def NewCore(target_directory, new_rules, files):
"""
处理新的规则生成
:param target_directory:
:param new_rules:
:param files:
:return:
"""
# init
match_mode = "New rule to Vustomize-Match"
logger.debug('[ENGINE] [ORIGIN] match-mode {m}'.format(m=match_mode))
match, match2, index = init_match_rule(new_rules)
logger.debug('[ENGINE] [New Rule] new match_rule: {}'.format(match))
sr = autorule()
sr.match = match
# grep
try:
if match:
f = FileParseAll(files, target_directory)
result = f.grep(match)
else:
result = None
except Exception as e:
traceback.print_exc()
logger.debug('match exception ({e})'.format(e=e))
return None
try:
result = result.decode('utf-8')
except AttributeError as e:
pass
# 进入分析
origin_vulnerabilities = result
rule_vulnerabilities = []
for index, origin_vulnerability in enumerate(origin_vulnerabilities):
code = origin_vulnerability[2]
if match2 is not None:
if re.search(match2, code, re.I):
continue
logger.debug(
'[CVI-{cvi}] [ORIGIN] {line}'.format(cvi="00000", line=": ".join(list(origin_vulnerability))))
if origin_vulnerability == ():
logger.debug(' > continue...')
continue
vulnerability = auto_parse_match(origin_vulnerability)
if vulnerability is None:
logger.debug('Not vulnerability, continue...')
continue
try:
is_vulnerability, reason = Core(target_directory, vulnerability, sr, 'project name',
['whitelist1', 'whitelist2'], files=files).scan()
if is_vulnerability:
logger.debug('[CVI-{cvi}] [RET] Found {code}'.format(cvi="00000", code=reason))
vulnerability.analysis = reason
rule_vulnerabilities.append(vulnerability)
except Exception:
raise
return rule_vulnerabilities
def NewCore(old_single_rule,
target_directory,
new_rules,
files,
count=0,
languages=None,
secret_name=None,
is_unconfirm=False,
newcore_function_list=[]):
"""
处理新的规则生成
:param languages:
:param old_single_rule:
:param secret_name:
:param target_directory:
:param new_rules:
:param files:
:param count:
:return:
"""
count += 1
if count > 20:
logger.warning("[New Rule] depth too big to auto exit...")
return False
# init
match_mode = "New rule to Vustomize-Match"
logger.debug('[ENGINE] [ORIGIN] match-mode {m}'.format(m=match_mode))
match, match2, vul_function, index = init_match_rule(
new_rules, lan=old_single_rule.language)
logger.debug('[ENGINE] [New Rule] new match_rule: {}'.format(match))
# 想办法传递新函数类型
sr = autorule()
if index == -1:
sr = autorule(is_eval_object=True)
sr.match = match
sr.vul_function = vul_function
# 从旧的规则类中读取部分数据
svid = old_single_rule.svid
language = old_single_rule.language
sr.svid = svid
sr.language = language
# check vul rule exist
if vul_function in newcore_function_list:
logger.debug('[CVI-{cvi}] [NEW-VUL] New Rules {macth} exist.'.format(
cvi=svid, macth=vul_function))
if svid not in newcore_function_list[vul_function]:
newcore_function_list[vul_function].append(svid)
return []
else:
newcore_function_list[vul_function] = [svid]
# grep
try:
if match:
f = FileParseAll(files, target_directory)
result = f.grep(match)
else:
result = None
except Exception as e:
traceback.print_exc()
logger.debug('match exception ({e})'.format(e=e))
return None
try:
result = result.decode('utf-8')
except AttributeError as e:
pass
# 进入分析
origin_vulnerabilities = result
rule_vulnerabilities = []
for index, origin_vulnerability in enumerate(origin_vulnerabilities):
code = origin_vulnerability[2]
if match2 is not None:
if re.search(match2, code, re.I):
continue
logger.debug('[CVI-{cvi}] [ORIGIN] {line}'.format(
cvi=svid, line=": ".join(list(origin_vulnerability))))
if origin_vulnerability == ():
logger.debug(' > continue...')
continue
vulnerability = auto_parse_match(origin_vulnerability, svid, language)
if vulnerability is None:
logger.debug('Not vulnerability, continue...')
continue
try:
datas = Core(target_directory,
vulnerability,
sr,
'project name', ['whitelist1', 'whitelist2'],
files=files,
secret_name=secret_name,
is_unconfirm=is_unconfirm).scan()
data = ""
if len(datas) == 3:
is_vulnerability, reason, data = datas
if "New Core" not in reason:
code = "Code: {}".format(origin_vulnerability[2])
data.insert(1, ("NewScan", code, origin_vulnerability[0],
origin_vulnerability[1]))
elif len(datas) == 2:
is_vulnerability, reason = datas
else:
is_vulnerability, reason = False, "Unpack error"
if is_vulnerability:
logger.debug('[CVI-{cvi}] [RET] Found {code}'.format(
cvi="00000", code=reason))
vulnerability.analysis = reason
vulnerability.chain = data
rule_vulnerabilities.append(vulnerability)
else:
if reason == 'New Core': # 新的规则
logger.debug('[CVI-{cvi}] [NEW-VUL] New Rules init'.format(
cvi=sr.svid))
new_rule_vulnerabilities = NewCore(
sr,
target_directory,
data,
files,
count,
secret_name=secret_name,
is_unconfirm=is_unconfirm,
newcore_function_list=newcore_function_list)
if not new_rule_vulnerabilities:
return rule_vulnerabilities
if len(new_rule_vulnerabilities) > 0:
rule_vulnerabilities.extend(new_rule_vulnerabilities)
else:
logger.debug(
'Not vulnerability: {code}'.format(code=reason))
except Exception:
raise
return rule_vulnerabilities
def NewCore(target_directory, new_rules, files, count=0):
"""
处理新的规则生成
:param target_directory:
:param new_rules:
:param files:
:param count:
:return:
"""
count += 1
if count > 20:
logger.warning("[New Rule] depth too big to auto exit...")
return False
# init
match_mode = "New rule to Vustomize-Match"
logger.debug('[ENGINE] [ORIGIN] match-mode {m}'.format(m=match_mode))
match, match2, vul_function, index = init_match_rule(new_rules)
logger.debug('[ENGINE] [New Rule] new match_rule: {}'.format(match))
sr = autorule()
sr.match = match
sr.vul_function = vul_function
# grep
try:
if match:
f = FileParseAll(files, target_directory)
result = f.grep(match)
else:
result = None
except Exception as e:
traceback.print_exc()
logger.debug('match exception ({e})'.format(e=e))
return None
try:
result = result.decode('utf-8')
except AttributeError as e:
pass
# 进入分析
origin_vulnerabilities = result
rule_vulnerabilities = []
for index, origin_vulnerability in enumerate(origin_vulnerabilities):
code = origin_vulnerability[2]
if match2 is not None:
if re.search(match2, code, re.I):
continue
logger.debug(
'[CVI-{cvi}] [ORIGIN] {line}'.format(cvi="00000", line=": ".join(list(origin_vulnerability))))
if origin_vulnerability == ():
logger.debug(' > continue...')
continue
vulnerability = auto_parse_match(origin_vulnerability)
if vulnerability is None:
logger.debug('Not vulnerability, continue...')
continue
try:
datas = Core(target_directory, vulnerability, sr, 'project name',
['whitelist1', 'whitelist2'], files=files).scan()
if len(datas) == 3:
is_vulnerability, reason, data = datas
elif len(datas) == 2:
is_vulnerability, reason = datas
else:
is_vulnerability, reason = False, "Unpack error"
if is_vulnerability:
logger.debug('[CVI-{cvi}] [RET] Found {code}'.format(cvi="00000", code=reason))
vulnerability.analysis = reason
rule_vulnerabilities.append(vulnerability)
else:
if reason == 'New Core': # 新的规则
logger.debug('[CVI-{cvi}] [NEW-VUL] New Rules init')
new_rule_vulnerabilities = NewCore(target_directory, data, files, count)
if not new_rule_vulnerabilities:
return rule_vulnerabilities
if len(new_rule_vulnerabilities) > 0:
rule_vulnerabilities.extend(new_rule_vulnerabilities)
else:
logger.debug('Not vulnerability: {code}'.format(code=reason))
except Exception:
raise
return rule_vulnerabilities