Compare commits
5 Commits
a329bd41ad
...
9155bf7a00
Author | SHA1 | Date | |
---|---|---|---|
9155bf7a00 | |||
8c3616e90f | |||
8dc486cf47 | |||
9e5640ad80 | |||
3d961aa2d7 |
26
.github/workflows/detection-test.yml
vendored
Normal file
26
.github/workflows/detection-test.yml
vendored
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
name: Detection test
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [main]
|
||||||
|
pull_request:
|
||||||
|
branches: [main]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Set up Python 3.8
|
||||||
|
uses: actions/setup-python@v1
|
||||||
|
with:
|
||||||
|
python-version: 3.8
|
||||||
|
- name: Install dependencies
|
||||||
|
run: |
|
||||||
|
python -m pip install --upgrade pip
|
||||||
|
pip install pytest
|
||||||
|
# 如果你的测试需要其他依赖,可以在这里添加pip install命令
|
||||||
|
- name: Run tests
|
||||||
|
run: |
|
||||||
|
python -m unittest discover -s tests
|
0
__init__.py
Normal file
0
__init__.py
Normal file
0
detection/__init__.py
Normal file
0
detection/__init__.py
Normal file
@ -1,5 +1,5 @@
|
|||||||
"""
|
"""
|
||||||
Usage: python match.py your_file_path
|
Usage: python backdoor_detection.py your_file_path
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import re
|
import re
|
||||||
@ -30,6 +30,7 @@ def read_file_content(file_path: str) -> str:
|
|||||||
def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]:
|
def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]:
|
||||||
"""
|
"""
|
||||||
Searches the given code text for potentially dangerous function calls and classifies results by risk level.
|
Searches the given code text for potentially dangerous function calls and classifies results by risk level.
|
||||||
|
Ignores comments in the code.
|
||||||
|
|
||||||
:param file_content: String content of the code file.
|
:param file_content: String content of the code file.
|
||||||
:return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values.
|
:return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values.
|
||||||
@ -45,10 +46,14 @@ def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str
|
|||||||
# Store results classified by risk level
|
# Store results classified by risk level
|
||||||
classified_results = {"high": [], "medium": [], "low": []}
|
classified_results = {"high": [], "medium": [], "low": []}
|
||||||
for line_number, line in enumerate(file_content.split("\n"), start=1):
|
for line_number, line in enumerate(file_content.split("\n"), start=1):
|
||||||
|
# Remove comments from the line
|
||||||
|
clean_line = line.split("#")[0].strip()
|
||||||
|
if not clean_line: # Skip empty or comment-only lines
|
||||||
|
continue
|
||||||
found = False
|
found = False
|
||||||
for pattern, risk_level in patterns.items():
|
for pattern, risk_level in patterns.items():
|
||||||
if re.search(pattern, line):
|
if re.search(pattern, clean_line):
|
||||||
classified_results[risk_level].append((line_number, line.strip()))
|
classified_results[risk_level].append((line_number, clean_line))
|
||||||
found = True
|
found = True
|
||||||
break # Stop checking other patterns once a match is found
|
break # Stop checking other patterns once a match is found
|
||||||
return classified_results
|
return classified_results
|
@ -1,28 +0,0 @@
|
|||||||
"""
|
|
||||||
危险函数测试
|
|
||||||
"""
|
|
||||||
|
|
||||||
import os
|
|
||||||
|
|
||||||
# 潜在的危险函数调用示例
|
|
||||||
os.system("ls")
|
|
||||||
eval("2 + 2")
|
|
||||||
exec("print('Executing dangerous exec function')")
|
|
||||||
popen_result = os.popen('echo "Hello World"').read()
|
|
||||||
print(popen_result)
|
|
||||||
|
|
||||||
# 一些正常操作
|
|
||||||
print("This is a safe print statement.")
|
|
||||||
result = sum([1, 2, 3])
|
|
||||||
print("Sum result:", result)
|
|
||||||
|
|
||||||
# 尝试使用 subprocess 以更安全的方式调用外部命令
|
|
||||||
import subprocess
|
|
||||||
|
|
||||||
subprocess.run(["echo", "Subprocess run is safer than os.system"])
|
|
||||||
|
|
||||||
# 错误的函数调用尝试
|
|
||||||
try:
|
|
||||||
os.system("rm -rf /") # 非常危险的调用,应避免在实际环境中使用
|
|
||||||
except:
|
|
||||||
print("Failed to execute dangerous system call.")
|
|
0
tests/__init__.py
Normal file
0
tests/__init__.py
Normal file
55
tests/test_backdoor_detection.py
Normal file
55
tests/test_backdoor_detection.py
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
import unittest
|
||||||
|
from detection.backdoor_detection import find_dangerous_functions
|
||||||
|
|
||||||
|
|
||||||
|
class TestBackdoorDetection(unittest.TestCase):
|
||||||
|
def test_high_risk_detection(self):
|
||||||
|
content = """import os
|
||||||
|
os.system('rm -rf /') # high risk
|
||||||
|
exec('print("Hello")') # high risk
|
||||||
|
eval('2 + 2') # high risk
|
||||||
|
"""
|
||||||
|
results = find_dangerous_functions(content)
|
||||||
|
self.assertIn((2, "os.system('rm -rf /')"), results["high"])
|
||||||
|
self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
|
||||||
|
self.assertIn((4, "eval('2 + 2')"), results["high"])
|
||||||
|
|
||||||
|
def test_medium_risk_detection(self):
|
||||||
|
content = """import subprocess
|
||||||
|
subprocess.run(['ls', '-l']) # medium risk
|
||||||
|
import os
|
||||||
|
os.popen('ls') # medium risk
|
||||||
|
"""
|
||||||
|
results = find_dangerous_functions(content)
|
||||||
|
self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
|
||||||
|
self.assertIn((4, "os.popen('ls')"), results["medium"])
|
||||||
|
|
||||||
|
def test_no_risk_detection(self):
|
||||||
|
content = """a = 10
|
||||||
|
b = a + 5
|
||||||
|
print('This should not be detected as risky.')
|
||||||
|
"""
|
||||||
|
results = find_dangerous_functions(content)
|
||||||
|
self.assertEqual(len(results["high"]), 0)
|
||||||
|
self.assertEqual(len(results["medium"]), 0)
|
||||||
|
self.assertEqual(len(results["low"]), 0)
|
||||||
|
|
||||||
|
def test_inclusion_of_comments(self):
|
||||||
|
content = """# Just a comment line
|
||||||
|
print('This is a safe line')
|
||||||
|
eval('2 + 2') # This should be high risk
|
||||||
|
subprocess.run(['echo', 'hello']) # This should be medium risk
|
||||||
|
"""
|
||||||
|
results = find_dangerous_functions(content)
|
||||||
|
self.assertIn(
|
||||||
|
(3, "eval('2 + 2')"),
|
||||||
|
results["high"],
|
||||||
|
)
|
||||||
|
self.assertIn(
|
||||||
|
(4, "subprocess.run(['echo', 'hello'])"),
|
||||||
|
results["medium"],
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
unittest.main()
|
Loading…
x
Reference in New Issue
Block a user