Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

function-regex模式跳出限制不明的问题 #35

Open
LoRexxar opened this issue Apr 19, 2019 · 0 comments
Open

function-regex模式跳出限制不明的问题 #35

LoRexxar opened this issue Apr 19, 2019 · 0 comments

Comments

@LoRexxar
Copy link
Owner

function-regex模式起初是被设计为会跑完所有的恶意地址。

但实际上来说,只取了列表的第一个

                        if len(result) > 0:
                            if result[0]['code'] == 1:  # 函数参数可控
                                return True, 'Function-param-controllable', result[0]['chain']

                            elif result[0]['code'] == 2:  # 漏洞修复
                                return False, 'Function-param-controllable but fixed', result[0]['chain']

                            elif result[0]['code'] == 3:  # 疑似漏洞
                                return True, 'Unconfirmed Function-param-controllable', result[0]['chain']

                            elif result[0]['code'] == -1:  # 函数参数不可控
                                return False, 'Function-param-uncon', result[0]['chain']

                            elif result[0]['code'] == 4:  # 新规则生成
                                return False, 'New Core', result[0]['source']

                            logger.debug('[AST] [CODE] {code}'.format(code=result[0]['code']))
                        else:
                            logger.debug(
                                '[AST] Parser failed / vulnerability parameter is not controllable {r}'.format(
                                    r=result))
                            return False, 'Can\'t parser'

所以列表后面的就变得无意义了。

假设如果一行语句中同时存在两个敏感函数,如果第一个可控,第二个不可控,那么第二个就会被忽略,匹配到第一个之后就会直接结束。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant