def block_code(self, block_position):
"""
Get code block
:param block_position:
0:up
1:down
2:location_line
:return:
"""
if block_position == 2:
if self.line is None or self.line == 0:
self.log('critical', "Line exception: {0}".format(self.line))
return False
line_rule = '{0}p'.format(self.line)
code = File(self.file_path).lines(line_rule)
code = code.strip()
return code
else:
block_start = 1
block_end = 0
functions = self.functions()
if functions:
for function_name, function_value in functions.items():
if int(function_value['start']) < int(self.line) < int(
function_value['end']):
in_this_function = '<---- {0}'.format(self.line)
if block_position == 0:
block_start = function_value['start']
block_end = int(self.line) - 1
elif block_position == 1:
block_start = int(self.line)
block_end = int(function_value['end']) - 1
self.log(
'debug',
"Trigger line's function name: {0} ({1} - {2}) {3}"
.format(function_name, function_value['start'],
function_value['end'], in_this_function))
else:
if block_position == 0:
block_start = 1
block_end = int(self.line) - 1
elif block_position == 1:
block_start = int(self.line) + 1
block_end = sum(1 for l in open(self.file_path))
self.log('debug',
"Not function anything `function`, will split file")
# get param block code
line_rule = "{0},{1}p".format(block_start, block_end)
code = File(self.file_path).lines(line_rule)
self.log('info',
'Get code: {0} - {1}p'.format(block_start, block_end))
return code
def block_code(self, block_position):
"""
获取搜索区块代码
:param block_position:
0:up 上
1:down 下
2:location_line 当前行
:return:
"""
if block_position == 2:
if self.line is None or self.line == 0:
logging.critical("行号异常: {0}".format(self.line))
return False
line_rule = '{0}p'.format(self.line)
code = File(self.file_path).lines(line_rule)
code = code.strip()
return code
else:
block_start = 1
block_end = 0
functions = self.functions()
if functions:
for function_name, function_value in functions.items():
if int(function_value['start']) < int(self.line) < int(
function_value['end']):
in_this_function = '<---- {0}'.format(self.line)
if block_position == 0:
block_start = function_value['start']
block_end = int(self.line) - 1
elif block_position == 1:
block_start = int(self.line)
block_end = int(function_value['end']) - 1
logging.debug("触发行所在函数: {0} ({1} - {2}) {3}".format(
function_name, function_value['start'],
function_value['end'], in_this_function))
else:
# 没有functions时,以触发行来分割整个文件
if block_position == 0:
block_start = 1
block_end = int(self.line) - 1
elif block_position == 1:
block_start = int(self.line) + 1
block_end = sum(1 for l in open(self.file_path))
logging.debug("没有找到任何方法,将以整个文件分割.")
# get param block code
line_rule = "{0},{1}p".format(block_start, block_end)
code = File(self.file_path).lines(line_rule)
logging.info('取出代码: {0} - {1}p'.format(block_start, block_end))
return code
def repair(self):
"""
验证扫描到的漏洞是否修复
:return: (Status, Result)
"""
self.method = 1
# 拼接绝对路径
self.file_path = self.project_directory + self.file_path
# 定位规则为空时或者行号为0,表示此类型语言(该语言所有后缀)文件都算作漏洞
if self.rule_location == '' or self.line_number == 0:
logging.info("Find special files: RID{0}".format(self.rule_id))
# 检查文件是否存在
if os.path.isfile(self.file_path) is False:
# 未找到该文件则更新漏洞状态为已修复
logging.info("已删除文件修复完成 {0}".format(self.file_path))
self.status = self.status_fixed
self.process_vulnerabilities()
return True, 1001
# 文件存在,漏洞还在
return False, 4007
# 取出触发代码(实际文件)
trigger_code = File(self.file_path).lines("{0}p".format(
self.line_number))
if trigger_code is False:
logging.critical("触发代码获取失败 {0}".format(self.code_content))
return False, 4009
self.code_content = trigger_code
# 白名单
if self.is_white_list():
self.status = self.status_fixed
self.process_vulnerabilities()
logging.info("In white list {0}".format(self.file_path))
return False, 4000
# 特殊文件判断
if self.is_special_file():
self.status = self.status_fixed
self.process_vulnerabilities()
logging.info("Special File: {0}".format(self.file_path))
return False, 4001
# 注释判断
if self.is_annotation():
self.status = self.status_fixed
self.process_vulnerabilities()
logging.info("In Annotation {0}".format(self.code_content))
return False, 4002
# 仅匹配规则
if self.is_match_only_rule():
logging.info("Only match {0}".format(self.rule_location))
found_vul = True
else:
found_vul = False
# 判断参数是否可控
if self.is_can_parse() and self.rule_repair.strip() != '':
try:
parse_instance = parse.Parse(self.rule_location,
self.file_path,
self.line_number,
self.code_content)
if parse_instance.is_controllable_param():
if parse_instance.is_repair(self.rule_repair,
self.block_repair):
logging.info("Static: repaired")
# 标记已修复
self.status = self.status_fixed
self.process_vulnerabilities()
return True, 1003
else:
found_vul = True
else:
logging.info("参数不可控")
return False, 4004
except:
print(traceback.print_exc())
return False, 4005
if found_vul:
self.code_content = self.code_content.encode('unicode_escape')
if len(self.code_content) > 512:
self.code_content = self.code_content[:500] + '...'
self.process_vulnerabilities()
return True, 1002
else:
logging.info("Not found")
return False, 4006
def repair(self):
"""
Scan vulnerabilities is repair
:flow:
- exist file [add]
- test file
- whitelist file
- special file
- annotation
- rule
:return: (Status, Result)
"""
self.method = 1
# Full path
self.file_path = self.project_directory + self.file_path
"""
When the targeting rule is empty or the line number is 0, it means that this type of language (all suffixes in that language) is counted as a vulnerability
Their repair method is only one: delete the file
"""
if self.rule_location == '' or self.line_number == 0:
logging.info("Find special files: RID{0}".format(self.rule_id))
# Check if the file exists
if os.path.isfile(self.file_path) is False:
# If the file is not found, the vulnerability state is fixed
logging.info("Deleted file repair is complete {0}".format(self.file_path))
self.status = self.status_fixed
self.repair_code = self.repair_code_not_exist_file
self.process_vulnerabilities()
return
else:
return
# Not exist file
if os.path.isfile(self.file_path) is False:
self.status = self.status_fixed
self.repair_code = self.repair_code_not_exist_file
self.process_vulnerabilities()
return
# Test file
if self.is_test_file():
self.status = self.status_fixed
self.repair_code = self.repair_code_test_file
self.process_vulnerabilities()
return
"""
Cobra Skip
@cobra const
`@[cC][oO][bB][rR][aA]\s*[cC][oO][nN][sS][tT]`
"""
file_content = File(self.file_path).read_file()
ret_regex_const = re.findall(r'@[cC][oO][bB][rR][aA]\s*[cC][oO][nN][sS][tT]', file_content)
if len(ret_regex_const) > 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_const_file
self.process_vulnerabilities()
return
"""
@cobra third-party
`@[cC][oO][bB][rR][aA]\s*[tT][hH][iI][rR][dD]-[pP][aA][rR][tT][yY]`
"""
ret_regex_third_party = re.findall(r'@[cC][oO][bB][rR][aA]\s*[tT][hH][iI][rR][dD]-[pP][aA][rR][tT][yY]', file_content)
if len(ret_regex_third_party) > 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_third_party
self.process_vulnerabilities()
return
# Remove the trigger code (actual file)
trigger_code = File(self.file_path).lines("{0}p".format(self.line_number))
if trigger_code is False:
logging.critical("Failed to fetch the trigger code {0}".format(self.code_content))
self.status = self.status_fixed
self.repair_code = self.repair_code_empty_code
self.process_vulnerabilities()
return
self.code_content = trigger_code
# Whitelist
if self.is_white_list():
self.status = self.status_fixed
self.repair_code = self.repair_code_whitelist
self.process_vulnerabilities()
logging.info("In white list {0}".format(self.file_path))
return
# Special file
if self.is_special_file():
self.status = self.status_fixed
self.repair_code = self.repair_code_special_file
self.process_vulnerabilities()
logging.info("Special File: {0}".format(self.file_path))
return
# Annotation
if self.is_annotation():
self.status = self.status_fixed
self.repair_code = self.repair_code_annotation
self.process_vulnerabilities()
logging.info("In Annotation {0}".format(self.code_content))
return
# Modify
ret_regex = re.findall(self.rule_location, trigger_code.strip())
if len(ret_regex) == 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_modify
self.process_vulnerabilities()
return
# Fixed
if self.is_can_parse() and self.rule_repair.strip() != '':
try:
parse_instance = parse.Parse(self.rule_location, self.file_path, self.line_number, self.code_content)
if parse_instance.is_repair(self.rule_repair, self.block_repair):
logging.info("Static: repaired")
# Fixed
self.status = self.status_fixed
self.repair_code = self.repair_code_fixed
self.process_vulnerabilities()
return
else:
logging.critical("[repair] not fixed")
return
except:
logging.info(traceback.print_exc())
return
def repair(self):
"""
Scan vulnerabilities is repair
:flow:
- exist file [add]
- test file
- whitelist file
- special file
- annotation
- rule
:return: (Status, Result)
"""
self.method = 1
# Full path
self.file_path = self.project_directory + self.file_path
"""
定位规则为空时或者行号为0,表示此类型语言(该语言所有后缀)文件都算作漏洞
他们的修复方法只有一个:删除文件
"""
if self.rule_location == '' or self.line_number == 0:
logging.info("Find special files: RID{0}".format(self.rule_id))
# 检查文件是否存在
if os.path.isfile(self.file_path) is False:
# 未找到该文件则更新漏洞状态为已修复
logging.info("已删除文件修复完成 {0}".format(self.file_path))
self.status = self.status_fixed
self.repair_code = self.repair_code_not_exist_file
self.process_vulnerabilities()
return
else:
return
# Not exist file
if os.path.isfile(self.file_path) is False:
self.status = self.status_fixed
self.repair_code = self.repair_code_not_exist_file
self.process_vulnerabilities()
return
# Test file
if self.is_test_file():
self.status = self.status_fixed
self.repair_code = self.repair_code_test_file
self.process_vulnerabilities()
return
"""
Cobra Skip
@cobra const
`@[cC][oO][bB][rR][aA]\s*[cC][oO][nN][sS][tT]`
"""
file_content = File(self.file_path).read_file()
ret_regex_const = re.findall(
r'@[cC][oO][bB][rR][aA]\s*[cC][oO][nN][sS][tT]', file_content)
if len(ret_regex_const) > 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_const_file
self.process_vulnerabilities()
return
"""
@cobra third-party
`@[cC][oO][bB][rR][aA]\s*[tT][hH][iI][rR][dD]-[pP][aA][rR][tT][yY]`
"""
ret_regex_third_party = re.findall(
r'@[cC][oO][bB][rR][aA]\s*[tT][hH][iI][rR][dD]-[pP][aA][rR][tT][yY]',
file_content)
if len(ret_regex_third_party) > 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_third_party
self.process_vulnerabilities()
return
# 取出触发代码(实际文件)
trigger_code = File(self.file_path).lines("{0}p".format(
self.line_number))
if trigger_code is False:
logging.critical("触发代码获取失败 {0}".format(self.code_content))
self.status = self.status_fixed
self.repair_code = self.repair_code_empty_code
self.process_vulnerabilities()
return
self.code_content = trigger_code
# Whitelist
if self.is_white_list():
self.status = self.status_fixed
self.repair_code = self.repair_code_whitelist
self.process_vulnerabilities()
logging.info("In white list {0}".format(self.file_path))
return
# Special file
if self.is_special_file():
self.status = self.status_fixed
self.repair_code = self.repair_code_special_file
self.process_vulnerabilities()
logging.info("Special File: {0}".format(self.file_path))
return
# Annotation
if self.is_annotation():
self.status = self.status_fixed
self.repair_code = self.repair_code_annotation
self.process_vulnerabilities()
logging.info("In Annotation {0}".format(self.code_content))
return
# Modify
ret_regex = re.findall(self.rule_location, trigger_code.strip())
if len(ret_regex) == 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_modify
self.process_vulnerabilities()
return
# Fixed
if self.is_can_parse() and self.rule_repair.strip() != '':
try:
parse_instance = parse.Parse(self.rule_location,
self.file_path, self.line_number,
self.code_content)
if parse_instance.is_repair(self.rule_repair,
self.block_repair):
logging.info("Static: repaired")
# Fixed
self.status = self.status_fixed
self.repair_code = self.repair_code_fixed
self.process_vulnerabilities()
return
else:
logging.critical("[repair] not fixed")
return
except:
logging.info(traceback.print_exc())
return
def repair(self):
"""
Scan vulnerabilities is repair
:flow:
- exist file [add]
- test file
- whitelist file
- special file
- annotation
- rule
:return: (Status, Result)
"""
self.method = 1
# Full path
self.file_path = self.project_directory + self.file_path
"""
When the targeting rule is empty or the line number is 0, it means that this type of language (all suffixes in that language) is counted as a vulnerability
Their repair method is only one: delete the file
"""
if self.rule_location == '' or self.line_number == 0:
logging.info("Find special files: RID{0}".format(self.rule_id))
# Check if the file exists
if os.path.isfile(self.file_path) is False:
# If the file is not found, the vulnerability state is fixed
logging.info("Deleted file repair is complete {0}".format(self.file_path))
self.status = self.status_fixed
self.repair_code = self.repair_code_not_exist_file
self.process_vulnerabilities()
return
else:
return
# Not exist file
if os.path.isfile(self.file_path) is False:
self.status = self.status_fixed
self.repair_code = self.repair_code_not_exist_file
self.process_vulnerabilities()
return
# Test file
if self.is_test_file():
self.status = self.status_fixed
self.repair_code = self.repair_code_test_file
self.process_vulnerabilities()
return
"""
Cobra Skip
@cobra const
`@[cC][oO][bB][rR][aA]\s*[cC][oO][nN][sS][tT]`
"""
file_content = File(self.file_path).read_file()
ret_regex_const = re.findall(r'@[cC][oO][bB][rR][aA]\s*[cC][oO][nN][sS][tT]', file_content)
if len(ret_regex_const) > 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_const_file
self.process_vulnerabilities()
return
"""
@cobra third-party
`@[cC][oO][bB][rR][aA]\s*[tT][hH][iI][rR][dD]-[pP][aA][rR][tT][yY]`
"""
ret_regex_third_party = re.findall(r'@[cC][oO][bB][rR][aA]\s*[tT][hH][iI][rR][dD]-[pP][aA][rR][tT][yY]', file_content)
if len(ret_regex_third_party) > 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_third_party
self.process_vulnerabilities()
return
# Remove the trigger code (actual file)
trigger_code = File(self.file_path).lines("{0}p".format(self.line_number))
if trigger_code is False:
logging.critical("Failed to fetch the trigger code {0}".format(self.code_content))
self.status = self.status_fixed
self.repair_code = self.repair_code_empty_code
self.process_vulnerabilities()
return
self.code_content = trigger_code
# Whitelist
if self.is_white_list():
self.status = self.status_fixed
self.repair_code = self.repair_code_whitelist
self.process_vulnerabilities()
logging.info("In white list {0}".format(self.file_path))
return
# Special file
if self.is_special_file():
self.status = self.status_fixed
self.repair_code = self.repair_code_special_file
self.process_vulnerabilities()
logging.info("Special File: {0}".format(self.file_path))
return
# Annotation
if self.is_annotation():
self.status = self.status_fixed
self.repair_code = self.repair_code_annotation
self.process_vulnerabilities()
logging.info("In Annotation {0}".format(self.code_content))
return
# Modify
ret_regex = re.findall(self.rule_location, trigger_code.strip())
if len(ret_regex) == 0:
self.status = self.status_fixed
self.repair_code = self.repair_code_modify
self.process_vulnerabilities()
return
# Fixed
if self.is_can_parse() and self.rule_repair.strip() != '':
try:
parse_instance = parse.Parse(self.rule_location, self.file_path, self.line_number, self.code_content)
if parse_instance.is_repair(self.rule_repair, self.block_repair):
logging.info("Static: repaired")
# Fixed
self.status = self.status_fixed
self.repair_code = self.repair_code_fixed
self.process_vulnerabilities()
return
else:
logging.critical("[repair] not fixed")
return
except:
logging.info(traceback.print_exc())
return