示例#1
0
def func_similarity_cfg_level(soft_db, funcs, character_db, func_name, worksheet):
    # @db1 待比对数据库
    # @db2 漏洞特征数据库
    # @func_name 目标函数名
    
    #过滤一下
    ast_root = get_function_ast_root(character_db, func_name)
    if ast_root is None:
        print "no function found"
        return
    
    return_type = get_function_return_type(character_db, ast_root)  # 获取目标函数返回值类型
    param_list = get_function_param_list(character_db, ast_root)  # 获取目标函数参数类型列表

    filter_funcs = filter_functions(soft_db, funcs, return_type, param_list) # 过滤待比较函数
    tar_func = get_function_node(character_db, func_name)
    
    for ast_root in filter_funcs:
        src_func = get_function_node_by_ast_root(soft_db, ast_root)
        
        
        match, simi = func_cfg_similarity(src_func, soft_db, tar_func, character_db)
        if match:
            
            file = get_function_file(soft_db, src_func.properties[u'name'])[41:]
            worksheet.append(
                             (func_name, file, src_func.properties[u'name'],match,
                              round(simi,4) ))
        elif simi == -1:
            print u"节点太多,未进行比较 "
示例#2
0
def func_similarity_astLevel(db1, funcs, db2, func_name, suffix_tree_obj, worksheet):
    # @db1 待比对数据库
    # @db2 漏洞特征数据库
    # @func_name 目标函数名
    
    target_func = get_function_ast_root(db2, func_name)
    return_type = get_function_return_type(db2, target_func)  # 获取目标函数返回值类型
    param_list = get_function_param_list(db2, target_func)  # 获取目标函数参数类型列表
    
    # funcs = getAllFuncs(db1) #获取所有函数
    filter_funcs = filter_functions(db1, funcs, return_type, param_list) # 过滤待比较函数
    
    ret = serializedAST(db2).genSerilizedAST(target_func)
    pattern1 = ";".join(ret[0][2:])
    pattern2 = ";".join(ret[1][2:])
    pattern3 = ";".join(ret[2][2:])
    pattern4 = ";".join(ret[3][2:])  
    
    for func in filter_funcs:
        ast_root = get_function_ast_root(db1, func.properties[u'name'])
        s1 = serializedAST(db1, True, True).genSerilizedAST(ast_root)[0][:-1]
        s2 = serializedAST(db1, False, True).genSerilizedAST(ast_root)[0][:-1]
        s3 = serializedAST(db1, True, False).genSerilizedAST(ast_root)[0][:-1]
        s4 = serializedAST(db1, False, False).genSerilizedAST(ast_root)[0][:-1] 
        
        report = {}
        if suffix_tree_obj.search(s1, pattern1):
            report['distinct_type_and_const'] = True
        
        if suffix_tree_obj.search(s2, pattern2):
            report['distinct_const_no_type'] = True
        
        if suffix_tree_obj.search(s3, pattern3):
            report['distinct_type_no_const'] = True
        
        if suffix_tree_obj.search(s4, pattern4):
            report['distinct_type_no_const'] = True
        
        if report['distinct_type_and_const'] or  report['distinct_const_no_type']\
            or report['distinct_type_no_const'] or report['no_type_no_const']:
            
            file = get_function_file(db1, func.properties[u'name'])
            worksheet.append(
                             (func_name, file, func.properties[u'name'],report['distinct_type_and_const'],
                              report['distinct_const_no_type'], report['distinct_type_no_const'],
                              report['distinct_type_no_const'] ))