sangge/BackDoorBuster
1
0
Fork 0
Code Issues Pull Requests Projects 1 Activity

feat: 添加对pyc文件的反汇编功能模块

Browse Source
This commit is contained in:
dqy
2024-05-29 20:08:40 +08:00
parent 27ec14be54
commit 40f5c07fa1
3 changed files with 53 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
detection/Regexdetection.py
View File

@@ -25,6 +25,16 @@ def find_dangerous_functions(
".cpp": { ".cpp": {
r"\bsystem\(": "high", r"\bsystem\(": "high",
}, },
".pyc": {
r"\bexec\b": "high",
r"\beval\b": "high",
r"\bos\.system\b": "high",
r"\bos\.exec\b": "high",
r"\bos\.fork\b": "high",
r"\bos\.kill\b": "high",
r"\bos\.popen\b": "medium",
r"\bos\.spawn\b": "medium",
},
} }
risk_patterns = patterns.get(file_extension, {}) risk_patterns = patterns.get(file_extension, {})
classified_results = {"high": [], "medium": [], "low": [], "none": []} classified_results = {"high": [], "medium": [], "low": [], "none": []}
@@ -36,4 +46,3 @@ def find_dangerous_functions(
if re.search(pattern, clean_line): if re.search(pattern, clean_line):
classified_results[risk_level].append((line_number, clean_line)) classified_results[risk_level].append((line_number, clean_line))
return classified_results return classified_results

30
detection/backdoor_detection.py
View File

@@ -3,12 +3,13 @@ from typing import Dict, List, Tuple
from reportlab.lib.pagesizes import letter from reportlab.lib.pagesizes import letter
from reportlab.lib.styles import getSampleStyleSheet from reportlab.lib.styles import getSampleStyleSheet
from reportlab.platypus import Paragraph, Spacer, SimpleDocTemplate from reportlab.platypus import Paragraph, Spacer, SimpleDocTemplate
from .Regexdetection import find_dangerous_functions from detection.Regexdetection import find_dangerous_functions
from .GPTdetection import detectGPT from detection.GPTdetection import detectGPT
from .utils import * from detection.utils import *
from detection.pyc_detection import disassemble_pyc
import sys import sys
SUPPORTED_EXTENSIONS = {".py", ".js", ".cpp"} SUPPORTED_EXTENSIONS = {".py", ".js", ".cpp", ".pyc"}
OUTPUT_FORMATS = ["html", "md", "txt", "pdf"] OUTPUT_FORMATS = ["html", "md", "txt", "pdf"]
@@ -119,12 +120,23 @@ def output_text(results: Dict[str, List[Tuple[int, str]]], file_name=None):
def checkModeAndDetect(mode: str, filePath: str, fileExtension: str): def checkModeAndDetect(mode: str, filePath: str, fileExtension: str):
# TODO:添加更多方式,这里提高代码的复用性和扩展性 # TODO:添加更多方式,这里提高代码的复用性和扩展性
if mode == "regex": if fileExtension == ".pyc":
return find_dangerous_functions(read_file_content(filePath), fileExtension) # 反汇编pyc文件
elif mode == "llm": file_content = disassemble_pyc(filePath)
return detectGPT(read_file_content(filePath)) if mode == "regex":
return find_dangerous_functions(file_content, fileExtension)
elif mode == "llm":
return detectGPT(file_content)
else:
return find_dangerous_functions(file_content, fileExtension)
else: else:
return find_dangerous_functions(read_file_content(filePath), fileExtension) file_content = read_file_content(filePath)
if mode == "regex":
return find_dangerous_functions(file_content, fileExtension)
elif mode == "llm":
return detectGPT(file_content)
else:
return find_dangerous_functions(file_content, fileExtension)
def process_path(path: str, output_format: str, mode: str, output_file=None): def process_path(path: str, output_format: str, mode: str, output_file=None):

22
detection/pyc_detection.py Normal file
View File

@@ -0,0 +1,22 @@
from typing import List, Tuple
import uncompyle6
import io
def disassemble_pyc(file_path: str) -> str:
"""
Disassembles a .pyc file using uncompyle6.
Args:
file_path (str): The path to the .pyc file.
Returns:
str: The disassembled code as a string.
"""
output = io.StringIO()
try:
uncompyle6.main.decompile_file(file_path, output)
return output.getvalue()
except Exception as e:
print(f"Error occurred while disassembling: {e}")
return ""