Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

修复了API提交URL时的命令执行 #1201

Merged
merged 6 commits into from
Aug 25, 2018
Merged

修复了API提交URL时的命令执行 #1201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3b3cb53
修复了API提交URL时的命令执行
Aug 21, 2018
7b70c6f
删除无用文件
BlBana Aug 21, 2018
cd29284
支持了Java语义分析
Aug 25, 2018
12c88c8
Merge branch 'master' of https://github.com/BlBana/cobra
Aug 25, 2018
7bd93f6
Merge remote-tracking branch 'upstream/master'
Aug 25, 2018
4fd2cc0
增加了依赖
Aug 25, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions cobra/engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
from .result import VulnerabilityResult
from .cast import CAST
from .parser import scan_parser
from .java_parser import java_scan_parser
from .cve import scan_cve
from prettytable import PrettyTable

Expand Down Expand Up @@ -356,6 +357,7 @@ def process(self):
is_test = False
try:
is_vulnerability, reason = Core(self.target_directory, vulnerability, self.sr, 'project name', ['whitelist1', 'whitelist2'], test=is_test, index=index).scan()

if is_vulnerability:
logger.debug('[CVI-{cvi}] [RET] Found {code}'.format(cvi=self.sr['id'], code=reason))
vulnerability.analysis = reason
Expand Down Expand Up @@ -707,3 +709,35 @@ def scan(self):
except Exception as e:
logger.debug(traceback.format_exc())
return False, 'Exception'

if self.file_path[-4:].lower() == 'java':
if self.rule_match_mode == const.mm_function_param_controllable:
rule_match = self.rule_match.strip('()').split('|')
logger.debug('[RULE_MATCH] {r}'.format(r=rule_match))
try:
with open(self.file_path, 'r') as fi:
code_contents = fi.read()
result = java_scan_parser(code_contents, rule_match, self.line_number)
logger.debug('[AST] [RET] {c}'.format(c=result))

if len(result) > 0:
if result[0]['code'] == 1: # 函数参数可控
return True, 'FUNCTION-PARAM-CONTROLLABLE(函数入参可控)'

if result[0]['code'] == 2: # 函数为敏感函数
return False, 'FUNCTION-PARAM-CONTROLLABLE(函数入参来自所在函数)'

if result[0]['code'] == 0: # 漏洞修复
return False, 'FUNCTION-PARAM-CONTROLLABLE+Vulnerability-Fixed(漏洞已修复)'

if result[0]['code'] == -1: # 函数参数不可控
return False, 'FUNCTION-PARAM-CONTROLLABLE(入参不可控)'

logger.debug('[AST] [CODE] {code}'.format(code=result[0]['code']))
else:
logger.debug('[AST] Parser failed / vulnerability parameter is not controllable {r}'.format(r=result))
return False, 'FUNCTION-PARAM-CONTROLLABLE(入参不可控)'

except Exception as e:
logger.warning(traceback.format_exc())
return False, 'Exception'
Loading