cmd.Parameters.AddWithValue("@vulnId", _vulnId);
220 + cmd.Parameters.AddWithValue("@cve", $"'{vuln.Cve}'");
221 + cmd.Parameters.AddWithValue("@funcName", $"'{vuln.FuncName}'");
222 + cmd.Parameters.AddWithValue("@lenFunc", $"'{vuln.LenFunc}'");
223 + cmd.Parameters.AddWithValue("@code", $"'{vuln.Code}'");
224 + cmd.Parameters.AddWithValue("@blockHash", $"'{vuln.BlockHash}'");
225 + cmd.Parameters.AddWithValue("@url", $"'{vuln.Url}'");
143 cmd.ExecuteNonQuery(); 226 cmd.ExecuteNonQuery();
227 + //콘솔출력용
228 + sql = "UPDATE vuln_Info(vulnId, cve, funcName, lenFunc, code, blockHash, url) " +
229 + $"VALUES({_vulnId}, {vuln.Cve}, '{vuln.FuncName}', '{vuln.LenFunc}', {vuln.Code},'{vuln.BlockHash}', '{vuln.Url}')";
230 + Console.WriteLine(sql);
144 } 231 }
145 catch (Exception e) 232 catch (Exception e)
146 { 233 {
147 - Console.WriteLine(e.StackTrace); 234 + Console.WriteLine(e.ToString());
235 + string es = e.ToString();
236 + if (es.Contains("Connection must be valid and open"))
237 + {
238 + Connect(Account, DbName);
239 + goto Retry;
148 } 240 }
241 + Console.ReadLine();
242 + }
243 + return;
244 + }
245 + public static void UpdateUserData(int _userId, User user)
246 + {
247 + String sql = string.Empty;
248 + MySqlCommand cmd = null;
249 +
250 + Retry:
251 +
252 + //DB update
253 + try
254 + {
255 + cmd = new MySqlCommand();
256 + cmd.Connection = Conn;
257 + //해당 user Update
258 + cmd.CommandText = "UPDATE userInfo SET repositName=@repositName, vulnId=@vulnId WHERE userId=@userId";
259 + cmd.Parameters.AddWithValue("@userId", _userId);
260 + cmd.Parameters.AddWithValue("@repositName", $"'{user.RepositName}'");
261 + cmd.Parameters.AddWithValue("@vulnId", $"'{user.VulnId}'");
262 +
263 + cmd.ExecuteNonQuery();
264 + //콘솔출력용
265 + sql = "UPDATE userInfo(userId, repositName, vulnId) " +
266 + $"VALUES({_userId}, '{user.RepositName}', '{user.VulnId}')";
267 + Console.WriteLine(sql);
149 } 268 }
150 - public static Vuln SearchVulnCve(int _vulnId) 269 + catch (Exception e)
270 + {
271 + Console.WriteLine(e.ToString());
272 + string es = e.ToString();
273 + if (es.Contains("Connection must be valid and open"))
151 { 274 {
152 - Vuln vuln = new Vuln(); 275 + Connect(Account, DbName);
153 - //특정 cve 가 있는지 검사 276 + goto Retry;
154 - String sql = "select * from vulnInfo where cve like '" + _vulnId + "'"; 277 + }
155 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 278 + Console.ReadLine();
156 - MySqlDataReader rdr = cmd.ExecuteReader(); 279 + }
157 - while (rdr.Read()) 280 + return;
281 + }
282 + public static _Vuln SelectVulnData(int _vulnId) {
283 + _Vuln vuln = new _Vuln();
284 + String sql = string.Empty;
285 + MySqlCommand cmd = new MySqlCommand();
286 + cmd.Connection = Conn;
287 + cmd.CommandText = "SELECT * FROM vuln_Info";
288 +
289 + System.Data.DataSet ds = new System.Data.DataSet();
290 + MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM userInfo", Conn);
291 + da.Fill(ds);
292 +
293 + //vuln에 입력
294 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
158 { 295 {
159 - vuln.VulnId = Convert.ToInt32(rdr["vulnId"]); 296 + vuln.VulnId = Convert.ToInt32(row["vulnId"]);
160 - vuln.LenBlock = Convert.ToInt32(rdr["lenBlock"]); 297 + vuln.Cve = Convert.ToString(row["cve"]);
161 - vuln.Cve = Convert.ToString(rdr["cve"]); 298 + vuln.FuncName = Convert.ToString(row["funcName"]);
162 - vuln.FuncName = Convert.ToString(rdr["funcName"]); 299 + vuln.LenFunc = Convert.ToInt32(row["lenFunc"]);
163 - vuln.NumBlock = Convert.ToInt32(rdr["numBlock"]); 300 + vuln.Code = Convert.ToString(row["code"]);
164 - vuln.CodeOriBefore = Convert.ToString(rdr["codeOriBefore"]); 301 + vuln.BlockHash = Convert.ToString(row["blockHash"]);
165 - vuln.CodeOriAfter = Convert.ToString(rdr["codeOriAfter"]); 302 + vuln.Url = Convert.ToString(row["url"]);
166 - vuln.CodeAbsBefore = Convert.ToString(rdr["codeAbsBefore"]); ;
167 - vuln.CodeAbsAfter = Convert.ToString(rdr["codeAbsAfter"]);
168 - vuln.BlockHash = Convert.ToString(rdr["blockHash"]);
169 } 303 }
304 + //해당 vuln 반환
170 return vuln; 305 return vuln;
171 } 306 }
307 + public static User SelectUserData(int _userId)
308 + {
309 + User user = new User();
310 + String sql = string.Empty;
311 + MySqlCommand cmd = new MySqlCommand();
312 + cmd.Connection = Conn;
313 + cmd.CommandText = "SELECT * FROM userInfo";
314 +
315 + //해당 user 찾음
316 + System.Data.DataSet ds = new System.Data.DataSet();
317 + MySqlDataAdapter da = new MySqlDataAdapter("SELECT * FROM userInfo", Conn);
318 + da.Fill(ds);
172 319
173 - public static bool CheckVulnData(int _vulnId) 320 + //user에 입력
321 + foreach (System.Data.DataRow row in ds.Tables[0].Rows)
174 { 322 {
175 - string sql = "select count(*) from vulnInfo where vulnId like '" + _vulnId+ "'"; 323 + user.VulnId = Convert.ToInt32(row["vulnId"]);
176 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 324 + user.RepositName = Convert.ToString(row["repositName"]);
177 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 325 + user.UserId = Convert.ToInt32(row["userId"]);
178 - if (RecordCount > 0)
179 - return true;
180 - else
181 - return false;
182 } 326 }
183 - public static bool CheckUserData(int _userId) 327 + //해당 user 반환
328 + return user;
329 + }
330 + public static void DeleteVulnData(int _vulnId) {
331 + String sql = string.Empty;
332 + MySqlCommand cmd = null;
333 +
334 + Retry:
335 +
336 + //DB insert
337 + try
184 { 338 {
185 - string sql = "select count(*) from userInfo where vulnId like '" + _userId + "'"; 339 + cmd = new MySqlCommand();
186 - MySqlCommand cmd = new MySqlCommand(sql, Conn); 340 + cmd.Connection = Conn;
187 - int RecordCount = Convert.ToInt32(cmd.ExecuteScalar()); 341 + cmd.CommandText = "DELETE FROM vuln_Info WHERE vulnId=@vulnId";
188 - if (RecordCount > 0) 342 + cmd.Parameters.AddWithValue("@vulnId", _vulnId);
189 - return true; 343 + cmd.ExecuteNonQuery();
190 - else 344 + //콘솔출력용
191 - return false; 345 + sql = "DELETE FROM vuln_Info WHERE vulnId="+ _vulnId;
346 + Console.WriteLine(sql);
347 + }
348 + catch (Exception e)
349 + {
350 + Console.WriteLine(e.ToString());
351 + string es = e.ToString();
352 + if (es.Contains("Connection must be valid and open"))
353 + {
354 + Connect(Account, DbName);
355 + goto Retry;
356 + }
357 + Console.ReadLine();
358 + }
359 + }
360 + public static void DeleteUserData(int _userId)
361 + {
362 + String sql = string.Empty;
363 + MySqlCommand cmd = null;
364 +
365 + Retry:
366 +
367 + try
368 + {
369 + cmd = new MySqlCommand();
370 + cmd.Connection = Conn;
371 + cmd.CommandText = "DELETE FROM userInfo WHERE userId=@userId";
372 + cmd.Parameters.AddWithValue("@userId", _userId);
373 + cmd.ExecuteNonQuery();
374 + //콘솔출력용
375 + sql = "DELETE FROM userInfo WHERE userId=" + _userId;
376 + Console.WriteLine(sql);
377 + }
378 + catch (Exception e)
379 + {
380 + Console.WriteLine(e.ToString());
381 + string es = e.ToString();
382 + if (es.Contains("Connection must be valid and open"))
383 + {
384 + Connect(Account, DbName);
385 + goto Retry;
386 + }
387 + Console.ReadLine();
388 + }
192 } 389 }
193 - //public static IEnumerable<string> SearchVulnData(int _len)
194 - //{
195 - //
196 - //}
197 } 390 }
198 } 391 }
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -28,6 +28,7 @@ namespace VulnCrawler ...@@ -28,6 +28,7 @@ namespace VulnCrawler
28 continue; 28 continue;
29 } 29 }
30 foreach (var parent in commit.Parents) { 30 foreach (var parent in commit.Parents) {
31 +
31 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴 32 // 부모 커밋과 현재 커밋을 Compare 하여 패치 내역을 가져옴
32 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree); 33 var patch = crawler.Repository.Diff.Compare<Patch>(parent.Tree, commit.Tree);
33 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴 34 // 패치 엔트리 파일 배열 중에 파일 확장자가 .py인 것만 가져옴
......