def astlevel_comp_proc():
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
return
#选择所有ffmpeg的漏洞函数
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
func_names = []
for ret in rets:
vuln_info = vulnerability_info(ret)
cve_info = vuln_info.get_cve_info(db_conn)
soft = cve_info.get_soft(db_conn)
if soft.software_name == "ffmpeg":
func_names.append(cve_info.cveid.upper().replace("-", "_") + "_VULN_" + vuln_info.vuln_func )
#特征数据库,默认开启在7474端口
db2 = Graph() #默认连接7474端口
db1 = Graph("http://localhost:7475/db/data") #假设7475端口是某ffmpeg的图形数据库
suffix_tree_obj = suffixtree()
wb = Workbook()
ws = wb.active
ws.title = u"AST函数级漏洞查找测试结果"
header = [u'漏洞函数名', u"漏洞文件", u"漏洞函数", "distinct_type_and_const" , "distinct_const_no_type",
"distinct_type_no_const", "no_type_no_const", "耗时"]
ws.append(header)
wb.save("ast_func.xlsx")
all_funcs = get_all_functions(db2)
for name in func_names:
try:
func_similarity_astLevel(db1, all_funcs, db2, name, suffix_tree_obj, ws)
wb.save("ast_func.xlsx")
except:
print "error occured"
suffix_tree_obj.close()
print "all works done!"
def cfg_comp_proc():
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
return
#选择所有ffmpeg的漏洞函数
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
func_names = ['CVE_2010_3429_VULN_flic_decode_frame_8BPP',]
'''
for ret in rets:
vuln_info = vulnerability_info(ret)
cve_info = vuln_info.get_cve_info(db_conn)
soft = cve_info.get_soft(db_conn)
if soft.software_name == "ffmpeg":
func_names.append(cve_info.cveid.upper().replace("-", "_") + "_VULN_" + vuln_info.vuln_func )
'''
#特征数据库,默认开启在7474端口
character_db = Graph() #默认连接7474端口
soft_db = Graph("http://localhost:7475/db/data") #假设7475端口是某ffmpeg的图形数据库
wb = Workbook()
ws = wb.active
ws.title = u"CFG函数级漏洞查找测试结果"
header = [u'漏洞函数名', u"漏洞文件", u"漏洞函数", u"是否匹配", u"相似度", u"耗时"]
ws.append(header)
wb.save("cfg_func.xlsx")
all_funcs = get_all_functions(soft_db)
for name in func_names:
print "processing " + name
try:
func_similarity_cfg_level(soft_db, all_funcs, character_db, name, ws)
wb.save("ast_func.xlsx")
except Exception as e:
print e
def vuln_patch_comp_proc():
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
return
neo4jdb = Graph()
suffix_tree_obj = suffixtree()
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
infos = []
for ret in rets:
soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn)
if soft.software_name == "ffmpeg":
infos.append(ret)
wb = Workbook()
ws = wb.active
ws.title = u"测试结果"
header = [u'CVE编号', u"软件版本", u"漏洞函数", u"漏洞文件",u"状态", "distinct_type_and_const" , "distinct_const_no_type",
"distinct_type_no_const", "no_type_no_const", "cost"]
ws.append(header)
for info in infos:
try:
vuln_patch_compare(db_conn, neo4jdb, vulnerability_info(info), ws, suffix_tree_obj)
wb.save("ast_result.xlsx")
except Exception as e:
print e
suffix_tree_obj.close()
print "all works done!"
#coding=utf-8
'''
Created on 2016年1月26日
@author: Bert
'''
from db.models import vulnerability_info, get_connection
import os
import shutil
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
exit(0)
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
cur.close()
for ret in rets:
file = vulnerability_info(ret).vuln_file
cur_dir = os.path.dirname(__file__)
path = os.path.join(cur_dir, file[31:])
os.makedirs(os.path.dirname(path))
shutil.copyfile(file, path)
#coding=utf-8
'''
Created on 2016年1月26日
@author: Bert
'''
from db.models import vulnerability_info, get_connection
import os
import shutil
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
exit(0)
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
cur.close()
for ret in rets:
file = vulnerability_info(ret).vuln_file
cur_dir = os.path.dirname(__file__)
path = os.path.join(cur_dir, file[31:])
os.makedirs(os.path.dirname(path))
shutil.copyfile(file, path)
def get_var_mapping(soft_name):
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
return
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
neo4j_db = Graph()
infos = []
for ret in rets:
soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn)
if soft.software_name == soft_name:
infos.append(ret)
var_map_db = sqlite3.connect("var_map.db")
var_map_db.execute('''create table if not exists %s(
func_name CHAR(100) PRIMARY KEY,
var_map TEXT NOT NULL)''' % soft_name)
var_map_db.commit()
print "There are %d functions" % len(infos)
for info in infos:
vuln_info = vulnerability_info(info)
cve_info = vuln_info.get_cve_info(db_conn)
if vuln_info.vuln_func == "None":
continue
vuln_name = cve_info.cveid.replace("-", "_").upper() + "_VULN_" + vuln_info.vuln_func
patch_name = cve_info.cveid.replace("-", "_").upper() + "_PATCHED_" + vuln_info.vuln_func
#check if VULN exist
ret = var_map_db.execute("select * from %s where func_name=?" % soft_name, (vuln_name,))
if not ret.fetchone():
#VULN
var_map = get_type_mapping_table(neo4j_db, vuln_name)
try:
var_map_db.execute('insert into %s values(?, ?)' % soft_name,
(vuln_name, var_map.__str__()) )
var_map_db.commit()
except Exception, e:
print soft_name, vuln_name
print "error:", e
#check if PATCH exist
ret = var_map_db.execute("select * from %s where func_name=?" % soft_name,(patch_name,))
if not ret.fetchone():
#PATCH
var_map = get_type_mapping_table(neo4j_db, patch_name)
try:
var_map_db.execute('insert into %s values(?, ?)' % soft_name,
(patch_name, var_map.__str__()))
var_map_db.commit()
except Exception, e:
print soft_name, vuln_name
print "error:", e
def get_var_mapping(soft_name):
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
return
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
neo4j_db = Graph()
infos = []
for ret in rets:
soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn)
if soft.software_name == soft_name:
infos.append(ret)
var_map_db = sqlite3.connect("var_map.db")
var_map_db.execute('''create table if not exists %s(
func_name CHAR(100) PRIMARY KEY,
var_map TEXT NOT NULL)''' % soft_name)
var_map_db.commit()
print "There are %d functions" % len(infos)
for info in infos:
vuln_info = vulnerability_info(info)
cve_info = vuln_info.get_cve_info(db_conn)
if vuln_info.vuln_func == "None":
continue
vuln_name = cve_info.cveid.replace(
"-", "_").upper() + "_VULN_" + vuln_info.vuln_func
patch_name = cve_info.cveid.replace(
"-", "_").upper() + "_PATCHED_" + vuln_info.vuln_func
#check if VULN exist
ret = var_map_db.execute(
"select * from %s where func_name=?" % soft_name, (vuln_name, ))
if not ret.fetchone():
#VULN
var_map = get_type_mapping_table(neo4j_db, vuln_name)
try:
var_map_db.execute('insert into %s values(?, ?)' % soft_name,
(vuln_name, var_map.__str__()))
var_map_db.commit()
except Exception, e:
print soft_name, vuln_name
print "error:", e
#check if PATCH exist
ret = var_map_db.execute(
"select * from %s where func_name=?" % soft_name, (patch_name, ))
if not ret.fetchone():
#PATCH
var_map = get_type_mapping_table(neo4j_db, patch_name)
try:
var_map_db.execute('insert into %s values(?, ?)' % soft_name,
(patch_name, var_map.__str__()))
var_map_db.commit()
except Exception, e:
print soft_name, vuln_name
print "error:", e