def segement_comp_proc():
db1 = Graph("http://localhost:7475/db/data/") #假设软件数据库开启在7475端口
db2 = Graph("http://localhost:7476/db/data/") #假设代码段数据库开启在7476
workbook = Workbook()
worksheet = workbook.active
worksheet.title = u"CFG代码段查找测试结果"
header = [u'代码段', u"漏洞文件", u"漏洞函数", u"是否匹配", u"相似度"]
worksheet.append(header)
workbook.save("cfg_segement.xlsx")
#假设只测试一个代码段函数
segement_funcs = [
"CVE_2015_3417_VULN_COMPLETE_0",
]
funcs = get_all_functions(db1)
for func_name in segement_funcs:
try:
func_similarity_segement_level(db1, funcs, db2, func_name,
worksheet)
workbook.save("cfg_segement.xlsx")
except:
print "error occured!"
print "all works done!"
def get_software_var_map(soft, port):
neo4j_db = Graph("http://127.0.0.1:%d/db/data/" % port)
sql_db = sqlite3.connect("/home/bert/Documents/data/" + soft + ".db")
sql_db.execute('''create table if not exists %s(
func_id INT PRIMARY KEY,
func_name CHAR(100) NOT NULL,
file CHAR(200) NOT NULL,
var_map TEXT NOT NULL,
ast_type_const TEXT NOT NULL,
ast_type_only TEXT NOT NULL,
ast_const_only TEXT NOT NULL,
ast_no_type_const TEXT NOT NULL,
no_mapping TEXT NOT NULL)''' % soft)
sql_db.commit()
funcs = get_all_functions(neo4j_db)
open("" + len(funcs).__str__(), "w")
print "get all functions OK:", len(funcs)
for func in funcs:
# 查重
ret = sql_db.execute("select * from %s where func_id=?" % soft,
(func._id, ))
if ret.fetchone():
continue
print "[%s] processing %s " % (datetime.datetime.now().strftime(
"%y-%m-%d %H:%M:%S"), func.properties[u'name'])
try:
ast_root = get_function_ast_root(neo4j_db, func)
func_file = get_function_file(neo4j_db, func)
ser = serializedAST(neo4j_db)
ret = ser.genSerilizedAST(ast_root)
var_map = ser.variable_maps
ast1 = ";".join(ret[0])
ast2 = ";".join(ret[1])
ast3 = ";".join(ret[2])
ast4 = ";".join(ret[3])
ast5 = ";".join(ret[4])
except Exception, e:
traceback.print_exc()
try:
sql_db.execute(
'insert into %s values(?, ?, ?, ?, ?, ?, ?, ?,?)' % soft,
(func._id, func.properties[u'name'], func_file,
var_map.__str__(), ast1, ast2, ast3, ast4, ast5))
sql_db.commit()
except Exception, e:
print e
def astlevel_comp_proc():
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
return
#选择所有ffmpeg的漏洞函数
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
func_names = []
for ret in rets:
vuln_info = vulnerability_info(ret)
cve_info = vuln_info.get_cve_info(db_conn)
soft = cve_info.get_soft(db_conn)
if soft.software_name == "ffmpeg":
func_names.append(cve_info.cveid.upper().replace("-", "_") + "_VULN_" + vuln_info.vuln_func )
#特征数据库,默认开启在7474端口
db2 = Graph() #默认连接7474端口
db1 = Graph("http://localhost:7475/db/data") #假设7475端口是某ffmpeg的图形数据库
suffix_tree_obj = suffixtree()
wb = Workbook()
ws = wb.active
ws.title = u"AST函数级漏洞查找测试结果"
header = [u'漏洞函数名', u"漏洞文件", u"漏洞函数", "distinct_type_and_const" , "distinct_const_no_type",
"distinct_type_no_const", "no_type_no_const", "耗时"]
ws.append(header)
wb.save("ast_func.xlsx")
all_funcs = get_all_functions(db2)
for name in func_names:
try:
func_similarity_astLevel(db1, all_funcs, db2, name, suffix_tree_obj, ws)
wb.save("ast_func.xlsx")
except:
print "error occured"
suffix_tree_obj.close()
print "all works done!"
def cfg_comp_proc():
db_conn = get_connection()
if db_conn is None:
print u"数据库连接失败"
return
#选择所有ffmpeg的漏洞函数
cur = db_conn.cursor()
cur.execute("select * from vulnerability_info")
rets = cur.fetchall()
func_names = ['CVE_2010_3429_VULN_flic_decode_frame_8BPP',]
'''
for ret in rets:
vuln_info = vulnerability_info(ret)
cve_info = vuln_info.get_cve_info(db_conn)
soft = cve_info.get_soft(db_conn)
if soft.software_name == "ffmpeg":
func_names.append(cve_info.cveid.upper().replace("-", "_") + "_VULN_" + vuln_info.vuln_func )
'''
#特征数据库,默认开启在7474端口
character_db = Graph() #默认连接7474端口
soft_db = Graph("http://localhost:7475/db/data") #假设7475端口是某ffmpeg的图形数据库
wb = Workbook()
ws = wb.active
ws.title = u"CFG函数级漏洞查找测试结果"
header = [u'漏洞函数名', u"漏洞文件", u"漏洞函数", u"是否匹配", u"相似度", u"耗时"]
ws.append(header)
wb.save("cfg_func.xlsx")
all_funcs = get_all_functions(soft_db)
for name in func_names:
print "processing " + name
try:
func_similarity_cfg_level(soft_db, all_funcs, character_db, name, ws)
wb.save("ast_func.xlsx")
except Exception as e:
print e
def segement_comp_proc():
db1 = Graph("http://localhost:7475/db/data/") #假设软件数据库开启在7475端口
db2 = Graph("http://localhost:7476/db/data/") #假设代码段数据库开启在7476
workbook = Workbook()
worksheet = workbook.active
worksheet.title = u"CFG代码段查找测试结果"
header = [u'代码段', u"漏洞文件", u"漏洞函数", u"是否匹配", u"相似度"]
worksheet.append(header)
workbook.save("cfg_segement.xlsx")
#假设只测试一个代码段函数
segement_funcs = ["CVE_2015_3417_VULN_COMPLETE_0",]
funcs = get_all_functions(db1)
for func_name in segement_funcs:
try:
func_similarity_segement_level(db1, funcs, db2, func_name, worksheet)
workbook.save("cfg_segement.xlsx")
except:
print "error occured!"
print "all works done!"