sangge/BackDoorBuster
1
0
Fork 0
Code Issues Pull Requests Projects 1 Activity

Compare commits

base: sangge:27ef6c9acc63991fc7feb403837afb862e1d2d78
Branches Tags
sangge:main
..
compare: sangge:57145589651e1ad49bc56507fac287c49d355d58
Branches Tags
sangge:main

5 Commits
27ef6c9acc ... 5714558965

Author SHA1 Message Date
dqy
5714558965 feat: 添加依赖漏洞检测模块
All checks were successful
Python application test / build (pull_request) Successful in 20s
 2024-04-22 17:08:31 +08:00
dqy
f2d4e1befc perf: 修改检测结果输出路径;删除测试模块 2024-04-22 17:07:50 +08:00
dqy
278e9ee42e perf: 设置依赖检测结果输出路径 2024-04-22 17:07:03 +08:00
dqy
2c844c8ed1 feat: 爬取漏洞依赖并对版本信息格式进行转换 2024-04-22 17:06:12 +08:00
dqy
5993a14368 perf: 修改代码后门检测输出路径 2024-04-22 17:05:14 +08:00
15 changed files with 3554 additions and 112 deletions
Expand all files Collapse all files

62
crawler/crawler.py Normal file
View File

@@ -0,0 +1,62 @@
import requests
from bs4 import BeautifulSoup
def fetch_html(url):
"""从指定URL获取HTML内容"""
response = requests.get(url)
if response.status_code == 200:
return response.text
else:
return None
def parse_html(html):
"""解析HTML获取每个tr中第二个td下的所有a和span标签的内容"""
soup = BeautifulSoup(html, "html.parser")
table = soup.find("table", id="sortable-table")
results = []
if table:
rows = table.find("tbody").find_all("tr")
for row in rows:
tds = row.find_all("td")
if len(tds) >= 2:
a_tags = tds[1].find_all("a")
span_tags = tds[1].find_all("span")
spans = [span.text.strip() for span in span_tags]
for a_tag in a_tags:
results.append((a_tag.text.strip(), spans))
return results
def save_results_to_file(results, filename):
"""保存提取的数据到TXT文件"""
with open(filename, "a", encoding="utf-8") as file: # Append mode
for data in results:
package_name, version_ranges = data
file.write(f"Package Name: {package_name}\n")
file.write("Version Ranges: " + ", ".join(version_ranges) + "\n")
file.write("-" * 50 + "\n") # Adds a separator for clarity
def main():
base_url = "https://security.snyk.io/vuln/pip/"
page_number = 1
while True:
url = f"{base_url}{page_number}"
print(f"Fetching data from {url}")
html_content = fetch_html(url)
if not html_content:
print("No more data found or failed to fetch.")
break
extracted_data = parse_html(html_content)
if not extracted_data:
print("No relevant data found on page.")
break
save_results_to_file(extracted_data, "extracted_data.txt")
page_number += 1
print("Results have been saved to 'extracted_data.txt'.")
if __name__ == "__main__":
main()

2700
crawler/extracted_data.txt Normal file
View File

File diff suppressed because it is too large Load Diff

507
crawler/trans_extracted_data.txt Normal file
View File

@@ -0,0 +1,507 @@
Package Name: apache-airflow
Version Ranges: <2.6.1,>=2.3.0
--------------------------------------------------
Package Name: mlflow
Version Ranges: <2.10.0
--------------------------------------------------
Package Name: torch
Version Ranges: <1.10.0
--------------------------------------------------
Package Name: aiohttp
Version Ranges: <3.9.2,>=1.0.5
--------------------------------------------------
Package Name: keras
Version Ranges: <2.13.1rc0
--------------------------------------------------
Package Name: llama-index
Version Ranges: <0.10.24
--------------------------------------------------
Package Name: zenml
Version Ranges: <0.42.2,<0.43.1,<0.44.4,<0.47.0,>=0.43.0,>=0.44.0,>=0.46.0
--------------------------------------------------
Package Name: gradio
Version Ranges: <4.9.0
--------------------------------------------------
Package Name: bentoml
Version Ranges: <1.2.5
--------------------------------------------------
Package Name: langchain
Version Ranges: <0.0.353
--------------------------------------------------
Package Name: scrapy
Version Ranges: <1.8.4,<2.11.1,>=2.0.0
--------------------------------------------------
Package Name: sqlparse
Version Ranges: <0.5.0
--------------------------------------------------
Package Name: gunicorn
Version Ranges: <22.0.0
--------------------------------------------------
Package Name: magnum
Version Ranges: <14.1.2,<15.0.2,<16.0.2,<17.0.2,>=15.0.0.0rc1,>=16.0.0.0rc1,>=17.0.0.0rc1
--------------------------------------------------
Package Name: nicegui
Version Ranges: <1.4.21,>=1.4.6
--------------------------------------------------
Package Name: idna
Version Ranges: <3.7
--------------------------------------------------
Package Name: llama-index-core
Version Ranges: <0.10.24
--------------------------------------------------
Package Name: litellm
Version Ranges: <1.34.42
--------------------------------------------------
Package Name: roundup
Version Ranges: <1.2.1,<1.4.6,>=1.2.0,>=1.4.0
--------------------------------------------------
Package Name: transformers
Version Ranges: <4.37.0
--------------------------------------------------
Package Name: dirac
Version Ranges: <8.0.37,<9.0.0a22,>=8.0.0,>=8.1.0a1
--------------------------------------------------
Package Name: yt-dlp
Version Ranges: <2024.4.9,>=2021.4.11
--------------------------------------------------
Package Name: rafcon
Version Ranges: <0.15.4
--------------------------------------------------
Package Name: radicale
Version Ranges: <3.0.0
--------------------------------------------------
Package Name: pcaspy
Version Ranges: <0.7.1
--------------------------------------------------
Package Name: holidays
Version Ranges: <0.45
--------------------------------------------------
Package Name: evennia
Version Ranges: <4.0.0
--------------------------------------------------
Package Name: django-json-widget
Version Ranges: <2.0.0
--------------------------------------------------
Package Name: avocado-framework
Version Ranges: <104.0
--------------------------------------------------
Package Name: arrendatools.plantillas
Version Ranges: <0.4.3
--------------------------------------------------
Package Name: amazon-product-details-scraper
Version Ranges: <1.0.4
--------------------------------------------------
Package Name: aiopioneer
Version Ranges: <0.1.5
--------------------------------------------------
Package Name: pgadmin4
Version Ranges: <8.4
--------------------------------------------------
Package Name: pymongo
Version Ranges: <4.6.3
--------------------------------------------------
Package Name: voila
Version Ranges: <0.2.17,<0.3.8,<0.4.4,<0.5.6,>=0.0.2,>=0.3.0a0,>=0.4.0a0,>=0.5.0a0
--------------------------------------------------
Package Name: piccolo-admin
Version Ranges: <1.3.2
--------------------------------------------------
Package Name: cryptoauthlib
Version Ranges: <20200912
--------------------------------------------------
Package Name: mosaicml
Version Ranges: <0.5.0
--------------------------------------------------
Package Name: mlrun
Version Ranges: <1.7.0rc5
--------------------------------------------------
Package Name: eventlet
Version Ranges: <0.34.3
--------------------------------------------------
Package Name: salt
Version Ranges: <3005.5
--------------------------------------------------
Package Name: django-two-factor-auth
Version Ranges: <1.13
--------------------------------------------------
Package Name: pillow
Version Ranges: <10.2.0
--------------------------------------------------
Package Name: ipywidgets
Version Ranges: <5.2.0,>=5.0.0
--------------------------------------------------
Package Name: pylint
Version Ranges: <2.6.1
--------------------------------------------------
Package Name: pytest-cov
Version Ranges: <2.0.0
--------------------------------------------------
Package Name: jupyterhub
Version Ranges: <4.1.0
--------------------------------------------------
Package Name: geonode
Version Ranges: <4.1.0
--------------------------------------------------
Package Name: langchain-core
Version Ranges: <0.1.7
--------------------------------------------------
Package Name: lektor
Version Ranges: <3.3.11
--------------------------------------------------
Package Name: ansys-geometry-core
Version Ranges: <0.3.3,<0.4.12,>=0.3.0,>=0.4.0
--------------------------------------------------
Package Name: nautobot
Version Ranges: <1.6.10,<2.1.2,>=2.0.0
--------------------------------------------------
Package Name: mobsfscan
Version Ranges: <0.3.8
--------------------------------------------------
Package Name: esphome
Version Ranges: <2024.2.1
--------------------------------------------------
Package Name: qiskit-ibm-runtime
Version Ranges: <0.21.2,>=0.1.0
--------------------------------------------------
Package Name: jupyter-server-proxy
Version Ranges: <3.2.3,<4.1.1,>=4.0.0
--------------------------------------------------
Package Name: oauthenticator
Version Ranges: <16.3.0
--------------------------------------------------
Package Name: octoprint
Version Ranges: <1.10.0rc1
--------------------------------------------------
Package Name: wiki
Version Ranges: <0.10.1
--------------------------------------------------
Package Name: astropy
Version Ranges: <5.3.3
--------------------------------------------------
Package Name: yaql
Version Ranges: <3.0.0
--------------------------------------------------
Package Name: black
Version Ranges: <24.3.0
--------------------------------------------------
Package Name: fgr
Version Ranges: <0.4.0
--------------------------------------------------
Package Name: vantage6
Version Ranges: <4.2.0
--------------------------------------------------
Package Name: paddlepaddle
Version Ranges: <2.6.0
--------------------------------------------------
Package Name: mssql-django
Version Ranges: <1.4.1
--------------------------------------------------
Package Name: aiosmtpd
Version Ranges: <1.4.5
--------------------------------------------------
Package Name: ckan
Version Ranges: <2.10.1,<2.9.9,>=2.10.0
--------------------------------------------------
Package Name: langchain-community
Version Ranges: <0.0.27
--------------------------------------------------
Package Name: libosdp
Version Ranges: <3.0.0
--------------------------------------------------
Package Name: weasyprint
Version Ranges: <61.2,>=61.0
--------------------------------------------------
Package Name: apache-superset
Version Ranges: <3.0.3
--------------------------------------------------
Package Name: jwcrypto
Version Ranges: <1.5.6,>=0.5.0
--------------------------------------------------
Package Name: paho-mqtt
Version Ranges: <1.1
--------------------------------------------------
Package Name: rq
Version Ranges: <0.7.1
--------------------------------------------------
Package Name: eth-abi
Version Ranges: <5.0.1
--------------------------------------------------
Package Name: prefect
Version Ranges: <2.15.0
--------------------------------------------------
Package Name: django-treenode
Version Ranges: <0.20.0
--------------------------------------------------
Package Name: hypercorn
Version Ranges: <0.16.0
--------------------------------------------------
Package Name: streamlink
Version Ranges: <5.3.0
--------------------------------------------------
Package Name: kedro
Version Ranges: <0.19.3
--------------------------------------------------
Package Name: pyccel
Version Ranges: <1.9.0
--------------------------------------------------
Package Name: django
Version Ranges: <3.2.24,<4.2.10,<5.0.2,>=3.2,>=4.2,>=5.0
--------------------------------------------------
Package Name: videomass
Version Ranges: <5.0.4
--------------------------------------------------
Package Name: ultralytics
Version Ranges: <8.1.0
--------------------------------------------------
Package Name: intel-extension-for-transformers
Version Ranges: <1.2.2
--------------------------------------------------
Package Name: labgrid
Version Ranges: <23.0.2
--------------------------------------------------
Package Name: docassemble.webapp
Version Ranges: <1.4.97
--------------------------------------------------
Package Name: docassemble.base
Version Ranges: <1.4.97,>=1.4.53
--------------------------------------------------
Package Name: docassemble
Version Ranges: <1.4.97
--------------------------------------------------
Package Name: langchain-experimental
Version Ranges: <0.0.52
--------------------------------------------------
Package Name: label-studio
Version Ranges: <1.10.1
--------------------------------------------------
Package Name: rpyc
Version Ranges: <5.2.1
--------------------------------------------------
Package Name: peewee
Version Ranges: <3.17.1
--------------------------------------------------
Package Name: urllib3-future
Version Ranges: <2.4.902
--------------------------------------------------
Package Name: flask-appbuilder
Version Ranges: <4.3.11
--------------------------------------------------
Package Name: pretix
Version Ranges: <2024.1.1
--------------------------------------------------
Package Name: orjson
Version Ranges: <3.9.15
--------------------------------------------------
Package Name: pypqc
Version Ranges: <0.0.6.1
--------------------------------------------------
Package Name: mjml
Version Ranges: <0.11.0
--------------------------------------------------
Package Name: onnx
Version Ranges: <1.16.0
--------------------------------------------------
Package Name: fastecdsa
Version Ranges: <2.3.2
--------------------------------------------------
Package Name: pymatgen
Version Ranges: <2024.2.20
--------------------------------------------------
Package Name: cryptography
Version Ranges: <42.0.2,>=35.0.0
--------------------------------------------------
Package Name: apache-airflow-providers-mongo
Version Ranges: <4.0.0,>=1.0.0
--------------------------------------------------
Package Name: cbor2
Version Ranges: <5.6.0
--------------------------------------------------
Package Name: intel-extension-for-tensorflow
Version Ranges: <2.13.0.0
--------------------------------------------------
Package Name: tuf
Version Ranges: <3.1.1,>=2.0.0
--------------------------------------------------
Package Name: zpywallet
Version Ranges: <0.6.2
--------------------------------------------------
Package Name: dipdup
Version Ranges: <3.0.2
--------------------------------------------------
Package Name: clip-retrieval
Version Ranges: <2.23.1
--------------------------------------------------
Package Name: procrastinate
Version Ranges: <0.11.0
--------------------------------------------------
Package Name: embedchain
Version Ranges: <0.1.57
--------------------------------------------------
Package Name: miarec-ftpfs
Version Ranges: <2024.1.2
--------------------------------------------------
Package Name: miarec-sshfs
Version Ranges: <2024.1.5
--------------------------------------------------
Package Name: linkml
Version Ranges: <1.5.2
--------------------------------------------------
Package Name: toodledo
Version Ranges: <1.5.0
--------------------------------------------------
Package Name: renku
Version Ranges: <1.11.0
--------------------------------------------------
Package Name: vunnel
Version Ranges: <0.18.0
--------------------------------------------------
Package Name: panda3d
Version Ranges: <1.9.4
--------------------------------------------------
Package Name: ludwig
Version Ranges: <0.7
--------------------------------------------------
Package Name: ethyca-fides
Version Ranges: <2.1.0
--------------------------------------------------
Package Name: hiddifypanel
Version Ranges: <9.0.0.dev30
--------------------------------------------------
Package Name: dgl
Version Ranges: <0.9.0
--------------------------------------------------
Package Name: deephaven-core
Version Ranges: <0.30.0
--------------------------------------------------
Package Name: borgmatic
Version Ranges: <1.8.7
--------------------------------------------------
Package Name: cg
Version Ranges: <26.0.4
--------------------------------------------------
Package Name: ccryptofeed
Version Ranges: <2.2.3
--------------------------------------------------
Package Name: c2cgeoform
Version Ranges: <2.1.26
--------------------------------------------------
Package Name: appfl
Version Ranges: <0.4.0
--------------------------------------------------
Package Name: nonebot2
Version Ranges: <2.2.0,>=2.0.0a16
--------------------------------------------------
Package Name: acryl-datahub
Version Ranges: <0.8.45
--------------------------------------------------
Package Name: bullmq
Version Ranges: <1.15.0
--------------------------------------------------
Package Name: aiobotocore
Version Ranges: <2.9.1
--------------------------------------------------
Package Name: diffoscope
Version Ranges: <256
--------------------------------------------------
Package Name: kinto-attachment
Version Ranges: <6.4.0
--------------------------------------------------
Package Name: bandit
Version Ranges: <1.7.7
--------------------------------------------------
Package Name: dnspython
Version Ranges: <2.6.1
--------------------------------------------------
Package Name: products.sqlalchemyda
Version Ranges: <2.2
--------------------------------------------------
Package Name: clearml
Version Ranges: <1.14.2
--------------------------------------------------
Package Name: tensorflow
Version Ranges: <1.7.1
--------------------------------------------------
Package Name: pyload-ng
Version Ranges: <0.5.0b3.dev78
--------------------------------------------------
Package Name: fastapi
Version Ranges: <0.109.1
--------------------------------------------------
Package Name: python-multipart
Version Ranges: <0.0.7
--------------------------------------------------
Package Name: kinto
Version Ranges: <6.1.0
--------------------------------------------------
Package Name: cupy
Version Ranges: <13.0.0
--------------------------------------------------
Package Name: llama-hub
Version Ranges: <0.0.67
--------------------------------------------------
Package Name: borgbackup
Version Ranges: <1.0.7
--------------------------------------------------
Package Name: snakemake
Version Ranges: <7.9.0
--------------------------------------------------
Package Name: lief
Version Ranges: <0.12.3
--------------------------------------------------
Package Name: checkov
Version Ranges: <2.0.1029
--------------------------------------------------
Package Name: dash-html-components
Version Ranges: <2.0.0
--------------------------------------------------
Package Name: dash
Version Ranges: <2.15.0
--------------------------------------------------
Package Name: dash-core-components
Version Ranges: <2.0.0
--------------------------------------------------
Package Name: glance-store
Version Ranges: <4.3.3,<4.7.0,>=4.4.0
--------------------------------------------------
Package Name: dagster
Version Ranges: <1.1.10
--------------------------------------------------
Package Name: wagtail
Version Ranges: <5.2rc1
--------------------------------------------------
Package Name: pycryptodome
Version Ranges: <3.19.1
--------------------------------------------------
Package Name: celery
Version Ranges: <4.4.0rc5
--------------------------------------------------
Package Name: vantage6-server
Version Ranges: <4.2.0
--------------------------------------------------
Package Name: tuitse-tsusin
Version Ranges: <1.3.2
--------------------------------------------------
Package Name: apache-airflow-providers-cncf-kubernetes
Version Ranges: <7.0.0,>=5.2.0
--------------------------------------------------
Package Name: whoogle-search
Version Ranges: <0.8.4
--------------------------------------------------
Package Name: jupyterlab-lsp
Version Ranges: <5.0.2
--------------------------------------------------
Package Name: changedetection.io
Version Ranges: <0.45.13
--------------------------------------------------
Package Name: jupyterlab
Version Ranges: <4.0.11,>=4.0.0
--------------------------------------------------
Package Name: ansible-core
Version Ranges: <2.14.14,<2.15.9,<2.16.3,>=2.15.0,>=2.16.0
--------------------------------------------------
Package Name: readthedocs-sphinx-search
Version Ranges: <0.3.2
--------------------------------------------------
Package Name: zodb3
Version Ranges: <3.8.3,<3.9.0c2,>=3.8.0a1,>=3.9.0
--------------------------------------------------

48
crawler/transfer.py Normal file
View File

@@ -0,0 +1,48 @@
"""转换原有的漏洞文件格式"""
import re
from packaging.specifiers import SpecifierSet
def load_vulnerable_packages(filename):
"""从文件加载有漏洞的包信息"""
with open(filename, "r", encoding="utf-8") as file:
content = file.read()
vulnerabilities = {}
blocks = content.split("--------------------------------------------------")
range_pattern = re.compile(r"\[(.*?),\s*(.*?)\)")
for block in blocks:
name_match = re.search(r"Package Name: (.+)", block)
if name_match:
package_name = name_match.group(1).strip()
ranges = range_pattern.findall(block)
specifier_list = []
for start, end in ranges:
if start and end:
specifier_list.append(f">={start},<{end}")
elif start:
specifier_list.append(f">={start}")
elif end:
specifier_list.append(f"<{end}")
if specifier_list:
vulnerabilities[package_name] = SpecifierSet(",".join(specifier_list))
return vulnerabilities
def save_vulnerabilities_to_file(vuln_packages, filename):
"""将漏洞信息写入到文件中"""
with open(filename, "w", encoding="utf-8") as file:
for package, specifiers in vuln_packages.items():
file.write(f"Package Name: {package}\n")
file.write(f"Version Ranges: {specifiers}\n")
file.write("-" * 50 + "\n")
def main():
vulnerabilities = load_vulnerable_packages("extracted_data.txt")
save_vulnerabilities_to_file(vulnerabilities, "trans_extracted_data.txt")
if __name__ == "__main__":
main()

8
detection/backdoor_detection.py
View File

@@ -1,3 +1,5 @@
# Usage: python backdoor_detection.py <code_path> <output_format>
import os
import re
import sys
@@ -70,7 +72,7 @@ def output_results(
results: Dict[str, List[Tuple[int, str]]], output_format: str, file_path: str
):
# Create the 'results' directory if it does not exist
results_dir = "../results"
results_dir = "../results/code"
if not os.path.exists(results_dir):
os.makedirs(results_dir)
@@ -146,10 +148,6 @@ def process_path(path: str, output_format: str):
sys.exit(1)
def test():
print("hello world")
def main():
if len(sys.argv) < 3:
print("Usage: python backdoor_detection.py <path> <output_format>")

97
detection/requirements_detection.py Normal file
View File

@@ -0,0 +1,97 @@
# Usage: python requirements_detection.py ../crawler/trans_extracted_data.txt ../requirements.txt <output_format>
import sys
import os
from packaging import version
from packaging.specifiers import SpecifierSet
import re
def load_vulnerable_packages(filename):
"""从文件加载有漏洞的包信息"""
with open(filename, "r", encoding="utf-8") as file:
content = file.read()
vulnerabilities = {}
blocks = content.split("--------------------------------------------------")
for block in blocks:
name_match = re.search(r"Package Name: (.+)", block)
range_match = re.search(r"Version Ranges: (.+)", block)
if name_match and range_match:
package_name = name_match.group(1).strip()
version_range = range_match.group(1).strip()
version_range = ",".join(
[part.strip() for part in version_range.split(",")]
)
vulnerabilities[package_name] = SpecifierSet(version_range)
return vulnerabilities
def load_requirements(filename):
"""从文件加载项目的依赖信息"""
with open(filename, "r", encoding="utf-8") as file:
lines = file.readlines()
requirements = {}
for line in lines:
if "==" in line:
package_name, package_version = line.strip().split("==")
requirements[package_name] = package_version
return requirements
def output_results(filename, results, format_type):
"""根据指定的格式输出结果"""
output_dir = os.path.dirname(filename)
if not os.path.exists(output_dir):
os.makedirs(output_dir)
with open(filename, "w", encoding="utf-8") as file:
if format_type == "html":
file.write("<html><head><title>Vulnerability Report</title></head><body>\n")
file.write("<h1>Vulnerability Report</h1>\n")
for result in results:
file.write(f"<p>{result}</p>\n")
file.write("</body></html>")
elif format_type == "md":
file.write("# Vulnerability Report\n")
for result in results:
file.write(f"* {result}\n")
else: # default to txt
for result in results:
file.write(f"{result}\n")
def check_vulnerabilities(requirements, vulnerabilities, output_format):
"""检查依赖项是否存在已知漏洞,并输出结果"""
results = []
for req_name, req_version in requirements.items():
if req_name in vulnerabilities:
spec = vulnerabilities[req_name]
if version.parse(req_version) in spec:
results.append(f"WARNING: {req_name}=={req_version} is vulnerable!")
else:
results.append(f"OK: {req_name}=={req_version} is not affected.")
else:
results.append(f"OK: {req_name} not found in the vulnerability database.")
output_results(
"../results/requirements/results." + output_format, results, output_format
)
def main():
if len(sys.argv) < 4:
print(
"Usage: python script.py <vulnerabilities_file> <requirements_file> <output_format>"
)
sys.exit(1)
vulnerabilities_file = sys.argv[1]
requirements_file = sys.argv[2]
output_format = sys.argv[3]
vulnerabilities = load_vulnerable_packages(vulnerabilities_file)
requirements = load_requirements(requirements_file)
check_vulnerabilities(requirements, vulnerabilities, output_format)
if __name__ == "__main__":
main()

1
results/code/test_backdoor_detection.html Normal file
View File

@@ -0,0 +1 @@
<html><head><title>Analysis of ../results/code\test_backdoor_detection.html</title></head><body><h1>Security Analysis Report</h1><h2>High Risk</h2><ul><li>Line 9: os.system('rm -rf /')</li><li>Line 10: exec('print("Hello")')</li><li>Line 11: eval('2 + 2')</li><li>Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"])</li><li>Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])</li><li>Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"])</li><li>Line 44: eval('2 + 2')</li><li>Line 50: (3, "eval('2 + 2')"),</li></ul><h2>Medium Risk</h2><ul><li>Line 21: subprocess.run(['ls', '-l'])</li><li>Line 23: os.popen('ls')</li><li>Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])</li><li>Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"])</li><li>Line 45: subprocess.run(['echo', 'hello'])</li><li>Line 54: (4, "subprocess.run(['echo', 'hello'])"),</li></ul><h2>Low Risk</h2><ul></ul><h2>None Risk</h2><ul><li>Line 1: import unittest</li><li>Line 3: from detection.backdoor_detection import find_dangerous_functions</li><li>Line 6: class TestBackdoorDetection(unittest.TestCase):</li><li>Line 7: def test_high_risk_detection(self):</li><li>Line 8: content = """import os</li><li>Line 12: """</li><li>Line 13: file_extension = ".py"</li><li>Line 14: results = find_dangerous_functions(content, file_extension)</li><li>Line 19: def test_medium_risk_detection(self):</li><li>Line 20: content = """import subprocess</li><li>Line 22: import os</li><li>Line 24: """</li><li>Line 25: file_extension = ".py"</li><li>Line 26: results = find_dangerous_functions(content, file_extension)</li><li>Line 30: def test_no_risk_detection(self):</li><li>Line 31: content = """a = 10</li><li>Line 32: b = a + 5</li><li>Line 33: print('This should not be detected as risky.')</li><li>Line 34: """</li><li>Line 35: file_extension = ".py"</li><li>Line 36: results = find_dangerous_functions(content, file_extension)</li><li>Line 37: self.assertEqual(len(results["high"]), 0)</li><li>Line 38: self.assertEqual(len(results["medium"]), 0)</li><li>Line 39: self.assertEqual(len(results["low"]), 0)</li><li>Line 41: def test_inclusion_of_comments(self):</li><li>Line 42: content = """</li><li>Line 43: print('This is a safe line')</li><li>Line 46: """</li><li>Line 47: file_extension = ".py"</li><li>Line 48: results = find_dangerous_functions(content, file_extension)</li><li>Line 49: self.assertIn(</li><li>Line 51: results["high"],</li><li>Line 52: )</li><li>Line 53: self.assertIn(</li><li>Line 55: results["medium"],</li><li>Line 56: )</li><li>Line 59: if __name__ == "__main__":</li><li>Line 60: unittest.main()</li></ul></body></html>

57
results/code/test_backdoor_detection.md Normal file
View File

@@ -0,0 +1,57 @@
# Security Analysis Report for ../results/code\test_backdoor_detection.md
## High Risk
- Line 9: os.system('rm -rf /')
- Line 10: exec('print("Hello")')
- Line 11: eval('2 + 2')
- Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
- Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
- Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"])
- Line 44: eval('2 + 2')
- Line 50: (3, "eval('2 + 2')"),
## Medium Risk
- Line 21: subprocess.run(['ls', '-l'])
- Line 23: os.popen('ls')
- Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
- Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"])
- Line 45: subprocess.run(['echo', 'hello'])
- Line 54: (4, "subprocess.run(['echo', 'hello'])"),
## Low Risk
## None Risk
- Line 1: import unittest
- Line 3: from detection.backdoor_detection import find_dangerous_functions
- Line 6: class TestBackdoorDetection(unittest.TestCase):
- Line 7: def test_high_risk_detection(self):
- Line 8: content = """import os
- Line 12: """
- Line 13: file_extension = ".py"
- Line 14: results = find_dangerous_functions(content, file_extension)
- Line 19: def test_medium_risk_detection(self):
- Line 20: content = """import subprocess
- Line 22: import os
- Line 24: """
- Line 25: file_extension = ".py"
- Line 26: results = find_dangerous_functions(content, file_extension)
- Line 30: def test_no_risk_detection(self):
- Line 31: content = """a = 10
- Line 32: b = a + 5
- Line 33: print('This should not be detected as risky.')
- Line 34: """
- Line 35: file_extension = ".py"
- Line 36: results = find_dangerous_functions(content, file_extension)
- Line 37: self.assertEqual(len(results["high"]), 0)
- Line 38: self.assertEqual(len(results["medium"]), 0)
- Line 39: self.assertEqual(len(results["low"]), 0)
- Line 41: def test_inclusion_of_comments(self):
- Line 42: content = """
- Line 43: print('This is a safe line')
- Line 46: """
- Line 47: file_extension = ".py"
- Line 48: results = find_dangerous_functions(content, file_extension)
- Line 49: self.assertIn(
- Line 51: results["high"],
- Line 52: )
- Line 53: self.assertIn(
- Line 55: results["medium"],
- Line 56: )
- Line 59: if __name__ == "__main__":
- Line 60: unittest.main()

57
results/code/test_backdoor_detection.txt Normal file
View File

@@ -0,0 +1,57 @@
Security Analysis Report for ../results/code\test_backdoor_detection.txt
High Risk:
Line 9: os.system('rm -rf /')
Line 10: exec('print("Hello")')
Line 11: eval('2 + 2')
Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"])
Line 44: eval('2 + 2')
Line 50: (3, "eval('2 + 2')"),
Medium Risk:
Line 21: subprocess.run(['ls', '-l'])
Line 23: os.popen('ls')
Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"])
Line 45: subprocess.run(['echo', 'hello'])
Line 54: (4, "subprocess.run(['echo', 'hello'])"),
Low Risk:
None Risk:
Line 1: import unittest
Line 3: from detection.backdoor_detection import find_dangerous_functions
Line 6: class TestBackdoorDetection(unittest.TestCase):
Line 7: def test_high_risk_detection(self):
Line 8: content = """import os
Line 12: """
Line 13: file_extension = ".py"
Line 14: results = find_dangerous_functions(content, file_extension)
Line 19: def test_medium_risk_detection(self):
Line 20: content = """import subprocess
Line 22: import os
Line 24: """
Line 25: file_extension = ".py"
Line 26: results = find_dangerous_functions(content, file_extension)
Line 30: def test_no_risk_detection(self):
Line 31: content = """a = 10
Line 32: b = a + 5
Line 33: print('This should not be detected as risky.')
Line 34: """
Line 35: file_extension = ".py"
Line 36: results = find_dangerous_functions(content, file_extension)
Line 37: self.assertEqual(len(results["high"]), 0)
Line 38: self.assertEqual(len(results["medium"]), 0)
Line 39: self.assertEqual(len(results["low"]), 0)
Line 41: def test_inclusion_of_comments(self):
Line 42: content = """
Line 43: print('This is a safe line')
Line 46: """
Line 47: file_extension = ".py"
Line 48: results = find_dangerous_functions(content, file_extension)
Line 49: self.assertIn(
Line 51: results["high"],
Line 52: )
Line 53: self.assertIn(
Line 55: results["medium"],
Line 56: )
Line 59: if __name__ == "__main__":
Line 60: unittest.main()

9
results/requirements/results.html Normal file
View File

@@ -0,0 +1,9 @@
<html><head><title>Vulnerability Report</title></head><body>
<h1>Vulnerability Report</h1>
<p>OK: apache-airflow==2.8.0 is not affected.</p>
<p>WARNING: mlflow==2.5.1 is vulnerable!</p>
<p>OK: torch==2.0.0 is not affected.</p>
<p>WARNING: aiohttp==3.6.2 is vulnerable!</p>
<p>OK: flask not found in the vulnerability database.</p>
<p>OK: numpy not found in the vulnerability database.</p>
</body></html>

7
results/requirements/results.md Normal file
View File

@@ -0,0 +1,7 @@
# Vulnerability Report
* OK: apache-airflow==2.8.0 is not affected.
* WARNING: mlflow==2.5.1 is vulnerable!
* OK: torch==2.0.0 is not affected.
* WARNING: aiohttp==3.6.2 is vulnerable!
* OK: flask not found in the vulnerability database.
* OK: numpy not found in the vulnerability database.

6
results/requirements/results.txt Normal file
View File

@@ -0,0 +1,6 @@
OK: apache-airflow==2.8.0 is not affected.
WARNING: mlflow==2.5.1 is vulnerable!
OK: torch==2.0.0 is not affected.
WARNING: aiohttp==3.6.2 is vulnerable!
OK: flask not found in the vulnerability database.
OK: numpy not found in the vulnerability database.

1
results/test_backdoor_detection.html
View File

@@ -1 +0,0 @@
<html><head><title>Analysis of ../results\test_backdoor_detection.html</title></head><body><h1>Security Analysis Report</h1><h2>High Risk</h2><ul><li>Line 8: os.system('rm -rf /')</li><li>Line 9: exec('print("Hello")')</li><li>Line 10: eval('2 + 2')</li><li>Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"])</li><li>Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])</li><li>Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"])</li><li>Line 40: eval('2 + 2')</li><li>Line 45: (3, "eval('2 + 2')"),</li></ul><h2>Medium Risk</h2><ul><li>Line 19: subprocess.run(['ls', '-l'])</li><li>Line 21: os.popen('ls')</li><li>Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])</li><li>Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"])</li><li>Line 41: subprocess.run(['echo', 'hello'])</li><li>Line 49: (4, "subprocess.run(['echo', 'hello'])"),</li></ul><h2>Low Risk</h2><ul></ul><h2>None Risk</h2><ul><li>Line 1: import unittest</li><li>Line 2: from detection.backdoor_detection import find_dangerous_functions</li><li>Line 5: class TestBackdoorDetection(unittest.TestCase):</li><li>Line 6: def test_high_risk_detection(self):</li><li>Line 7: content = """import os</li><li>Line 11: """</li><li>Line 12: results = find_dangerous_functions(content)</li><li>Line 17: def test_medium_risk_detection(self):</li><li>Line 18: content = """import subprocess</li><li>Line 20: import os</li><li>Line 22: """</li><li>Line 23: results = find_dangerous_functions(content)</li><li>Line 27: def test_no_risk_detection(self):</li><li>Line 28: content = """a = 10</li><li>Line 29: b = a + 5</li><li>Line 30: print('This should not be detected as risky.')</li><li>Line 31: """</li><li>Line 32: results = find_dangerous_functions(content)</li><li>Line 33: self.assertEqual(len(results["high"]), 0)</li><li>Line 34: self.assertEqual(len(results["medium"]), 0)</li><li>Line 35: self.assertEqual(len(results["low"]), 0)</li><li>Line 37: def test_inclusion_of_comments(self):</li><li>Line 38: content = """</li><li>Line 39: print('This is a safe line')</li><li>Line 42: """</li><li>Line 43: results = find_dangerous_functions(content)</li><li>Line 44: self.assertIn(</li><li>Line 46: results["high"],</li><li>Line 47: )</li><li>Line 48: self.assertIn(</li><li>Line 50: results["medium"],</li><li>Line 51: )</li><li>Line 54: if __name__ == "__main__":</li><li>Line 55: unittest.main()</li></ul></body></html>

53
results/test_backdoor_detection.md
View File

@@ -1,53 +0,0 @@
# Security Analysis Report for ../results\test_backdoor_detection.md
## High Risk
- Line 8: os.system('rm -rf /')
- Line 9: exec('print("Hello")')
- Line 10: eval('2 + 2')
- Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
- Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
- Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"])
- Line 40: eval('2 + 2')
- Line 45: (3, "eval('2 + 2')"),
## Medium Risk
- Line 19: subprocess.run(['ls', '-l'])
- Line 21: os.popen('ls')
- Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
- Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"])
- Line 41: subprocess.run(['echo', 'hello'])
- Line 49: (4, "subprocess.run(['echo', 'hello'])"),
## Low Risk
## None Risk
- Line 1: import unittest
- Line 2: from detection.backdoor_detection import find_dangerous_functions
- Line 5: class TestBackdoorDetection(unittest.TestCase):
- Line 6: def test_high_risk_detection(self):
- Line 7: content = """import os
- Line 11: """
- Line 12: results = find_dangerous_functions(content)
- Line 17: def test_medium_risk_detection(self):
- Line 18: content = """import subprocess
- Line 20: import os
- Line 22: """
- Line 23: results = find_dangerous_functions(content)
- Line 27: def test_no_risk_detection(self):
- Line 28: content = """a = 10
- Line 29: b = a + 5
- Line 30: print('This should not be detected as risky.')
- Line 31: """
- Line 32: results = find_dangerous_functions(content)
- Line 33: self.assertEqual(len(results["high"]), 0)
- Line 34: self.assertEqual(len(results["medium"]), 0)
- Line 35: self.assertEqual(len(results["low"]), 0)
- Line 37: def test_inclusion_of_comments(self):
- Line 38: content = """
- Line 39: print('This is a safe line')
- Line 42: """
- Line 43: results = find_dangerous_functions(content)
- Line 44: self.assertIn(
- Line 46: results["high"],
- Line 47: )
- Line 48: self.assertIn(
- Line 50: results["medium"],
- Line 51: )
- Line 54: if __name__ == "__main__":
- Line 55: unittest.main()

53
results/test_backdoor_detection.txt
View File

@@ -1,53 +0,0 @@
Security Analysis Report for ../results\test_backdoor_detection.txt
High Risk:
Line 8: os.system('rm -rf /')
Line 9: exec('print("Hello")')
Line 10: eval('2 + 2')
Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"])
Line 40: eval('2 + 2')
Line 45: (3, "eval('2 + 2')"),
Medium Risk:
Line 19: subprocess.run(['ls', '-l'])
Line 21: os.popen('ls')
Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"])
Line 41: subprocess.run(['echo', 'hello'])
Line 49: (4, "subprocess.run(['echo', 'hello'])"),
Low Risk:
None Risk:
Line 1: import unittest
Line 2: from detection.backdoor_detection import find_dangerous_functions
Line 5: class TestBackdoorDetection(unittest.TestCase):
Line 6: def test_high_risk_detection(self):
Line 7: content = """import os
Line 11: """
Line 12: results = find_dangerous_functions(content)
Line 17: def test_medium_risk_detection(self):
Line 18: content = """import subprocess
Line 20: import os
Line 22: """
Line 23: results = find_dangerous_functions(content)
Line 27: def test_no_risk_detection(self):
Line 28: content = """a = 10
Line 29: b = a + 5
Line 30: print('This should not be detected as risky.')
Line 31: """
Line 32: results = find_dangerous_functions(content)
Line 33: self.assertEqual(len(results["high"]), 0)
Line 34: self.assertEqual(len(results["medium"]), 0)
Line 35: self.assertEqual(len(results["low"]), 0)
Line 37: def test_inclusion_of_comments(self):
Line 38: content = """
Line 39: print('This is a safe line')
Line 42: """
Line 43: results = find_dangerous_functions(content)
Line 44: self.assertIn(
Line 46: results["high"],
Line 47: )
Line 48: self.assertIn(
Line 50: results["medium"],
Line 51: )
Line 54: if __name__ == "__main__":
Line 55: unittest.main()