Example #1
0
def astlevel_comp_proc():
    db_conn = get_connection()
    if db_conn is None:
        print u"数据库连接失败"
        return
    
    #选择所有ffmpeg的漏洞函数   
    cur = db_conn.cursor()
    cur.execute("select * from vulnerability_info")
    rets = cur.fetchall()
    
    func_names = []
    for ret in rets:
        vuln_info = vulnerability_info(ret)
        cve_info = vuln_info.get_cve_info(db_conn)
        soft = cve_info.get_soft(db_conn)
        
        if soft.software_name == "ffmpeg":
            func_names.append(cve_info.cveid.upper().replace("-", "_") + "_VULN_" + vuln_info.vuln_func )
    
    #特征数据库,默认开启在7474端口
    db2 = Graph() #默认连接7474端口
    db1 = Graph("http://localhost:7475/db/data") #假设7475端口是某ffmpeg的图形数据库
    suffix_tree_obj = suffixtree()
    
    wb = Workbook()
    ws = wb.active
    ws.title = u"AST函数级漏洞查找测试结果"
    header = [u'漏洞函数名', u"漏洞文件", u"漏洞函数", "distinct_type_and_const" , "distinct_const_no_type",
              "distinct_type_no_const", "no_type_no_const", "耗时"]
    ws.append(header)
    wb.save("ast_func.xlsx")
    
    all_funcs = get_all_functions(db2)
    for name in func_names:
        try:
            func_similarity_astLevel(db1, all_funcs, db2, name, suffix_tree_obj, ws)
            wb.save("ast_func.xlsx")
        except:
            print "error occured"
    
    suffix_tree_obj.close()
    
    print "all works done!"
Example #2
0
def cfg_comp_proc():
    db_conn = get_connection()
    if db_conn is None:
        print u"数据库连接失败"
        return
    
    #选择所有ffmpeg的漏洞函数   
    cur = db_conn.cursor()
    cur.execute("select * from vulnerability_info")
    rets = cur.fetchall()
    
    func_names = ['CVE_2010_3429_VULN_flic_decode_frame_8BPP',]
    '''
    for ret in rets:
        vuln_info = vulnerability_info(ret)
        cve_info = vuln_info.get_cve_info(db_conn)
        soft = cve_info.get_soft(db_conn)
        
        if soft.software_name == "ffmpeg":
            func_names.append(cve_info.cveid.upper().replace("-", "_") + "_VULN_" + vuln_info.vuln_func )
    '''
    #特征数据库,默认开启在7474端口
    character_db = Graph() #默认连接7474端口
    soft_db = Graph("http://localhost:7475/db/data") #假设7475端口是某ffmpeg的图形数据库
        
    wb = Workbook()
    ws = wb.active
    ws.title = u"CFG函数级漏洞查找测试结果"
    header = [u'漏洞函数名', u"漏洞文件", u"漏洞函数", u"是否匹配", u"相似度", u"耗时"]
    ws.append(header)
    wb.save("cfg_func.xlsx")
    
    all_funcs = get_all_functions(soft_db)
    for name in func_names:
        print "processing " + name
        try:
            func_similarity_cfg_level(soft_db, all_funcs, character_db, name, ws)
            wb.save("ast_func.xlsx")
        except Exception as e:
            print e       
Example #3
0
def vuln_patch_comp_proc():
    db_conn = get_connection()
    if db_conn is None:
        print u"数据库连接失败"
        return
    
    neo4jdb = Graph()
    suffix_tree_obj = suffixtree()
    
    cur = db_conn.cursor()
    cur.execute("select * from vulnerability_info")
    rets = cur.fetchall()
    
    infos = []
    for ret in rets:
        soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn)
        if soft.software_name == "ffmpeg":
            infos.append(ret)
         
    wb = Workbook()
    ws = wb.active
    ws.title = u"测试结果"
    header = [u'CVE编号', u"软件版本", u"漏洞函数", u"漏洞文件",u"状态", "distinct_type_and_const" , "distinct_const_no_type",
              "distinct_type_no_const", "no_type_no_const", "cost"]
    ws.append(header)
    
    for info in infos:
        try:
            vuln_patch_compare(db_conn, neo4jdb, vulnerability_info(info), ws, suffix_tree_obj)
            wb.save("ast_result.xlsx")
        except Exception as e:
            print e
    
    suffix_tree_obj.close()
    
    print "all works done!"
Example #4
0
#coding=utf-8
'''
Created on 2016年1月26日
@author: Bert
'''

from db.models import vulnerability_info, get_connection
import os
import shutil

db_conn = get_connection()
if db_conn is None:
    print u"数据库连接失败"
    exit(0)
    
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
cur.close()

for ret in rets:
    file = vulnerability_info(ret).vuln_file
    cur_dir = os.path.dirname(__file__)
    path = os.path.join(cur_dir, file[31:])
    os.makedirs(os.path.dirname(path))
    shutil.copyfile(file, path)
Example #5
0
#coding=utf-8
'''
Created on 2016年1月26日
@author: Bert
'''

from db.models import vulnerability_info, get_connection
import os
import shutil

db_conn = get_connection()
if db_conn is None:
    print u"数据库连接失败"
    exit(0)

cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
cur.close()

for ret in rets:
    file = vulnerability_info(ret).vuln_file
    cur_dir = os.path.dirname(__file__)
    path = os.path.join(cur_dir, file[31:])
    os.makedirs(os.path.dirname(path))
    shutil.copyfile(file, path)
Example #6
0
def get_var_mapping(soft_name):
    
    db_conn = get_connection()
    if db_conn is None:
        print u"数据库连接失败"
        return

    cur = db_conn.cursor()
    cur.execute("select * from vulnerability_info")
    rets = cur.fetchall()
    
    neo4j_db = Graph()
    
    infos = []
    for ret in rets:
        soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn)
        if soft.software_name == soft_name:
            infos.append(ret)
    
    var_map_db = sqlite3.connect("var_map.db")
    var_map_db.execute('''create table if not exists %s(
            func_name CHAR(100) PRIMARY KEY,
            var_map TEXT NOT NULL)''' % soft_name)
    var_map_db.commit()
    
    print "There are %d functions" % len(infos)
    for info in infos:
        
        vuln_info = vulnerability_info(info)
        cve_info = vuln_info.get_cve_info(db_conn)
        if vuln_info.vuln_func == "None":
            continue
        
        vuln_name = cve_info.cveid.replace("-", "_").upper() + "_VULN_" + vuln_info.vuln_func
        patch_name = cve_info.cveid.replace("-", "_").upper() + "_PATCHED_" + vuln_info.vuln_func
        
        #check if VULN exist
        ret = var_map_db.execute("select * from %s where func_name=?" % soft_name, (vuln_name,))
        if not ret.fetchone():
            #VULN
            var_map = get_type_mapping_table(neo4j_db, vuln_name)
            try:
                var_map_db.execute('insert into %s values(?, ?)' % soft_name,
                                    (vuln_name, var_map.__str__()) )
                var_map_db.commit()
            except Exception, e:
                print soft_name, vuln_name
                print "error:", e
        
        #check if PATCH exist
        ret = var_map_db.execute("select * from %s where func_name=?" % soft_name,(patch_name,))
        if not ret.fetchone():
            #PATCH
            var_map = get_type_mapping_table(neo4j_db, patch_name)
            try:
                var_map_db.execute('insert into %s values(?, ?)' % soft_name, 
                                   (patch_name, var_map.__str__()))
                var_map_db.commit()
            except Exception, e:
                print soft_name, vuln_name
                print "error:", e
Example #7
0
def get_var_mapping(soft_name):

    db_conn = get_connection()
    if db_conn is None:
        print u"数据库连接失败"
        return

    cur = db_conn.cursor()
    cur.execute("select * from vulnerability_info")
    rets = cur.fetchall()

    neo4j_db = Graph()

    infos = []
    for ret in rets:
        soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn)
        if soft.software_name == soft_name:
            infos.append(ret)

    var_map_db = sqlite3.connect("var_map.db")
    var_map_db.execute('''create table if not exists %s(
            func_name CHAR(100) PRIMARY KEY,
            var_map TEXT NOT NULL)''' % soft_name)
    var_map_db.commit()

    print "There are %d functions" % len(infos)
    for info in infos:

        vuln_info = vulnerability_info(info)
        cve_info = vuln_info.get_cve_info(db_conn)
        if vuln_info.vuln_func == "None":
            continue

        vuln_name = cve_info.cveid.replace(
            "-", "_").upper() + "_VULN_" + vuln_info.vuln_func
        patch_name = cve_info.cveid.replace(
            "-", "_").upper() + "_PATCHED_" + vuln_info.vuln_func

        #check if VULN exist
        ret = var_map_db.execute(
            "select * from %s where func_name=?" % soft_name, (vuln_name, ))
        if not ret.fetchone():
            #VULN
            var_map = get_type_mapping_table(neo4j_db, vuln_name)
            try:
                var_map_db.execute('insert into %s values(?, ?)' % soft_name,
                                   (vuln_name, var_map.__str__()))
                var_map_db.commit()
            except Exception, e:
                print soft_name, vuln_name
                print "error:", e

        #check if PATCH exist
        ret = var_map_db.execute(
            "select * from %s where func_name=?" % soft_name, (patch_name, ))
        if not ret.fetchone():
            #PATCH
            var_map = get_type_mapping_table(neo4j_db, patch_name)
            try:
                var_map_db.execute('insert into %s values(?, ?)' % soft_name,
                                   (patch_name, var_map.__str__()))
                var_map_db.commit()
            except Exception, e:
                print soft_name, vuln_name
                print "error:", e