import ast from pycparser import c_parser, parse_file from pycparser.c_ast import * import magic
file_name = "test.c" buf_array = []
def init(): with open("temp.c","r") as file: data = file.read() if data != 0: with open("temp.c","w") as file2: file2.write("")
def check_filetype(): file_type = magic.from_file(file_name) if "C" in file_type: print("源码为c语言") return 1 elif "Python" in file_type: print("源码为python语言") return 2
def c_deal(): with open(file_name,"r") as file: for line in file: if not line.startswith("#include") and not line.startswith("#define"): with open("temp.c","a") as file2: file2.write(line)
def python_deal(): print("......")
def c_ast(array_size): ast = parse_file("temp.c",use_cpp = False) print(ast) for i in ast.ext: if i.decl.name == "main": for j in i.body.block_items: if isinstance(j,Decl): buf_array.append(j.name) array_size += int(j.type.dim.value,0x10) if isinstance(j,FuncCall): if j.name.name == "gets": print(f"代码调用了危险函数 行号:{j.coord.line}") if j.name.name == "strcpy": print(f"代码调用了危险函数 行号:f{j.coord.line}") if j.name.name == "read": if int(j.args.exprs[2].value,0x10) >= array_size+16: #64位 print(f"代码可能存在栈溢出漏洞 行号:{j.coord.line}")
import ast from pycparser import c_parser, parse_file from pycparser.c_ast import * import magic
file_name = "test.c" buf_array = []
def init(): with open("temp.c","r") as file: data = file.read() if data != 0: with open("temp.c","w") as file2: file2.write("")
def check_filetype(): file_type = magic.from_file(file_name) if "C" in file_type: print("源码为c语言") return 1 elif "Python" in file_type: print("源码为python语言") return 2
def c_deal(): with open(file_name,"r") as file: for line in file: if not line.startswith("#include") and not line.startswith("#define"): with open("temp.c","a") as file2: file2.write(line)
def python_deal(): print("......")
def danger_function_check(i): if isinstance(i,FuncCall): if i.name.name == "gets": print(f"代码调用了危险函数 行号:{i.coord.line}") if i.name.name == "strcpy": print(f"代码调用了危险函数 行号:f{i.coord.line}")
def stack_overflow_check(i,buf_name,buf_size): if i.name.name == "read": if i.args.exprs[1].name in buf_name: position = buf_name.index(i.args.exprs[1].name) position += 1 if int(i.args.exprs[2].value,0x10) > sum(buf_size[:position]): print(f"代码可能存在栈溢出漏洞 行号:{i.coord.line}")
def format_check(i): if i.name.name == "printf": if len(i.args.exprs) == 1: print(f"代码可能存在格式化字符串漏洞 行号:{i.coord.line}")
def c_ast(): ast = parse_file("temp.c",use_cpp = False) function_name = [] buf_size= [] buf_name = [] for i in ast.ext: #记录代码定义的所有函数 function_name.append(i.decl.name) for i in ast.ext: array_size = 0 if i.decl.name == "main": #先从main函数开始分析 # print(i) for j in i.body.block_items: if isinstance(j,Decl): buf_name.append(j.name) #分别记录了main函数中定义的数组名和长度 用于后面的栈溢出判断 先定义的数组位于栈帧高地址处 所需的溢出长度较小 buf_size.append(int(j.type.dim.value,0x10)) if isinstance(j,FuncCall): danger_function_check(j) stack_overflow_check(j,buf_name,buf_size) format_check(j) if j.name.name in function_name: if j.args: #如果调用到的函数中使用了main函数定义的参数 就共享数组列表 for a in j.args.exprs: if a.name in buf_name: position = function_name.index(j.name.name) for b in ast.ext[position].body.block_items: danger_function_check(b) stack_overflow_check(b,buf_name,buf_size) format_check(b) else: #如果调用的函数没有使用参数 就单独一个数组列表 buf_size = [] buf_name = [] position = function_name.index(j.name.name) for b in ast.ext[position].body.block_items: if isinstance(b,Decl): buf_name.append(b.name) buf_size.append(int(b.type.dim.value,0x10)) if isinstance(b,FuncCall): danger_function_check(b) stack_overflow_check(b,buf_name,buf_size) format_check(b)