detection/backdoor_detection.py

@@ -0,0 +1,87 @@
+"""
+Usage: python backdoor_detection.py your_file_path
+"""
+
+import re
+from typing import List, Tuple, Dict
+import sys
+
+
+def read_file_content(file_path: str) -> str:
+    """
+    Reads and returns the content of a specified file. Exits the program with an error if the file does not exist or cannot be read.
+
+    :param file_path: The full path to the file.
+    :return: The text content of the file.
+    :raises FileNotFoundError: If the file does not exist.
+    :raises IOError: If the file cannot be read.
+    """
+    try:
+        with open(file_path, "r", encoding="utf-8") as file:
+            return file.read()
+    except FileNotFoundError:
+        print("Error: File not found.")
+        sys.exit(1)
+    except IOError:
+        print("Error: Could not read file.")
+        sys.exit(1)
+
+
+def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]:
+    """
+    Searches the given code text for potentially dangerous function calls and classifies results by risk level.
+    Ignores comments in the code.
+
+    :param file_content: String content of the code file.
+    :return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values.
+    """
+    # Define dangerous functions and their risk levels
+    patterns: Dict[str, str] = {
+        r"\bsystem\(": "high",
+        r"\bexec\(": "high",
+        r"\bpopen\(": "medium",
+        r"\beval\(": "high",
+        r"\bsubprocess\.run\(": "medium",
+    }
+    # Store results classified by risk level
+    classified_results = {"high": [], "medium": [], "low": []}
+    for line_number, line in enumerate(file_content.split("\n"), start=1):
+        # Remove comments from the line
+        clean_line = line.split("#")[0].strip()
+        if not clean_line:  # Skip empty or comment-only lines
+            continue
+        found = False
+        for pattern, risk_level in patterns.items():
+            if re.search(pattern, clean_line):
+                classified_results[risk_level].append((line_number, clean_line))
+                found = True
+                break  # Stop checking other patterns once a match is found
+    return classified_results
+
+
+def main(file_path: str):
+    """
+    Main function that reads file content, checks for dangerous functions, and outputs classified results by risk level.
+
+    :param file_path: File path input from the command line.
+    """
+    file_content = read_file_content(file_path)
+    classified_dangerous = find_dangerous_functions(file_content)
+    for risk_level in [
+        "high",
+        "medium",
+    ]:  # Only iterate over high and medium risk levels
+        occurrences = classified_dangerous[risk_level]
+        if occurrences:
+            print(f"Dangerous functions found at risk level {risk_level}:")
+            for line_num, func in occurrences:
+                print(f"  Line {line_num}: {func}")
+        else:
+            print(f"No dangerous functions found at risk level {risk_level}.")
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print("Usage: python script.py <file_path>")
+        sys.exit(1)
+    main(sys.argv[1])

tests/test_backdoor_detection.py

@@ -0,0 +1,55 @@
+import unittest
+from detection.backdoor_detection import find_dangerous_functions
+
+
+class TestBackdoorDetection(unittest.TestCase):
+    def test_high_risk_detection(self):
+        content = """import os
+        os.system('rm -rf /')   # high risk
+        exec('print("Hello")')  # high risk
+        eval('2 + 2')   # high risk
+        """
+        results = find_dangerous_functions(content)
+        self.assertIn((2, "os.system('rm -rf /')"), results["high"])
+        self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
+        self.assertIn((4, "eval('2 + 2')"), results["high"])
+
+    def test_medium_risk_detection(self):
+        content = """import subprocess
+        subprocess.run(['ls', '-l'])    # medium risk
+        import os
+        os.popen('ls')  # medium risk
+        """
+        results = find_dangerous_functions(content)
+        self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
+        self.assertIn((4, "os.popen('ls')"), results["medium"])
+
+    def test_no_risk_detection(self):
+        content = """a = 10
+        b = a + 5
+        print('This should not be detected as risky.')
+        """
+        results = find_dangerous_functions(content)
+        self.assertEqual(len(results["high"]), 0)
+        self.assertEqual(len(results["medium"]), 0)
+        self.assertEqual(len(results["low"]), 0)
+
+    def test_inclusion_of_comments(self):
+        content = """# Just a comment line
+        print('This is a safe line')
+        eval('2 + 2')  # This should be high risk
+        subprocess.run(['echo', 'hello'])  # This should be medium risk
+        """
+        results = find_dangerous_functions(content)
+        self.assertIn(
+            (3, "eval('2 + 2')"),
+            results["high"],
+        )
+        self.assertIn(
+            (4, "subprocess.run(['echo', 'hello'])"),
+            results["medium"],
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()