Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update 2.6.4.2 #212

Merged
merged 6 commits into from
Mar 2, 2022
Merged

update 2.6.4.2 #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a1f3fa7
fix bug for ternaryop bug
LoRexxar Jan 5, 2022
9d2d207
fix bug for param from list
LoRexxar Jan 5, 2022
5207825
fix result path error
LoRexxar Jan 13, 2022
96bf022
try bug for java mevan
LoRexxar Jan 24, 2022
fd53f47
update vendor scan
LoRexxar Mar 2, 2022
bd3ba14
update 2.6.4.2
LoRexxar Mar 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion core/__version__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
__issue_page__ = 'https://github.com/LoRexxar/Kunlun-M/issues/new'
__python_version__ = sys.version.split()[0]
__platform__ = platform.platform()
__version__ = '2.6.4.1'
__version__ = '2.6.4.2'
__author__ = 'LoRexxar'
__author_email__ = '[email protected]'
__license__ = 'MIT License'
Expand Down
29 changes: 27 additions & 2 deletions core/core_engine/php/parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -819,8 +819,25 @@ def parameters_back(param, nodes, function_params=None, lineno=0,
code = "{}={}?{}:{}".format(param_name, param_ex, terna1, terna2)
scan_chain.append(('TernaryOp', code, file_path, node.lineno))

param = node.expr
is_co = 3
# 没办法判断这种三元条件的结果
# 如果1是可控,则1,如果2是可控则2
# 如果1和2中有-1,则选另一个
# 否则选1

is_co, cp = is_controllable(terna1)
if is_co == 1:
param = terna1
else:
is_co2, cp = is_controllable(terna2)

if is_co2 == 1:
param = terna2

else:
if is_co == -1:
param = terna2
else:
param = terna1

if param_name == param_node and isinstance(node.expr, php.FunctionCall): # 当变量来源是函数时,处理函数内容
function_name = node.expr.name
Expand Down Expand Up @@ -909,6 +926,14 @@ def parameters_back(param, nodes, function_params=None, lineno=0,
if param_name in param_expr:
logger.debug("[AST] param {} in list {}, continue...".format(param_name, param_expr))

# 如果列表中直接就有可控变量,先算作漏洞
for p in param_expr:
is_co, cp = is_controllable(p)

if is_co == 1:
param = p
return is_co, cp, expr_lineno

is_co = 3
cp = param

Expand Down
2 changes: 1 addition & 1 deletion core/engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,6 @@ def store(result):
logger.debug('[SCAN] [STORE] Not found vulnerabilities on this rule!')

async def start_scan(target_directory, rule, files, language, tamper_name):

result = scan_single(target_directory, rule, files, language, tamper_name, is_unconfirm, newcore_function_list)
store(result)

Expand Down Expand Up @@ -444,6 +443,7 @@ def origin_results(self):
if match:
f = FileParseAll(self.files, self.target_directory, language=self.lan)
result = f.grep(match)

else:
result = None
except Exception as e:
Expand Down
81 changes: 57 additions & 24 deletions core/vendors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ def get_project_by_version(vendor_name, vendor_version):
is_need_version_check = True
result_project = {}

if vendor_version == 'latest':
if vendor_version == 'unknown':
is_need_version_check = False

vendor_version = abstract_version(vendor_version)
Expand All @@ -100,7 +100,7 @@ def get_project_by_version(vendor_name, vendor_version):
for pv in pvs:
# pv_versions = pv.version.split(',')

if not is_need_version_check or compare_vendor(pv.version, vendor_version):
if is_need_version_check and compare_vendor(pv.version, vendor_version):
pid = pv.project_id
project = Project.objects.filter(id=pid).first()

Expand Down Expand Up @@ -210,6 +210,7 @@ def __init__(self, task_id, project_id, target, files):
# 检查列表
self.get_vendor_file()
self.exist_file_list = list(set(self.exist_file_list))
self.exist_file_list = sorted(self.exist_file_list, key=lambda i:len(i))

if len(self.exist_file_list):
self.check_vendor()
Expand Down Expand Up @@ -271,6 +272,8 @@ def check_vendor(self):
f.seek(0, os.SEEK_SET)
savefilepath = filepath.replace(self.target_path, "").replace('\\', '/')

logger.info("[Vendor] Parse File {}.".format(savefilepath))

if filename == "requirements.txt":

for line in f:
Expand Down Expand Up @@ -362,9 +365,31 @@ def check_vendor(self):
default_xpath_reg = ".//parent"

parents = root.findall(default_xpath_reg)
default_version = "lastest"
default_version = "unknown"
project_version = "unknown"
for parent in parents:
default_version = parent.getchildren()[2].text
project_groupid = parent.getchildren()[0].text
project_artifactId = parent.getchildren()[1].text
project_version = parent.getchildren()[2].text

# project version 格式检查
var_reg = "\${([\w\.\_-]+)}"
if re.search(var_reg, project_version, re.I):
p2 = re.compile(var_reg)
matchs = p2.finditer(project_version)

for match in matchs:
varname = match.group(1)

if varname in self.java_temp_vendor_list:
project_version = self.java_temp_vendor_list[varname]
continue

# project 依赖版本也可以加入全局表
vendor_name = "{}.{}".format(project_groupid, project_artifactId)
self.java_temp_vendor_list[vendor_name] = project_version
update_and_new_project_vendor(self.project_id, name=vendor_name, version=project_version,
language=language, source=savefilepath, ext=ext)

# 匹配通用配置
if pom_ns:
Expand All @@ -379,6 +404,12 @@ def check_vendor(self):
for btag in btags:
self.java_temp_vendor_list[btag.tag.replace("{%s}" % pom_ns, "")] = btag.text

# 全局表
vendor_name = btag.tag.replace("{%s}" % pom_ns, "")
self.java_temp_vendor_list[vendor_name] = btag.text
update_and_new_project_vendor(self.project_id, name=vendor_name, version=btag.text,
language=language, source=savefilepath, ext=ext)

# 匹配dependency
if pom_ns:
xpath_reg = ".//{%s}dependency" % pom_ns
Expand All @@ -404,33 +435,35 @@ def check_vendor(self):

# 处理内置变量
if varname == "project.version":
version = default_version
version = project_version
continue

if varname in self.java_temp_vendor_list:
version = self.java_temp_vendor_list[varname]
continue

if pom_ns:
var_xpath_reg = ".//{%s}%s" % (pom_ns, varname)
else:
var_xpath_reg = ".//%s" % varname

varchilds = root.findall(var_xpath_reg)

for child in varchilds:
version = child.text
ext = varname

# 如果没有匹配到,那么需要去数据库查询
if not varchilds:
pv = ProjectVendors.objects.filter(project_id=self.project_id, ext=varname).first()
if pv:
version = pv.version
# if pom_ns:
# var_xpath_reg = ".//{%s}%s" % (pom_ns, varname)
# else:
# var_xpath_reg = ".//%s" % varname
#
# varchilds = root.findall(var_xpath_reg)

# for child in varchilds:
# version = child.text
# ext = varname
#
# # 如果没有匹配到,那么需要去数据库查询
# if not varchilds:
# pv = ProjectVendors.objects.filter(project_id=self.project_id, ext=varname).first()
# if pv:
# version = pv.version

vendor_name = "{}:{}".format(group_id, artifact_id)
vendor_version = version
# ext = "maven"
ext = "mevan"

logger.debug("[Vendor][pom.xml] Found Vendor {} vension {} in file {}".format(vendor_name, vendor_version, savefilepath))

update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
language=language, source=savefilepath, ext=ext)
Expand Down Expand Up @@ -487,7 +520,7 @@ def check_vendor(self):
ext = "{}.{}".format(node_version, "dependencies")

update_and_new_project_vendor(self.project_id, name=dependency, version=vendor_version,
language=language, ext=savefilepath)
language=language, source=savefilepath)

get_and_save_vendor_vuls(self.task_id, dependency, vendor_version, language, ext)

Expand All @@ -496,7 +529,7 @@ def check_vendor(self):
ext = "{}.{}".format(node_version, "devDependencies")

update_and_new_project_vendor(self.project_id, name=dependency, version=vendor_version,
language=language, ext=savefilepath)
language=language, source=savefilepath)

get_and_save_vendor_vuls(self.task_id, dependency, vendor_version, language, ext)

Expand Down
7 changes: 6 additions & 1 deletion docs/changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,4 +294,9 @@
- 为组件数据添加了source字段,标准了组件的来源位置
- 更新了相应的前端显示
- 为项目页面做了数据优化,现在不那么烧资源了,并添加了项目搜索功能

- 2022-03-02
- KunLun-M 2.6.4.2
- 修复了几个PHP的语法支持问题
- 修复了组件扫描中关于pom.xml静态扫描的几个语法解析错误
- 修改了组件数据储存格式
- 从这个版本后不再做小版本的更新,只做bug修复维护,后续会有一个直接更新到3.0的大版本更新
2 changes: 1 addition & 1 deletion utils/export.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ def write_to_file(target, sid, output_format='', filename=None):
filename = targetlist[-2]
else:
filename = targetlist[-1]
filename = DEFAULT_RESULT_PATH + filename + "." + output_format
filename = os.path.join(DEFAULT_RESULT_PATH, filename + "." + output_format)
# return False

scan_data_file = os.path.join(RUNNING_PATH, '{sid}_data'.format(sid=sid))
Expand Down
2 changes: 1 addition & 1 deletion web/index/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ def update_and_new_project_vendor(project_id, name, version, language, source=No
vendor = ProjectVendors.objects.filter(project_id=project_id, hash=hash).first()

if vendor:
if vendor.version != version:
if vendor.version != version and version != 'unknown':
logger.debug("[Vendors] Component {} update to version {}".format(name, version))

vendor.version = version
Expand Down