Toggle navigation
Toggle navigation
This project
Loading...
Sign in
노현종
/
2018-1-Capstone1-VulnNotti
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Snippets
Network
Create a new issue
Builds
Commits
Issue Boards
Authored by
노현종
2018-06-10 22:17:22 +0900
Browse Files
Options
Browse Files
Download
Plain Diff
Commit
9d8b3fcd2acb2a249e2d2a1ddf80924982a0b3d9
9d8b3fcd
2 parents
42632ac7
43ab9f58
merge
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
37 additions
and
15 deletions
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
Vulnerablity_DB/VulnUserCodeAnalyzer/Program.cs
View file @
9d8b3fc
...
...
@@ -219,12 +219,26 @@ namespace VulnUserCodeAnalyzer
var
repoBytes
=
Encoding
.
Unicode
.
GetBytes
(
repository
);
var
repoBase64
=
Convert
.
ToBase64String
(
repoBytes
);
foreach
(
var
(
userName
,
repository
)
in
reposits
)
var
repoDir
=
new
DirectoryInfo
(
$
@"C:\Repo\{repoBase64}"
);
if
(
repoDir
.
Exists
)
{
Console
.
WriteLine
(
$
"{userName}, {repository}"
)
;
continue
;
}
repoDir
.
Create
();
Console
.
WriteLine
(
$
"Clone... Path : {repoDir.FullName}, Url : {repository}"
);
Clone
(
repoDir
.
FullName
,
repository
);
Console
.
ReadLine
();
repoPath
=
repoDir
.
FullName
;
userId
=
userName
;
}
if
(!
string
.
IsNullOrWhiteSpace
(
repoPath
)
&&
!
string
.
IsNullOrWhiteSpace
(
userId
))
{
break
;
}
repoWatch
.
Restart
();
}
//Console.WriteLine("엔터를 누르세요");
//Console.ReadLine();
/* hashDict = 사용된 사용자 함수 정보 */
var
hashDict
=
new
Dictionary
<
int
,
HashSet
<
VulnAbstractCrawler
.
UserBlock
>>();
...
...
@@ -283,7 +297,7 @@ namespace VulnUserCodeAnalyzer
* CVE를 가지고 있다고 인정하는 프로그램 정책 때문
*/
var
searchedCveHashList
=
VulnRDS
.
SelectVulnbyCve
(
cve
);
Console
.
WriteLine
(
$
"cve:{cve}, {searchedCveHashList.Count()}개 가져옴
"
);
Console
.
WriteLine
(
$
"CVE:{cve}, Received Count : {searchedCveHashList.Count()}
"
);
foreach
(
var
s
in
searchedCveHashList
)
{
vulnHashSet
.
Add
(
s
);
...
...
@@ -297,7 +311,7 @@ namespace VulnUserCodeAnalyzer
/* 본격적인 취약점 매칭 부분 */
foreach
(
var
vulnSet
in
vulnDict
)
{
//
Console.WriteLine($"-----cve:{vulnSet.Key}");
Console
.
WriteLine
(
$
"-----cve:{vulnSet.Key}"
);
bool
match
=
false
;
foreach
(
var
vuln
in
vulnSet
.
Value
)
{
...
...
@@ -309,6 +323,7 @@ namespace VulnUserCodeAnalyzer
{
if
(
hashDict
.
ContainsKey
(
vuln
.
LenFunc
))
{
//Console.WriteLine("찾음");
/* Bloom Filter는 아쉽게도 포함 여부만 알 수 있기에
* 포함되었음을 알았다면 검색해서 정보를 구한다. */
var
userBlock
=
hashDict
[
vuln
.
LenFunc
].
FirstOrDefault
(
b
=>
b
.
Hash
==
vuln
.
BlockHash
);
...
...
@@ -337,13 +352,13 @@ namespace VulnUserCodeAnalyzer
/* 취약점 레코드가 전부 있어야 CVE 찾음 인정 */
if
(
match
)
{
Console
.
WriteLine
(
$
"CVE 찾음
{vulnSet.Key}"
);
Console
.
WriteLine
(
$
"Matched CVE :
{vulnSet.Key}"
);
/* 찾았으면 cve값을 기록함 밑에서 찾은 cve 정보 전송하기 위해 */
findCveList
.
Add
(
vulnSet
.
Key
);
}
else
{
Console
.
WriteLine
(
"없음
"
);
Console
.
WriteLine
(
"Not
"
);
}
}
stopwatch
.
Stop
();
...
...
@@ -351,8 +366,10 @@ namespace VulnUserCodeAnalyzer
var
hours
=
stopwatch
.
Elapsed
.
Hours
;
var
minutes
=
stopwatch
.
Elapsed
.
Minutes
;
var
seconds
=
stopwatch
.
Elapsed
.
Seconds
;
Console
.
WriteLine
(
$
"경과 시간 {hours.ToString("
00
")}:{minutes.ToString("
00
")}:{seconds.ToString("
00
")}"
);
Console
.
WriteLine
(
$
"찾은 CVE 개수 : {findCveList.Count}"
);
Console
.
WriteLine
(
$
"Elapsed Time : {hours.ToString("
00
")}:{minutes.ToString("
00
")}:{seconds.ToString("
00
")}"
);
Console
.
WriteLine
(
$
"Matched CVE Count : {findCveList.Count}"
);
//Console.ReadLine();
var
yearMatch
=
new
Regex
(
@"CVE-(\d{4})-(\d+)"
);
foreach
(
var
cve
in
findCveList
)
{
...
...
@@ -406,9 +423,9 @@ namespace VulnUserCodeAnalyzer
var
urlBytes
=
Convert
.
FromBase64String
(
findCveDict
[
cve
].
FirstOrDefault
().
Url
);
string
url
=
Encoding
.
Unicode
.
GetString
(
urlBytes
);
//Console.WriteLine(findCveDict[cve].FirstOrDefault().Path.Replace(repoPath, ""));
/* DB 전송 */
VulnRDS
.
InsertVulnDetail
(
new
VulnRDS
.
Vuln_detail
var
vulnDetail
=
new
VulnRDS
.
Vuln_detail
{
CveName
=
data
.
Code
,
Type
=
type
,
...
...
@@ -417,13 +434,18 @@ namespace VulnUserCodeAnalyzer
CveDetail
=
data
.
Detail
,
Publish_date
=
data
.
Publish_Date
.
ToString
(
"yyyy-MM-dd"
),
Update_date
=
data
.
Update_Date
.
ToString
(
"yyyy-MM-dd"
),
UserName
=
"samsung"
,
UserName
=
userId
,
Url
=
url
,
FileName
=
findCveDict
[
cve
].
FirstOrDefault
().
Path
.
Replace
(
@"C:\code"
,
""
),
FileName
=
findCveDict
[
cve
].
FirstOrDefault
().
Path
.
Replace
(
repoPath
,
""
),
FuncName
=
findCveDict
[
cve
].
FirstOrDefault
().
FuncName
,
Product
=
data
.
Type
,
});
Console
.
WriteLine
(
"추가 완료"
);
};
/* DB 전송 */
VulnRDS
.
InsertVulnDetail
(
vulnDetail
);
Console
.
WriteLine
(
$
"Added CVE: {vulnDetail.CveName}, Type: {vulnDetail.Type}, CVSS: {vulnDetail.Level}"
);
}
}
}
}
...
...
Please
register
or
login
to post a comment