!171 添加baseline模块

Merge pull request !171 from 宋帮诚晋/master
This commit is contained in:
宋帮诚晋 2022-12-30 03:29:11 +00:00 committed by Gitee
commit 39190131b7
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
12 changed files with 99 additions and 139 deletions

View File

@ -1,4 +1,4 @@
ConfigFilePrefix: /home/test/桌面/genmai/data/BaseLine/
Type: baseline
ExplorerItems:
- ConfigFile: CheckRootUser/CheckRootUser.yaml
- ConfigFile: CheckRootUser/CheckRootUser.yaml

View File

@ -6,9 +6,8 @@ SiteInfo:
SiteRequests:
Implement:
ImArray:
- Exec : "awk -F: '$3==0 {print $1}' /etc/passwd 2>/dev/null"
Args :
ExpireTime: 30 #second
- Exec :
Args : "awk -F: '$3==0 {print $1}' /etc/passwd 2>/dev/null"
Inter:
- ">?:root" #判断输出为'uid=0(root)'为成功
- "root" #判断输出为'uid=0(root)'为成功
Condition: None

View File

@ -1,4 +1,4 @@
ConfigFilePrefix: data/KernelPocs/
ConfigFilePrefix: ../data/KernelPocs/
Type: kernel
ExplorerItems:
- ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml

0
exp_dir/data Normal file
View File

0
exp_dir/data2 Normal file
View File

1
exp_dir/uaf Symbolic link
View File

@ -0,0 +1 @@
./data

View File

@ -106,39 +106,63 @@ func
func
(dtr *doctor)Genmai() (rps []ReportBase) {
var wg sync.WaitGroup
wg.Add(2) // task 数必须正确
lock_rps := sync.Mutex{}
// task 1
go func() {
defer wg.Done()
rp := dtr.GenmaiKernel()
lock_rps.Lock()
defer lock_rps.Unlock()
rps = append(rps, rp)
} ()
// task 2
go func () {
defer wg.Done()
rp := dtr.GenmaiSystem()
lock_rps.Lock()
defer lock_rps.Unlock()
rps = append(rps, rp)
} ()
wg.Wait()
// dtr.GenmaiBaseline()
// dtr.GenmaiKernel()
return rps
// var wg sync.WaitGroup
// wg.Add(1) // task 数必须正确
// lock_rps := sync.Mutex{}
// // task 1
// go func() {
// defer wg.Done()
// rp := dtr.GenmaiKernel()
// lock_rps.Lock()
// defer lock_rps.Unlock()
// rps = append(rps, rp)
// } ()
// // task 2
// go func () {
// defer wg.Done()
// rp := dtr.GenmaiSystem()
// lock_rps.Lock()
// defer lock_rps.Unlock()
// rps = append(rps, rp)
// } ()
// wg.Wait()
// return rps
}
func
(dtr *doctor)GenmaiBaseline() (rp *ReportKernel) {
for _, v := range dtr.ExplorersBaseLine {
expvul, rc := v.Explore()
// TODO: is append expvul to expvuls according to rc
if nil != rc {
}
// expvuls = append(expvuls, expvul)
if len(expvul.VICId)>0{
fmt.Println(expvul.VICId,"存在")
}else{
fmt.Println(expvul.VICId,"不存在")
}
} // for _, v ...
return rp
}
func
(dtr *doctor)GenmaiKernel() (rp *ReportKernel) {
rp = GetTemplateReportKernel()
@ -427,18 +451,15 @@ func
func
(dtr *doctor)PushExplorerBaseLine(configfile string) error {
fmt.Println(configfile)
// TODO: need to test
eb := ExplorerBaseLine{}
eb.Setup(&ConfigParserYAML{}, &ExplorerConfigBaseLine{})
eb.LoadConfig(configfile)
config, rc := eb.GetExplorerConfigBaseLine()
fmt.Println(config)
/* */
if (nil != rc) {
return rc
} // if (nil != ...
dtr.ExplorersBaseLine[config.Id] = eb
fmt.Println(eb)
return nil
}

View File

@ -2,20 +2,22 @@
package genmai
import (
"os"
// TODO:
// 应该写成相对路径因为genmai应该是编译成库所以包路径不
// 是以main开头。
//
// go 有点拉
"bytes"
"log"
"os/exec"
"strings"
sandbox "main/genmai/Sandbox"
// TODO:
// 应该写成相对路径因为genmai应该是编译成库所以包路径不
// 是以main开头。
//
// go 有点拉
inter "main/genmai/Interpreter"
// inter "main/genmai/Interpreter"
"fmt"
)
@ -68,83 +70,24 @@ func
}
func
(ek *ExplorerBaseLine)exploreWithPath(execpath string,
args ...string ) error {
fmt.Println(11111)
interio , rc := ek.EkSandbox.Process(execpath, args...)
/* */
if (nil != rc) {
A_DEBUG_ERROR("exploreWithPath()->Process() error! rc = ", rc)
/* */
return rc
}
(ek *ExplorerBaseLine)EexcBaseline(execPoc string,
args ...string ) string {
cmdStr:=args[0]
cmd := exec.Command("/bin/bash", "-c", cmdStr)
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout // 标准输出
cmd.Stderr = &stderr // 标准错误
err := cmd.Run()
outStr, errStr := string(stdout.Bytes()), string(stderr.Bytes())
if len(errStr)!=0{
fmt.Printf(errStr)
}
outStr=strings.TrimSpace(outStr)
if err != nil {
log.Fatalf("cmd.Run() failed with %s\n", errStr)
}
return outStr
config, rc1 := ek.GetExplorerConfigBaseLine()
rc = rc1
if (nil != rc) {
A_DEBUG_ERROR("exploreWithPath()-> "+
"GetExplorerConfigBaseLine() error ! rc = ",
rc )
/* */
return rc
} // if (nil != ...
for _, itr := range config.SiteRequests.Implement.Inter {
icmd := itr[ : inter.INTERPRETER_CMD_LEN]
icmd_len := len(icmd)
for a:=0; a < 100000; a++ {
;
}
switch (icmd) {
case inter.INTERPRETER_CMD_SEND:
interio.Send(itr[ icmd_len : ] + "\n")
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_SEND, itr[ icmd_len : ])
case inter.INTERPRETER_CMD_RECV:
// TODO
//out, rc_t := interio.Recv( icmd_len )
interio.Recv( len(itr[ icmd_len :]) )
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV, itr[ icmd_len : ])
case inter.INTERPRETER_CMD_RECVUNTIL:
interio.RecvUntil( itr[ icmd_len : ] )
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECVUNTIL, itr[ icmd_len : ])
//case ">.":
// A_DEBUG_INFO(">.")
//
//case "<?":
// A_DEBUG_INFO("<?")
//
case inter.INTERPRETER_CMD_RECV_POC_CHECK:
ou, _ := interio.Recv( len (itr[icmd_len : ]) )
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV_POC_CHECK, itr[ icmd_len : ])
A_DEBUG_INFO("a ou:", ou)
/* */
if ( ou == itr[ icmd_len : ] ) {
A_DEBUG_INFO("exploreWithPath():",
"\"" +
inter.INTERPRETER_CMD_RECV_POC_CHECK +
"\":" ,
"Check poc successfully!" )
/* */
return RC_POC_CHECK_SUCCESSFULLY
} else {
A_DEBUG_INFO("exploreWithPath():",
inter.INTERPRETER_CMD_RECV_POC_CHECK,
"Check poc failed!" )
/* */
return RC_POC_CHECK_FAILED
}
} // switch (inter ...
} // for _ , itr
return rc
}
//func
@ -156,7 +99,6 @@ func
func
(ek *ExplorerBaseLine)Explore() (expvul VulnInfoCommon, rc error) {
fmt.Println(11111)
config, rc_t := ek.GetExplorerConfigBaseLine()
rc = rc_t
if (nil != rc) {
@ -168,24 +110,20 @@ func
///////////////
// starting explore
for _, im := range config.SiteRequests.ImArray {
rc = ek.exploreWithPath(ek.ExplorerCommon.EcConfigFilePrefix +
string(os.PathSeparator) +
im.Exec ,
im.Args )
vul:=ek.EexcBaseline(im.Exec, im.Args)
fmt.Printf(vul)
if vul==config.SiteRequests.Inter[0]{
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
}
/* */
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
} // for _, im ...
// ending explore
///////////////
@ -193,4 +131,4 @@ func
}
///////////////////////////////
// override functions
// override functions

View File

@ -29,7 +29,7 @@
package Sandbox
import (
//"fmt"
// "fmt"
"os/exec"
"bufio"
"errors"
@ -100,3 +100,4 @@ func
return iio, rc
}

View File

@ -183,7 +183,7 @@ func Kernel() {
// DoctorIns().LoadExplorersListConfig("/home/alpha/Developments/kylinprojects/genmai/data/pocs/pocs.yaml")
A_DEBUG_INFO(">>Genmai>>")
DoctorIns().Genmai()
DoctorIns().GenmaiKernel()
}
func System() {
@ -199,5 +199,5 @@ func BaseLine(){
// DoctorIns().LoadExplorersListConfig("/home/alpha/Developments/kylinprojects/genmai/data/pocs/pocs.yaml")
A_DEBUG_INFO(">>Genmai>>")
DoctorIns().Genmai()
DoctorIns().GenmaiBaseline()
}

BIN
src/main

Binary file not shown.

View File

@ -10,7 +10,7 @@ import (
"strconv"
"strings"
genmai "main/genmai"
gcon "main/gconsole"
// gcon "main/gconsole"
)
type Vul struct{
ParserNum int //协程数
@ -59,9 +59,9 @@ func main(){
//fmt.Println(config["id"])
///////////////////////////////
// test gconsole
gcon.Draw()
// gcon.Draw()
return
// return