def func_pdg_similarity_proc(vuln_id, neo4jdb):
start_time = time.time()
vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id)
vuln_name = vuln_info.cve_info.cveid.replace(u"-", u"_").upper() + u"_VULN_" + vuln_info.vuln_func
patch_name = vuln_info.cve_info.cveid.replace(u"-", u"_").upper() + u"_PATCHED_" + vuln_info.vuln_func
report = pdg_vuln_patch_funcs_report()
report.vuln_info = vuln_info
report.status = u"pending"
report.save()
vuln_func = getFuncNode(vuln_name, neo4jdb)
if vuln_func is None:
report.status = u"vuln_func_not_found"
report.save()
patch_func = getFuncNode(patch_name, neo4jdb)
if patch_name is None:
report.status = u"patch_func_not_found"
report.save()
match, simi = func_pdg_similarity(vuln_func, neo4jdb, patch_func, neo4jdb)
report.is_match = match
report.similarity_rate = simi
report.status = u"success"
end_time = time.time()
report.cost = round(end_time - start_time, 2)
report.save()
def func_pdg_similarity_proc(vuln_id, neo4jdb):
start_time = time.time()
vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id)
vuln_name = vuln_info.cve_info.cveid.replace(
u"-", u"_").upper() + u"_VULN_" + vuln_info.vuln_func
patch_name = vuln_info.cve_info.cveid.replace(
u"-", u"_").upper() + u"_PATCHED_" + vuln_info.vuln_func
report = pdg_vuln_patch_funcs_report()
report.vuln_info = vuln_info
report.status = u"pending"
report.save()
vuln_func = getFuncNode(vuln_name, neo4jdb)
if vuln_func is None:
report.status = u"vuln_func_not_found"
report.save()
patch_func = getFuncNode(patch_name, neo4jdb)
if patch_name is None:
report.status = u"patch_func_not_found"
report.save()
match, simi = func_pdg_similarity(vuln_func, neo4jdb, patch_func, neo4jdb)
report.is_match = match
report.similarity_rate = simi
report.status = u"success"
end_time = time.time()
report.cost = round(end_time - start_time, 2)
report.save()
def func_similarity_pdgLevel_proc(soft, db1, db2, vuln_infos):
allFuncs = getAllFuncs(db1)
for vuln in vuln_infos:
info = vulnerability_info.objects.get(vuln_id=int(vuln))
try:
bug_finder_logs.objects.get(algorithm_type="CFG",
target_soft=soft,
target_vuln=info)
continue
except bug_finder_logs.DoesNotExist:
pass
func_name = info.cve_info.cveid.replace(
u"-", u"_").upper() + u"_VULN_" + info.vuln_func
#获取过滤后的待比对函数集
ast_root = getASTRootNodeByName(func_name, db2)
retType = getFuncRetType(ast_root, db2)
paramList = getFuncParamList(ast_root, db2)
funcList = filterFuncs(db1, allFuncs, retType, paramList)
func_node = getFuncNode(func_name, db2)
report_list = []
#逐个计算
for func in funcList:
flag, simi = func_pdg_similarity(func, db1, func_node, db2)
if flag:
report = {
"func_name": func.properties["name"],
"match": flag,
"simi_rate": simi
}
func_file = getFuncFile(db1, func)[len(soft.sourcecodepath):]
report["func_file":func_file]
report_list.append(report)
#形成报告,写入数据库
log = bug_finder_logs()
log.algorithm_type = "PDG"
log.target_soft = soft
log.target_vuln = vuln
log.cal_report = pickle.dumps(report_list)
log.save()
def func_similarity_pdgLevel_proc(soft, db1, db2, vuln_infos):
allFuncs = getAllFuncs(db1)
for vuln in vuln_infos:
info = vulnerability_info.objects.get(vuln_id=int(vuln))
try:
bug_finder_logs.objects.get(algorithm_type="CFG", target_soft=soft, target_vuln=info)
continue
except bug_finder_logs.DoesNotExist:
pass
func_name = info.cve_info.cveid.replace(u"-", u"_").upper() + u"_VULN_" + info.vuln_func
# 获取过滤后的待比对函数集
ast_root = getASTRootNodeByName(func_name, db2)
retType = getFuncRetType(ast_root, db2)
paramList = getFuncParamList(ast_root, db2)
funcList = filterFuncs(db1, allFuncs, retType, paramList)
func_node = getFuncNode(func_name, db2)
report_list = []
# 逐个计算
for func in funcList:
flag, simi = func_pdg_similarity(func, db1, func_node, db2)
if flag:
report = {"func_name": func.properties["name"], "match": flag, "simi_rate": simi}
func_file = getFuncFile(db1, func)[len(soft.sourcecodepath) :]
report["func_file":func_file]
report_list.append(report)
# 形成报告,写入数据库
log = bug_finder_logs()
log.algorithm_type = "PDG"
log.target_soft = soft
log.target_vuln = vuln
log.cal_report = pickle.dumps(report_list)
log.save()
