Merge pull request #39 from LoRexxar/develop

1.4.0
LoRexxar · Apr 23, 2019 · 949a5c7 · 949a5c7
2 parents 8f55e56 + 367b986
commit 949a5c7
Show file tree

Hide file tree

Showing 8 changed files with 129 additions and 56 deletions.
diff --git a/cobra/__version__.py b/cobra/__version__.py
@@ -7,7 +7,7 @@
 __issue_page__ = 'https://github.com/LoRexxar/Cobra-W/issues/new'
 __python_version__ = sys.version.split()[0]
 __platform__ = platform.platform()
-__version__ = '1.3.0'
+__version__ = '1.4.0'
 __author__ = 'LoRexxar'
 __author_email__ = '[email protected]'
 __license__ = 'MIT License'

diff --git a/cobra/cast.py b/cobra/cast.py
@@ -27,7 +27,7 @@
 class CAST(object):
     languages = ['php', 'java', 'sol']
 
-    def __init__(self, rule, target_directory, file_path, line, code, files=None, rule_class=None, repair_functions=[]):
+    def __init__(self, rule, target_directory, file_path, line, code, files=None, rule_class=None, repair_functions=[], controlled_params=[]):
         self.target_directory = target_directory
         self.data = []
         self.rule = rule
@@ -40,6 +40,8 @@ def __init__(self, rule, target_directory, file_path, line, code, files=None, ru
         self.language = None
         self.sr = rule_class
         self.repair_functions = repair_functions
+        self.controlled_list = controlled_params
+
         for language in self.languages:
             if self.file_path[-len(language):].lower() == language:
                 self.language = language
@@ -241,7 +243,7 @@ def is_controllable_param(self):
 
                     logger.debug("[Deep AST] Start AST for param {param_name}".format(param_name=param_name))
 
-                    _is_co, _cp, expr_lineno, chain = anlysis_params(param_name, self.file_path, self.line, self.sr.vul_function, self.repair_functions, isexternal=True)
+                    _is_co, _cp, expr_lineno, chain = anlysis_params(param_name, self.file_path, self.line, self.sr.vul_function, self.repair_functions, self.controlled_list, isexternal=True)
 
                     if _is_co == 1:
                         logger.debug("[AST] Is assign string: `Yes`")

diff --git a/cobra/engine.py b/cobra/engine.py
@@ -497,6 +497,7 @@ def __init__(self, target_directory, vulnerability_result, single_rule, project_
         self.data = []
         self.repair_dict = {}
         self.repair_functions = []
+        self.controlled_list = {}
 
         self.target_directory = target_directory
 
@@ -634,12 +635,22 @@ def init_php_repair(self):
         a = __import__('rules.secret.demo', fromlist=['IS_REPAIR_DEFAULT'])
         self.repair_dict = getattr(a, 'IS_REPAIR_DEFAULT')
 
+        b = __import__('rules.secret.demo', fromlist=['IS_CONTROLLED_DEFAULT'])
+        self.controlled_list = getattr(b, 'IS_CONTROLLED_DEFAULT')
+
         if self.secret_name is not None:
             try:
+                # 首先加载修复函数指定
                 a = __import__('rules.secret.' + self.secret_name, fromlist=[self.secret_name])
                 a = getattr(a, self.secret_name)
                 self.repair_dict = self.repair_dict.copy()
                 self.repair_dict.update(a.items())
+
+                # 然后加载输入函数
+                b = __import__('rules.secret.' + self.secret_name, fromlist=[self.secret_name])
+                b = getattr(b, self.secret_name + "_controlled")
+                self.controlled_list += b
+
             except ImportError:
                 logger.warning('[AST][INIT] Secret_name init error... No nodule named {}'.format(self.secret_name))
 
@@ -694,7 +705,7 @@ def scan(self):
             try:
                 self.init_php_repair()
                 ast = CAST(self.rule_match, self.target_directory, self.file_path, self.line_number,
-                           self.code_content, files=self.files, rule_class=self.single_rule, repair_functions=self.repair_functions)
+                           self.code_content, files=self.files, rule_class=self.single_rule, repair_functions=self.repair_functions, controlled_params=self.controlled_list)
 
                 # only match
                 if self.rule_match_mode == const.mm_regex_only_match:
@@ -713,7 +724,7 @@ def scan(self):
                         # with open(self.file_path, 'r') as fi:
                         # fi = codecs.open(self.file_path, "r", encoding='utf-8', errors='ignore')
                         # code_contents = fi.read()
-                        result = scan_parser(rule_match, self.line_number, self.file_path, repair_functions=self.repair_functions)
+                        result = scan_parser(rule_match, self.line_number, self.file_path, repair_functions=self.repair_functions, controlled_params=self.controlled_list)
                         logger.debug('[AST] [RET] {c}'.format(c=result))
                         if len(result) > 0:
                             if result[0]['code'] == 1:  # 函数参数可控
@@ -995,7 +1006,7 @@ def NewCore(old_single_rule, target_directory, new_rules, files, count=0, secret
             else:
                 if reason == 'New Core':  # 新的规则
                     logger.debug('[CVI-{cvi}] [NEW-VUL] New Rules init')
-                    new_rule_vulnerabilities = NewCore(sr, target_directory, data, files, 0, secret_name=secret_name)
+                    new_rule_vulnerabilities = NewCore(sr, target_directory, data, files, count, secret_name=secret_name)
 
                     if not new_rule_vulnerabilities:
                         return rule_vulnerabilities

diff --git a/cobra/export.py b/cobra/export.py
@@ -92,7 +92,7 @@ def dict_to_csv(vul_list, filename):
     if not os.path.exists(filename):
         with open(filename, 'w+', encoding='utf-8', errors='ignore') as f:
             # 防止在 Excel 中中文显示乱码
-            f.write(BOM_UTF8)
+            # f.write(BOM_UTF8)
             csv_writer = csv.DictWriter(f, header)
             csv_writer.writeheader()
             csv_writer.writerows(vul_list)