def make_queries(timetables_dir_path,
keyspace,
uri=settings.uri,
log_file=settings.migration_logs_path +
"graql_output_{}.txt".format(dt.datetime.now())):
pathlib.Path(settings.migration_logs_path).mkdir(exist_ok=True)
client = grakn.Client(uri=uri, keyspace=keyspace)
start_time = dt.datetime.now()
with open(log_file, "w") as graql_output:
def query_function(graql_string):
print(graql_string)
print("---")
graql_output.write(graql_string)
# Send the graql query to the server
response = client.execute(graql_string)
graql_output.write("\n--response:\n" + str(response))
graql_output.write("\n{} insertions made \n ----- \n".format(
len(response)))
return response
import_query_generator(query_function, timetables_dir_path)
end_time = dt.datetime.now()
time_taken = end_time - start_time
time_taken_string = "----------\nTime taken: {}".format(time_taken)
graql_output.write(time_taken_string)
print(time_taken_string)
def main(keyspace):
graph = grakn.Client(uri='http://localhost:4567', keyspace=keyspace)
# Get address of printf to use for next query
query1 = 'match $func isa function, has func-name contains "printf", has asm-address $a; offset 0; limit 100; get $a;'
result1 = graph.execute(query1)
if len(result1) > 0:
print("Found potential calls at the following addresses:")
for addr in result1:
print(addr['a']['value'])
# If printf is found continue query
for printf_func in result1:
# Pull any instructions that use printf and don't use a modifier (have var type and not data type)
func_addr = int(printf_func['a']['value'], 16)
print("Scanning address {}".format(hex(func_addr)))
query2 = 'match $x isa instruction, has operation-type "MLIL_CALL_SSA", has asm-address $a; $y isa "MLIL_CONST_PTR"; ($x,$y); $z isa constant, has constant-value {}; ($y,$z); $l isa list, has list-size 1; ($x,$l); $s isa "MLIL_VAR_SSA"; ($l,$s); offset 0; limit 500; get $x, $a;'.format(
func_addr)
result2 = graph.execute(query2)
# If there is an instruction that uses printf without modifier, output instruction
if result2:
for instr in result2:
asm_addr = instr['a']['value']
print("CWE-134: Uncontrolled Format String possible at {} ".
format(asm_addr))
def __init__(self,
uri=settings.GRAKN_URL,
keyspace=settings.GRAKN_KEYSPACE):
self.client = grakn.Client(
uri=uri,
keyspace=keyspace,
)
def open_client(self: Context, uri: str = grakn.Client.DEFAULT_URI) -> None:
self.client = None
try:
self.client = grakn.Client(uri=uri,
keyspace=new_keyspace(),
timeout=30)
except (grakn.GraknError, ConnectionError) as e:
self._handle_error(e)
def main(keyspace):
global graph
graph = grakn.Client(uri='http://localhost:4567', keyspace=keyspace)
#Find a variable being compared
query1 = graph.execute(
'match {$comp isa MLIL_CMP_SGE;} or {$comp isa MLIL_CMP_SLE;} or {$comp isa MLIL_CMP_SLT;} or {$comp isa MLIL_CMP_SGT;};$node isa MLIL_VAR_SSA;$cons isa MLIL_CONST;($comp, $node);($comp, $cons);$varssa isa variable-ssa has var $var;($node, $varssa);get $comp, $var;'
)
#Parse the output of query1 into the compare statements and varaible names
comp, var = [], []
if query1:
for entry in query1:
comp.append(entry['comp']['id'])
var.append(entry['var']['value'])
else:
fail()
for entry in comp:
#Do upper bound check
if ('SGE' or 'SGT') in entry:
lower = lowerCheck()
if lower:
for item in lower:
if item['var']['value'] not in var:
#failed to find upper bound check
addr = get_addr(entry)
print('CWE-129: Missing upper bound check at ' +
str(addr[0]['addr']['value']))
else:
adddr = get_addr(entry)
else:
addr = get_addr(entry)
print('CWE-129: Missing upper bound check at ' +
str(addr[0]['addr']['value']))
#Do lower bound check
else:
upper = upperCheck()
if upper:
for item in upper:
if item['var']['value'] not in var:
#failed to find lower bound check
addr = get_addr(entry)
print('CWE-129: Missing lower bound check at ' +
str(addr[0]['addr']['value']))
else:
addr = get_addr(entry)
else:
addr = get_addr(entry)
print('CWE-129: Missing lower bound check at ' +
str(addr[0]['addr']['value']))
def main(keyspace):
graph = grakn.Client(uri='http://localhost:4567', keyspace=keyspace)
# Check for gets() function
# Get address of function to use for next query
function_name = 'gets'
query1 = 'match $func isa function, has func-name contains "{}", has asm-address $a; get $a;'.format(
function_name)
result1 = graph.execute(query1)
# If the function is found continue query
if result1:
# Get all instructions that have function name
func_addr = int(result1[0]['a']['value'], 16)
query2 = 'match $x has operation-type "MLIL_CALL_SSA" has asm-address $a; $y isa"MLIL_CONST_PTR"; ($x,$y); $z isa constant, has constant-value {}; ($y,$z); get $x, $a;'.format(
func_addr)
result2 = graph.execute(query2)
# If there are instructions that use the function check the instructions
for instr in result2:
ins_addr = instr['a']['value']
print(
"CWE-120: Buffer Copy Without Checking Size of Input at {}\n".
format(ins_addr))
def test_throws_without_server(self) -> None:
with self.assertRaises(ConnectionError):
client_to_no_server = grakn.Client(uri=mock_uri_to_no_server,
keyspace=keyspace,
timeout=0)
client_to_no_server.execute(query)
def client() -> grakn.Client:
return grakn.Client(uri=mock_uri, keyspace=keyspace, timeout=5)
def main(keyspace):
global graph
graph = grakn.Client(uri='http://localhost:4567', keyspace=keyspace)
# Find possible arrays
array = []
q1 = query1()
if q1:
i = 0
for item in q1:
array.append(q1[i]['index']['id'])
i += 1
else:
fail()
# Find loops involving the array
block = []
q2 = query2()
if q2:
i = 0
for item in q2:
if q2[i]['index']['id'] in array:
block.append(q2[i]['block']['id'])
i += 1
else:
fail()
# Do the 'loop' blocks contain if statements?
if_id = []
block2 = block.copy()
for item in block2:
q3 = query3(item)
if not q3:
block.remove(item)
# Find the loop counters
var, version, var_id, reg, reg_type, block2 = [], [], [], [], [], block.copy(
)
for entry in block2:
q4 = query4(entry)
if q4:
i = 0
for item in q4:
reg.append(item['reg']['id'])
reg_type.append(item['reg']['type']['label'])
print(item['reg']['type']['label'])
var.append(item['index']['value'])
version.append(item['version']['value'])
var_id.append(item['index']['id'])
i += 1
else:
block.remove(entry)
i = len(var) - 1
# Find is the bounds of the loop counter are checked
var2 = []
q5 = query5()
i = 0
for entry in q5:
var2.append(q5[i]['var']['value'])
i += 1
# Any variables in var[] but not var2[] are potential vulnerabilities
i = 0
for entry in var:
if entry not in var2:
q6 = query6(reg_type[i], reg[i])
print('CWE-788: Array index missing bounds check at ' +
q6[0]['adr']['value'] + ' associated with ' + var[i] + '#' +
str(version[i]) + ' id = ' + var_id[i] + ' sub of ' +
reg_type[i] + ' id = ' + reg[i])
i += 1
def step_impl(context: Context):
context.client = grakn.Client(keyspace=env.new_keyspace())
def test_accepts_two_arguments(self):
client = grakn.Client('http://www.google.com', 'mykeyspace')
self.assertEqual(client.uri, 'http://www.google.com')
self.assertEqual(client.keyspace, 'mykeyspace')
def test_accepts_no_arguments(self):
client = grakn.Client()
self.assertEqual(client.keyspace, 'grakn')
self.assertEqual(client.uri, 'http://localhost:4567')
from django.db import models
from django.db.models.signals import post_save
from django.dispatch import receiver
# Create your models here.
from django.contrib.auth.models import AbstractUser
from django.db import models
import grakn
import uuid
client = grakn.Client(uri='http://35.197.194.67:4567', keyspace='dsvgraph')
class CustomUser(AbstractUser):
# add additional fields in here
def __str__(self):
return self.email
@receiver(post_save, sender=CustomUser)
def create_profile(sender, instance, created, **kwargs):
"""Create a matching profile whenever a user object is created."""
if created:
print(instance.username)
print(instance.email)
client.execute('insert $x isa person, has email "'+instance.email+'", has name "'+instance.username+'";') # dictionaries are nested structures
#profile, new = UserProfile.objects.get_or_create(user=instance)
import grakn
client = grakn.Client(uri='http://localhost:4567', keyspace='nucleus')
#print(client.execute("match $x sub entity;get;"))
#print(client.execute("insert has name 'Romania', isa Country;"))
#print(client.execute("insert has name 'UK', isa Country;"))
#print(client.execute("insert has name 'France', isa Country;"))
#print(client.execute("insert has name 'USA', isa Country;"))
#print(client.execute("insert has name 'Germany', isa Country;"))
#print(client.execute("insert has name 'Rusia', isa Country;"))
#print(client.execute("insert has name 'EUR', isa Currency;"))
#print(client.execute("match $cu has name 'EUR', isa Currency; $co has name 'Germany', isa Country; insert (currencyIssuer: $co, currency: $cu) isa countryCurrency;"))
lon = self._transform_to_current_scale(lon)
lat = self._transform_to_current_scale(lat)
radius = self._transform_to_current_scale((int(score) / max_score) * upper_radius)
centrality_element_id = self._canvas.create_circle(lon, lat, radius, fill=colour, outline="")
self._station_centrality_points[concept_id] = centrality_element_id
# Send the drawn elements to behind the station point
self._canvas.tag_lower(centrality_element_id, station_element_id)
self._displaying_centrality = True
def undisplay_centrality(self):
if self._displaying_centrality:
for concept_id, point_id in self._station_centrality_points.items():
self._canvas.delete(point_id)
self._displaying_centrality = False
if __name__ == "__main__":
# Set up a connection to Grakn. Grakn needs to be running first, with settings found in the settings file of this
# project
grakn_client = grakn.Client(uri=settings.uri, keyspace=settings.keyspace)
# Build the Tkinter application
root = tk.Tk()
tube_gui = TubeGui(root, grakn_client)
root.mainloop()
def test_accepts_keyword_arguments(self):
client = grakn.Client(keyspace='mykeyspace',
uri='http://www.google.com')
self.assertEqual(client.uri, 'http://www.google.com')
self.assertEqual(client.keyspace, 'mykeyspace')
def setUp(self):
self.client = grakn.Client(uri=f'http://{mock_uri}', keyspace=keyspace)
def step_impl(context: Context):
context.client = grakn.Client(env.broken_connection)
def main(keyspace):
graph = grakn.Client(uri='http://localhost:4567', keyspace=keyspace)
# Functions with indexes for (dest, sizeof(dest)) stored in dict
functions = {
"receive_delim": (2, 3),
"fgets": (0, 1),
"strncpy": (0, 2),
"receive_until": (0, 2),
"memcpy": (0, 2),
"freaduntil": (1, 2),
"read": (1, 2)
}
# Check for potential vuln in each function
for function_name in functions:
# Get address of function to use for next query
query1 = 'match $func isa function, has func-name contains "{}", has asm-address $a; get $a;'.format(
function_name)
result1 = graph.execute(query1)
# If the function is found continue query
if result1:
# Get all instructions that have function name
func_addr = int(result1[0]['a']['value'], 16)
query2 = 'match $x has operation-type "MLIL_CALL_SSA"; $y isa"MLIL_CONST_PTR"; ($x,$y); $z isa constant, has constant-value {}; ($y,$z); get $x;'.format(
func_addr)
result2 = graph.execute(query2)
# If there are instructions that use the function check the instructions
if result2:
buff_index = functions[function_name][0]
size_index = functions[function_name][1]
for instr in result2:
Id = instr['x']['id']
query3 = 'match $x id "' + Id + '"; $l isa list; ($x,$l); (from-node: $l, $q); $q has edge-label $e; (from-node: $q, $v); {$v has var $s;} or {$v has constant-value $s;}; get $e, $s;'
result3 = graph.execute(query3)
# This section grabs instrution params and insert into an array
param_array = [0, 0, 0, 0, 0, 0, 0, 0]
for ele in result3:
index = int(ele['e']['value'])
val = ele['s']['value']
param_array[index] = val
# Get var name - This is done to determine how many bytes the variable is
var_name = param_array[buff_index]
var_name = var_name.split('#', 1)[0].lstrip()
# NOTE Enhancement Make finding buff_size the same as string_size
# This assumes that buffer_size is a number, breaks when its a var or register
# Get buffer size
try:
buff_size = int(param_array[size_index])
except ValueError as err:
continue
# Get size of string in by finding initialization Ex. var_88 = &var_58
# Find where string is initialzed
query4 = 'match $x id "{}"; $y isa basic-block; ($x,$y); $z isa instruction, has operation-type "MLIL_SET_VAR_SSA"; ($y,$z); {{$v1 isa variable, has var "{}";}} or {{$v1 isa variable-ssa, has var "{}";}}; ($z, $v1); $w isa MLIL_ADDRESS_OF; ($w, $z); $v isa variable, has var-size $s; ($w, $v); get $s, $x;'.format(
Id, var_name, var_name)
result4 = graph.execute(query4)
if (result4):
string_size = result4[0]['s']['value']
# Finally Determine if buffer size == sizeof(str)
if string_size != buff_size:
instruction_ID = result4[0]['x']['id']
query5 = 'match $i id {}, has asm-address $a; get $a;'.format(
instruction_ID)
result5 = graph.execute(query5)
instr_addr = result5[0]['a']['value']
print(
"CWE-121: Stack-based Overflow possible at {}".
format(instr_addr))
