Toggle navigation
Toggle navigation
This project
Loading...
Sign in
노현종
/
2018-1-Capstone1-VulnNotti
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Snippets
Network
Create a new issue
Builds
Commits
Issue Boards
Authored by
노현종
2018-04-10 00:40:59 +0900
Browse Files
Options
Browse Files
Download
Email Patches
Plain Diff
Commit
996209797b0115047dfd2755cf47bf1a7add6599
99620979
1 parent
7e21fc12
파이썬 CVE 취약 코드 발견 후 패치 이전 코드 수집중
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
186 additions
and
1 deletions
Vulnerablity_DB/VulnCrawler/Program.cs
Vulnerablity_DB/VulnCrawler/VulnCrawler.csproj
Vulnerablity_DB/VulnCrawler/packages.config
Vulnerablity_DB/VulnCrawler/Program.cs
View file @
9962097
using
System
;
using
LibGit2Sharp
;
using
System
;
using
System.Collections.Generic
;
using
System.IO
;
using
System.Linq
;
using
System.Text
;
using
System.Text.RegularExpressions
;
using
System.Threading.Tasks
;
namespace
VulnCrawler
...
...
@@ -9,7 +12,171 @@ namespace VulnCrawler
class
Program
{
static
void
Main
(
string
[]
args
)
{
//if (Directory.Exists(@"c:\test")) {
// DeleteDirectory(@"c:\test");
//}
//var co = new CloneOptions {
// OnCheckoutProgress = CheckoutProcess,
// OnTransferProgress = TransferProgress,
// CredentialsProvider = (_url, _user, _cred) => new UsernamePasswordCredentials { Username = "yhackerbv@gmail.com", Password = "@@GUSwjdaf12@@" }
//};
//Repository.Clone("https://github.com/torvalds/linux.git", @"\test\", co);
using
(
var
r
=
new
Repository
(
@"c:\test2"
))
{
var
commits
=
r
.
Commits
.
Where
(
c
=>
Regex
.
Match
(
c
.
Message
,
@"CVE-20\d\d-\d{4}"
,
RegexOptions
.
IgnoreCase
).
Success
)
//.Where(c => c.Message.IndexOf("CVE-20",
//StringComparison.CurrentCultureIgnoreCase) >= 0)
.
ToList
();
Console
.
WriteLine
(
commits
.
Count
);
foreach
(
var
commit
in
commits
)
{
string
message
=
commit
.
Message
;
Console
.
ForegroundColor
=
ConsoleColor
.
Yellow
;
Console
.
WriteLine
(
$
"Commit Message: {message}"
);
Console
.
ResetColor
();
foreach
(
var
parent
in
commit
.
Parents
)
{
var
patch
=
r
.
Diff
.
Compare
<
Patch
>(
parent
.
Tree
,
commit
.
Tree
,
new
CompareOptions
{
});
var
entrys
=
patch
.
Where
(
e
=>
e
.
Path
.
EndsWith
(
".py"
));
foreach
(
var
entry
in
entrys
)
{
Console
.
ForegroundColor
=
ConsoleColor
.
Blue
;
Console
.
WriteLine
(
$
"status: {entry.Status.ToString()}"
);
Console
.
WriteLine
(
$
"added: {entry.LinesAdded.ToString()}, deleted: {entry.LinesDeleted.ToString()}"
);
Console
.
WriteLine
(
$
"old path: {entry.OldPath.ToString()}, new path: {entry.Path.ToString()}"
);
Console
.
ResetColor
();
var
oldOid
=
entry
.
OldOid
;
Blob
oldBlob
=
r
.
Lookup
<
Blob
>(
oldOid
);
string
oldContent
=
oldBlob
.
GetContentText
();
var
newOid
=
entry
.
Oid
;
Blob
newBlob
=
r
.
Lookup
<
Blob
>(
newOid
);
string
newContent
=
newBlob
.
GetContentText
();
//ContentChanges changes = r.Diff.Compare(oldBlob, newBlob);
// Console.WriteLine(changes.Patch);
// @@ -290,8 + 290,12 @@ def i
// @@ -290,8 +290,12 @@ def is_safe_url(url, host=None):
var
regs
=
Regex
.
Matches
(
entry
.
Patch
,
@"@@ \-(?<oldStart>\d+),(?<oldLines>\d+) \+(?<newStart>\d+),(?<newLines>\d+) @@ def (?<methodName>\w+)"
);
if
(
regs
.
Count
>
0
)
{
Console
.
BackgroundColor
=
ConsoleColor
.
DarkBlue
;
Console
.
WriteLine
(
$
"Old Content: \n{oldContent}"
);
Console
.
ResetColor
();
Console
.
BackgroundColor
=
ConsoleColor
.
DarkMagenta
;
Console
.
WriteLine
(
$
"New Content: \n{newContent}"
);
Console
.
ResetColor
();
Console
.
BackgroundColor
=
ConsoleColor
.
DarkRed
;
Console
.
WriteLine
(
$
"Patched: \n{entry.Patch}"
);
Console
.
ResetColor
();
Console
.
WriteLine
(
"-----------"
);
Console
.
WriteLine
(
regs
.
Count
);
}
foreach
(
var
reg
in
regs
)
{
var
match
=
reg
as
Match
;
int
.
TryParse
(
match
.
Groups
[
"oldStart"
].
Value
,
out
int
oldStart
);
int
.
TryParse
(
match
.
Groups
[
"oldLines"
].
Value
,
out
int
oldLines
);
string
methodName
=
match
.
Groups
[
"methodName"
].
Value
;
Console
.
WriteLine
(
match
.
Groups
[
"oldStart"
].
Value
);
Console
.
WriteLine
(
match
.
Groups
[
"oldLines"
].
Value
);
Console
.
WriteLine
(
match
.
Groups
[
"newStart"
].
Value
);
Console
.
WriteLine
(
match
.
Groups
[
"newLines"
].
Value
);
Console
.
WriteLine
(
match
.
Groups
[
"methodName"
].
Value
);
StringBuilder
oldBuilder
=
new
StringBuilder
();
using
(
var
reader
=
new
StreamReader
(
oldBlob
.
GetContentStream
()))
{
int
readCount
=
0
;
while
(!
reader
.
EndOfStream
&&
readCount
<=
oldStart
+
oldLines
)
{
string
line
=
reader
.
ReadLine
();
if
(
readCount
++
>=
oldStart
)
{
oldBuilder
.
AppendLine
(
line
);
}
}
//bool found = false;
//while (!reader.EndOfStream) {
// string line = reader.ReadLine();
// if (line.Contains(string.Join("def ", methodName))) {
// }
// if (found) {
// }
//}
}
string
replace
=
Regex
.
Replace
(
oldBuilder
.
ToString
(),
"\t"
,
""
);
Console
.
WriteLine
(
$
"Builder: \n{replace}"
);
}
Console
.
WriteLine
(
"-----------"
);
Console
.
ResetColor
();
}
//Console.WriteLine(patch.Content);
}
Console
.
WriteLine
(
$
"Commit {commit.Sha} 추출 완료"
);
// Task.Delay(1000).Wait();
//break;
}
}
}
public
static
void
DeleteDirectory
(
string
targetDir
)
{
File
.
SetAttributes
(
targetDir
,
FileAttributes
.
Normal
);
string
[]
files
=
Directory
.
GetFiles
(
targetDir
);
string
[]
dirs
=
Directory
.
GetDirectories
(
targetDir
);
foreach
(
string
file
in
files
)
{
File
.
SetAttributes
(
file
,
FileAttributes
.
Normal
);
File
.
Delete
(
file
);
}
foreach
(
string
dir
in
dirs
)
{
DeleteDirectory
(
dir
);
}
Directory
.
Delete
(
targetDir
,
false
);
}
public
static
bool
TransferProgress
(
TransferProgress
progress
)
{
int
totalBytes
=
progress
.
TotalObjects
;
int
receivedBytes
=
progress
.
ReceivedObjects
;
long
receivedTotal
=
progress
.
ReceivedBytes
;
double
received
=
progress
.
ReceivedBytes
/
1000000
;
double
percent
=
((
double
)
receivedBytes
/
(
double
)
totalBytes
)
*
10
;
Console
.
WriteLine
(
$
"진행률: {percent.ToString("
P2
")}, 남은 파일: {receivedBytes} of {totalBytes}"
);
//, 받은 용량: {received.ToString()}MB");
Console
.
ForegroundColor
=
ConsoleColor
.
DarkGreen
;
return
true
;
}
public
static
void
CheckoutProcess
(
string
path
,
int
completedSteps
,
int
totalSteps
)
{
Console
.
WriteLine
(
$
"{completedSteps}, {totalSteps}, {path}"
);
}
}
}
...
...
Vulnerablity_DB/VulnCrawler/VulnCrawler.csproj
View file @
9962097
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\packages\LibGit2Sharp.NativeBinaries.1.0.210\build\net461\LibGit2Sharp.NativeBinaries.props" Condition="Exists('..\packages\LibGit2Sharp.NativeBinaries.1.0.210\build\net461\LibGit2Sharp.NativeBinaries.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
...
...
@@ -11,6 +12,8 @@
<TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
...
...
@@ -32,6 +35,9 @@
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="LibGit2Sharp, Version=0.25.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333, processorArchitecture=MSIL">
<HintPath>..\packages\LibGit2Sharp.0.25.0\lib\netstandard2.0\LibGit2Sharp.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
...
...
@@ -47,6 +53,13 @@
</ItemGroup>
<ItemGroup>
<None Include="App.config" />
<None Include="packages.config" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>이 프로젝트는 이 컴퓨터에 없는 NuGet 패키지를 참조합니다. 해당 패키지를 다운로드하려면 NuGet 패키지 복원을 사용하십시오. 자세한 내용은 http://go.microsoft.com/fwlink/?LinkID=322105를 참조하십시오. 누락된 파일은 {0}입니다.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\LibGit2Sharp.NativeBinaries.1.0.210\build\net461\LibGit2Sharp.NativeBinaries.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\LibGit2Sharp.NativeBinaries.1.0.210\build\net461\LibGit2Sharp.NativeBinaries.props'))" />
</Target>
</Project>
\ No newline at end of file
...
...
Vulnerablity_DB/VulnCrawler/packages.config
0 → 100644
View file @
9962097
<?
xml
version
=
"1.0"
encoding
=
"utf-8"
?>
<
packages
>
<
package
id
=
"LibGit2Sharp"
version
=
"0.25.0"
targetFramework
=
"net461"
/>
<
package
id
=
"LibGit2Sharp.NativeBinaries"
version
=
"1.0.210"
targetFramework
=
"net461"
/>
</
packages
>
\ No newline at end of file
Please
register
or
login
to post a comment