def func_pdg_similarity_proc(vuln_id, neo4jdb): start_time = time.time() vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id) vuln_name = vuln_info.cve_info.cveid.replace(u"-", u"_").upper() + u"_VULN_" + vuln_info.vuln_func patch_name = vuln_info.cve_info.cveid.replace(u"-", u"_").upper() + u"_PATCHED_" + vuln_info.vuln_func report = pdg_vuln_patch_funcs_report() report.vuln_info = vuln_info report.status = u"pending" report.save() vuln_func = getFuncNode(vuln_name, neo4jdb) if vuln_func is None: report.status = u"vuln_func_not_found" report.save() patch_func = getFuncNode(patch_name, neo4jdb) if patch_name is None: report.status = u"patch_func_not_found" report.save() match, simi = func_pdg_similarity(vuln_func, neo4jdb, patch_func, neo4jdb) report.is_match = match report.similarity_rate = simi report.status = u"success" end_time = time.time() report.cost = round(end_time - start_time, 2) report.save()
def func_pdg_similarity_proc(vuln_id, neo4jdb): start_time = time.time() vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id) vuln_name = vuln_info.cve_info.cveid.replace( u"-", u"_").upper() + u"_VULN_" + vuln_info.vuln_func patch_name = vuln_info.cve_info.cveid.replace( u"-", u"_").upper() + u"_PATCHED_" + vuln_info.vuln_func report = pdg_vuln_patch_funcs_report() report.vuln_info = vuln_info report.status = u"pending" report.save() vuln_func = getFuncNode(vuln_name, neo4jdb) if vuln_func is None: report.status = u"vuln_func_not_found" report.save() patch_func = getFuncNode(patch_name, neo4jdb) if patch_name is None: report.status = u"patch_func_not_found" report.save() match, simi = func_pdg_similarity(vuln_func, neo4jdb, patch_func, neo4jdb) report.is_match = match report.similarity_rate = simi report.status = u"success" end_time = time.time() report.cost = round(end_time - start_time, 2) report.save()
def func_similarity_pdgLevel_proc(soft, db1, db2, vuln_infos): allFuncs = getAllFuncs(db1) for vuln in vuln_infos: info = vulnerability_info.objects.get(vuln_id=int(vuln)) try: bug_finder_logs.objects.get(algorithm_type="CFG", target_soft=soft, target_vuln=info) continue except bug_finder_logs.DoesNotExist: pass func_name = info.cve_info.cveid.replace( u"-", u"_").upper() + u"_VULN_" + info.vuln_func #获取过滤后的待比对函数集 ast_root = getASTRootNodeByName(func_name, db2) retType = getFuncRetType(ast_root, db2) paramList = getFuncParamList(ast_root, db2) funcList = filterFuncs(db1, allFuncs, retType, paramList) func_node = getFuncNode(func_name, db2) report_list = [] #逐个计算 for func in funcList: flag, simi = func_pdg_similarity(func, db1, func_node, db2) if flag: report = { "func_name": func.properties["name"], "match": flag, "simi_rate": simi } func_file = getFuncFile(db1, func)[len(soft.sourcecodepath):] report["func_file":func_file] report_list.append(report) #形成报告,写入数据库 log = bug_finder_logs() log.algorithm_type = "PDG" log.target_soft = soft log.target_vuln = vuln log.cal_report = pickle.dumps(report_list) log.save()
def func_similarity_pdgLevel_proc(soft, db1, db2, vuln_infos): allFuncs = getAllFuncs(db1) for vuln in vuln_infos: info = vulnerability_info.objects.get(vuln_id=int(vuln)) try: bug_finder_logs.objects.get(algorithm_type="CFG", target_soft=soft, target_vuln=info) continue except bug_finder_logs.DoesNotExist: pass func_name = info.cve_info.cveid.replace(u"-", u"_").upper() + u"_VULN_" + info.vuln_func # 获取过滤后的待比对函数集 ast_root = getASTRootNodeByName(func_name, db2) retType = getFuncRetType(ast_root, db2) paramList = getFuncParamList(ast_root, db2) funcList = filterFuncs(db1, allFuncs, retType, paramList) func_node = getFuncNode(func_name, db2) report_list = [] # 逐个计算 for func in funcList: flag, simi = func_pdg_similarity(func, db1, func_node, db2) if flag: report = {"func_name": func.properties["name"], "match": flag, "simi_rate": simi} func_file = getFuncFile(db1, func)[len(soft.sourcecodepath) :] report["func_file":func_file] report_list.append(report) # 形成报告,写入数据库 log = bug_finder_logs() log.algorithm_type = "PDG" log.target_soft = soft log.target_vuln = vuln log.cal_report = pickle.dumps(report_list) log.save()