sangge/BackDoorBuster
sangge/BackDoorBuster
1
0
Fork 0
Code Issues Pull Requests Projects 1 Activity

feature/rglob #29

Merged
ccyj merged 13 commits from feature/rglob into main 2024-06-03 20:24:43 +08:00
Conversation 2 Commits 13 Files Changed 5 +53 -10
3 changed files with 53 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 40f5c07fa1 - Show all commits

11
detection/Regexdetection.py
View File

@ -25,6 +25,16 @@ def find_dangerous_functions(
".cpp": { ".cpp": {
r"\bsystem\(": "high", r"\bsystem\(": "high",
}, },
".pyc": {
r"\bexec\b": "high",
r"\beval\b": "high",
r"\bos\.system\b": "high",
r"\bos\.exec\b": "high",
r"\bos\.fork\b": "high",
r"\bos\.kill\b": "high",
r"\bos\.popen\b": "medium",
r"\bos\.spawn\b": "medium",
},
} }
risk_patterns = patterns.get(file_extension, {}) risk_patterns = patterns.get(file_extension, {})
classified_results = {"high": [], "medium": [], "low": [], "none": []} classified_results = {"high": [], "medium": [], "low": [], "none": []}
@ -36,4 +46,3 @@ def find_dangerous_functions(
if re.search(pattern, clean_line): if re.search(pattern, clean_line):
classified_results[risk_level].append((line_number, clean_line)) classified_results[risk_level].append((line_number, clean_line))
return classified_results return classified_results

30
detection/backdoor_detection.py
View File

@ -3,12 +3,13 @@ from typing import Dict, List, Tuple
from reportlab.lib.pagesizes import letter from reportlab.lib.pagesizes import letter
from reportlab.lib.styles import getSampleStyleSheet from reportlab.lib.styles import getSampleStyleSheet
from reportlab.platypus import Paragraph, Spacer, SimpleDocTemplate from reportlab.platypus import Paragraph, Spacer, SimpleDocTemplate
from .Regexdetection import find_dangerous_functions from detection.Regexdetection import find_dangerous_functions
from .GPTdetection import detectGPT from detection.GPTdetection import detectGPT
from .utils import * from detection.utils import *
from detection.pyc_detection import disassemble_pyc
import sys import sys
SUPPORTED_EXTENSIONS = {".py", ".js", ".cpp"} SUPPORTED_EXTENSIONS = {".py", ".js", ".cpp", ".pyc"}
OUTPUT_FORMATS = ["html", "md", "txt", "pdf"] OUTPUT_FORMATS = ["html", "md", "txt", "pdf"]
@ -119,12 +120,23 @@ def output_text(results: Dict[str, List[Tuple[int, str]]], file_name=None):
def checkModeAndDetect(mode: str, filePath: str, fileExtension: str): def checkModeAndDetect(mode: str, filePath: str, fileExtension: str):
# TODO:添加更多方式,这里提高代码的复用性和扩展性 # TODO:添加更多方式,这里提高代码的复用性和扩展性
if mode == "regex": if fileExtension == ".pyc":
return find_dangerous_functions(read_file_content(filePath), fileExtension) # 反汇编pyc文件
elif mode == "llm": file_content = disassemble_pyc(filePath)
return detectGPT(read_file_content(filePath)) if mode == "regex":
return find_dangerous_functions(file_content, fileExtension)
elif mode == "llm":
return detectGPT(file_content)
else:
return find_dangerous_functions(file_content, fileExtension)
else: else:
return find_dangerous_functions(read_file_content(filePath), fileExtension) file_content = read_file_content(filePath)
if mode == "regex":
return find_dangerous_functions(file_content, fileExtension)
elif mode == "llm":
return detectGPT(file_content)
else:
return find_dangerous_functions(file_content, fileExtension)
def process_path(path: str, output_format: str, mode: str, output_file=None): def process_path(path: str, output_format: str, mode: str, output_file=None):

22
detection/pyc_detection.py Normal file
View File

@ -0,0 +1,22 @@
from typing import List, Tuple
import uncompyle6
import io
def disassemble_pyc(file_path: str) -> str:
"""
Disassembles a .pyc file using uncompyle6.
Args:
file_path (str): The path to the .pyc file.
Returns:
str: The disassembled code as a string.
"""
output = io.StringIO()
try:
uncompyle6.main.decompile_file(file_path, output)
return output.getvalue()
except Exception as e:
print(f"Error occurred while disassembling: {e}")
return ""