diff --git a/detection/backdoor_detection.py b/detection/backdoor_detection.py new file mode 100644 index 0000000..afca29b --- /dev/null +++ b/detection/backdoor_detection.py @@ -0,0 +1,87 @@ +""" +Usage: python backdoor_detection.py your_file_path +""" + +import re +from typing import List, Tuple, Dict +import sys + + +def read_file_content(file_path: str) -> str: + """ + Reads and returns the content of a specified file. Exits the program with an error if the file does not exist or cannot be read. + + :param file_path: The full path to the file. + :return: The text content of the file. + :raises FileNotFoundError: If the file does not exist. + :raises IOError: If the file cannot be read. + """ + try: + with open(file_path, "r", encoding="utf-8") as file: + return file.read() + except FileNotFoundError: + print("Error: File not found.") + sys.exit(1) + except IOError: + print("Error: Could not read file.") + sys.exit(1) + + +def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]: + """ + Searches the given code text for potentially dangerous function calls and classifies results by risk level. + Ignores comments in the code. + + :param file_content: String content of the code file. + :return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values. + """ + # Define dangerous functions and their risk levels + patterns: Dict[str, str] = { + r"\bsystem\(": "high", + r"\bexec\(": "high", + r"\bpopen\(": "medium", + r"\beval\(": "high", + r"\bsubprocess\.run\(": "medium", + } + # Store results classified by risk level + classified_results = {"high": [], "medium": [], "low": []} + for line_number, line in enumerate(file_content.split("\n"), start=1): + # Remove comments from the line + clean_line = line.split("#")[0].strip() + if not clean_line: # Skip empty or comment-only lines + continue + found = False + for pattern, risk_level in patterns.items(): + if re.search(pattern, clean_line): + classified_results[risk_level].append((line_number, clean_line)) + found = True + break # Stop checking other patterns once a match is found + return classified_results + + +def main(file_path: str): + """ + Main function that reads file content, checks for dangerous functions, and outputs classified results by risk level. + + :param file_path: File path input from the command line. + """ + file_content = read_file_content(file_path) + classified_dangerous = find_dangerous_functions(file_content) + for risk_level in [ + "high", + "medium", + ]: # Only iterate over high and medium risk levels + occurrences = classified_dangerous[risk_level] + if occurrences: + print(f"Dangerous functions found at risk level {risk_level}:") + for line_num, func in occurrences: + print(f" Line {line_num}: {func}") + else: + print(f"No dangerous functions found at risk level {risk_level}.") + + +if __name__ == "__main__": + if len(sys.argv) < 2: + print("Usage: python script.py ") + sys.exit(1) + main(sys.argv[1]) diff --git a/tests/test_backdoor_detection.py b/tests/test_backdoor_detection.py new file mode 100644 index 0000000..f61b561 --- /dev/null +++ b/tests/test_backdoor_detection.py @@ -0,0 +1,55 @@ +import unittest +from detection.backdoor_detection import find_dangerous_functions + + +class TestBackdoorDetection(unittest.TestCase): + def test_high_risk_detection(self): + content = """import os + os.system('rm -rf /') # high risk + exec('print("Hello")') # high risk + eval('2 + 2') # high risk + """ + results = find_dangerous_functions(content) + self.assertIn((2, "os.system('rm -rf /')"), results["high"]) + self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) + self.assertIn((4, "eval('2 + 2')"), results["high"]) + + def test_medium_risk_detection(self): + content = """import subprocess + subprocess.run(['ls', '-l']) # medium risk + import os + os.popen('ls') # medium risk + """ + results = find_dangerous_functions(content) + self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) + self.assertIn((4, "os.popen('ls')"), results["medium"]) + + def test_no_risk_detection(self): + content = """a = 10 + b = a + 5 + print('This should not be detected as risky.') + """ + results = find_dangerous_functions(content) + self.assertEqual(len(results["high"]), 0) + self.assertEqual(len(results["medium"]), 0) + self.assertEqual(len(results["low"]), 0) + + def test_inclusion_of_comments(self): + content = """# Just a comment line + print('This is a safe line') + eval('2 + 2') # This should be high risk + subprocess.run(['echo', 'hello']) # This should be medium risk + """ + results = find_dangerous_functions(content) + self.assertIn( + (3, "eval('2 + 2')"), + results["high"], + ) + self.assertIn( + (4, "subprocess.run(['echo', 'hello'])"), + results["medium"], + ) + + +if __name__ == "__main__": + unittest.main()