노현종

merge

......@@ -219,12 +219,26 @@ namespace VulnUserCodeAnalyzer
var repoBytes = Encoding.Unicode.GetBytes(repository);
var repoBase64 = Convert.ToBase64String(repoBytes);
foreach (var (userName, repository) in reposits)
var repoDir = new DirectoryInfo($@"C:\Repo\{repoBase64}");
if (repoDir.Exists)
{
Console.WriteLine($"{userName}, {repository}");
continue;
}
repoDir.Create();
Console.WriteLine($"Clone... Path : {repoDir.FullName}, Url : {repository}");
Clone(repoDir.FullName, repository);
Console.ReadLine();
repoPath = repoDir.FullName;
userId = userName;
}
if (!string.IsNullOrWhiteSpace(repoPath) && !string.IsNullOrWhiteSpace(userId))
{
break;
}
repoWatch.Restart();
}
//Console.WriteLine("엔터를 누르세요");
//Console.ReadLine();
/* hashDict = 사용된 사용자 함수 정보 */
var hashDict = new Dictionary<int, HashSet<VulnAbstractCrawler.UserBlock>>();
......@@ -283,7 +297,7 @@ namespace VulnUserCodeAnalyzer
* CVE를 가지고 있다고 인정하는 프로그램 정책 때문
*/
var searchedCveHashList = VulnRDS.SelectVulnbyCve(cve);
Console.WriteLine($"cve:{cve}, {searchedCveHashList.Count()}개 가져옴");
Console.WriteLine($"CVE:{cve}, Received Count : {searchedCveHashList.Count()}");
foreach (var s in searchedCveHashList)
{
vulnHashSet.Add(s);
......@@ -297,7 +311,7 @@ namespace VulnUserCodeAnalyzer
/* 본격적인 취약점 매칭 부분 */
foreach (var vulnSet in vulnDict)
{
//Console.WriteLine($"-----cve:{vulnSet.Key}");
Console.WriteLine($"-----cve:{vulnSet.Key}");
bool match = false;
foreach (var vuln in vulnSet.Value)
{
......@@ -309,6 +323,7 @@ namespace VulnUserCodeAnalyzer
{
if (hashDict.ContainsKey(vuln.LenFunc))
{
//Console.WriteLine("찾음");
/* Bloom Filter는 아쉽게도 포함 여부만 알 수 있기에
* 포함되었음을 알았다면 검색해서 정보를 구한다. */
var userBlock = hashDict[vuln.LenFunc].FirstOrDefault(b => b.Hash == vuln.BlockHash);
......@@ -337,13 +352,13 @@ namespace VulnUserCodeAnalyzer
/* 취약점 레코드가 전부 있어야 CVE 찾음 인정 */
if (match)
{
Console.WriteLine($"CVE 찾음 {vulnSet.Key}");
Console.WriteLine($"Matched CVE : {vulnSet.Key}");
/* 찾았으면 cve값을 기록함 밑에서 찾은 cve 정보 전송하기 위해 */
findCveList.Add(vulnSet.Key);
}
else
{
Console.WriteLine("없음");
Console.WriteLine("Not");
}
}
stopwatch.Stop();
......@@ -351,8 +366,10 @@ namespace VulnUserCodeAnalyzer
var hours = stopwatch.Elapsed.Hours;
var minutes = stopwatch.Elapsed.Minutes;
var seconds = stopwatch.Elapsed.Seconds;
Console.WriteLine($"경과 시간 {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}");
Console.WriteLine($"찾은 CVE 개수 : {findCveList.Count}");
Console.WriteLine($"Elapsed Time : {hours.ToString("00")}:{minutes.ToString("00")}:{seconds.ToString("00")}");
Console.WriteLine($"Matched CVE Count : {findCveList.Count}");
//Console.ReadLine();
var yearMatch = new Regex(@"CVE-(\d{4})-(\d+)");
foreach (var cve in findCveList)
{
......@@ -406,9 +423,9 @@ namespace VulnUserCodeAnalyzer
var urlBytes = Convert.FromBase64String(findCveDict[cve].FirstOrDefault().Url);
string url = Encoding.Unicode.GetString(urlBytes);
//Console.WriteLine(findCveDict[cve].FirstOrDefault().Path.Replace(repoPath, ""));
/* DB 전송 */
VulnRDS.InsertVulnDetail(new VulnRDS.Vuln_detail
var vulnDetail = new VulnRDS.Vuln_detail
{
CveName = data.Code,
Type = type,
......@@ -417,13 +434,18 @@ namespace VulnUserCodeAnalyzer
CveDetail = data.Detail,
Publish_date = data.Publish_Date.ToString("yyyy-MM-dd"),
Update_date = data.Update_Date.ToString("yyyy-MM-dd"),
UserName = "samsung",
UserName = userId,
Url = url,
FileName = findCveDict[cve].FirstOrDefault().Path.Replace(@"C:\code", ""),
FileName = findCveDict[cve].FirstOrDefault().Path.Replace(repoPath, ""),
FuncName = findCveDict[cve].FirstOrDefault().FuncName,
Product = data.Type,
});
Console.WriteLine("추가 완료");
};
/* DB 전송 */
VulnRDS.InsertVulnDetail(vulnDetail);
Console.WriteLine($"Added CVE: {vulnDetail.CveName}, Type: {vulnDetail.Type}, CVSS: {vulnDetail.Level}");
}
}
}
}
......