def wireshark_diff(): data = load_workbook("/home/bert/Documents/data/wireshark.xlsx", read_only=True)[u'Sheet3'] suffix_obj = suffixtree() wb = Workbook() ws = wb.active db1 = Graph("http://127.0.0.1:7473/db/data/") db2 = Graph() for row in data.rows: vuln_seg = row[0].value patched_name = vuln_seg[:14] + "PATCHED_" + row[2].value vuln_name = vuln_seg[:14] + "VULN_" + row[2].value var_map = get_type_mapping_table(db2, vuln_name) try: ret = search_vuln_seg_in_func(db1, vuln_seg, row[2].value,var_map, db2, patched_name, suffix_obj) ws.append(ret) except Exception as e: print e ws.append((vuln_seg, patched_name, "failed")) wb.save("/home/bert/Documents/data/wireshark_diff.xlsx") suffix_obj.close() print "wireshark all works done"
def wireshark_diff(): data = load_workbook("/home/bert/Documents/data/wireshark.xlsx", read_only=True)[u'Sheet3'] suffix_obj = suffixtree() wb = Workbook() ws = wb.active db1 = Graph("http://127.0.0.1:7473/db/data/") db2 = Graph() for row in data.rows: vuln_seg = row[0].value patched_name = vuln_seg[:14] + "PATCHED_" + row[2].value vuln_name = vuln_seg[:14] + "VULN_" + row[2].value var_map = get_type_mapping_table(db2, vuln_name) try: ret = search_vuln_seg_in_func(db1, vuln_seg, row[2].value, var_map, db2, patched_name, suffix_obj) ws.append(ret) except Exception as e: print e ws.append((vuln_seg, patched_name, "failed")) wb.save("/home/bert/Documents/data/wireshark_diff.xlsx") suffix_obj.close() print "wireshark all works done"
def firefox_code_reuse(table_name): result_db = sqlite3.connect( "/home/bert/Documents/data/firefox_code_reuse.db") result_db.execute('''create table if not exists %s( vuln_segement CHAR(50) NOT NULL, reuse_func CHAR(50) NOT NULL, status CHAR(10) NOT NULL, distinct_type_and_const BOOLEAN, distinct_const_no_type BOOLEAN, distinct_type_no_const BOOLEAN, no_type_no_const BOOLEAN, no_mapping BOOLEAN) ''' % table_name) db = Graph("http://127.0.0.1:7474/db/data/") suffix_obj = suffixtree() worksheet = load_workbook( "/home/bert/Documents/data/firefox_reuse.xlsx").active for row in worksheet.rows: #check ret = result_db.execute( "select * from %s where vuln_segement=? and reuse_func=?" % table_name, (row[0].value, row[2].value)) if ret.fetchone(): continue vuln_seg = row[0].value vuln_name = vuln_seg[:14] + "VULN_" + row[1].value try: var_map = get_type_mapping_table(db, vuln_name) ret = search_vuln_seg_in_func(db, row[0].value, row[1].value, var_map, db, row[2].value, suffix_obj) if ret[2] == "success": result_db.execute( "insert into %s values(?,?,?,?,?,?,?,?)" % table_name, ret) else: result_db.execute( "insert into %s(vuln_segement, reuse_func, status) values(?,?,?)" % table_name, ret) result_db.commit() except Exception as e: result_db.execute( "insert into %s(vuln_segement, reuse_func, status) values(?,?,?)" % table_name, (row[0].value, row[2].value, "failed")) print e print "firefox reuse works done"
def firefox_code_reuse(table_name): result_db = sqlite3.connect("/home/bert/Documents/data/firefox_code_reuse.db") result_db.execute('''create table if not exists %s( vuln_segement CHAR(50) NOT NULL, reuse_func CHAR(50) NOT NULL, status CHAR(10) NOT NULL, distinct_type_and_const BOOLEAN, distinct_const_no_type BOOLEAN, distinct_type_no_const BOOLEAN, no_type_no_const BOOLEAN, no_mapping BOOLEAN) ''' % table_name) db = Graph("http://127.0.0.1:7474/db/data/") suffix_obj = suffixtree() worksheet = load_workbook("/home/bert/Documents/data/firefox_reuse.xlsx").active for row in worksheet.rows: #check ret = result_db.execute("select * from %s where vuln_segement=? and reuse_func=?" % table_name, (row[0].value, row[2].value)) if ret.fetchone(): continue vuln_seg = row[0].value vuln_name = vuln_seg[:14] + "VULN_" + row[1].value try: var_map = get_type_mapping_table(db, vuln_name) ret = search_vuln_seg_in_func(db, row[0].value, row[1].value, var_map, db, row[2].value, suffix_obj) if ret[2] == "success": result_db.execute("insert into %s values(?,?,?,?,?,?,?,?)" % table_name, ret) else: result_db.execute("insert into %s(vuln_segement, reuse_func, status) values(?,?,?)" % table_name, ret) result_db.commit() except Exception as e: result_db.execute("insert into %s(vuln_segement, reuse_func, status) values(?,?,?)" % table_name, (row[0].value, row[2].value, "failed") ) print e print "firefox reuse works done"
def get_var_mapping(soft_name): db_conn = get_connection() if db_conn is None: print u"数据库连接失败" return cur = db_conn.cursor() cur.execute("select * from vulnerability_info") rets = cur.fetchall() neo4j_db = Graph() infos = [] for ret in rets: soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn) if soft.software_name == soft_name: infos.append(ret) var_map_db = sqlite3.connect("var_map.db") var_map_db.execute('''create table if not exists %s( func_name CHAR(100) PRIMARY KEY, var_map TEXT NOT NULL)''' % soft_name) var_map_db.commit() print "There are %d functions" % len(infos) for info in infos: vuln_info = vulnerability_info(info) cve_info = vuln_info.get_cve_info(db_conn) if vuln_info.vuln_func == "None": continue vuln_name = cve_info.cveid.replace("-", "_").upper() + "_VULN_" + vuln_info.vuln_func patch_name = cve_info.cveid.replace("-", "_").upper() + "_PATCHED_" + vuln_info.vuln_func #check if VULN exist ret = var_map_db.execute("select * from %s where func_name=?" % soft_name, (vuln_name,)) if not ret.fetchone(): #VULN var_map = get_type_mapping_table(neo4j_db, vuln_name) try: var_map_db.execute('insert into %s values(?, ?)' % soft_name, (vuln_name, var_map.__str__()) ) var_map_db.commit() except Exception, e: print soft_name, vuln_name print "error:", e #check if PATCH exist ret = var_map_db.execute("select * from %s where func_name=?" % soft_name,(patch_name,)) if not ret.fetchone(): #PATCH var_map = get_type_mapping_table(neo4j_db, patch_name) try: var_map_db.execute('insert into %s values(?, ?)' % soft_name, (patch_name, var_map.__str__())) var_map_db.commit() except Exception, e: print soft_name, vuln_name print "error:", e
def get_var_mapping(soft_name): db_conn = get_connection() if db_conn is None: print u"数据库连接失败" return cur = db_conn.cursor() cur.execute("select * from vulnerability_info") rets = cur.fetchall() neo4j_db = Graph() infos = [] for ret in rets: soft = vulnerability_info(ret).get_cve_info(db_conn).get_soft(db_conn) if soft.software_name == soft_name: infos.append(ret) var_map_db = sqlite3.connect("var_map.db") var_map_db.execute('''create table if not exists %s( func_name CHAR(100) PRIMARY KEY, var_map TEXT NOT NULL)''' % soft_name) var_map_db.commit() print "There are %d functions" % len(infos) for info in infos: vuln_info = vulnerability_info(info) cve_info = vuln_info.get_cve_info(db_conn) if vuln_info.vuln_func == "None": continue vuln_name = cve_info.cveid.replace( "-", "_").upper() + "_VULN_" + vuln_info.vuln_func patch_name = cve_info.cveid.replace( "-", "_").upper() + "_PATCHED_" + vuln_info.vuln_func #check if VULN exist ret = var_map_db.execute( "select * from %s where func_name=?" % soft_name, (vuln_name, )) if not ret.fetchone(): #VULN var_map = get_type_mapping_table(neo4j_db, vuln_name) try: var_map_db.execute('insert into %s values(?, ?)' % soft_name, (vuln_name, var_map.__str__())) var_map_db.commit() except Exception, e: print soft_name, vuln_name print "error:", e #check if PATCH exist ret = var_map_db.execute( "select * from %s where func_name=?" % soft_name, (patch_name, )) if not ret.fetchone(): #PATCH var_map = get_type_mapping_table(neo4j_db, patch_name) try: var_map_db.execute('insert into %s values(?, ?)' % soft_name, (patch_name, var_map.__str__())) var_map_db.commit() except Exception, e: print soft_name, vuln_name print "error:", e
wb = load_workbook("test3.xlsx", read_only=True) ws = wb[u'Sheet3'] workbook = Workbook() worksheet = workbook.active worksheet.title = u"AST代码段测试结果" header = [ u'漏洞段', u"无漏洞段", u"计算状态", u"区分类型和常量", u"区分常量不区分类型", u"区分类型不区分常量", u"不区分常量和类型", u"耗时", u"原漏洞函数", u"类型映射" ] worksheet.append(header) suffix_tree_obj = suffixtree() for row in ws.rows: type_mapping = {'other': 'v'} if row[2].value != 0: func_name = row[0].value[:19] + row[2].value type_mapping = get_type_mapping_table(org_db, func_name) try: segement_ast_similarity_process(row[0].value, row[1].value, neo4jdb, row[2].value, type_mapping, worksheet, suffix_tree_obj) workbook.save("ast_segement_result.xlsx") except Exception as e: print "process " + row[0].value + "error" print e suffix_tree_obj.close() print "all works done!"
org_db = py2neo.Graph() except Exception: print u"数据库连接失败:7474" wb = load_workbook("test3.xlsx", read_only=True) ws = wb[u"Sheet3"] workbook = Workbook() worksheet = workbook.active worksheet.title = u"AST代码段测试结果" header = [u"漏洞段", u"无漏洞段", u"计算状态", u"区分类型和常量", u"区分常量不区分类型", u"区分类型不区分常量", u"不区分常量和类型", u"耗时", u"原漏洞函数", u"类型映射"] worksheet.append(header) suffix_tree_obj = suffixtree() for row in ws.rows: type_mapping = {"other": "v"} if row[2].value != 0: func_name = row[0].value[:19] + row[2].value type_mapping = get_type_mapping_table(org_db, func_name) try: segement_ast_similarity_process( row[0].value, row[1].value, neo4jdb, row[2].value, type_mapping, worksheet, suffix_tree_obj ) workbook.save("ast_segement_result.xlsx") except Exception as e: print "process " + row[0].value + "error" print e suffix_tree_obj.close() print "all works done!"