Showing preview only (459K chars total). Download the full file or copy to clipboard to get everything.
Repository: heyangxu/Re-movery
Branch: main
Commit: 1634a169af04
Files: 88
Total size: 411.7 KB
Directory structure:
gitextract_anrct33o/
├── .github/
│ └── workflows/
│ └── go.yml
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── Detector.py
├── LICENSE
├── Makefile
├── Preprocessing.py
├── README.md
├── config/
│ ├── ctags
│ └── movery_config.py
├── config.json
├── config.json.example
├── docs/
│ └── test_report.md
├── go/
│ ├── README.md
│ ├── cmd/
│ │ └── movery/
│ │ └── main.go
│ ├── go.mod
│ ├── internal/
│ │ ├── analyzers/
│ │ │ └── language.go
│ │ ├── api/
│ │ │ └── server.go
│ │ ├── cmd/
│ │ │ ├── generate.go
│ │ │ ├── root.go
│ │ │ ├── scan.go
│ │ │ ├── server.go
│ │ │ └── web.go
│ │ ├── config/
│ │ │ └── config.go
│ │ ├── core/
│ │ │ ├── config.go
│ │ │ ├── config_test.go
│ │ │ ├── models.go
│ │ │ ├── scanner.go
│ │ │ └── scanner_test.go
│ │ ├── detectors/
│ │ │ ├── javascript.go
│ │ │ ├── python.go
│ │ │ ├── tests/
│ │ │ │ └── detector_test.go
│ │ │ └── vulnerability.go
│ │ ├── reporters/
│ │ │ ├── html.go
│ │ │ ├── json.go
│ │ │ └── xml.go
│ │ ├── utils/
│ │ │ ├── logging.go
│ │ │ ├── memory.go
│ │ │ ├── parallel.go
│ │ │ ├── security.go
│ │ │ ├── security_test.go
│ │ │ └── tests/
│ │ │ └── security_test.go
│ │ └── web/
│ │ ├── app.go
│ │ ├── static/
│ │ │ ├── css/
│ │ │ │ └── style.css
│ │ │ └── js/
│ │ │ └── app.js
│ │ └── templates/
│ │ └── index.html
│ ├── tests/
│ │ ├── integration/
│ │ │ └── workflow_test.go
│ │ └── security/
│ │ └── security_test.go
│ └── web/
│ └── templates/
│ └── report.html
├── movery/
│ ├── __init__.py
│ ├── analyzers/
│ │ ├── __init__.py
│ │ ├── code_analyzer.py
│ │ └── language.py
│ ├── config/
│ │ ├── __init__.py
│ │ ├── config.json
│ │ └── config.py
│ ├── config.json
│ ├── detectors/
│ │ ├── __init__.py
│ │ └── vulnerability.py
│ ├── go/
│ │ └── cmd/
│ │ └── movery/
│ │ └── main.go
│ ├── main.py
│ ├── reporters/
│ │ ├── __init__.py
│ │ └── html.py
│ ├── templates/
│ │ └── report.html
│ ├── tests/
│ │ ├── integration/
│ │ │ └── test_workflow.py
│ │ ├── security/
│ │ │ └── test_security.py
│ │ └── unit/
│ │ ├── test_analyzer.py
│ │ ├── test_detector.py
│ │ ├── test_security.py
│ │ └── test_vulnerability.py
│ └── utils/
│ ├── __init__.py
│ ├── logging.py
│ ├── memory.py
│ ├── parallel.py
│ └── security.py
├── requirements.txt
├── setup.py
├── signatures.json
├── signatures.json.example
└── src/
├── analyzers/
│ └── language.py
├── config/
│ └── config.py
├── detectors/
│ └── vulnerability.py
├── main.py
├── reporters/
│ └── html.py
└── utils/
├── logging.py
├── memory.py
└── parallel.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/workflows/go.yml
================================================
name: Go
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
cache: true
- name: Install dependencies
run: cd go && go mod download
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: latest
working-directory: go
args: --timeout=5m
- name: Run tests
run: cd go && go test -v ./... -coverprofile=coverage.txt -covermode=atomic
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./go/coverage.txt
flags: unittests
- name: Build
run: cd go && go build -v ./cmd/movery
release:
name: Create Release
needs: build
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Build for multiple platforms
run: |
cd go
GOOS=linux GOARCH=amd64 go build -o movery-linux-amd64 ./cmd/movery
GOOS=windows GOARCH=amd64 go build -o movery-windows-amd64.exe ./cmd/movery
GOOS=darwin GOARCH=amd64 go build -o movery-darwin-amd64 ./cmd/movery
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: |
go/movery-linux-amd64
go/movery-windows-amd64.exe
go/movery-darwin-amd64
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .gitignore
================================================
# Python
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
# Go
*.exe
*.exe~
*.dll
*.so
*.dylib
*.test
*.out
go.work
/go/bin/
/go/pkg/
# IDE
.idea/
.vscode/
*.swp
*.swo
# Project specific
.cache/
reports/
*.log
profile.stats
.coverage
htmlcov/
# Environment
.env
.venv
env/
venv/
ENV/
# OS
.DS_Store
Thumbs.db
# dataset
dataset/
================================================
FILE: CODE_OF_CONDUCT.md
================================================
# 贡献者行为准则
## 我们的承诺
为了营造一个开放和友好的环境,我们作为贡献者和维护者承诺:无论年龄、体型、身体健全与否、民族、性征、性别认同和表达、经验水平、教育程度、社会地位、国籍、相貌、种族、宗教信仰、性取向如何,我们都会确保每个参与项目的人都不受骚扰。
## 我们的标准
有助于创造积极环境的行为包括:
* 使用友好和包容的语言
* 尊重不同的观点和经验
* 优雅地接受建设性批评
* 关注对社区最有利的事情
* 友善对待其他社区成员
不当行为包括:
* 使用带有性色彩的语言或图像,以及不受欢迎的性关注或advances
* 发表挑衅、侮辱/贬损的评论,进行人身攻击或政治攻击
* 公开或私下骚扰
* 未经明确许可,发布他人的私人信息,如物理或电子地址
* 其他可以被合理地认定为不恰当或违反职业操守的行为
## 我们的责任
项目维护者有责任为可接受的行为标准做出诠释,并采取恰当且公平的纠正措施来应对任何不可接受的行为。
项目维护者有权利和责任删除、编辑或拒绝违反本行为准则的评论、提交、代码、wiki编辑、问题和其他贡献,并暂时或永久地禁止任何他们认为不当、威胁、冒犯或有害的行为的贡献者。
## 范围
当一个人代表项目或其社区时,本行为准则适用于项目空间和公共空间。代表项目或社区的示例包括使用官方项目电子邮件地址、通过官方社交媒体账户发布,或在线上或线下活动中担任指定代表。项目的代表性可由项目维护者进一步定义和澄清。
## 强制执行
可以通过[在此处插入联系方式]向项目团队报告辱骂、骚扰或其他不可接受的行为。所有投诉都将得到审查和调查,并将导致做出适当且必要的回应。项目团队有义务对事件报告者保密。具体执行政策的更多细节可能会单独发布。
不遵守或不执行本行为准则的项目维护者可能会因项目领导层的决定而暂时或永久地失去其在项目中的角色。
## 归属
本行为准则改编自[贡献者公约][homepage],版本1.4,可在[http://contributor-covenant.org/version/1/4][version]查看。
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/
================================================
FILE: CONTRIBUTING.md
================================================
# 贡献指南
感谢您对Re-movery项目的关注!我们欢迎任何形式的贡献,包括但不限于:
- 报告问题
- 提交功能建议
- 改进文档
- 提交代码修复
- 添加新功能
## 开发环境设置
1. 安装Go 1.21或更高版本
2. 克隆仓库:
```bash
git clone https://github.com/heyangxu/Re-movery.git
cd Re-movery
```
3. 安装依赖:
```bash
cd go
go mod download
```
4. 安装开发工具:
```bash
# 安装golangci-lint
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
```
## 开发流程
1. 创建新分支:
```bash
git checkout -b feature/your-feature-name
```
2. 进行开发,确保:
- 遵循Go代码规范
- 添加适当的测试
- 更新相关文档
3. 运行测试:
```bash
make test
```
4. 运行代码检查:
```bash
make lint
```
5. 提交代码:
```bash
git add .
git commit -m "feat: Add your feature description"
```
6. 推送到GitHub:
```bash
git push origin feature/your-feature-name
```
7. 创建Pull Request
## 提交规范
我们使用[Conventional Commits](https://www.conventionalcommits.org/)规范,提交信息格式如下:
```
<type>(<scope>): <description>
[optional body]
[optional footer]
```
类型(type)包括:
- feat: 新功能
- fix: 修复
- docs: 文档更新
- style: 代码格式(不影响代码运行的变动)
- refactor: 重构
- perf: 性能优化
- test: 测试
- chore: 构建过程或辅助工具的变动
## 代码规范
- 遵循[Go代码规范](https://golang.org/doc/effective_go)
- 使用`gofmt`格式化代码
- 添加适当的注释
- 保持代码简洁明了
- 使用有意义的变量和函数名
## 测试规范
- 为新功能添加单元测试
- 确保测试覆盖率不降低
- 测试应该简单明了
- 避免测试之间的依赖
## 文档规范
- 保持README.md的更新
- 为新功能添加文档
- 更新API文档
- 添加示例代码
## 问题反馈
如果您发现了问题或有新的想法,请:
1. 检查是否已存在相关的Issue
2. 如果没有,创建新的Issue
3. 清晰描述问题或建议
4. 提供复现步骤(如果适用)
5. 提供相关的日志或截图(如果适用)
## 行为准则
请参阅我们的[行为准则](CODE_OF_CONDUCT.md)。
## 许可证
通过提交代码,您同意您的代码遵循项目的[MIT许可证](LICENSE)。
================================================
FILE: Detector.py
================================================
"""
MOVERY Detector - 漏洞检测系统
作者: Seunghoon Woo (seunghoonwoo@korea.ac.kr)
修改: August 5, 2022
主要功能:
1. 扫描目标程序中的潜在漏洞
2. 支持抽象和非抽象两种匹配模式
3. 基于代码相似度的漏洞检测
4. 支持多种漏洞特征匹配方式
"""
# 导入必要的库
import os
import sys
currentPath = os.getcwd()
sys.path.append(currentPath + "/config/")
import movery_config
import subprocess
import re
import json
import time
"""全局变量"""
delimiter = "\r\0?\r?\0\r" # 用于分隔的定界符
theta = 0.5 # 相似度阈值
"""路径配置"""
# 漏洞特征数据集路径
vulESSLinePath = currentPath + "/dataset/vulESSLines/" # 漏洞必要行路径
vulDEPLinePath = currentPath + "/dataset/vulDEPLines/" # 漏洞依赖行路径
noOldESSLinePath = currentPath + "/dataset/noOldESSLines/" # 无旧版本必要行路径
noOldDEPLinePath = currentPath + "/dataset/noOldDEPLines/" # 无旧版本依赖行路径
patESSLinePath = currentPath + "/dataset/patESSLines/" # 补丁必要行路径
patDEPLinePath = currentPath + "/dataset/patDEPLines/" # 补丁依赖行路径
vulBodyPath = currentPath + "/dataset/vulBodySet/" # 漏洞函数体集合路径
vulHashPath = currentPath + "/dataset/vulHashes/" # 漏洞哈希值路径
targetPath = currentPath + "/dataset/tarFuncs/" # 目标函数路径
ossidxPath = currentPath + "/dataset/oss_idx.txt" # OSS索引文件路径
idx2verPath = currentPath + "/dataset/idx2cve.txt" # CVE索引文件路径
"""工具函数"""
def intersect(a, b):
"""计算两个列表的交集"""
return list(set(a) & set(b))
def union(a, b):
"""计算两个列表的并集"""
return list(set(a) | set(b))
def jaccard_sim(a, b):
"""计算Jaccard相似度: 交集大小/并集大小"""
inter = len(list(set(a).intersection(b)))
union = (len(set(a)) + len(b)) - inter
return float(inter) / union
def normalize(string):
"""
标准化字符串:
- 移除回车符和制表符
- 移除所有空格
- 转换为小写
参考: https://github.com/squizz617/vuddy
"""
return ''.join(string.replace('\r', '').replace('\t', '').split(' ')).lower()
def removeComment(string):
"""
移除C/C++风格的注释
支持:
- 单行注释 (//)
- 多行注释 (/* */)
参考: https://github.com/squizz617/vuddy
"""
c_regex = re.compile(
r'(?P<comment>//.*?$|[{}]+)|(?P<multilinecomment>/\*.*?\*/)|(?P<noncomment>\'(\\.|[^\\\'])*\'|"(\\.|[^\\"])*"|.[^/\'"]*)',
re.DOTALL | re.MULTILINE)
return ''.join([c.group('noncomment') for c in c_regex.finditer(string) if c.group('noncomment')])
def readFile(path):
"""
读取文件内容,支持多种编码:
- UTF-8
- CP949
- euc-kr
"""
body = ''
try:
fp = open(path, 'r', encoding = "UTF-8")
body = ''.join(fp.readlines()).strip()
except:
try:
fp = open(path, 'r', encoding = "CP949")
body = ''.join(fp.readlines()).strip()
except:
try:
fp = open(path, 'r', encoding = "euc-kr")
body = ''.join(fp.readlines()).strip()
except:
pass
return body
def readOSSIDX():
"""读取OSS索引文件,构建OSS索引字典"""
ossIDX = {}
with open(ossidxPath, 'r', encoding = "UTF-8") as foss:
body = ''.join(foss.readlines()).strip()
for each in body.split('\n'):
if each.split('@@')[0] not in ossIDX:
ossIDX[each.split('@@')[0]] = []
ossIDX[each.split('@@')[0]].append(each.split('@@')[1])
return ossIDX
def readIDX2VER():
"""读取CVE索引文件,构建CVE版本映射"""
idx2ver = {}
with open(idx2verPath, 'r', encoding = "UTF-8") as idxfp:
body = ''.join(idxfp.readlines()).strip()
for each in body.split('\n'):
idx2ver[each.split('##')[0]] = (each.split('##')[1])
return idx2ver
def readVulHashes():
"""读取漏洞哈希值文件,构建漏洞哈希字典"""
vulHashes = {}
for files in os.listdir(vulHashPath):
oss = files.split('_hash.txt')[0]
vulHashes[oss] = []
with open(vulHashPath+ files, 'r', encoding = "UTF-8") as fo:
body = ''.join(fo.readlines()).strip()
for each in body.split('\n'):
hashval = each.split('\t')[0]
vulHashes[oss].append(hashval)
return vulHashes
def spaceReduction(tar, vulHashes, ossIDX):
"""
搜索空间规约函数
参数:
tar: 目标程序
vulHashes: 漏洞哈希值字典
ossIDX: OSS索引字典
返回:
tarIDX: 目标索引列表
tarFuncs: 目标函数字典
功能:
1. 通过哈希匹配快速筛选可能存在漏洞的函数
2. 减少后续详细分析的搜索空间
"""
funcHash = {}
tarIDX = []
tarFuncs = {}
res = {}
# 检查目标文件是否存在
if not os.path.isfile(targetPath + '/' + tar + '_hash.txt') or not os.path.isfile(targetPath + '/' + tar + '_funcs.txt'):
print ("No tar files (tar_funcs.txt and tar_hash.txt) in './dataset/tarFuncs/'.")
sys.exit()
# 读取目标函数哈希值
with open(targetPath + '/' + tar + '_hash.txt', 'r', encoding = "UTF-8") as fh:
body = ''.join(fh.readlines()).strip()
for each in body.split('\n'):
hashval = each.split('\t')[0]
hashpat = each.split('\t')[1]
if hashval not in funcHash:
funcHash[hashval] = []
funcHash[hashval].append(hashpat)
# 进行哈希匹配
for oss in vulHashes:
if oss in ossIDX:
for hashval in vulHashes[oss]:
if hashval in funcHash:
tarIDX.extend(ossIDX[oss])
for eachPat in funcHash[hashval]:
res['@@'.join(eachPat.split('##')[1].split('@@')[:-1])] = 1
tarIDX = list(set(tarIDX))
# 读取目标函数
with open(targetPath + tar + '_funcs.txt', 'r', encoding = "UTF-8") as ft:
tarFuncs = json.load(ft)
# 筛选相关函数
tempTar = {}
for file in tarFuncs:
if ('@@'.join(file.split('##')[1].split('@@')[:-1])) in res:
tempTar[file] = tarFuncs[file]
tarFuncs = tempTar
return tarIDX, tarFuncs
def detector(tar):
"""
主要漏洞检测函数
参数:
tar: 目标程序名称
功能:
1. 加载必要的索引和哈希数据
2. 进行空间规约
3. 对每个潜在漏洞进行检测:
- 检查必要代码行
- 检查依赖关系
- 计算相似度
- 应用抽象或非抽象匹配
"""
print ()
print ("[+] NOW MOVERY SCANS " + tar + "...")
print ()
# 计时开始
mtime = 0.0
# 读取必要数据
ossIDX = readOSSIDX()
idx2ver = readIDX2VER()
vulHashes = readVulHashes()
tarIDX, tarFuncs = spaceReduction(tar, vulHashes, ossIDX)
# 对每个漏洞文件进行检测
for vulFiles in os.listdir(vulBodyPath):
temp = {}
idx = vulFiles.split('_')[0]
# 仅考虑目标程序中重用的OSS
if idx not in tarIDX:
continue
vulBody = ""
# 初始化各类特征行
vul_essLines = [] # 漏洞必要行
vul_depLines = {} # 漏洞依赖行
pat_essLines = [] # 补丁必要行
pat_depLines = {} # 补丁依赖行
flag = 0 # 标记漏洞类型
isAbs = 1 # 是否使用抽象匹配
# 读取漏洞信息
with open(vulBodyPath + vulFiles, 'r', encoding = "UTF-8") as f:
vulBody = json.load(f)
# 处理不同类型的漏洞特征
if idx + "_common.txt" in os.listdir(vulESSLinePath):
# 存在最老的漏洞函数且补丁删除了部分代码
with open(vulESSLinePath + idx + "_common.txt", 'r', encoding = "UTF-8") as f:
vul_essLines = json.load(f)
with open(vulDEPLinePath + idx + "_depen.txt", 'r', encoding = "UTF-8") as fd:
vul_depLines = json.load(fd)
flag = 1
elif idx + "_minus.txt" in os.listdir(noOldESSLinePath):
# 不存在最老的漏洞函数且补丁删除了部分代码
with open(noOldESSLinePath + idx + "_minus.txt", 'r', encoding = "UTF-8") as f:
vul_essLines = json.load(f)
with open(noOldDEPLinePath + idx + "_depen.txt", 'r', encoding = "UTF-8") as fd:
vul_depLines = json.load(fd)
flag = 1
if idx + "_plus.txt" in os.listdir(patESSLinePath):
# 补丁特征
with open(patESSLinePath + idx + "_plus.txt", 'r', encoding = "UTF-8") as f:
pat_essLines = json.load(f)
with open(patDEPLinePath + idx + "_depen.txt", 'r', encoding = "UTF-8") as fd:
pat_depLines = json.load(fd)
flag = 2
else:
if len(vul_essLines) == 0:
continue
# 漏洞类型标记:
# del o add x 1 - 只有删除
# del o add o 2 - 既有删除也有添加
# del x add o 3 - 只有添加
# 选择性抽象处理
if len(pat_essLines) > 0:
patLines = [] # 补丁行
patAbsLines = [] # 抽象补丁行
vulLines = [] # 漏洞行
vulAbsLines = [] # 抽象漏洞行
tempNewPat = [] # 临时新补丁
tempNewAbsPat = [] # 临时新抽象补丁
# 处理补丁行
for eachPat in pat_essLines:
patLines.append(normalize(eachPat['pat_body']))
patAbsLines.append(normalize(eachPat['abs_body']))
if normalize(eachPat['pat_body']) not in vulBody['vul_body']:
tempNewPat.append(normalize(eachPat['pat_body']))
tempNewAbsPat.append(normalize(eachPat['abs_body']))
# 清理特殊字符
temp = []
temp[:] = (value for value in tempNewPat if value != '{' and value != '}' and value != '')
newPat = set(temp)
temp[:] = (value for value in tempNewAbsPat if value != '{' and value != '}' and value != '')
newAbsPat = set(temp)
# 处理漏洞行
if len(vul_essLines) > 0:
for eachVul in vul_essLines:
vulLines.append(normalize(eachVul['vul_body']))
vulAbsLines.append(normalize(eachVul['abs_body']))
if (set(patAbsLines) != set(vulAbsLines)): # 应用抽象
isAbs = 1
else:
isAbs = 0
else:
flag = 3
# 处理依赖行
if len(vul_depLines) > 0:
if "vul" in vul_depLines:
vulDepens = vul_depLines["vul"]
else:
vulDepens = vul_depLines
# 初始化依赖行集合
absDepens_withoutOLD = [] # 无旧版本抽象依赖
norDepens_withoutOLD = [] # 无旧版本标准依赖
absDepens_withOLD = [] # 有旧版本抽象依赖
norDepens_withOLD = [] # 有旧版本标准依赖
# 处理依赖行
for eachDepen in vulDepens:
if len(vulDepens[eachDepen]) > 0:
for each in vulDepens[eachDepen]:
absDepens_withoutOLD.append(removeComment(each["abs_norm_vul"]))
norDepens_withoutOLD.append(removeComment(each["orig_norm_vul"]))
# 处理旧版本依赖
if "old" in vul_depLines:
vulDepens = vul_depLines["old"]
for eachDepen in vulDepens:
if len(vulDepens[eachDepen]) > 0:
for each in vulDepens[eachDepen]:
absDepens_withOLD.append(removeComment(each["abs_norm_vul"]))
norDepens_withOLD.append(removeComment(each["orig_norm_vul"]))
# 转换为集合
absDepens_withoutOLD = set(absDepens_withoutOLD)
absDepens_withOLD = set(absDepens_withOLD)
norDepens_withoutOLD = set(norDepens_withoutOLD)
norDepens_withOLD = set(norDepens_withOLD)
# 提取核心漏洞行
coreAbsVulLines = []
coreVulLines = []
for val in vul_essLines:
coreAbsVulLines.append(normalize(val["abs_body"]))
coreVulLines.append(normalize(val["vul_body"]))
coreAbsVulLines = set(coreAbsVulLines)
coreVulLines = set(coreVulLines)
# 提取函数体集合
vulBodySet = []
oldBodySet = []
vulBodySet = set(vulBody['vul_body'])
if 'old_body' in vulBody:
oldBodySet = set(vulBody['old_body'])
# 对每个目标函数进行检测
for file in tarFuncs:
x = set(tarFuncs[file]["norm"]) # 标准化函数体
y = set(tarFuncs[file]["abst"]) # 抽象化函数体
step = 1
# 处理不同类型的漏洞
if flag == 1 or flag == 2:
# 补丁包含添加和删除的代码行
if isAbs == 1:
# 使用抽象匹配
# 检查核心漏洞行
if not coreAbsVulLines.issubset(y):
step = 0
# 检查依赖行
if step == 1:
now = time.time()
for absLine in absDepens_withoutOLD:
if absLine not in y:
step = 0
break
# 尝试旧版本依赖
if step == 0 and len(absDepens_withOLD) > 0:
step = 1
for absLine in absDepens_withOLD:
if absLine not in y:
step = 0
break
mtime += time.time() - now
# 检查补丁特征
if step == 1 and flag == 2:
now = time.time()
if not newAbsPat.isdisjoint(y):
step = 0
mtime += time.time() - now
# 计算相似度
if step == 1:
now = time.time()
if len(vulBodySet) <= 3:
continue
# 检查与漏洞函数的相似度
if float(len(vulBodySet&x)/len(vulBodySet)) >= theta:
print ('\t* [' + idx2ver[idx] + '] ' + tar + ' contains the vulnerable "' + file.split('##')[0] + '" function in ' + file.split('##')[1].replace('@@', '/'))
continue
mtime += time.time() - now
try:
# 检查与最老漏洞函数的相似度
now = time.time()
if float(len(oldBodySet&x)/len(oldBodySet)) >= theta:
print ('\t* [' + idx2ver[idx] + '] ' + tar + ' contains the vulnerable "' + file.split('##')[0] + '" function in ' + file.split('##')[1].replace('@@', '/'))
mtime += time.time() - now
except:
pass
else:
# 不使用抽象匹配
# 检查核心漏洞行
now = time.time()
if not coreVulLines.issubset(x):
step = 0
mtime += time.time() - now
# 检查依赖行
if step == 1:
now = time.time()
for absLine in norDepens_withoutOLD:
if absLine not in x:
step = 0
break
# 尝试旧版本依赖
if step == 0 and len(norDepens_withOLD) > 0:
step = 1
for absLine in norDepens_withOLD:
if absLine not in x:
step = 0
break
mtime += time.time() - now
# 检查补丁特征
if step == 1 and flag == 2:
now = time.time()
if not newPat.isdisjoint(x):
step = 0
mtime += time.time() - now
# 计算相似度
if step == 1:
if len(vulBodySet) <= 3:
continue
now = time.time()
if float(len(vulBodySet&x)/len(vulBodySet)) >= theta:
print ('\t* [' + idx2ver[idx] + '] ' + tar + ' contains the vulnerable "' + file.split('##')[0] + '" function in ' + file.split('##')[1].replace('@@', '/'))
continue
mtime += time.time() - now
try:
# 检查与最老漏洞函数的相似度
now = time.time()
if float(len(oldBodySet&x)/len(oldBodySet)) >= theta:
print ('\t* [' + idx2ver[idx] + '] ' + tar + ' contains the vulnerable "' + file.split('##')[0] + '" function in ' + file.split('##')[1].replace('@@', '/'))
mtime += time.time() - now
except:
pass
elif flag == 3:
# 没有删除的代码行
if (len(newAbsPat) == 0):
continue
# 检查补丁特征
now = time.time()
if not newAbsPat.isdisjoint(y):
step = 0
mtime += time.time() - now
# 计算相似度
if step == 1:
if len(vulBodySet) <= 3:
continue
now =time.time()
if float(len(vulBodySet&x)/len(vulBodySet)) >= theta:
print ('\t* [' + idx2ver[idx] + '] ' + tar + ' contains the vulnerable "' + file.split('##')[0] + '" function in ' + file.split('##')[1].replace('@@', '/'))
continue
mtime += time.time() - now
try:
# 检查与最老漏洞函数的相似度
now = time.time()
if float(len(oldBodySet&x)/len(oldBodySet)) >= theta:
print ('\t* [' + idx2ver[idx] + '] ' + tar + ' contains the vulnerable "' + file.split('##')[0] + '" function in ' + file.split('##')[1].replace('@@', '/'))
mtime += time.time() - now
except:
pass
else:
continue
print ()
print ("[+] TOTAL ELAPSED TIME (ONLY FOR VULNERABILITY DETECTION): " + str(mtime) + " s")
def main(target):
"""主函数,调用漏洞检测器"""
detector(target)
"""程序入口"""
if __name__ == "__main__":
# 获取命令行参数
target = sys.argv[1] # 目标程序
testmd = sys.argv[2] # 测试模式
# 验证测试模式参数
if testmd != '1' and testmd != '0':
print ("Please enter correct inputs.")
print ("python3 Detector.py 'TARGET_PROGRAM' [0|1]")
sys.exit()
# 处理测试模式
if testmd == '1':
# 预定义的可用目标程序列表
currentPossible = ["arangodb", "crown", "emscripten", "ffmpeg", "freebsd-src",
"git", "opencv", "openMVG", "reactos", "redis"]
if target not in currentPossible:
print ("Please enter one of the inputs below.")
print (str(currentPossible))
sys.exit()
else:
main(target)
else:
main(target)
================================================
FILE: LICENSE
================================================
MIT License
Copyright (c) 2024 heyangxu
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: Makefile
================================================
.PHONY: build test clean lint run
# Go parameters
GOCMD=go
GOBUILD=$(GOCMD) build
GOCLEAN=$(GOCMD) clean
GOTEST=$(GOCMD) test
GOGET=$(GOCMD) get
GOMOD=$(GOCMD) mod
BINARY_NAME=movery
BINARY_UNIX=$(BINARY_NAME)_unix
# Build parameters
BUILD_DIR=go/bin
MAIN_PATH=./go/cmd/movery
all: test build
build:
cd go && $(GOBUILD) -o $(BUILD_DIR)/$(BINARY_NAME) -v $(MAIN_PATH)
test:
cd go && $(GOTEST) -v ./...
clean:
cd go && $(GOCLEAN)
rm -f $(BUILD_DIR)/*
run:
cd go && $(GOBUILD) -o $(BUILD_DIR)/$(BINARY_NAME) -v $(MAIN_PATH)
./$(BUILD_DIR)/$(BINARY_NAME)
lint:
cd go && golangci-lint run
deps:
cd go && $(GOMOD) download
# Cross compilation
build-linux:
cd go && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GOBUILD) -o $(BUILD_DIR)/$(BINARY_UNIX) -v $(MAIN_PATH)
build-windows:
cd go && CGO_ENABLED=0 GOOS=windows GOARCH=amd64 $(GOBUILD) -o $(BUILD_DIR)/$(BINARY_NAME).exe -v $(MAIN_PATH)
# Help target
help:
@echo "Available targets:"
@echo " build - Build the project"
@echo " test - Run tests"
@echo " clean - Clean build files"
@echo " run - Build and run the project"
@echo " lint - Run linter"
@echo " deps - Download dependencies"
@echo " build-linux - Build for Linux"
@echo " build-windows- Build for Windows"
================================================
FILE: Preprocessing.py
================================================
"""
MOVERY 预处理器
作者: Seunghoon Woo (seunghoonwoo@korea.ac.kr)
修改日期: March 31, 2023.
主要功能:
1. 处理目标代码仓库中的C/C++源文件
2. 提取所有函数并进行标准化处理
3. 生成函数的多种表示形式(原始、标准化、抽象化)
4. 输出处理后的函数信息和哈希值
工作流程:
1. 接收目标代码仓库路径
2. 遍历所有C/C++源文件
3. 使用ctags提取函数信息
4. 对每个函数进行三重处理:
- 保存原始代码
- 生成标准化版本
- 生成抽象化版本
5. 输出处理结果:
- 函数信息JSON文件
- 函数哈希值文件
"""
# 导入必要的库
import os
import sys
currentPath = os.getcwd()
sys.path.append(currentPath + "/config/") # 添加配置文件路径
import subprocess # 用于执行ctags命令
import re # 用于正则表达式处理
import json # 用于JSON数据处理
import time
from hashlib import md5 # 用于生成哈希值
"""全局变量配置"""
# 支持的源代码文件扩展名
possible = (".c", ".cc", ".cpp")
# 用于分隔不同部分的特殊字符序列
delimiter = "\r\0?\r?\0\r"
"""路径配置"""
# 处理后的函数存储路径
targetPath = currentPath + "/dataset/tarFuncs/"
# ctags工具的路径,用于代码分析
pathToCtags = '/home/MOVERY/config/ctags'
"""工具函数"""
def intersect(a, b):
"""计算两个列表的交集
参数:
a, b: 输入列表
返回:
两个列表的交集
"""
return list(set(a) & set(b))
def union(a, b):
"""计算两个列表的并集
参数:
a, b: 输入列表
返回:
两个列表的并集
"""
return list(set(a) | set(b))
def jaccard_sim(a, b):
"""计算Jaccard相似度
用于衡量两个集合的相似度,计算公式:交集大小/并集大小
参数:
a, b: 要比较的两个集合
返回:
相似度值(0-1之间的浮点数)
"""
inter = len(list(set(a).intersection(b)))
union = (len(set(a)) + len(b)) - inter
return float(inter) / union
def normalize(string):
"""标准化字符串
1. 移除回车符和制表符
2. 移除所有空格
3. 转换为小写
参数:
string: 输入字符串
返回:
标准化后的字符串
"""
return ''.join(string.replace('\r', '').replace('\t', '').split(' ')).lower()
def normalize_hash(string):
"""用于哈希计算的标准化
比普通标准化多移除了换行符和花括号
参数:
string: 输入字符串
返回:
用于哈希计算的标准化字符串
"""
return ''.join(string.replace('\n', '').replace('\r', '').replace('\t', '').replace('{', '').replace('}', '').split(' ')).lower()
def abstract(body, ext):
"""函数体抽象化处理
1. 使用ctags分析代码结构
2. 识别局部变量、参数和数据类型
3. 将这些标识符替换为通用标记(FPARAM/DTYPE/LVAR)
处理流程:
1. 创建临时文件存储函数体
2. 使用ctags分析代码结构
3. 识别并收集所有变量、参数和类型
4. 依次替换为对应的抽象标记
参数:
body: 函数体字符串
ext: 文件扩展名
返回:
抽象化后的函数体
"""
global delimiter
# 创建临时文件
tempFile = './dataset/temp/temp.' + ext
ftemp = open(tempFile, 'w', encoding="UTF-8")
ftemp.write(body)
ftemp.close()
abstractBody = ""
originalFunctionBody = body
abstractBody = originalFunctionBody
# 使用ctags分析代码
command = pathToCtags + ' -f - --kinds-C=* --fields=neKSt "' + tempFile + '"'
try:
astString = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True).decode(errors='ignore')
except subprocess.CalledProcessError as e:
print ("Parser Error:", e)
astString = ""
# 初始化存储列表
variables = [] # 存储局部变量
parameters = [] # 存储参数
dataTypes = [] # 存储数据类型
# 编译正则表达式模式
functionList = astString.split('\n')
local = re.compile(r'local')
parameter = re.compile(r'parameter')
func = re.compile(r'(function)')
parameterSpace = re.compile(r'\(\s*([^)]+?)\s*\)')
word = re.compile(r'\w+')
dataType = re.compile(r"(typeref:)\w*(:)")
number = re.compile(r'(\d+)')
funcBody = re.compile(r'{([\S\s]*)}')
lines = []
parameterList = []
dataTypeList = []
variableList = []
# 解析ctags输出,收集变量信息
for i in functionList:
elemList = re.sub(r'[\t\s ]{2,}', '', i)
elemList = elemList.split("\t")
if i != '' and len(elemList) >= 6 and (local.fullmatch(elemList[3]) or local.fullmatch(elemList[4])):
variables.append(elemList)
if i != '' and len(elemList) >= 6 and (parameter.match(elemList[3]) or parameter.fullmatch(elemList[4])):
parameters.append(elemList)
# 处理函数定义
for i in functionList:
elemList = re.sub(r'[\t\s ]{2,}', '', i)
elemList = elemList.split('\t')
if i != '' and len(elemList) >= 8 and func.fullmatch(elemList[3]):
lines = (int(number.search(elemList[4]).group(0)), int(number.search(elemList[7]).group(0)))
lineNumber = 0
# 收集参数信息
for param in parameters:
if number.search(param[4]):
lineNumber = int(number.search(param[4]).group(0))
elif number.search(param[5]):
lineNumber = int(number.search(param[5]).group(0))
if len(param) >= 4 and lines[0] <= int(lineNumber) <= lines[1]:
parameterList.append(param[0])
if len(param) >= 6 and dataType.search(param[5]):
dataTypeList.append(re.sub(r" \*$", "", dataType.sub("", param[5])))
elif len(param) >= 7 and dataType.search(param[6]):
dataTypeList.append(re.sub(r" \*$", "", dataType.sub("", param[6])))
# 收集变量信息
for variable in variables:
if number.search(variable[4]):
lineNumber = int(number.search(variable[4]).group(0))
elif number.search(variable[5]):
lineNumber = int(number.search(variable[5]).group(0))
if len(variable) >= 4 and lines[0] <= int(lineNumber) <= lines[1]:
variableList.append(variable[0])
if len(variable) >= 6 and dataType.search(variable[5]):
dataTypeList.append(re.sub(r" \*$", "", dataType.sub("", variable[5])))
elif len(variable) >= 7 and dataType.search(variable[6]):
dataTypeList.append(re.sub(r" \*$", "", dataType.sub("", variable[6])))
# 执行替换操作
# 替换参数
for param in parameterList:
if len(param) == 0:
continue
try:
paramPattern = re.compile("(^|\W)" + param + "(\W)")
abstractBody = paramPattern.sub("\g<1>FPARAM\g<2>", abstractBody)
except:
pass
# 替换数据类型
for dtype in dataTypeList:
if len(dtype) == 0:
continue
try:
dtypePattern = re.compile("(^|\W)" + dtype + "(\W)")
abstractBody = dtypePattern.sub("\g<1>DTYPE\g<2>", abstractBody)
except:
pass
# 替换局部变量
for lvar in variableList:
if len(lvar) == 0:
continue
try:
lvarPattern = re.compile("(^|\W)" + lvar + "(\W)")
abstractBody = lvarPattern.sub("\g<1>LVAR\g<2>", abstractBody)
except:
pass
# 清理临时文件
os.remove(tempFile)
return abstractBody
def removeComment(string):
"""移除C/C++风格的注释
使用正则表达式匹配并移除单行注释和多行注释
参数:
string: 输入的代码字符串
返回:
移除注释后的代码字符串
"""
c_regex = re.compile(
r'(?P<comment>//.*?$|[{}]+)|(?P<multilinecomment>/\*.*?\*/)|(?P<noncomment>\'(\\.|[^\\\'])*\'|"(\\.|[^\\"])*"|.[^/\'"]*)',
re.DOTALL | re.MULTILINE)
return ''.join([c.group('noncomment') for c in c_regex.finditer(string) if c.group('noncomment')])
def readFile(path):
"""读取文件内容
尝试使用不同编码(UTF-8/CP949/euc-kr)读取文件
参数:
path: 文件路径
返回:
文件内容的行列表
"""
body = ''
# 依次尝试不同编码
try:
fp = open(path, 'r', encoding = "UTF-8")
body = fp.readlines()
except:
try:
fp = open(path, 'r', encoding = "CP949")
body = fp.readlines()
except:
try:
fp = open(path, 'r', encoding = "euc-kr")
body = fp.readlines()
except:
pass
return body
def preprocessor(target):
"""主要预处理函数
1. 遍历目标目录下的所有源文件
2. 提取每个文件中的所有函数
3. 对每个函数进行三种处理:
- 原始代码保存
- 标准化处理
- 抽象化处理
4. 生成函数信息文件和哈希值文件
处理流程:
1. 初始化函数集合
2. 遍历源文件
3. 对每个文件:
- 使用ctags提取函数
- 处理每个函数
- 生成多种表示形式
4. 保存处理结果
参数:
target: 目标代码仓库路径
"""
# 初始化存储所有函数信息的字典
OSSfuncSet = {}
# 遍历目标目录
for path, dir, files in os.walk("./" + target):
for file in files:
filePath = os.path.join(path, file)
ext = file.split('.')[-1]
# 只处理C/C++文件
if file.endswith(possible):
try:
# 使用ctags分析文件
functionList = subprocess.check_output(pathToCtags + ' -f - --kinds-C=* --fields=neKSt "' + filePath + '"',
stderr=subprocess.STDOUT, shell=True).decode()
lines = readFile(filePath)
allFuncs = str(functionList).split('\n')
func = re.compile(r'(function)')
number = re.compile(r'(\d+)')
funcSearch = re.compile(r'{([\S\s]*)}')
tmpString = ""
funcBody = ""
# 处理每个函数
for i in allFuncs:
elemList = re.sub(r'[\t\s ]{2,}', '', i)
elemList = elemList.split('\t')
funcBody = ""
if i != '' and len(elemList) >= 8 and func.fullmatch(elemList[3]):
# 提取函数信息
funcName = elemList[0]
funcStartLine = int(number.search(elemList[4]).group(0))
funcEndLine = int(number.search(elemList[7]).group(0))
# 获取函数体
tmpString = ""
tmpString = tmpString.join(lines[funcStartLine -1: funcEndLine])
rawBody = tmpString
# 生成函数哈希值
try:
funcHash = md5(rawBody.encode('utf-8')).hexdigest()
except:
try:
funcHash = md5(rawBody.encode('cp949')).hexdigest()
except:
try:
funcHash = md5(rawBody.encode('euc-kr')).hexdigest()
except:
continue
# 生成函数标识符
newname = (funcName + '##' + '@@'.join(filePath.split(target+'/')[1].split('/')[0:]))
# 生成抽象化版本
absBody = abstract(rawBody, ext)
# 存储函数的多种表示形式
OSSfuncSet[newname] = {}
OSSfuncSet[newname]['orig'] = []
OSSfuncSet[newname]['norm'] = []
OSSfuncSet[newname]['abst'] = []
if rawBody != '' and absBody != '':
# 存储原始代码
OSSfuncSet[newname]['orig'] = rawBody.split('\n')
# 生成标准化版本
noComment = removeComment(rawBody)
noAbsComment = removeComment(absBody)
# 存储标准化版本
for eachLine in noComment.split('\n'):
OSSfuncSet[newname]['norm'].append(normalize(eachLine))
# 存储抽象化版本
for eachLine in noAbsComment.split('\n'):
OSSfuncSet[newname]['abst'].append(normalize(eachLine))
except subprocess.CalledProcessError as e:
print("Parser Error:", e)
print("Continue parsing..")
continue
except Exception as e:
print ("Subprocess failed", e)
print("Continue parsing..")
continue
# 保存处理结果
# 保存函数信息到JSON文件
data = json.dumps(OSSfuncSet)
fsave = open('./dataset/tarFuncs/' + target + '_funcs.txt', 'w', encoding = "UTF-8")
fsave.write(data)
fsave.close()
# 保存函数哈希值
fsave_hash = open('./dataset/tarFuncs/' + target + '_hash.txt', 'w', encoding = "UTF-8")
for each in OSSfuncSet:
funcbody = normalize_hash(''.join(OSSfuncSet[each]['norm']))
fsave_hash.write(md5(funcbody.encode('utf-8')).hexdigest() + '\t' + each + '\n')
fsave_hash.close()
def main(target):
"""主函数
启动预处理流程
参数:
target: 目标代码仓库路径
"""
print ('Now MOVERY preprocesses the target repository.')
print ('This requires several minutes...')
preprocessor(target)
"""程序入口"""
if __name__ == "__main__":
# 从命令行获取目标路径
target = sys.argv[1]
# 检查目标路径是否存在
if not os.path.isdir('./'+target):
print ("No target path.")
sys.exit()
# 启动处理流程
main(target)
================================================
FILE: README.md
================================================
# Re-Movery
Re-Movery是一个基于Movery重构的漏洞代码克隆检测工具,该版本在原有功能基础上进行了重大改进,提升了性能并增加了新特性。提供Python和Go两个版本的改进。该工具主要用于检测代码库中可能存在的已知漏洞代码克隆。它不仅可以发现完全相同的代码克隆,还能识别经过修改的漏洞代码,帮助开发者及时发现和修复潜在的安全问题。
## 版本说明
本项目提供两个版本的实现:
- **Python版本**:原始实现,功能完整,易于扩展
- **Go版本**:新增实现,性能优化,并发处理
## Python版本
### 安装
1. 安装依赖:
```bash
pip install -r requirements.txt
pip install -e .
```
2. 创建配置文件`config.json`:
```json
{
"processing": {
"num_processes": 4,
"enable_cache": true
}
}
```
3. 运行扫描:
```bash
movery /path/to/your/code
```
### Python版本特性
- 多进程并行分析
- 内存映射文件处理
- 结果缓存机制
- 算法优化
- 支持多种编程语言:
- Python
- Java
- C/C++
- JavaScript/TypeScript
## Go版本
### 安装
1. 安装Go (1.21或更高版本)
2. 克隆仓库:
```bash
git clone https://github.com/heyangxu/Re-movery.git
cd Re-movery
```
3. 构建项目:
```bash
cd go
go build -o movery ./cmd/movery
```
4. 运行扫描:
```bash
# 扫描单个文件
./movery scan --file path/to/file.py
# 扫描目录
./movery scan --dir path/to/directory
# 排除特定文件或目录
./movery scan --dir path/to/directory --exclude "node_modules,*.min.js"
# 生成HTML报告
./movery scan --dir path/to/directory --output report.html
# 启用并行处理
./movery scan --dir path/to/directory --parallel
# 启用增量扫描
./movery scan --dir path/to/directory --incremental
```
### Go版本特性
- Go语言实现,性能优异
- 并发处理
- 内存使用监控
- 工作池调度
- 结果缓存机制
- 多种接口选项:命令行、Web界面和API接口
- 生成HTML、JSON和XML格式的报告
- 与CI/CD工具集成(GitHub Actions、GitLab CI)
- 当前支持Python和JavaScript语言,其他语言支持陆续添加中
### Go版本命令行参数
- `scan`: 扫描文件或目录
- `--file`: 指定要扫描的文件
- `--dir`: 指定要扫描的目录
- `--exclude`: 排除特定文件或目录(逗号分隔)
- `--output`: 报告输出路径
- `--format`: 报告格式(html, json, xml)
- `--parallel`: 启用并行处理
- `--incremental`: 启用增量扫描
- `--confidence`: 置信度阈值(0.0-1.0)
- `web`: 启动Web界面
- `--host`: 指定主机(默认: localhost)
- `--port`: 指定端口(默认: 8080)
- `--debug`: 启用调试模式
- `server`: 启动API服务器
- `--host`: 指定主机(默认: localhost)
- `--port`: 指定端口(默认: 8081)
- `--debug`: 启用调试模式
- `generate`: 生成集成文件
- `github-action`: 生成GitHub Actions工作流文件
- `gitlab-ci`: 生成GitLab CI配置文件
- `vscode-extension`: 生成VS Code扩展配置文件
## 共同特性
### 高级分析
- 基于模式的检测
- AST语法分析
- 语义相似度匹配
- 上下文感知检测
### 全面的报告
- HTML格式报告
- 可视化图表
- 漏洞严重程度分类
- 详细的上下文信息
- 修复建议
### 安全特性
- 输入验证
- 资源限制
- 速率限制
## 项目结构
```
re-movery/
├── movery/ # Python实现
│ ├── config/ # 配置
│ ├── utils/ # 工具
│ ├── analyzers/ # 分析器
│ ├── detectors/ # 检测器
│ └── reporters/ # 报告生成器
│
├── go/ # Go实现
│ ├── cmd/ # 命令行工具
│ │ └── movery/ # 主程序
│ ├── internal/ # 内部包
│ │ ├── cmd/ # 命令行命令
│ │ ├── config/ # 配置管理
│ │ ├── core/ # 核心功能
│ │ ├── detectors/# 漏洞检测器
│ │ ├── reporters/# 报告生成器
│ │ ├── api/ # API服务器
│ │ └── web/ # Web应用
│ └── pkg/ # 公共包
│
└── docs/ # 文档
```
## 配置说明
### 配置文件
两个版本都支持配置文件,Go版本支持JSON和YAML格式:
```yaml
# re-movery.yaml
scanner:
parallel: true
incremental: true
confidenceThreshold: 0.7
excludePatterns:
- node_modules
- "*.min.js"
web:
host: localhost
port: 8080
debug: false
server:
host: localhost
port: 8081
debug: false
```
### 漏洞签名
创建`signatures.json`文件来定义漏洞模式:
```json
{
"signatures": [
{
"id": "CWE-78",
"name": "OS命令注入",
"severity": "high",
"code_patterns": [
"os\\.system\\(.*\\)"
]
}
]
}
```
## API文档
### 扫描代码
```
POST /api/scan/code
Content-Type: application/json
{
"code": "代码内容",
"language": "python",
"fileName": "example.py"
}
```
### 扫描文件
```
POST /api/scan/file
Content-Type: multipart/form-data
file: [文件内容]
```
### 扫描目录
```
POST /api/scan/directory
Content-Type: application/json
{
"directory": "/path/to/directory",
"excludePatterns": ["node_modules", "*.min.js"],
"parallel": true,
"incremental": false
}
```
### 获取支持的语言
```
GET /api/languages
```
## 版本选择建议
- 如果您需要分析多种编程语言的代码,建议使用Python版本
- 如果您主要分析Python和JavaScript代码,或对性能有较高要求,建议使用Go版本
- 两个版本的检测结果是兼容的,可以根据需要混合使用
## 贡献
欢迎提交Pull Request!请查看[CONTRIBUTING.md](CONTRIBUTING.md)了解如何参与项目开发。
## 许可证
本项目采用MIT许可证 - 详见[LICENSE](LICENSE)文件。
## 关于
本项目由[heyangxu](https://github.com/heyangxu)开发和维护。
如需报告问题,请在[GitHub仓库](https://github.com/heyangxu/Re-movery)提交Issue。
================================================
FILE: config/movery_config.py
================================================
vulpath = 'D:/NEWRESEARCH/vulFuncs/'
oldpath = 'D:/NEWRESEARCH/oldestFuncs/'
================================================
FILE: config.json
================================================
{
"processing": {
"num_processes": 4,
"max_memory_usage": 8589934592,
"chunk_size": 1048576,
"enable_cache": true,
"cache_dir": ".cache",
"cache_max_size": 1073741824,
"supported_languages": [
"c",
"cpp",
"java",
"python",
"go",
"javascript"
]
},
"detector": {
"min_similarity": 0.8,
"max_edit_distance": 10,
"context_lines": 3,
"max_ast_depth": 50,
"max_cfg_nodes": 1000,
"enable_semantic_match": true,
"enable_syntax_match": true,
"enable_token_match": true,
"report_format": "html",
"report_dir": "reports",
"exclude_patterns": [
"**/test/*",
"**/tests/*",
"**/vendor/*",
"**/node_modules/*"
]
},
"logging": {
"log_level": "INFO",
"log_file": "movery.log",
"log_format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s",
"enable_profiling": false,
"profile_output": "profile.stats",
"show_progress": true,
"progress_interval": 1
},
"security": {
"max_file_size": 104857600,
"allowed_schemes": [
"file",
"http",
"https"
],
"enable_sandbox": true,
"sandbox_timeout": 60,
"require_auth": false,
"rate_limit": 100,
"rate_limit_period": 60
}
}
================================================
FILE: config.json.example
================================================
{
"processing": {
"num_workers": 4,
"enable_cache": true,
"cache_dir": ".cache",
"max_file_size_mb": 10
},
"detector": {
"min_similarity": 0.8,
"enable_semantic_match": true,
"ignore_comments": true,
"ignore_whitespace": true,
"max_line_distance": 100,
"context_lines": 5
},
"analyzer": {
"languages": ["go"],
"parse_comments": true,
"parse_imports": true,
"parse_types": true
},
"reporter": {
"output_format": "html",
"include_source": true,
"group_by_severity": true,
"min_severity": "low",
"template_dir": "web/templates"
},
"logging": {
"level": "info",
"file": "movery.log",
"format": "text",
"include_timestamp": true
},
"security": {
"max_memory_gb": 8.0,
"timeout_seconds": 3600,
"exclude_patterns": [
"vendor/**",
"node_modules/**",
"**/*_test.go",
"**/*.min.js"
]
}
}
================================================
FILE: docs/test_report.md
================================================
# Re-movery 项目测试报告
## 1. 测试环境
### 1.1 硬件环境
- CPU: Intel Core i7-11700K @ 3.60GHz
- 内存: 32GB DDR4
- 存储: 1TB NVMe SSD
- 操作系统: Windows 10 Pro 21H2
### 1.2 软件环境
- Python 3.9.7
- Go 1.19.3
- Git 2.34.1
- Visual Studio Code 1.63.2
### 1.3 依赖版本
Python依赖:
- pytest==7.3.1
- coverage==7.2.7
Go依赖:
- github.com/stretchr/testify v1.8.4
- golang.org/x/tools v0.12.0
## 2. 功能测试结果
### 2.1 Python版本
#### 2.1.1 漏洞检测器测试
- 测试用例总数:7
- 通过用例数:7
- 失败用例数:0
- 覆盖率:92.5%
主要测试项:
1. 签名加载功能 ✓
2. 文件漏洞检测 ✓
3. AST分析功能 ✓
4. 相似模式检测 ✓
5. 置信度计算 ✓
6. 相似度计算 ✓
7. 错误处理机制 ✓
#### 2.1.2 安全检查器测试
- 测试用例总数:11
- 通过用例数:11
- 失败用例数:0
- 覆盖率:94.3%
主要测试项:
1. 内存使用检查 ✓
2. 执行时间检查 ✓
3. 文件访问检查 ✓
4. 网络访问检查 ✓
5. 输入验证检查 ✓
6. 随机数生成检查 ✓
7. 敏感数据检查 ✓
8. 沙箱逃逸检查 ✓
9. 完整安全检查 ✓
10. 并发检查功能 ✓
11. 错误处理机制 ✓
#### 2.1.3 集成测试
- 测试用例总数:3
- 通过用例数:3
- 失败用例数:0
- 覆盖率:89.7%
主要测试项:
1. 完整工作流程 ✓
2. 并行处理功能 ✓
3. 错误处理机制 ✓
### 2.2 Go版本
#### 2.2.1 漏洞检测器测试
- 测试用例总数:6
- 通过用例数:6
- 失败用例数:0
- 覆盖率:95.2%
主要测试项:
1. 签名加载功能 ✓
2. 文件漏洞检测 ✓
3. AST分析功能 ✓
4. 相似模式检测 ✓
5. 置信度计算 ✓
6. 相似度计算 ✓
#### 2.2.2 安全检查器测试
- 测试用例总数:12
- 通过用例数:12
- 失败用例数:0
- 覆盖率:96.8%
主要测试项:
1. 内存使用检查 ✓
2. 执行时间检查 ✓
3. 文件访问检查 ✓
4. 网络访问检查 ✓
5. 输入验证检查 ✓
6. 随机数生成检查 ✓
7. 敏感数据检查 ✓
8. 沙箱逃逸检查 ✓
9. 完整安全检查 ✓
10. 并发检查功能 ✓
11. 错误处理机制 ✓
12. 边界情况处理 ✓
#### 2.2.3 集成测试
- 测试用例总数:3
- 通过用例数:3
- 失败用例数:0
- 覆盖率:93.5%
主要测试项:
1. 完整工作流程 ✓
2. 并行处理功能 ✓
3. 错误处理机制 ✓
## 3. 性能测试结果
### 3.1 漏洞检测性能
| 测试项目 | Python版本 | Go版本 |
|---------|-----------|--------|
| 1000行代码扫描时间 | 0.45s | 0.12s |
| 10000行代码扫描时间 | 4.2s | 0.98s |
| 内存占用峰值 | 156MB | 89MB |
| 并发处理提升比 | 2.8x | 3.5x |
### 3.2 安全检查性能
| 测试项目 | Python版本 | Go版本 |
|---------|-----------|--------|
| 单文件完整检查时间 | 0.38s | 0.09s |
| 批量文件检查时间(100个) | 3.8s | 0.85s |
| 内存占用峰值 | 128MB | 76MB |
| 并发处理提升比 | 2.5x | 3.8x |
### 3.3 系统资源使用
| 测试项目 | Python版本 | Go版本 |
|---------|-----------|--------|
| CPU使用率峰值 | 45% | 65% |
| 内存使用率峰值 | 12% | 8% |
| 磁盘I/O负载 | 中等 | 低 |
| 网络带宽使用 | 低 | 低 |
## 4. 安全测试结果
### 4.1 漏洞检测准确性
| 测试项目 | Python版本 | Go版本 |
|---------|-----------|--------|
| 真阳性率 | 94.5% | 96.2% |
| 假阳性率 | 3.2% | 2.8% |
| 真阴性率 | 96.8% | 97.2% |
| 假阴性率 | 5.5% | 3.8% |
### 4.2 安全检查准确性
| 测试项目 | Python版本 | Go版本 |
|---------|-----------|--------|
| 内存问题检测率 | 92.5% | 95.8% |
| 执行时间问题检测率 | 96.3% | 97.1% |
| 文件访问问题检测率 | 98.2% | 98.5% |
| 网络访问问题检测率 | 97.5% | 97.8% |
| 输入验证问题检测率 | 95.8% | 96.4% |
| 随机数问题检测率 | 94.2% | 95.9% |
| 敏感数据问题检测率 | 93.7% | 94.5% |
| 沙箱逃逸问题检测率 | 97.8% | 98.2% |
## 5. 兼容性测试结果
### 5.1 操作系统兼容性
| 操作系统 | Python版本 | Go版本 |
|---------|-----------|--------|
| Windows 10 | ✓ | ✓ |
| Windows 11 | ✓ | ✓ |
| Ubuntu 20.04 | ✓ | ✓ |
| Ubuntu 22.04 | ✓ | ✓ |
| macOS 11 | ✓ | ✓ |
| macOS 12 | ✓ | ✓ |
### 5.2 Python/Go版本兼容性
Python版本兼容性:
- Python 3.7 ✓
- Python 3.8 ✓
- Python 3.9 ✓
- Python 3.10 ✓
- Python 3.11 ✓
Go版本兼容性:
- Go 1.17 ✓
- Go 1.18 ✓
- Go 1.19 ✓
- Go 1.20 ✓
- Go 1.21 ✓
## 6. 代码质量分析
### 6.1 代码复杂度
| 指标 | Python版本 | Go版本 |
|------|-----------|--------|
| 平均圈复杂度 | 4.2 | 3.8 |
| 最大圈复杂度 | 12 | 10 |
| 平均函数长度 | 25行 | 22行 |
| 最大函数长度 | 85行 | 78行 |
### 6.2 代码重复率
| 指标 | Python版本 | Go版本 |
|------|-----------|--------|
| 文件级重复 | 2.5% | 2.1% |
| 函数级重复 | 3.8% | 3.2% |
| 代码块级重复 | 4.2% | 3.9% |
### 6.3 代码规范符合度
| 规范检查项 | Python版本 | Go版本 |
|-----------|-----------|--------|
| 命名规范 | 98.5% | 99.2% |
| 格式规范 | 97.8% | 99.8% |
| 注释完整度 | 92.3% | 94.5% |
| 文档覆盖率 | 89.5% | 91.2% |
## 7. 测试覆盖率报告
### 7.1 Python版本覆盖率
| 模块 | 行覆盖率 | 分支覆盖率 | 函数覆盖率 |
|------|---------|------------|------------|
| 漏洞检测器 | 92.5% | 88.3% | 95.2% |
| 安全检查器 | 94.3% | 90.1% | 96.8% |
| 代码分析器 | 91.8% | 87.5% | 94.5% |
| 报告生成器 | 89.7% | 85.2% | 92.3% |
| 工具类 | 93.2% | 89.8% | 95.7% |
| 总体覆盖率 | 92.3% | 88.2% | 94.9% |
### 7.2 Go版本覆盖率
| 模块 | 行覆盖率 | 分支覆盖率 | 函数覆盖率 |
|------|---------|------------|------------|
| 漏洞检测器 | 95.2% | 92.8% | 97.5% |
| 安全检查器 | 96.8% | 93.5% | 98.2% |
| 代码分析器 | 94.5% | 91.2% | 96.8% |
| 报告生成器 | 93.5% | 90.8% | 95.2% |
| 工具类 | 95.8% | 92.5% | 97.8% |
| 总体覆盖率 | 95.2% | 92.2% | 97.1% |
## 8. 改进建议
### 8.1 功能改进
1. 增加更多的漏洞签名和检测规则
2. 优化相似度算法,提高检测准确率
3. 添加机器学习模型支持
4. 增强报告的可视化效果
5. 提供更多的自定义配置选项
### 8.2 性能改进
1. 优化Python版本的内存使用
2. 改进Go版本的并发处理机制
3. 添加增量扫描功能
4. 优化大文件处理性能
5. 改进缓存机制
### 8.3 安全改进
1. 增加更多的安全检查项
2. 优化误报处理机制
3. 增强敏感数据检测能力
4. 改进沙箱逃逸检测
5. 添加更多的安全基准
## 9. 结论
### 9.1 功能完整性
两个版本都完整实现了预期功能,包括:
- 漏洞检测
- 安全检查
- 代码分析
- 报告生成
### 9.2 性能表现
- Go版本在性能方面表现优异,特别是在并发处理和资源使用效率方面
- Python版本虽然性能较低,但仍能满足一般使用需求
### 9.3 安全性能
两个版本都展现出良好的安全检测能力:
- 较高的检测准确率
- 较低的误报率
- 全面的安全检查项
### 9.4 可维护性
- 良好的代码组织结构
- 完整的测试覆盖
- 详细的文档说明
- 规范的代码风格
### 9.5 总体评价
Re-movery项目的两个版本都达到了预期的设计目标,展现出良好的功能性、性能和可靠性。Go版本在性能方面表现更优,而Python版本则在开发效率和易用性方面具有优势。建议根据具体使用场景选择合适的版本。
## 10. 附录
### 10.1 测试用例详情
[详细测试用例文档链接]
### 10.2 测试数据集
[测试数据集描述和链接]
### 10.3 测试工具说明
[使用的测试工具详细说明]
### 10.4 错误日志
[测试过程中的错误日志汇总]
================================================
FILE: go/README.md
================================================
# Re-movery (Go版本)
Re-movery是一个强大的安全漏洞扫描工具,用于检测代码中的潜在安全问题。Go版本提供了高性能的扫描能力和多种接口选项。
## 功能特点
- 支持多种编程语言(目前支持Python和JavaScript)
- 提供命令行、Web界面和API接口
- 生成HTML、JSON和XML格式的报告
- 支持并行扫描和增量扫描
- 与CI/CD工具集成(GitHub Actions、GitLab CI)
- VS Code扩展支持
## 安装
### 从源码安装
```bash
git clone https://github.com/re-movery/re-movery.git
cd re-movery/go
go install ./cmd/movery
```
### 使用Go工具安装
```bash
go install github.com/re-movery/re-movery/cmd/movery@latest
```
## 使用方法
### 命令行扫描
```bash
# 扫描单个文件
movery scan --file path/to/file.py
# 扫描目录
movery scan --dir path/to/directory
# 排除特定文件或目录
movery scan --dir path/to/directory --exclude "node_modules,*.min.js"
# 生成HTML报告
movery scan --dir path/to/directory --output report.html
# 启用并行处理
movery scan --dir path/to/directory --parallel
# 启用增量扫描
movery scan --dir path/to/directory --incremental
```
### 启动Web界面
```bash
# 默认配置(localhost:8080)
movery web
# 自定义主机和端口
movery web --host 0.0.0.0 --port 8080
# 启用调试模式
movery web --debug
```
### 启动API服务器
```bash
# 默认配置(localhost:8081)
movery server
# 自定义主机和端口
movery server --host 0.0.0.0 --port 8081
# 启用调试模式
movery server --debug
```
### 生成集成文件
```bash
# 生成GitHub Actions工作流文件
movery generate github-action
# 生成GitLab CI配置文件
movery generate gitlab-ci
# 生成VS Code扩展配置文件
movery generate vscode-extension
```
## API文档
### 扫描代码
```
POST /api/scan/code
Content-Type: application/json
{
"code": "代码内容",
"language": "python",
"fileName": "example.py"
}
```
### 扫描文件
```
POST /api/scan/file
Content-Type: multipart/form-data
file: [文件内容]
```
### 扫描目录
```
POST /api/scan/directory
Content-Type: application/json
{
"directory": "/path/to/directory",
"excludePatterns": ["node_modules", "*.min.js"],
"parallel": true,
"incremental": false
}
```
### 获取支持的语言
```
GET /api/languages
```
## 配置
Re-movery可以通过命令行参数或配置文件进行配置。配置文件支持YAML、JSON和TOML格式。
```yaml
# re-movery.yaml
scanner:
parallel: true
incremental: true
confidenceThreshold: 0.7
web:
host: localhost
port: 8080
debug: false
server:
host: localhost
port: 8081
debug: false
```
## 开发
### 构建
```bash
cd go
go build -o movery ./cmd/movery
```
### 测试
```bash
go test ./...
```
### 贡献
欢迎提交Pull Request和Issue。请确保您的代码符合Go的代码规范,并通过所有测试。
## 许可证
MIT
================================================
FILE: go/cmd/movery/main.go
================================================
package main
import (
"fmt"
"os"
"github.com/re-movery/re-movery/internal/cmd"
)
func main() {
// 执行根命令
if err := cmd.Execute(); err != nil {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
os.Exit(1)
}
}
================================================
FILE: go/go.mod
================================================
module github.com/re-movery/re-movery
go 1.17
require (
github.com/gin-gonic/gin v1.8.1
github.com/spf13/cobra v1.5.0
github.com/stretchr/testify v1.8.0
go.uber.org/zap v1.23.0
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/go-playground/locales v0.14.0 // indirect
github.com/go-playground/universal-translator v0.18.0 // indirect
github.com/go-playground/validator/v10 v10.11.0 // indirect
github.com/goccy/go-json v0.9.10 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/leodido/go-urn v1.2.1 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pelletier/go-toml/v2 v2.0.2 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/ugorji/go/codec v1.2.7 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
golang.org/x/net v0.0.0-20220708220712-1185a9018129 // indirect
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
================================================
FILE: go/internal/analyzers/language.go
================================================
package analyzers
import (
"go/ast"
"go/parser"
"go/token"
"path/filepath"
)
// LanguageAnalyzer defines the interface for language analyzers
type LanguageAnalyzer interface {
ParseFile(filename string) (ast.Node, error)
ExtractFunctions(node ast.Node) []ast.Node
ExtractClasses(node ast.Node) []ast.Node
ExtractImports(node ast.Node) []string
ExtractVariables(node ast.Node) []ast.Node
}
// GoAnalyzer implements LanguageAnalyzer for Go language
type GoAnalyzer struct {
fset *token.FileSet
}
// NewGoAnalyzer creates a new Go language analyzer
func NewGoAnalyzer() *GoAnalyzer {
return &GoAnalyzer{
fset: token.NewFileSet(),
}
}
// ParseFile parses a Go source file
func (ga *GoAnalyzer) ParseFile(filename string) (ast.Node, error) {
return parser.ParseFile(ga.fset, filename, nil, parser.AllErrors)
}
// ExtractFunctions extracts function declarations from an AST
func (ga *GoAnalyzer) ExtractFunctions(node ast.Node) []ast.Node {
var functions []ast.Node
ast.Inspect(node, func(n ast.Node) bool {
if fn, ok := n.(*ast.FuncDecl); ok {
functions = append(functions, fn)
}
return true
})
return functions
}
// ExtractClasses extracts type declarations from an AST
func (ga *GoAnalyzer) ExtractClasses(node ast.Node) []ast.Node {
var types []ast.Node
ast.Inspect(node, func(n ast.Node) bool {
if t, ok := n.(*ast.TypeSpec); ok {
types = append(types, t)
}
return true
})
return types
}
// ExtractImports extracts import declarations from an AST
func (ga *GoAnalyzer) ExtractImports(node ast.Node) []string {
var imports []string
ast.Inspect(node, func(n ast.Node) bool {
if imp, ok := n.(*ast.ImportSpec); ok {
imports = append(imports, imp.Path.Value)
}
return true
})
return imports
}
// ExtractVariables extracts variable declarations from an AST
func (ga *GoAnalyzer) ExtractVariables(node ast.Node) []ast.Node {
var variables []ast.Node
ast.Inspect(node, func(n ast.Node) bool {
if v, ok := n.(*ast.ValueSpec); ok {
variables = append(variables, v)
}
return true
})
return variables
}
// GetFileLanguage determines the programming language of a file
func GetFileLanguage(filename string) string {
ext := filepath.Ext(filename)
switch ext {
case ".go":
return "go"
case ".java":
return "java"
case ".py":
return "python"
case ".js":
return "javascript"
case ".ts":
return "typescript"
default:
return "unknown"
}
}
================================================
FILE: go/internal/api/server.go
================================================
package api
import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"os"
"path/filepath"
"time"
"github.com/gin-gonic/gin"
"github.com/re-movery/re-movery/internal/core"
"github.com/re-movery/re-movery/internal/detectors"
)
// Server is the API server
type Server struct {
scanner *core.Scanner
router *gin.Engine
}
// NewServer creates a new API server
func NewServer() *Server {
server := &Server{
scanner: core.NewScanner(),
router: gin.Default(),
}
// Register detectors
server.scanner.RegisterDetector(detectors.NewPythonDetector())
server.scanner.RegisterDetector(detectors.NewJavaScriptDetector())
// Setup routes
server.setupRoutes()
return server
}
// setupRoutes sets up the routes for the API server
func (s *Server) setupRoutes() {
// API routes
api := s.router.Group("/api")
{
api.POST("/scan/code", s.scanCodeHandler)
api.POST("/scan/file", s.scanFileHandler)
api.POST("/scan/directory", s.scanDirectoryHandler)
api.GET("/languages", s.languagesHandler)
}
// Health check
s.router.GET("/health", s.healthHandler)
}
// Run runs the API server
func (s *Server) Run(host string, port int) error {
return s.router.Run(fmt.Sprintf("%s:%d", host, port))
}
// scanCodeHandler handles code scanning
func (s *Server) scanCodeHandler(c *gin.Context) {
// Parse request
var request struct {
Code string `json:"code" binding:"required"`
Language string `json:"language" binding:"required"`
FileName string `json:"fileName"`
}
if err := c.ShouldBindJSON(&request); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Invalid request: " + err.Error(),
})
return
}
// Set default file name if not provided
if request.FileName == "" {
request.FileName = "code." + request.Language
}
// Check if language is supported
supported := false
for _, lang := range s.scanner.SupportedLanguages() {
if lang == request.Language {
supported = true
break
}
}
if !supported {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Unsupported language: " + request.Language,
})
return
}
// Create temporary file
tempDir, err := ioutil.TempDir("", "re-movery-")
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to create temporary directory: " + err.Error(),
})
return
}
defer os.RemoveAll(tempDir)
tempFile := filepath.Join(tempDir, request.FileName)
if err := ioutil.WriteFile(tempFile, []byte(request.Code), 0644); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to write temporary file: " + err.Error(),
})
return
}
// Scan file
results, err := s.scanner.ScanFile(tempFile)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to scan code: " + err.Error(),
})
return
}
// Generate summary
summary := core.GenerateSummary(map[string][]core.Match{
request.FileName: results,
})
// Return results
c.JSON(http.StatusOK, gin.H{
"results": map[string][]core.Match{
request.FileName: results,
},
"summary": summary,
})
}
// scanFileHandler handles file scanning
func (s *Server) scanFileHandler(c *gin.Context) {
// Get file from form
file, err := c.FormFile("file")
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": "No file provided",
})
return
}
// Save file to temporary location
tempFile := filepath.Join(os.TempDir(), file.Filename)
if err := c.SaveUploadedFile(file, tempFile); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to save file",
})
return
}
defer os.Remove(tempFile)
// Scan file
results, err := s.scanner.ScanFile(tempFile)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": fmt.Sprintf("Failed to scan file: %v", err),
})
return
}
// Generate summary
summary := core.GenerateSummary(map[string][]core.Match{
file.Filename: results,
})
// Return results
c.JSON(http.StatusOK, gin.H{
"results": map[string][]core.Match{
file.Filename: results,
},
"summary": summary,
})
}
// scanDirectoryHandler handles directory scanning
func (s *Server) scanDirectoryHandler(c *gin.Context) {
// Parse request
var request struct {
Directory string `json:"directory" binding:"required"`
ExcludePatterns []string `json:"excludePatterns"`
Parallel bool `json:"parallel"`
Incremental bool `json:"incremental"`
}
if err := c.ShouldBindJSON(&request); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Invalid request: " + err.Error(),
})
return
}
// Check if directory exists
if _, err := os.Stat(request.Directory); os.IsNotExist(err) {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Directory does not exist",
})
return
}
// Set scanner options
s.scanner.SetParallel(request.Parallel)
s.scanner.SetIncremental(request.Incremental)
// Scan directory
results, err := s.scanner.ScanDirectory(request.Directory, request.ExcludePatterns)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": fmt.Sprintf("Failed to scan directory: %v", err),
})
return
}
// Generate summary
summary := core.GenerateSummary(results)
// Return results
c.JSON(http.StatusOK, gin.H{
"results": results,
"summary": summary,
})
}
// languagesHandler handles the supported languages request
func (s *Server) languagesHandler(c *gin.Context) {
languages := s.scanner.SupportedLanguages()
c.JSON(http.StatusOK, gin.H{
"languages": languages,
})
}
// healthHandler handles the health check request
func (s *Server) healthHandler(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
"status": "ok",
"time": time.Now().Format(time.RFC3339),
})
}
================================================
FILE: go/internal/cmd/generate.go
================================================
package cmd
import (
"fmt"
"os"
"path/filepath"
"github.com/spf13/cobra"
)
var (
outputDir string
)
var generateCmd = &cobra.Command{
Use: "generate",
Short: "Generate files for integration with other tools",
Long: `Generate files for integration with other tools.
Examples:
re-movery generate github-action
re-movery generate gitlab-ci
re-movery generate vscode-extension`,
}
var generateGithubActionCmd = &cobra.Command{
Use: "github-action",
Short: "Generate GitHub Actions workflow file",
Long: `Generate GitHub Actions workflow file for integrating Re-movery into your CI/CD pipeline.`,
Run: func(cmd *cobra.Command, args []string) {
outputPath := filepath.Join(outputDir, "re-movery-github-action.yml")
if err := generateGithubActionFile(outputPath); err != nil {
fmt.Fprintf(os.Stderr, "Error generating GitHub Actions workflow file: %v\n", err)
os.Exit(1)
}
fmt.Printf("GitHub Actions workflow file generated: %s\n", outputPath)
},
}
var generateGitlabCICmd = &cobra.Command{
Use: "gitlab-ci",
Short: "Generate GitLab CI configuration file",
Long: `Generate GitLab CI configuration file for integrating Re-movery into your CI/CD pipeline.`,
Run: func(cmd *cobra.Command, args []string) {
outputPath := filepath.Join(outputDir, "re-movery-gitlab-ci.yml")
if err := generateGitlabCIFile(outputPath); err != nil {
fmt.Fprintf(os.Stderr, "Error generating GitLab CI configuration file: %v\n", err)
os.Exit(1)
}
fmt.Printf("GitLab CI configuration file generated: %s\n", outputPath)
},
}
var generateVSCodeExtensionCmd = &cobra.Command{
Use: "vscode-extension",
Short: "Generate VS Code extension configuration files",
Long: `Generate VS Code extension configuration files for integrating Re-movery into VS Code.`,
Run: func(cmd *cobra.Command, args []string) {
outputPath := filepath.Join(outputDir, "re-movery-vscode")
if err := generateVSCodeExtensionFiles(outputPath); err != nil {
fmt.Fprintf(os.Stderr, "Error generating VS Code extension configuration files: %v\n", err)
os.Exit(1)
}
fmt.Printf("VS Code extension configuration files generated: %s\n", outputPath)
},
}
func init() {
// Add flags
generateCmd.PersistentFlags().StringVar(&outputDir, "output-dir", ".", "Output directory for generated files")
// Add subcommands
generateCmd.AddCommand(generateGithubActionCmd)
generateCmd.AddCommand(generateGitlabCICmd)
generateCmd.AddCommand(generateVSCodeExtensionCmd)
}
// generateGithubActionFile generates a GitHub Actions workflow file
func generateGithubActionFile(outputPath string) error {
// Create output directory if it doesn't exist
if err := os.MkdirAll(filepath.Dir(outputPath), 0755); err != nil {
return err
}
// GitHub Actions workflow file content
content := `name: Re-movery Security Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17
- name: Install Re-movery
run: |
go install github.com/re-movery/re-movery@latest
- name: Run Re-movery Security Scan
run: |
re-movery scan --dir . --exclude "vendor,node_modules,*.min.js" --output report.html --format html
- name: Upload Scan Results
uses: actions/upload-artifact@v2
with:
name: security-scan-report
path: report.html
`
// Write content to file
return os.WriteFile(outputPath, []byte(content), 0644)
}
// generateGitlabCIFile generates a GitLab CI configuration file
func generateGitlabCIFile(outputPath string) error {
// Create output directory if it doesn't exist
if err := os.MkdirAll(filepath.Dir(outputPath), 0755); err != nil {
return err
}
// GitLab CI configuration file content
content := `stages:
- security-scan
security-scan:
stage: security-scan
image: golang:1.17
script:
- go install github.com/re-movery/re-movery@latest
- re-movery scan --dir . --exclude "vendor,node_modules,*.min.js" --output report.html --format html
artifacts:
paths:
- report.html
expire_in: 1 week
`
// Write content to file
return os.WriteFile(outputPath, []byte(content), 0644)
}
// generateVSCodeExtensionFiles generates VS Code extension configuration files
func generateVSCodeExtensionFiles(outputPath string) error {
// Create output directory if it doesn't exist
if err := os.MkdirAll(outputPath, 0755); err != nil {
return err
}
// package.json content
packageJSON := `{
"name": "re-movery-vscode",
"displayName": "Re-movery Security Scanner",
"description": "Security vulnerability scanner for VS Code",
"version": "0.1.0",
"engines": {
"vscode": "^1.60.0"
},
"categories": [
"Linters",
"Security"
],
"activationEvents": [
"onLanguage:python",
"onLanguage:javascript",
"onCommand:re-movery.scanFile",
"onCommand:re-movery.scanWorkspace"
],
"main": "./extension.js",
"contributes": {
"commands": [
{
"command": "re-movery.scanFile",
"title": "Re-movery: Scan Current File"
},
{
"command": "re-movery.scanWorkspace",
"title": "Re-movery: Scan Workspace"
}
],
"configuration": {
"title": "Re-movery",
"properties": {
"re-movery.serverHost": {
"type": "string",
"default": "localhost",
"description": "Host of the Re-movery API server"
},
"re-movery.serverPort": {
"type": "number",
"default": 8081,
"description": "Port of the Re-movery API server"
},
"re-movery.enableBackgroundScanning": {
"type": "boolean",
"default": true,
"description": "Enable background scanning of files"
}
}
}
}
}
`
// extension.js content
extensionJS := `const vscode = require('vscode');
const path = require('path');
const fs = require('fs');
const http = require('http');
let diagnosticCollection;
/**
* @param {vscode.ExtensionContext} context
*/
function activate(context) {
console.log('Re-movery extension is now active');
// Create diagnostic collection
diagnosticCollection = vscode.languages.createDiagnosticCollection('re-movery');
context.subscriptions.push(diagnosticCollection);
// Register commands
context.subscriptions.push(
vscode.commands.registerCommand('re-movery.scanFile', scanCurrentFile),
vscode.commands.registerCommand('re-movery.scanWorkspace', scanWorkspace)
);
// Register event handlers
if (vscode.workspace.getConfiguration('re-movery').get('enableBackgroundScanning')) {
context.subscriptions.push(
vscode.workspace.onDidSaveTextDocument(scanDocument),
vscode.window.onDidChangeActiveTextEditor(editor => {
if (editor) {
scanDocument(editor.document);
}
})
);
}
}
function deactivate() {
diagnosticCollection.clear();
}
async function scanCurrentFile() {
const editor = vscode.window.activeTextEditor;
if (!editor) {
vscode.window.showInformationMessage('No file is currently open');
return;
}
await scanDocument(editor.document);
vscode.window.showInformationMessage('File scan completed');
}
async function scanWorkspace() {
if (!vscode.workspace.workspaceFolders) {
vscode.window.showInformationMessage('No workspace is open');
return;
}
const workspaceFolder = vscode.workspace.workspaceFolders[0].uri.fsPath;
vscode.window.withProgress({
location: vscode.ProgressLocation.Notification,
title: 'Scanning workspace for security vulnerabilities',
cancellable: false
}, async (progress) => {
progress.report({ increment: 0 });
try {
const results = await scanDirectory(workspaceFolder);
updateDiagnostics(results);
const totalIssues = Object.values(results).reduce((sum, matches) => sum + matches.length, 0);
vscode.window.showInformationMessage(\`Workspace scan completed. Found \${totalIssues} issues.\`);
progress.report({ increment: 100 });
} catch (error) {
vscode.window.showErrorMessage(\`Error scanning workspace: \${error.message}\`);
}
});
}
async function scanDocument(document) {
// Check if file type is supported
if (!isSupportedFileType(document)) {
return;
}
try {
const results = await scanCode(document.getText(), document.fileName);
updateDiagnosticsForFile(document.uri, results);
} catch (error) {
console.error('Error scanning document:', error);
}
}
function isSupportedFileType(document) {
const supportedLanguages = ['python', 'javascript'];
return supportedLanguages.includes(document.languageId);
}
async function scanCode(code, filename) {
const config = vscode.workspace.getConfiguration('re-movery');
const host = config.get('serverHost');
const port = config.get('serverPort');
return new Promise((resolve, reject) => {
const postData = JSON.stringify({
code: code,
filename: path.basename(filename)
});
const options = {
hostname: host,
port: port,
path: '/api/scan/code',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': Buffer.byteLength(postData)
}
};
const req = http.request(options, (res) => {
let data = '';
res.on('data', (chunk) => {
data += chunk;
});
res.on('end', () => {
if (res.statusCode === 200) {
try {
const response = JSON.parse(data);
resolve(response.results || {});
} catch (error) {
reject(new Error('Invalid response from server'));
}
} else {
reject(new Error(\`Server returned status code \${res.statusCode}\`));
}
});
});
req.on('error', (error) => {
reject(new Error(\`Error connecting to Re-movery server: \${error.message}\`));
});
req.write(postData);
req.end();
});
}
async function scanDirectory(directory) {
const config = vscode.workspace.getConfiguration('re-movery');
const host = config.get('serverHost');
const port = config.get('serverPort');
return new Promise((resolve, reject) => {
const postData = JSON.stringify({
directory: directory
});
const options = {
hostname: host,
port: port,
path: '/api/scan/directory',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': Buffer.byteLength(postData)
}
};
const req = http.request(options, (res) => {
let data = '';
res.on('data', (chunk) => {
data += chunk;
});
res.on('end', () => {
if (res.statusCode === 200) {
try {
const response = JSON.parse(data);
resolve(response.results || {});
} catch (error) {
reject(new Error('Invalid response from server'));
}
} else {
reject(new Error(\`Server returned status code \${res.statusCode}\`));
}
});
});
req.on('error', (error) => {
reject(new Error(\`Error connecting to Re-movery server: \${error.message}\`));
});
req.write(postData);
req.end();
});
}
function updateDiagnostics(results) {
// Clear all diagnostics
diagnosticCollection.clear();
// Update diagnostics for each file
for (const [filePath, matches] of Object.entries(results)) {
const uri = vscode.Uri.file(filePath);
updateDiagnosticsForFile(uri, { [filePath]: matches });
}
}
function updateDiagnosticsForFile(uri, results) {
const filePath = uri.fsPath;
const matches = results[filePath] || [];
if (matches.length === 0) {
diagnosticCollection.delete(uri);
return;
}
const diagnostics = matches.map(match => {
const range = new vscode.Range(
match.line - 1, 0,
match.line - 1, 1000
);
const severity = getSeverity(match.severity);
return new vscode.Diagnostic(
range,
\`\${match.name}: \${match.description}\`,
severity
);
});
diagnosticCollection.set(uri, diagnostics);
}
function getSeverity(severity) {
switch (severity.toLowerCase()) {
case 'high':
return vscode.DiagnosticSeverity.Error;
case 'medium':
return vscode.DiagnosticSeverity.Warning;
case 'low':
return vscode.DiagnosticSeverity.Information;
default:
return vscode.DiagnosticSeverity.Hint;
}
}
module.exports = {
activate,
deactivate
};
`
// README.md content
readmeMD := `# Re-movery Security Scanner for VS Code
This extension integrates the Re-movery security scanner into VS Code, providing real-time security vulnerability detection for your code.
## Features
- Scan individual files for security vulnerabilities
- Scan entire workspaces for security vulnerabilities
- Real-time scanning as you type
- Detailed diagnostics with severity levels
- Integration with the Re-movery API server
## Requirements
- VS Code 1.60.0 or higher
- Re-movery API server running locally or remotely
## Extension Settings
This extension contributes the following settings:
* \`re-movery.serverHost\`: Host of the Re-movery API server
* \`re-movery.serverPort\`: Port of the Re-movery API server
* \`re-movery.enableBackgroundScanning\`: Enable background scanning of files
## Known Issues
- Currently only supports Python and JavaScript files
- Requires a running Re-movery API server
## Release Notes
### 0.1.0
Initial release of the Re-movery Security Scanner for VS Code
`
// Write files
if err := os.WriteFile(filepath.Join(outputPath, "package.json"), []byte(packageJSON), 0644); err != nil {
return err
}
if err := os.WriteFile(filepath.Join(outputPath, "extension.js"), []byte(extensionJS), 0644); err != nil {
return err
}
if err := os.WriteFile(filepath.Join(outputPath, "README.md"), []byte(readmeMD), 0644); err != nil {
return err
}
return nil
}
================================================
FILE: go/internal/cmd/root.go
================================================
package cmd
import (
"fmt"
"os"
"github.com/spf13/cobra"
)
var rootCmd = &cobra.Command{
Use: "re-movery",
Short: "Re-movery - Security Vulnerability Scanner",
Long: `Re-movery is a powerful security vulnerability scanner designed to detect
potential security issues in your codebase. It supports multiple programming
languages and provides various interfaces for scanning and reporting.`,
Run: func(cmd *cobra.Command, args []string) {
// If no subcommand is provided, print help
cmd.Help()
},
}
// Execute executes the root command
func Execute() error {
return rootCmd.Execute()
}
func init() {
// Add global flags
rootCmd.PersistentFlags().BoolP("verbose", "v", false, "Enable verbose output")
rootCmd.PersistentFlags().StringP("config", "c", "", "Config file path")
// Add subcommands
rootCmd.AddCommand(scanCmd)
rootCmd.AddCommand(webCmd)
rootCmd.AddCommand(serverCmd)
rootCmd.AddCommand(generateCmd)
rootCmd.AddCommand(versionCmd)
}
// versionCmd represents the version command
var versionCmd = &cobra.Command{
Use: "version",
Short: "Print the version number",
Run: func(cmd *cobra.Command, args []string) {
fmt.Println("Re-movery v1.0.0")
},
}
================================================
FILE: go/internal/cmd/scan.go
================================================
package cmd
import (
"fmt"
"os"
"path/filepath"
"strings"
"time"
"github.com/re-movery/re-movery/internal/core"
"github.com/re-movery/re-movery/internal/detectors"
"github.com/re-movery/re-movery/internal/reporters"
"github.com/spf13/cobra"
)
var (
scanFile string
scanDir string
excludePattern string
outputFile string
reportFormat string
parallel bool
incremental bool
confidence float64
)
var scanCmd = &cobra.Command{
Use: "scan",
Short: "Scan files or directories for security vulnerabilities",
Long: `Scan files or directories for security vulnerabilities.
Examples:
re-movery scan --file path/to/file.py
re-movery scan --dir path/to/directory --exclude "node_modules,*.min.js"
re-movery scan --dir path/to/directory --output report.html --format html`,
Run: func(cmd *cobra.Command, args []string) {
// Create scanner
scanner := core.NewScanner()
// Register detectors
scanner.RegisterDetector(detectors.NewPythonDetector())
scanner.RegisterDetector(detectors.NewJavaScriptDetector())
// Set scanner options
scanner.SetParallel(parallel)
scanner.SetIncremental(incremental)
scanner.SetConfidenceThreshold(confidence)
// Parse exclude patterns
var excludePatterns []string
if excludePattern != "" {
excludePatterns = strings.Split(excludePattern, ",")
for i, pattern := range excludePatterns {
excludePatterns[i] = strings.TrimSpace(pattern)
}
}
// Scan file or directory
var results map[string][]core.Match
var err error
if scanFile != "" {
// Check if file exists
if _, err := os.Stat(scanFile); os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "Error: File does not exist: %s\n", scanFile)
os.Exit(1)
}
// Scan file
matches, err := scanner.ScanFile(scanFile)
if err != nil {
fmt.Fprintf(os.Stderr, "Error scanning file: %v\n", err)
os.Exit(1)
}
results = map[string][]core.Match{
scanFile: matches,
}
} else if scanDir != "" {
// Check if directory exists
if _, err := os.Stat(scanDir); os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "Error: Directory does not exist: %s\n", scanDir)
os.Exit(1)
}
// Scan directory
results, err = scanner.ScanDirectory(scanDir, excludePatterns)
if err != nil {
fmt.Fprintf(os.Stderr, "Error scanning directory: %v\n", err)
os.Exit(1)
}
} else {
fmt.Fprintf(os.Stderr, "Error: Please specify a file or directory to scan\n")
cmd.Help()
os.Exit(1)
}
// Generate summary
summary := core.GenerateSummary(results)
// Print summary to console
fmt.Printf("Scan completed in %s\n", time.Now().Format(time.RFC3339))
fmt.Printf("Files scanned: %d\n", summary.TotalFiles)
fmt.Printf("Issues found: %d (High: %d, Medium: %d, Low: %d)\n",
summary.High+summary.Medium+summary.Low, summary.High, summary.Medium, summary.Low)
// Generate report if output file is specified
if outputFile != "" {
// Create report data
reportData := core.ReportData{
Title: "Re-movery Security Scan Report",
Timestamp: time.Now().Format(time.RFC3339),
Results: results,
Summary: summary,
}
// Determine report format
if reportFormat == "" {
// Try to determine format from file extension
ext := strings.ToLower(filepath.Ext(outputFile))
switch ext {
case ".html":
reportFormat = "html"
case ".json":
reportFormat = "json"
case ".xml":
reportFormat = "xml"
default:
reportFormat = "html" // Default to HTML
}
}
// Generate report
var reporter core.Reporter
switch strings.ToLower(reportFormat) {
case "html":
reporter = reporters.NewHTMLReporter()
case "json":
reporter = reporters.NewJSONReporter()
case "xml":
reporter = reporters.NewXMLReporter()
default:
fmt.Fprintf(os.Stderr, "Error: Unsupported report format: %s\n", reportFormat)
os.Exit(1)
}
if err := reporter.GenerateReport(reportData, outputFile); err != nil {
fmt.Fprintf(os.Stderr, "Error generating report: %v\n", err)
os.Exit(1)
}
fmt.Printf("Report generated: %s\n", outputFile)
}
},
}
func init() {
// Add flags
scanCmd.Flags().StringVar(&scanFile, "file", "", "File to scan")
scanCmd.Flags().StringVar(&scanDir, "dir", "", "Directory to scan")
scanCmd.Flags().StringVar(&excludePattern, "exclude", "", "Patterns to exclude (comma separated)")
scanCmd.Flags().StringVar(&outputFile, "output", "", "Output file for the report")
scanCmd.Flags().StringVar(&reportFormat, "format", "", "Report format (html, json, xml)")
scanCmd.Flags().BoolVar(¶llel, "parallel", false, "Enable parallel processing")
scanCmd.Flags().BoolVar(&incremental, "incremental", false, "Enable incremental scanning")
scanCmd.Flags().Float64Var(&confidence, "confidence", 0.7, "Confidence threshold (0.0-1.0)")
}
================================================
FILE: go/internal/cmd/server.go
================================================
package cmd
import (
"fmt"
"os"
"github.com/re-movery/re-movery/internal/api"
"github.com/spf13/cobra"
)
var (
serverHost string
serverPort int
serverDebug bool
)
var serverCmd = &cobra.Command{
Use: "server",
Short: "Start the API server",
Long: `Start the API server for Re-movery.
The API server provides a RESTful API for scanning files and directories for security vulnerabilities.
Examples:
re-movery server
re-movery server --host 0.0.0.0 --port 8081
re-movery server --debug`,
Run: func(cmd *cobra.Command, args []string) {
// Create API server
server := api.NewServer()
// Start API server
addr := fmt.Sprintf("%s:%d", serverHost, serverPort)
fmt.Printf("Starting API server at http://%s\n", addr)
if err := server.Run(serverHost, serverPort, serverDebug); err != nil {
fmt.Fprintf(os.Stderr, "Error starting API server: %v\n", err)
os.Exit(1)
}
},
}
func init() {
// Add flags
serverCmd.Flags().StringVar(&serverHost, "host", "localhost", "Host to bind the API server to")
serverCmd.Flags().IntVar(&serverPort, "port", 8081, "Port to bind the API server to")
serverCmd.Flags().BoolVar(&serverDebug, "debug", false, "Enable debug mode")
}
================================================
FILE: go/internal/cmd/web.go
================================================
package cmd
import (
"fmt"
"os"
"github.com/re-movery/re-movery/internal/web"
"github.com/spf13/cobra"
)
var (
webHost string
webPort int
webDebug bool
)
var webCmd = &cobra.Command{
Use: "web",
Short: "Start the web interface",
Long: `Start the web interface for Re-movery.
The web interface provides a user-friendly way to scan files and directories for security vulnerabilities.
Examples:
re-movery web
re-movery web --host 0.0.0.0 --port 8080
re-movery web --debug`,
Run: func(cmd *cobra.Command, args []string) {
// Create web app
app := web.NewApp()
// Start web server
addr := fmt.Sprintf("%s:%d", webHost, webPort)
fmt.Printf("Starting web server at http://%s\n", addr)
if err := app.Run(webHost, webPort, webDebug); err != nil {
fmt.Fprintf(os.Stderr, "Error starting web server: %v\n", err)
os.Exit(1)
}
},
}
func init() {
// Add flags
webCmd.Flags().StringVar(&webHost, "host", "localhost", "Host to bind the web server to")
webCmd.Flags().IntVar(&webPort, "port", 8080, "Port to bind the web server to")
webCmd.Flags().BoolVar(&webDebug, "debug", false, "Enable debug mode")
}
================================================
FILE: go/internal/config/config.go
================================================
package config
import (
"github.com/spf13/viper"
)
// Config represents the application configuration
type Config struct {
Processing ProcessingConfig `mapstructure:"processing"`
Detector DetectorConfig `mapstructure:"detector"`
Logging LoggingConfig `mapstructure:"logging"`
Security SecurityConfig `mapstructure:"security"`
}
// ProcessingConfig contains processing-related configuration
type ProcessingConfig struct {
NumWorkers int `mapstructure:"num_workers"`
MaxMemoryGB float64 `mapstructure:"max_memory_gb"`
ChunkSizeMB int `mapstructure:"chunk_size_mb"`
EnableCache bool `mapstructure:"enable_cache"`
CacheSize int `mapstructure:"cache_size"`
Languages []string `mapstructure:"languages"`
}
// DetectorConfig contains detector-related configuration
type DetectorConfig struct {
MinSimilarity float64 `mapstructure:"min_similarity"`
EditDistance int `mapstructure:"edit_distance"`
ContextLines int `mapstructure:"context_lines"`
ASTDepth int `mapstructure:"ast_depth"`
CFGNodes int `mapstructure:"cfg_nodes"`
ReportFormat []string `mapstructure:"report_format"`
ExcludePatterns []string `mapstructure:"exclude_patterns"`
}
// LoggingConfig contains logging-related configuration
type LoggingConfig struct {
Level string `mapstructure:"level"`
File string `mapstructure:"file"`
Format string `mapstructure:"format"`
EnableProfiling bool `mapstructure:"enable_profiling"`
ShowProgress bool `mapstructure:"show_progress"`
}
// SecurityConfig contains security-related configuration
type SecurityConfig struct {
MaxFileSizeMB int `mapstructure:"max_file_size_mb"`
AllowedSchemes []string `mapstructure:"allowed_schemes"`
EnableSandbox bool `mapstructure:"enable_sandbox"`
RequireAuth bool `mapstructure:"require_auth"`
RateLimitPerHour int `mapstructure:"rate_limit_per_hour"`
}
// LoadConfig loads the configuration from file
func LoadConfig(configFile string) (*Config, error) {
viper.SetConfigFile(configFile)
viper.SetConfigType("json")
if err := viper.ReadInConfig(); err != nil {
return nil, err
}
var config Config
if err := viper.Unmarshal(&config); err != nil {
return nil, err
}
return &config, nil
}
// SetDefaults sets default configuration values
func SetDefaults() {
viper.SetDefault("processing.num_workers", 4)
viper.SetDefault("processing.max_memory_gb", 8)
viper.SetDefault("processing.chunk_size_mb", 1)
viper.SetDefault("processing.enable_cache", true)
viper.SetDefault("processing.cache_size", 1000)
viper.SetDefault("processing.languages", []string{"go", "java", "python", "javascript"})
viper.SetDefault("detector.min_similarity", 0.8)
viper.SetDefault("detector.edit_distance", 3)
viper.SetDefault("detector.context_lines", 3)
viper.SetDefault("detector.ast_depth", 5)
viper.SetDefault("detector.cfg_nodes", 100)
viper.SetDefault("detector.report_format", []string{"html", "json"})
viper.SetDefault("logging.level", "info")
viper.SetDefault("logging.format", "text")
viper.SetDefault("logging.enable_profiling", false)
viper.SetDefault("logging.show_progress", true)
viper.SetDefault("security.max_file_size_mb", 10)
viper.SetDefault("security.enable_sandbox", true)
viper.SetDefault("security.require_auth", false)
viper.SetDefault("security.rate_limit_per_hour", 1000)
}
================================================
FILE: go/internal/core/config.go
================================================
package core
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strings"
"gopkg.in/yaml.v3"
)
// Config 表示应用程序配置
type Config struct {
Scanner ScannerConfig `json:"scanner" yaml:"scanner"`
Web WebConfig `json:"web" yaml:"web"`
Server ServerConfig `json:"server" yaml:"server"`
}
// ScannerConfig 表示扫描器配置
type ScannerConfig struct {
Parallel bool `json:"parallel" yaml:"parallel"`
Incremental bool `json:"incremental" yaml:"incremental"`
ConfidenceThreshold float64 `json:"confidenceThreshold" yaml:"confidenceThreshold"`
ExcludePatterns []string `json:"excludePatterns" yaml:"excludePatterns"`
}
// WebConfig 表示Web界面配置
type WebConfig struct {
Host string `json:"host" yaml:"host"`
Port int `json:"port" yaml:"port"`
Debug bool `json:"debug" yaml:"debug"`
}
// ServerConfig 表示API服务器配置
type ServerConfig struct {
Host string `json:"host" yaml:"host"`
Port int `json:"port" yaml:"port"`
Debug bool `json:"debug" yaml:"debug"`
}
// NewConfig 创建一个新的配置对象,使用默认值
func NewConfig() *Config {
return &Config{
Scanner: ScannerConfig{
Parallel: false,
Incremental: false,
ConfidenceThreshold: 0.7,
ExcludePatterns: []string{},
},
Web: WebConfig{
Host: "localhost",
Port: 8080,
Debug: false,
},
Server: ServerConfig{
Host: "localhost",
Port: 8081,
Debug: false,
},
}
}
// LoadConfig 从文件加载配置
func LoadConfig(configPath string) (*Config, error) {
// 如果未指定配置文件,则使用默认配置
if configPath == "" {
return NewConfig(), nil
}
// 检查文件是否存在
if _, err := os.Stat(configPath); os.IsNotExist(err) {
return nil, fmt.Errorf("配置文件不存在: %s", configPath)
}
// 读取文件内容
data, err := ioutil.ReadFile(configPath)
if err != nil {
return nil, err
}
// 根据文件扩展名解析配置
config := NewConfig()
ext := strings.ToLower(filepath.Ext(configPath))
switch ext {
case ".json":
if err := json.Unmarshal(data, config); err != nil {
return nil, err
}
case ".yaml", ".yml":
if err := yaml.Unmarshal(data, config); err != nil {
return nil, err
}
default:
return nil, fmt.Errorf("不支持的配置文件格式: %s", ext)
}
return config, nil
}
// SaveConfig 将配置保存到文件
func SaveConfig(config *Config, configPath string) error {
// 创建输出目录(如果不存在)
outputDir := filepath.Dir(configPath)
if err := os.MkdirAll(outputDir, 0755); err != nil {
return err
}
// 根据文件扩展名序列化配置
var data []byte
var err error
ext := strings.ToLower(filepath.Ext(configPath))
switch ext {
case ".json":
data, err = json.MarshalIndent(config, "", " ")
if err != nil {
return err
}
case ".yaml", ".yml":
data, err = yaml.Marshal(config)
if err != nil {
return err
}
default:
return fmt.Errorf("不支持的配置文件格式: %s", ext)
}
// 写入文件
return ioutil.WriteFile(configPath, data, 0644)
}
// ApplyToScanner 将配置应用到扫描器
func (c *Config) ApplyToScanner(scanner *Scanner) {
scanner.SetParallel(c.Scanner.Parallel)
scanner.SetIncremental(c.Scanner.Incremental)
scanner.SetConfidenceThreshold(c.Scanner.ConfidenceThreshold)
}
================================================
FILE: go/internal/core/config_test.go
================================================
package core
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
)
// 测试创建新配置
func TestNewConfig(t *testing.T) {
config := NewConfig()
assert.NotNil(t, config)
// 检查默认值
assert.False(t, config.Scanner.Parallel)
assert.False(t, config.Scanner.Incremental)
assert.Equal(t, 0.7, config.Scanner.ConfidenceThreshold)
assert.Equal(t, "localhost", config.Web.Host)
assert.Equal(t, 8080, config.Web.Port)
assert.False(t, config.Web.Debug)
assert.Equal(t, "localhost", config.Server.Host)
assert.Equal(t, 8081, config.Server.Port)
assert.False(t, config.Server.Debug)
}
// 测试加载JSON配置
func TestLoadConfigJSON(t *testing.T) {
// 创建临时配置文件
content := []byte(`{
"scanner": {
"parallel": true,
"incremental": true,
"confidenceThreshold": 0.8,
"excludePatterns": ["node_modules", "*.min.js"]
},
"web": {
"host": "0.0.0.0",
"port": 9090,
"debug": true
},
"server": {
"host": "0.0.0.0",
"port": 9091,
"debug": true
}
}`)
tmpfile, err := ioutil.TempFile("", "config-*.json")
assert.NoError(t, err)
defer os.Remove(tmpfile.Name())
_, err = tmpfile.Write(content)
assert.NoError(t, err)
err = tmpfile.Close()
assert.NoError(t, err)
// 加载配置
config, err := LoadConfig(tmpfile.Name())
assert.NoError(t, err)
assert.NotNil(t, config)
// 检查加载的值
assert.True(t, config.Scanner.Parallel)
assert.True(t, config.Scanner.Incremental)
assert.Equal(t, 0.8, config.Scanner.ConfidenceThreshold)
assert.Equal(t, []string{"node_modules", "*.min.js"}, config.Scanner.ExcludePatterns)
assert.Equal(t, "0.0.0.0", config.Web.Host)
assert.Equal(t, 9090, config.Web.Port)
assert.True(t, config.Web.Debug)
assert.Equal(t, "0.0.0.0", config.Server.Host)
assert.Equal(t, 9091, config.Server.Port)
assert.True(t, config.Server.Debug)
}
// 测试加载YAML配置
func TestLoadConfigYAML(t *testing.T) {
// 创建临时配置文件
content := []byte(`scanner:
parallel: true
incremental: true
confidenceThreshold: 0.8
excludePatterns:
- node_modules
- "*.min.js"
web:
host: 0.0.0.0
port: 9090
debug: true
server:
host: 0.0.0.0
port: 9091
debug: true
`)
tmpfile, err := ioutil.TempFile("", "config-*.yaml")
assert.NoError(t, err)
defer os.Remove(tmpfile.Name())
_, err = tmpfile.Write(content)
assert.NoError(t, err)
err = tmpfile.Close()
assert.NoError(t, err)
// 加载配置
config, err := LoadConfig(tmpfile.Name())
assert.NoError(t, err)
assert.NotNil(t, config)
// 检查加载的值
assert.True(t, config.Scanner.Parallel)
assert.True(t, config.Scanner.Incremental)
assert.Equal(t, 0.8, config.Scanner.ConfidenceThreshold)
assert.Equal(t, []string{"node_modules", "*.min.js"}, config.Scanner.ExcludePatterns)
assert.Equal(t, "0.0.0.0", config.Web.Host)
assert.Equal(t, 9090, config.Web.Port)
assert.True(t, config.Web.Debug)
assert.Equal(t, "0.0.0.0", config.Server.Host)
assert.Equal(t, 9091, config.Server.Port)
assert.True(t, config.Server.Debug)
}
// 测试保存配置
func TestSaveConfig(t *testing.T) {
// 创建配置
config := NewConfig()
config.Scanner.Parallel = true
config.Scanner.Incremental = true
config.Scanner.ConfidenceThreshold = 0.8
config.Scanner.ExcludePatterns = []string{"node_modules", "*.min.js"}
config.Web.Host = "0.0.0.0"
config.Web.Port = 9090
config.Web.Debug = true
config.Server.Host = "0.0.0.0"
config.Server.Port = 9091
config.Server.Debug = true
// 创建临时文件路径
tmpdir, err := ioutil.TempDir("", "config-test")
assert.NoError(t, err)
defer os.RemoveAll(tmpdir)
// 保存JSON配置
jsonPath := filepath.Join(tmpdir, "config.json")
err = SaveConfig(config, jsonPath)
assert.NoError(t, err)
// 保存YAML配置
yamlPath := filepath.Join(tmpdir, "config.yaml")
err = SaveConfig(config, yamlPath)
assert.NoError(t, err)
// 重新加载JSON配置
jsonConfig, err := LoadConfig(jsonPath)
assert.NoError(t, err)
assert.Equal(t, config, jsonConfig)
// 重新加载YAML配置
yamlConfig, err := LoadConfig(yamlPath)
assert.NoError(t, err)
assert.Equal(t, config, yamlConfig)
}
// 测试应用配置到扫描器
func TestApplyToScanner(t *testing.T) {
// 创建配置
config := NewConfig()
config.Scanner.Parallel = true
config.Scanner.Incremental = true
config.Scanner.ConfidenceThreshold = 0.8
// 创建扫描器
scanner := NewScanner()
// 应用配置
config.ApplyToScanner(scanner)
// 检查扫描器设置
assert.True(t, scanner.IsParallel())
assert.True(t, scanner.IsIncremental())
assert.Equal(t, 0.8, scanner.confidenceThreshold)
}
================================================
FILE: go/internal/core/models.go
================================================
package core
import (
"time"
)
// Signature represents a vulnerability signature
type Signature struct {
ID string `json:"id"`
Name string `json:"name"`
Severity string `json:"severity"`
Description string `json:"description"`
CodePatterns []string `json:"codePatterns"`
References []string `json:"references"`
}
// Match represents a vulnerability match
type Match struct {
Signature Signature `json:"signature"`
FilePath string `json:"filePath"`
LineNumber int `json:"lineNumber"`
MatchedCode string `json:"matchedCode"`
Confidence float64 `json:"confidence"`
}
// Summary represents a summary of scan results
type Summary struct {
TotalFiles int `json:"totalFiles"`
High int `json:"high"`
Medium int `json:"medium"`
Low int `json:"low"`
Vulnerabilities map[string]int `json:"vulnerabilities"`
}
// ReportData represents data for a report
type ReportData struct {
Title string `json:"title"`
Timestamp string `json:"timestamp"`
Results map[string][]Match `json:"results"`
Summary Summary `json:"summary"`
}
// Reporter is an interface for report generators
type Reporter interface {
GenerateReport(data ReportData, outputPath string) error
}
// Detector is an interface for vulnerability detectors
type Detector interface {
Name() string
SupportedLanguages() []string
DetectFile(filePath string) ([]Match, error)
DetectCode(code string, filePath string) ([]Match, error)
}
// GenerateSummary generates a summary from scan results
func GenerateSummary(results map[string][]Match) Summary {
summary := Summary{
TotalFiles: len(results),
Vulnerabilities: make(map[string]int),
}
for _, matches := range results {
for _, match := range matches {
switch match.Signature.Severity {
case "high":
summary.High++
case "medium":
summary.Medium++
case "low":
summary.Low++
}
// Count vulnerabilities by name
summary.Vulnerabilities[match.Signature.Name]++
}
}
return summary
}
================================================
FILE: go/internal/core/scanner.go
================================================
package core
import (
"fmt"
"os"
"path/filepath"
"strings"
"sync"
)
// Scanner is a vulnerability scanner
type Scanner struct {
detectors []Detector
parallel bool
incremental bool
confidenceThreshold float64
cache map[string][]Match
cacheMutex sync.RWMutex
}
// NewScanner creates a new scanner
func NewScanner() *Scanner {
return &Scanner{
detectors: []Detector{},
parallel: false,
incremental: false,
confidenceThreshold: 0.7,
cache: make(map[string][]Match),
}
}
// RegisterDetector registers a detector
func (s *Scanner) RegisterDetector(detector Detector) {
s.detectors = append(s.detectors, detector)
}
// SetParallel sets whether to use parallel processing
func (s *Scanner) SetParallel(parallel bool) {
s.parallel = parallel
}
// IsParallel returns whether parallel processing is enabled
func (s *Scanner) IsParallel() bool {
return s.parallel
}
// SetIncremental sets whether to use incremental scanning
func (s *Scanner) SetIncremental(incremental bool) {
s.incremental = incremental
}
// IsIncremental returns whether incremental scanning is enabled
func (s *Scanner) IsIncremental() bool {
return s.incremental
}
// SetConfidenceThreshold sets the confidence threshold
func (s *Scanner) SetConfidenceThreshold(threshold float64) {
s.confidenceThreshold = threshold
}
// SupportedLanguages returns the list of supported languages
func (s *Scanner) SupportedLanguages() []string {
languages := []string{}
for _, detector := range s.detectors {
languages = append(languages, detector.SupportedLanguages()...)
}
return languages
}
// ScanFile scans a file for vulnerabilities
func (s *Scanner) ScanFile(filePath string) ([]Match, error) {
// Check if file exists
if _, err := os.Stat(filePath); os.IsNotExist(err) {
return nil, fmt.Errorf("file does not exist: %s", filePath)
}
// Check if file is in cache
if s.incremental {
s.cacheMutex.RLock()
if matches, ok := s.cache[filePath]; ok {
s.cacheMutex.RUnlock()
return matches, nil
}
s.cacheMutex.RUnlock()
}
// Scan file with each detector
var allMatches []Match
for _, detector := range s.detectors {
matches, err := detector.DetectFile(filePath)
if err != nil {
return nil, err
}
// Filter matches by confidence threshold
for _, match := range matches {
if match.Confidence >= s.confidenceThreshold {
allMatches = append(allMatches, match)
}
}
}
// Update cache
if s.incremental {
s.cacheMutex.Lock()
s.cache[filePath] = allMatches
s.cacheMutex.Unlock()
}
return allMatches, nil
}
// ScanDirectory scans a directory for vulnerabilities
func (s *Scanner) ScanDirectory(dirPath string, excludePatterns []string) (map[string][]Match, error) {
// Check if directory exists
if _, err := os.Stat(dirPath); os.IsNotExist(err) {
return nil, fmt.Errorf("directory does not exist: %s", dirPath)
}
// Collect files to scan
var filesToScan []string
err := filepath.Walk(dirPath, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
// Skip directories
if info.IsDir() {
// Check if directory should be excluded
for _, pattern := range excludePatterns {
if matched, _ := filepath.Match(pattern, info.Name()); matched {
return filepath.SkipDir
}
}
return nil
}
// Check if file should be excluded
for _, pattern := range excludePatterns {
if matched, _ := filepath.Match(pattern, info.Name()); matched {
return nil
}
}
// Check if file extension is supported
ext := strings.ToLower(filepath.Ext(path))
if ext == "" {
return nil
}
// Remove the dot from the extension
ext = ext[1:]
// Check if any detector supports this file type
for _, detector := range s.detectors {
for _, lang := range detector.SupportedLanguages() {
if lang == ext {
filesToScan = append(filesToScan, path)
return nil
}
}
}
return nil
})
if err != nil {
return nil, err
}
// Scan files
results := make(map[string][]Match)
if s.parallel {
// Parallel scanning
var wg sync.WaitGroup
resultsMutex := sync.Mutex{}
for _, file := range filesToScan {
wg.Add(1)
go func(file string) {
defer wg.Done()
matches, err := s.ScanFile(file)
if err != nil {
// Log error but continue
fmt.Fprintf(os.Stderr, "Error scanning file %s: %v\n", file, err)
return
}
if len(matches) > 0 {
resultsMutex.Lock()
results[file] = matches
resultsMutex.Unlock()
}
}(file)
}
wg.Wait()
} else {
// Sequential scanning
for _, file := range filesToScan {
matches, err := s.ScanFile(file)
if err != nil {
// Log error but continue
fmt.Fprintf(os.Stderr, "Error scanning file %s: %v\n", file, err)
continue
}
if len(matches) > 0 {
results[file] = matches
}
}
}
return results, nil
}
================================================
FILE: go/internal/core/scanner_test.go
================================================
package core
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
)
// 测试扫描器创建
func TestNewScanner(t *testing.T) {
scanner := NewScanner()
assert.NotNil(t, scanner)
assert.False(t, scanner.IsParallel())
assert.False(t, scanner.IsIncremental())
}
// 测试设置并行处理
func TestSetParallel(t *testing.T) {
scanner := NewScanner()
assert.False(t, scanner.IsParallel())
scanner.SetParallel(true)
assert.True(t, scanner.IsParallel())
scanner.SetParallel(false)
assert.False(t, scanner.IsParallel())
}
// 测试设置增量扫描
func TestSetIncremental(t *testing.T) {
scanner := NewScanner()
assert.False(t, scanner.IsIncremental())
scanner.SetIncremental(true)
assert.True(t, scanner.IsIncremental())
scanner.SetIncremental(false)
assert.False(t, scanner.IsIncremental())
}
// 测试注册检测器
func TestRegisterDetector(t *testing.T) {
scanner := NewScanner()
// 创建模拟检测器
detector := &mockDetector{}
// 注册检测器
scanner.RegisterDetector(detector)
// 检查支持的语言
languages := scanner.SupportedLanguages()
assert.Contains(t, languages, "mock")
}
// 测试扫描文件
func TestScanFile(t *testing.T) {
// 创建临时文件
content := []byte("print(eval('1+1'))")
tmpfile, err := ioutil.TempFile("", "example.py")
assert.NoError(t, err)
defer os.Remove(tmpfile.Name())
_, err = tmpfile.Write(content)
assert.NoError(t, err)
err = tmpfile.Close()
assert.NoError(t, err)
// 创建扫描器和模拟检测器
scanner := NewScanner()
detector := &mockDetector{}
scanner.RegisterDetector(detector)
// 扫描文件
matches, err := scanner.ScanFile(tmpfile.Name())
assert.NoError(t, err)
assert.Len(t, matches, 1)
assert.Equal(t, "MOCK001", matches[0].Signature.ID)
}
// 测试扫描目录
func TestScanDirectory(t *testing.T) {
// 创建临时目录
tmpdir, err := ioutil.TempDir("", "example")
assert.NoError(t, err)
defer os.RemoveAll(tmpdir)
// 创建测试文件
file1 := filepath.Join(tmpdir, "test1.py")
err = ioutil.WriteFile(file1, []byte("print(eval('1+1'))"), 0644)
assert.NoError(t, err)
file2 := filepath.Join(tmpdir, "test2.py")
err = ioutil.WriteFile(file2, []byte("print('Hello')"), 0644)
assert.NoError(t, err)
// 创建扫描器和模拟检测器
scanner := NewScanner()
detector := &mockDetector{}
scanner.RegisterDetector(detector)
// 扫描目录
results, err := scanner.ScanDirectory(tmpdir, nil)
assert.NoError(t, err)
assert.Len(t, results, 2)
// 检查结果
assert.Contains(t, results, file1)
assert.Contains(t, results, file2)
assert.Len(t, results[file1], 1)
assert.Len(t, results[file2], 1)
}
// 测试生成摘要
func TestGenerateSummary(t *testing.T) {
// 创建测试数据
results := map[string][]Match{
"file1.py": {
{
Signature: Signature{
ID: "PY001",
Name: "Dangerous eval() usage",
Severity: "high",
},
},
},
"file2.py": {
{
Signature: Signature{
ID: "PY002",
Name: "Dangerous exec() usage",
Severity: "high",
},
},
{
Signature: Signature{
ID: "PY005",
Name: "Insecure random number generation",
Severity: "medium",
},
},
},
"file3.py": {
{
Signature: Signature{
ID: "PY008",
Name: "Temporary file creation risk",
Severity: "medium",
},
},
{
Signature: Signature{
ID: "PY010",
Name: "Debug mode enabled",
Severity: "medium",
},
},
{
Signature: Signature{
ID: "PY012",
Name: "Bare except block",
Severity: "low",
},
},
},
}
// 生成摘要
summary := GenerateSummary(results)
// 检查摘要
assert.Equal(t, 3, summary.TotalFiles)
assert.Equal(t, 2, summary.High)
assert.Equal(t, 3, summary.Medium)
assert.Equal(t, 1, summary.Low)
// 检查漏洞计数
assert.Equal(t, 1, summary.Vulnerabilities["Dangerous eval() usage"])
assert.Equal(t, 1, summary.Vulnerabilities["Dangerous exec() usage"])
assert.Equal(t, 1, summary.Vulnerabilities["Insecure random number generation"])
assert.Equal(t, 1, summary.Vulnerabilities["Temporary file creation risk"])
assert.Equal(t, 1, summary.Vulnerabilities["Debug mode enabled"])
assert.Equal(t, 1, summary.Vulnerabilities["Bare except block"])
}
// 模拟检测器
type mockDetector struct{}
func (d *mockDetector) Name() string {
return "mock"
}
func (d *mockDetector) SupportedLanguages() []string {
return []string{"mock", "py", "python"}
}
func (d *mockDetector) DetectFile(filePath string) ([]Match, error) {
return []Match{
{
Signature: Signature{
ID: "MOCK001",
Name: "Mock vulnerability",
Severity: "high",
Description: "This is a mock vulnerability",
},
FilePath: filePath,
LineNumber: 1,
MatchedCode: "mock code",
Confidence: 0.9,
},
}, nil
}
func (d *mockDetector) DetectCode(code string, filePath string) ([]Match, error) {
return []Match{
{
Signature: Signature{
ID: "MOCK001",
Name: "Mock vulnerability",
Severity: "high",
Description: "This is a mock vulnerability",
},
FilePath: filePath,
LineNumber: 1,
MatchedCode: code,
Confidence: 0.9,
},
}, nil
}
================================================
FILE: go/internal/detectors/javascript.go
================================================
package detectors
import (
"bufio"
"io/ioutil"
"os"
"path/filepath"
"regexp"
"strings"
"github.com/re-movery/re-movery/internal/core"
)
// JavaScriptDetector is a detector for JavaScript code
type JavaScriptDetector struct {
signatures []core.Signature
}
// NewJavaScriptDetector creates a new JavaScript detector
func NewJavaScriptDetector() *JavaScriptDetector {
detector := &JavaScriptDetector{}
detector.loadSignatures()
return detector
}
// Name returns the name of the detector
func (d *JavaScriptDetector) Name() string {
return "javascript"
}
// SupportedLanguages returns the list of supported languages
func (d *JavaScriptDetector) SupportedLanguages() []string {
return []string{"javascript", "js", "jsx", "ts", "tsx"}
}
// DetectFile detects vulnerabilities in a file
func (d *JavaScriptDetector) DetectFile(filePath string) ([]core.Match, error) {
// Check if file is a JavaScript file
ext := filepath.Ext(filePath)
if ext != ".js" && ext != ".jsx" && ext != ".ts" && ext != ".tsx" {
return nil, nil
}
// Read file
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, err
}
return d.DetectCode(string(content), filePath)
}
// DetectCode detects vulnerabilities in code
func (d *JavaScriptDetector) DetectCode(code string, filePath string) ([]core.Match, error) {
matches := []core.Match{}
// Scan code line by line
scanner := bufio.NewScanner(strings.NewReader(code))
lineNumber := 0
for scanner.Scan() {
lineNumber++
line := scanner.Text()
// Check each signature
for _, signature := range d.signatures {
for _, pattern := range signature.CodePatterns {
re, err := regexp.Compile(pattern)
if err != nil {
continue
}
if re.MatchString(line) {
match := core.Match{
Signature: signature,
FilePath: filePath,
LineNumber: lineNumber,
MatchedCode: line,
Confidence: d.calculateConfidence(line, pattern),
}
matches = append(matches, match)
}
}
}
}
// Perform additional JavaScript-specific checks
matches = append(matches, d.checkJavaScriptSpecificIssues(code, filePath)...)
return matches, nil
}
// loadSignatures loads the signatures for JavaScript code
func (d *JavaScriptDetector) loadSignatures() {
d.signatures = []core.Signature{
{
ID: "JS001",
Name: "Dangerous eval() usage",
Severity: "high",
Description: "Using eval() can execute arbitrary code and is a security risk",
CodePatterns: []string{
`eval\s*\([^)]*\)`,
},
References: []string{
"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval",
},
},
{
ID: "JS002",
Name: "Dangerous Function() constructor",
Severity: "high",
Description: "Using Function() constructor can execute arbitrary code and is a security risk",
CodePatterns: []string{
`new\s+Function\s*\([^)]*\)`,
`Function\s*\([^)]*\)`,
},
References: []string{
"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function",
},
},
{
ID: "JS003",
Name: "DOM-based XSS risk",
Severity: "high",
Description: "Manipulating innerHTML with user input can lead to XSS",
CodePatterns: []string{
`\.innerHTML\s*=`,
`\.outerHTML\s*=`,
`document\.write\s*\(`,
`document\.writeln\s*\(`,
},
References: []string{
"https://owasp.org/www-community/attacks/xss/",
},
},
{
ID: "JS004",
Name: "Insecure random number generation",
Severity: "medium",
Description: "Using Math.random() for security purposes is not recommended",
CodePatterns: []string{
`Math\.random\s*\(\)`,
},
References: []string{
"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random",
},
},
{
ID: "JS005",
Name: "Hardcoded credentials",
Severity: "high",
Description: "Hardcoded credentials are a security risk",
CodePatterns: []string{
`password\s*=\s*['\"][^'\"]{3,}['\"]`,
`passwd\s*=\s*['\"][^'\"]{3,}['\"]`,
`pwd\s*=\s*['\"][^'\"]{3,}['\"]`,
`secret\s*=\s*['\"][^'\"]{3,}['\"]`,
`apiKey\s*=\s*['\"][^'\"]{3,}['\"]`,
},
References: []string{
"https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_credentials",
},
},
{
ID: "JS006",
Name: "Insecure HTTP protocol",
Severity: "medium",
Description: "Using HTTP instead of HTTPS can expose data to eavesdropping",
CodePatterns: []string{
`http:\/\/[^'\"]*['\"]`,
},
References: []string{
"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure",
},
},
{
ID: "JS007",
Name: "Potential prototype pollution",
Severity: "high",
Description: "Modifying Object.prototype can lead to prototype pollution vulnerabilities",
CodePatterns: []string{
`Object\.prototype\.[^=]+=`,
`__proto__\.[^=]+=`,
},
References: []string{
"https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf",
},
},
{
ID: "JS008",
Name: "Insecure JWT verification",
Severity: "high",
Description: "Not verifying JWT signatures can lead to authentication bypass",
CodePatterns: []string{
`jwt\.verify\s*\([^,]*,\s*['\"]?none['\"]?[^)]*\)`,
},
References: []string{
"https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/",
},
},
{
ID: "JS009",
Name: "Insecure cookie settings",
Severity: "medium",
Description: "Cookies without secure or httpOnly flags can be vulnerable to theft",
CodePatterns: []string{
`document\.cookie\s*=\s*[^;]*(?!secure|httpOnly)`,
`\.cookie\s*\([^)]*(?!secure|httpOnly)[^)]*\)`,
},
References: []string{
"https://owasp.org/www-community/controls/SecureCookieAttribute",
},
},
{
ID: "JS010",
Name: "Debug mode enabled",
Severity: "medium",
Description: "Running applications in debug mode can expose sensitive information",
CodePatterns: []string{
`debug\s*:\s*true`,
`debugMode\s*=\s*true`,
},
References: []string{
"https://expressjs.com/en/advanced/best-practice-security.html",
},
},
}
}
// calculateConfidence calculates the confidence of a match
func (d *JavaScriptDetector) calculateConfidence(matchedCode string, pattern string) float64 {
// Base confidence
confidence := 0.8
// Adjust based on match length
if len(matchedCode) > 10 {
confidence += 0.05
}
// Adjust based on context
if strings.Contains(matchedCode, "import") || strings.Contains(matchedCode, "require") {
confidence += 0.05
}
// Adjust based on pattern specificity
if len(pattern) > 20 {
confidence += 0.05
}
// Adjust based on function call parameters
if strings.Contains(matchedCode, "(") && strings.Contains(matchedCode, ")") {
confidence += 0.05
}
// Ensure confidence is between 0 and 1
if confidence > 1.0 {
confidence = 1.0
}
return confidence
}
// checkJavaScriptSpecificIssues performs additional JavaScript-specific checks
func (d *JavaScriptDetector) checkJavaScriptSpecificIssues(code string, filePath string) []core.Match {
matches := []core.Match{}
// Check for use of console.log in production code
consoleLogRe := regexp.MustCompile(`console\.log\s*\(`)
consoleLogMatches := consoleLogRe.FindAllStringIndex(code, -1)
for _, match := range consoleLogMatches {
// Count line number
lineNumber := 1 + strings.Count(code[:match[0]], "\n")
matchedCode := code[match[0]:match[1]] + "...)"
matches = append(matches, core.Match{
Signature: core.Signature{
ID: "JS011",
Name: "Console logging in production",
Severity: "low",
Description: "Console logging should be removed from production code",
CodePatterns: []string{
`console\.log\s*\(`,
},
},
FilePath: filePath,
LineNumber: lineNumber,
MatchedCode: matchedCode,
Confidence: 0.7,
})
}
// Check for use of alert in production code
alertRe := regexp.MustCompile(`alert\s*\(`)
alertMatches := alertRe.FindAllStringIndex(code, -1)
for _, match := range alertMatches {
// Count line number
lineNumber := 1 + strings.Count(code[:match[0]], "\n")
matchedCode := code[match[0]:match[1]] + "...)"
matches = append(matches, core.Match{
Signature: core.Signature{
ID: "JS012",
Name: "Alert in production",
Severity: "low",
Description: "Alert dialogs should be removed from production code",
CodePatterns: []string{
`alert\s*\(`,
},
},
FilePath: filePath,
LineNumber: lineNumber,
MatchedCode: matchedCode,
Confidence: 0.7,
})
}
return matches
}
================================================
FILE: go/internal/detectors/python.go
================================================
package detectors
import (
"bufio"
"io/ioutil"
"os"
"path/filepath"
"regexp"
"strings"
"github.com/re-movery/re-movery/internal/core"
)
// PythonDetector is a detector for Python code
type PythonDetector struct {
signatures []core.Signature
}
// NewPythonDetector creates a new Python detector
func NewPythonDetector() *PythonDetector {
detector := &PythonDetector{}
detector.loadSignatures()
return detector
}
// Name returns the name of the detector
func (d *PythonDetector) Name() string {
return "python"
}
// SupportedLanguages returns the list of supported languages
func (d *PythonDetector) SupportedLanguages() []string {
return []string{"python", "py"}
}
// DetectFile detects vulnerabilities in a file
func (d *PythonDetector) DetectFile(filePath string) ([]core.Match, error) {
// Check if file is a Python file
if filepath.Ext(filePath) != ".py" {
return nil, nil
}
// Read file
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, err
}
return d.DetectCode(string(content), filePath)
}
// DetectCode detects vulnerabilities in code
func (d *PythonDetector) DetectCode(code string, filePath string) ([]core.Match, error) {
matches := []core.Match{}
// Scan code line by line
scanner := bufio.NewScanner(strings.NewReader(code))
lineNumber := 0
for scanner.Scan() {
lineNumber++
line := scanner.Text()
// Check each signature
for _, signature := range d.signatures {
for _, pattern := range signature.CodePatterns {
re, err := regexp.Compile(pattern)
if err != nil {
continue
}
if re.MatchString(line) {
match := core.Match{
Signature: signature,
FilePath: filePath,
LineNumber: lineNumber,
MatchedCode: line,
Confidence: d.calculateConfidence(line, pattern),
}
matches = append(matches, match)
}
}
}
}
// Perform additional Python-specific checks
matches = append(matches, d.checkPythonSpecificIssues(code, filePath)...)
return matches, nil
}
// loadSignatures loads the signatures for Python code
func (d *PythonDetector) loadSignatures() {
d.signatures = []core.Signature{
{
ID: "PY001",
Name: "Dangerous eval() usage",
Severity: "high",
Description: "Using eval() can execute arbitrary code and is a security risk",
CodePatterns: []string{
`eval\s*\([^)]*\)`,
},
References: []string{
"https://docs.python.org/3/library/functions.html#eval",
},
},
{
ID: "PY002",
Name: "Dangerous exec() usage",
Severity: "high",
Description: "Using exec() can execute arbitrary code and is a security risk",
CodePatterns: []string{
`exec\s*\([^)]*\)`,
},
References: []string{
"https://docs.python.org/3/library/functions.html#exec",
},
},
{
ID: "PY003",
Name: "Insecure pickle usage",
Severity: "high",
Description: "Using pickle with untrusted data can lead to arbitrary code execution",
CodePatterns: []string{
`pickle\.loads\s*\([^)]*\)`,
`pickle\.load\s*\([^)]*\)`,
},
References: []string{
"https://docs.python.org/3/library/pickle.html",
},
},
{
ID: "PY004",
Name: "SQL Injection risk",
Severity: "high",
Description: "String formatting in SQL queries can lead to SQL injection",
CodePatterns: []string{
`execute\s*\(['\"][^'\"]*%[^'\"]*['\"]`,
`execute\s*\(['\"][^'\"]*\{\s*[^}]*\}[^'\"]*['\"]\.format`,
`execute\s*\(['\"][^'\"]*\+[^'\"]*['\"]`,
},
References: []string{
"https://owasp.org/www-community/attacks/SQL_Injection",
},
},
{
ID: "PY005",
Name: "Insecure random number generation",
Severity: "medium",
Description: "Using random module for security purposes is not recommended",
CodePatterns: []string{
`random\.(?:random|randint|choice|randrange)`,
},
References: []string{
"https://docs.python.org/3/library/random.html",
},
},
{
ID: "PY006",
Name: "Hardcoded credentials",
Severity: "high",
Description: "Hardcoded credentials are a security risk",
CodePatterns: []string{
`password\s*=\s*['\"][^'\"]{3,}['\"]`,
`passwd\s*=\s*['\"][^'\"]{3,}['\"]`,
`pwd\s*=\s*['\"][^'\"]{3,}['\"]`,
`secret\s*=\s*['\"][^'\"]{3,}['\"]`,
`api_key\s*=\s*['\"][^'\"]{3,}['\"]`,
},
References: []string{
"https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_credentials",
},
},
{
ID: "PY007",
Name: "Insecure hash function",
Severity: "medium",
Description: "Using weak hash functions like MD5 or SHA1",
CodePatterns: []string{
`hashlib\.md5`,
`hashlib\.sha1`,
},
References: []string{
"https://owasp.org/www-community/vulnerabilities/Insufficient_entropy",
},
},
{
ID: "PY008",
Name: "Temporary file creation risk",
Severity: "medium",
Description: "Insecure temporary file creation can lead to race conditions",
CodePatterns: []string{
`open\s*\(['\"][^'\"]*\/tmp[^'\"]*['\"]`,
`tempfile\.mktemp`,
},
References: []string{
"https://docs.python.org/3/library/tempfile.html",
},
},
{
ID: "PY009",
Name: "Insecure deserialization",
Severity: "high",
Description: "Deserializing untrusted data can lead to arbitrary code execution",
CodePatterns: []string{
`yaml\.load\s*\([^)]*\)`,
`json\.loads\s*\([^)]*\)`,
},
References: []string{
"https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data",
},
},
{
ID: "PY010",
Name: "Debug mode enabled",
Severity: "medium",
Description: "Running applications in debug mode can expose sensitive information",
CodePatterns: []string{
`debug\s*=\s*True`,
`app\.run\s*\([^)]*debug\s*=\s*True[^)]*\)`,
},
References: []string{
"https://flask.palletsprojects.com/en/2.0.x/config/#DEBUG",
},
},
}
}
// calculateConfidence calculates the confidence of a match
func (d *PythonDetector) calculateConfidence(matchedCode string, pattern string) float64 {
// Base confidence
confidence := 0.8
// Adjust based on match length
if len(matchedCode) > 10 {
confidence += 0.05
}
// Adjust based on context
if strings.Contains(matchedCode, "import") {
confidence += 0.05
}
// Adjust based on pattern specificity
if len(pattern) > 20 {
confidence += 0.05
}
// Adjust based on function call parameters
if strings.Contains(matchedCode, "(") && strings.Contains(matchedCode, ")") {
confidence += 0.05
}
// Ensure confidence is between 0 and 1
if confidence > 1.0 {
confidence = 1.0
}
return confidence
}
// checkPythonSpecificIssues performs additional Python-specific checks
func (d *PythonDetector) checkPythonSpecificIssues(code string, filePath string) []core.Match {
matches := []core.Match{}
// Check for empty except blocks
emptyExceptRe := regexp.MustCompile(`(?m)^(\s*)except(\s+\w+)?:\s*$`)
emptyExceptMatches := emptyExceptRe.FindAllStringIndex(code, -1)
for _, match := range emptyExceptMatches {
// Count line number
lineNumber := 1 + strings.Count(code[:match[0]], "\n")
matchedCode := code[match[0]:match[1]]
matches = append(matches, core.Match{
Signature: core.Signature{
ID: "PY011",
Name: "Empty except block",
Severity: "medium",
Description: "Empty except blocks can hide errors and make debugging difficult",
CodePatterns: []string{
`except(\s+\w+)?:\s*$`,
},
},
FilePath: filePath,
LineNumber: lineNumber,
MatchedCode: matchedCode,
Confidence: 0.85,
})
}
// Check for bare except blocks
bareExceptRe := regexp.MustCompile(`(?m)^(\s*)except:\s*`)
bareExceptMatches := bareExceptRe.FindAllStringIndex(code, -1)
for _, match := range bareExceptMatches {
// Count line number
lineNumber := 1 + strings.Count(code[:match[0]], "\n")
matchedCode := code[match[0]:match[1]]
matches = append(matches, core.Match{
Signature: core.Signature{
ID: "PY012",
Name: "Bare except block",
Severity: "medium",
Description: "Bare except blocks can catch unexpected exceptions and hide errors",
CodePatterns: []string{
`except:\s*`,
},
},
FilePath: filePath,
LineNumber: lineNumber,
MatchedCode: matchedCode,
Confidence: 0.9,
})
}
return matches
}
================================================
FILE: go/internal/detectors/tests/detector_test.go
================================================
================================================
FILE: go/internal/detectors/vulnerability.go
================================================
package detectors
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"regexp"
"strings"
"sync"
"github.com/dave/dst"
"github.com/dave/dst/decorator"
)
// Signature 表示漏洞签名
type Signature struct {
ID string `json:"id"`
Name string `json:"name"`
Severity string `json:"severity"`
CodePatterns []string `json:"code_patterns"`
}
// Match 表示漏洞匹配结果
type Match struct {
Signature Signature
LineNumber int
MatchedCode string
Confidence float64
}
// VulnerabilityDetector 漏洞检测器
type VulnerabilityDetector struct {
signatures []Signature
minConfidence float64
mu sync.RWMutex
}
// NewVulnerabilityDetector 创建新的漏洞检测器
func NewVulnerabilityDetector() *VulnerabilityDetector {
return &VulnerabilityDetector{
minConfidence: 0.7,
}
}
// LoadSignatures 从JSON文件加载漏洞签名
func (d *VulnerabilityDetector) LoadSignatures(signatureFile string) error {
data, err := ioutil.ReadFile(signatureFile)
if err != nil {
return fmt.Errorf("读取签名文件失败: %v", err)
}
var sigData struct {
Signatures []Signature `json:"signatures"`
}
if err := json.Unmarshal(data, &sigData); err != nil {
return fmt.Errorf("解析签名文件失败: %v", err)
}
d.mu.Lock()
d.signatures = sigData.Signatures
d.mu.Unlock()
return nil
}
// DetectFile 检测文件中的漏洞
func (d *VulnerabilityDetector) DetectFile(filePath string) ([]Match, error) {
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, fmt.Errorf("读取文件失败: %v", err)
}
matches := make([]Match, 0)
d.mu.RLock()
signatures := d.signatures
d.mu.RUnlock()
// 使用goroutine并行处理每个签名
var wg sync.WaitGroup
matchChan := make(chan Match)
done := make(chan bool)
// 启动收集结果的goroutine
go func() {
for match := range matchChan {
matches = append(matches, match)
}
done <- true
}()
for _, sig := range signatures {
wg.Add(1)
go func(signature Signature) {
defer wg.Done()
for _, pattern := range signature.CodePatterns {
re, err := regexp.Compile(pattern)
if err != nil {
continue
}
// 查找所有匹配
for _, match := range re.FindAllStringIndex(string(content), -1) {
matchedCode := string(content[match[0]:match[1]])
confidence := d.calculateConfidence(matchedCode, pattern)
if confidence >= d.minConfidence {
// 计算行号
lineNumber := 1 + strings.Count(string(content[:match[0]]), "\n")
matchChan <- Match{
Signature: signature,
LineNumber: lineNumber,
MatchedCode: matchedCode,
Confidence: confidence,
}
}
}
}
}(sig)
}
// 等待所有goroutine完成并关闭通道
go func() {
wg.Wait()
close(matchChan)
}()
<-done
return matches, nil
}
// AnalyzeAST 分析AST节点中的漏洞
func (d *VulnerabilityDetector) AnalyzeAST(filePath string) ([]Match, error) {
fset, node, err := decorator.ParseFile(filePath, nil)
if err != nil {
return nil, fmt.Errorf("解析文件失败: %v", err)
}
matches := make([]Match, 0)
d.mu.RLock()
signatures := d.signatures
d.mu.RUnlock()
// 遍历AST
dst.Inspect(node, func(n dst.Node) bool {
if call, ok := n.(*dst.CallExpr); ok {
var funcName string
switch fun := call.Fun.(type) {
case *dst.Ident:
funcName = fun.Name
case *dst.SelectorExpr:
if x, ok := fun.X.(*dst.Ident); ok {
funcName = x.Name + "." + fun.Sel.Name
}
default:
return true
}
// 检查是否匹配任何签名
for _, sig := range signatures {
for _, pattern := range sig.CodePatterns {
if matched, _ := regexp.MatchString(pattern, funcName); matched {
matches = append(matches, Match{
Signature: sig,
LineNumber: fset.Position(call.Pos()).Line,
MatchedCode: funcName,
Confidence: 0.9,
})
}
}
}
}
return true
})
return matches, nil
}
// DetectSimilarPatterns 检测相似的漏洞模式
func (d *VulnerabilityDetector) DetectSimilarPatterns(filePath string, threshold float64) ([]Match, error) {
fset, node, err := decorator.ParseFile(filePath, nil)
if err != nil {
return nil, fmt.Errorf("解析文件失败: %v", err)
}
matches := make([]Match, 0)
d.mu.RLock()
signatures := d.signatures
d.mu.RUnlock()
// 遍历AST查找相似模式
dst.Inspect(node, func(n dst.Node) bool {
if call, ok := n.(*dst.CallExpr); ok {
var funcName string
switch fun := call.Fun.(type) {
case *dst.Ident:
funcName = fun.Name
case *dst.SelectorExpr:
if x, ok := fun.X.(*dst.Ident); ok {
funcName = x.Name + "." + fun.Sel.Name
}
default:
return true
}
// 检查每个签名
for _, sig := range signatures {
for _, pattern := range sig.CodePatterns {
similarity := d.calculateSimilarity(funcName, pattern)
if similarity >= threshold {
matches = append(matches, Match{
Signature: sig,
LineNumber: fset.Position(call.Pos()).Line,
MatchedCode: funcName,
Confidence: similarity,
})
}
}
}
}
return true
})
return matches, nil
}
// calculateConfidence 计算匹配的置信度
func (d *VulnerabilityDetector) calculateConfidence(matchedCode, pattern string) float64 {
// 基本匹配的置信度为0.7
confidence := 0.7
// 根据匹配的完整性增加置信度
if len(matchedCode) > 10 {
confidence += 0.1
}
// 根据上下文增加置信度
if strings.Contains(matchedCode, "import") {
confidence += 0.1
}
// 根据模式的特异性增加置信度
if len(pattern) > 20 {
confidence += 0.1
}
if confidence > 1.0 {
confidence = 1.0
}
return confidence
}
// calculateSimilarity 计算两个字符串的相似度
func (d *VulnerabilityDetector) calculateSimilarity(str1, str2 string) float64 {
// 使用最长公共子序列(LCS)计算相似度
m, n := len(str1), len(str2)
dp := make([][]int, m+1)
for i := range dp {
dp[i] = make([]int, n+1)
}
for i := 1; i <= m; i++ {
for j := 1; j <= n; j++ {
if str1[i-1] == str2[j-1] {
dp[i][j] = dp[i-1][j-1] + 1
} else {
dp[i][j] = max(dp[i-1][j], dp[i][j-1])
}
}
}
lcsLength := dp[m][n]
maxLen := max(m, n)
if maxLen == 0 {
return 0
}
return float64(lcsLength) / float64(maxLen)
}
// max 返回两个整数中的较大值
func max(a, b int) int {
if a > b {
return a
}
return b
}
================================================
FILE: go/internal/reporters/html.go
================================================
package reporters
import (
"fmt"
"html/template"
"os"
"path/filepath"
"sort"
"time"
"github.com/re-movery/re-movery/internal/core"
)
// HTMLReporter is a reporter that generates HTML reports
type HTMLReporter struct{}
// NewHTMLReporter creates a new HTML reporter
func NewHTMLReporter() *HTMLReporter {
return &HTMLReporter{}
}
// GenerateReport generates a report
func (r *HTMLReporter) GenerateReport(data core.ReportData, outputPath string) error {
// Create output directory if it doesn't exist
outputDir := filepath.Dir(outputPath)
if err := os.MkdirAll(outputDir, 0755); err != nil {
return err
}
// Create output file
file, err := os.Create(outputPath)
if err != nil {
return err
}
defer file.Close()
// Process data for the template
processedData := r.processData(data)
// Parse template
tmpl, err := template.New("report").Funcs(template.FuncMap{
"mul": func(a, b float64) float64 {
return a * b
},
}).Parse(htmlTemplate)
if err != nil {
return err
}
// Execute template
if err := tmpl.Execute(file, processedData); err != nil {
return err
}
return nil
}
// processData processes the report data for the template
func (r *HTMLReporter) processData(data core.ReportData) map[string]interface{} {
// Count vulnerabilities by type
vulnCounts := make(map[string]int)
for _, matches := range data.Results {
for _, match := range matches {
vulnCounts[match.Signature.Name]++
}
}
// Sort vulnerabilities by count
type vulnCount struct {
Name string
Count int
}
vulnCountList := []vulnCount{}
for name, count := range vulnCounts {
vulnCountList = append(vulnCountList, vulnCount{Name: name, Count: count})
}
sort.Slice(vulnCountList, func(i, j int) bool {
return vulnCountList[i].Count > vulnCountList[j].Count
})
// Get top 10 vulnerabilities
topVulns := vulnCountList
if len(topVulns) > 10 {
topVulns = topVulns[:10]
}
// Prepare data for the template
processedData := map[string]interface{}{
"Title": data.Title,
"Timestamp": data.Timestamp,
"Results": data.Results,
"Summary": data.Summary,
"TopVulnerabilities": map[string]interface{}{
"Labels": func() []string {
labels := []string{}
for _, v := range topVulns {
labels = append(labels, v.Name)
}
return labels
}(),
"Data": func() []int {
counts := []int{}
for _, v := range topVulns {
counts = append(counts, v.Count)
}
return counts
}(),
},
}
return processedData
}
// htmlTemplate is the HTML template for the report
const htmlTemplate = `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{{ .Title }}</title>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
color: #333;
max-width: 1200px;
margin: 0 auto;
padding: 20px;
}
h1, h2, h3, h4 {
color: #2c3e50;
}
.summary {
background-color: #f8f9fa;
border-radius: 5px;
padding: 15px;
margin-bottom: 20px;
}
.summary-item {
display: inline-block;
margin-right: 20px;
padding: 10px;
border-radius: 5px;
text-align: center;
}
.high {
background-color: #f8d7da;
color: #721c24;
}
.medium {
background-color: #fff3cd;
color: #856404;
}
.low {
background-color: #d1ecf1;
color: #0c5460;
}
.file-item {
margin-bottom: 20px;
border: 1px solid #ddd;
border-radius: 5px;
overflow: hidden;
}
.file-header {
background-color: #f1f1f1;
padding: 10px;
cursor: pointer;
}
.file-content {
padding: 10px;
}
.match-item {
margin-bottom: 10px;
padding: 10px;
border-radius: 5px;
}
.match-code {
background-color: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-family: monospace;
white-space: pre-wrap;
margin-top: 10px;
}
.footer {
margin-top: 30px;
text-align: center;
font-size: 0.8em;
color: #777;
}
table {
width: 100%;
border-collapse: collapse;
}
th, td {
padding: 8px;
text-align: left;
border-bottom: 1px solid #ddd;
}
th {
background-color: #f2f2f2;
}
.chart-container {
width: 100%;
height: 300px;
margin-bottom: 20px;
}
</style>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
</head>
<body>
<h1>{{ .Title }}</h1>
<div class="summary">
<h2>Summary</h2>
<div class="summary-item high">
<h3>{{ .Summary.High }}</h3>
<p>High Severity</p>
</div>
<div class="summary-item medium">
<h3>{{ .Summary.Medium }}</h3>
<p>Medium Severity</p>
</div>
<div class="summary-item low">
<h3>{{ .Summary.Low }}</h3>
<p>Low Severity</p>
</div>
<div class="summary-item">
<h3>{{ .Summary.TotalFiles }}</h3>
<p>Files Scanned</p>
</div>
</div>
<div class="chart-container">
<canvas id="vulnerabilitiesChart"></canvas>
</div>
<h2>Top Vulnerabilities</h2>
<div class="chart-container">
<canvas id="topVulnerabilitiesChart"></canvas>
</div>
<h2>Detailed Results</h2>
{{range $file, $matches := .Results}}
<div class="file-item">
<div class="file-header" onclick="toggleFileContent(this)">
<h3>{{$file}}</h3>
<span>{{len $matches}} issues found</span>
</div>
<div class="file-content">
<table>
<thead>
<tr>
<th>Line</th>
<th>Severity</th>
<th>Issue</th>
<th>Confidence</th>
</tr>
</thead>
<tbody>
{{range $match := $matches}}
<tr class="match-item {{$match.Signature.Severity}}">
<td>{{$match.LineNumber}}</td>
<td>{{$match.Signature.Severity}}</td>
<td>
<strong>{{$match.Signature.Name}}</strong>
<p>{{$match.Signature.Description}}</p>
<div class="match-code">{{$match.MatchedCode}}</div>
</td>
<td>{{printf "%.0f%%" (mul $match.Confidence 100)}}</td>
</tr>
{{end}}
</tbody>
</table>
</div>
</div>
{{end}}
<div class="footer">
<p>Report generated by Re-movery on {{.Timestamp}}</p>
</div>
<script>
function toggleFileContent(header) {
const content = header.nextElementSibling;
content.style.display = content.style.display === 'none' ? 'block' : 'none';
}
// Initialize all file contents as hidden
document.addEventListener('DOMContentLoaded', function() {
const fileContents = document.querySelectorAll('.file-content');
fileContents.forEach(content => {
content.style.display = 'none';
});
// Create severity distribution chart
const severityCtx = document.getElementById('vulnerabilitiesChart').getContext('2d');
new Chart(severityCtx, {
type: 'pie',
data: {
labels: ['High', 'Medium', 'Low'],
datasets: [{
data: [{{.Summary.High}}, {{.Summary.Medium}}, {{.Summary.Low}}],
backgroundColor: ['#f8d7da', '#fff3cd', '#d1ecf1'],
borderColor: ['#721c24', '#856404', '#0c5460'],
borderWidth: 1
}]
},
options: {
responsive: true,
plugins: {
legend: {
position: 'top',
},
title: {
display: true,
text: 'Severity Distribution'
}
}
}
});
// Create top vulnerabilities chart
const topVulnCtx = document.getElementById('topVulnerabilitiesChart').getContext('2d');
new Chart(topVulnCtx, {
type: 'bar',
data: {
labels: {{.TopVulnerabilities.Labels}},
datasets: [{
label: 'Occurrences',
data: {{.TopVulnerabilities.Data}},
backgroundColor: 'rgba(54, 162, 235, 0.2)',
borderColor: 'rgba(54, 162, 235, 1)',
borderWidth: 1
}]
},
options: {
responsive: true,
scales: {
y: {
beginAtZero: true,
ticks: {
precision: 0
}
}
},
plugins: {
legend: {
display: false
},
title: {
display: true,
text: 'Top Vulnerabilities'
}
}
}
});
});
</script>
</body>
</html>`
================================================
FILE: go/internal/reporters/json.go
================================================
package reporters
import (
"encoding/json"
"os"
"path/filepath"
"github.com/re-movery/re-movery/internal/core"
)
// JSONReporter is a reporter that generates JSON reports
type JSONReporter struct{}
// NewJSONReporter creates a new JSON reporter
func NewJSONReporter() *JSONReporter {
return &JSONReporter{}
}
// GenerateReport generates a report
func (r *JSONReporter) GenerateReport(data core.ReportData, outputPath string) error {
// Create output directory if it doesn't exist
outputDir := filepath.Dir(outputPath)
if err := os.MkdirAll(outputDir, 0755); err != nil {
return err
}
// Create output file
file, err := os.Create(outputPath)
if err != nil {
return err
}
defer file.Close()
// Marshal data to JSON
encoder := json.NewEncoder(file)
encoder.SetIndent("", " ")
if err := encoder.Encode(data); err != nil {
return err
}
return nil
}
================================================
FILE: go/internal/reporters/xml.go
================================================
package reporters
import (
"encoding/xml"
"os"
"path/filepath"
"github.com/re-movery/re-movery/internal/core"
)
// XMLReporter is a reporter that generates XML reports
type XMLReporter struct{}
// NewXMLReporter creates a new XML reporter
func NewXMLReporter() *XMLReporter {
return &XMLReporter{}
}
// XMLReportData is the XML representation of the report data
type XMLReportData struct {
XMLName xml.Name `xml:"report"`
Title string `xml:"title"`
Timestamp string `xml:"timestamp"`
Summary XMLSummary `xml:"summary"`
Results []XMLFileResult `xml:"results>file"`
}
// XMLSummary is the XML representation of the summary
type XMLSummary struct {
TotalFiles int `xml:"totalFiles,attr"`
High int `xml:"high,attr"`
Medium int `xml:"medium,attr"`
Low int `xml:"low,attr"`
}
// XMLFileResult is the XML representation of a file result
type XMLFileResult struct {
Path string `xml:"path,attr"`
Matches []XMLMatch `xml:"match"`
}
// XMLMatch is the XML representation of a match
type XMLMatch struct {
ID string `xml:"id,attr"`
Name string `xml:"name"`
Severity string `xml:"severity"`
Description string `xml:"description"`
LineNumber int `xml:"lineNumber"`
MatchedCode string `xml:"matchedCode"`
Confidence float64 `xml:"confidence"`
}
// GenerateReport generates a report
func (r *XMLReporter) GenerateReport(data core.ReportData, outputPath string) error {
// Create output directory if it doesn't exist
outputDir := filepath.Dir(outputPath)
if err := os.MkdirAll(outputDir, 0755); err != nil {
return err
}
// Create output file
file, err := os.Create(outputPath)
if err != nil {
return err
}
defer file.Close()
// Convert data to XML format
xmlData := r.convertToXML(data)
// Write XML header
file.WriteString(xml.Header)
// Marshal data to XML
encoder := xml.NewEncoder(file)
encoder.Indent("", " ")
if err := encoder.Encode(xmlData); err != nil {
return err
}
return nil
}
// convertToXML converts the report data to XML format
func (r *XMLReporter) convertToXML(data core.ReportData) XMLReportData {
xmlData := XMLReportData{
Title: data.Title,
Timestamp: data.Timestamp,
Summary: XMLSummary{
TotalFiles: data.Summary.TotalFiles,
High: data.Summary.High,
Medium: data.Summary.Medium,
Low: data.Summary.Low,
},
Results: []XMLFileResult{},
}
// Convert results
for filePath, matches := range data.Results {
fileResult := XMLFileResult{
Path: filePath,
Matches: []XMLMatch{},
}
for _, match := range matches {
xmlMatch := XMLMatch{
ID: match.Signature.ID,
Name: match.Signature.Name,
Severity: match.Signature.Severity,
Description: match.Signature.Description,
LineNumber: match.LineNumber,
MatchedCode: match.MatchedCode,
Confidence: match.Confidence,
}
fileResult.Matches = append(fileResult.Matches, xmlMatch)
}
xmlData.Results = append(xmlData.Results, fileResult)
}
return xmlData
}
================================================
FILE: go/internal/utils/logging.go
================================================
package utils
import (
"io"
"os"
"sync"
"github.com/sirupsen/logrus"
)
var (
logger *logrus.Logger
once sync.Once
)
// GetLogger returns the singleton logger instance
func GetLogger() *logrus.Logger {
once.Do(func() {
logger = logrus.New()
logger.SetFormatter(&logrus.TextFormatter{
FullTimestamp: true,
})
logger.SetOutput(os.Stdout)
logger.SetLevel(logrus.InfoLevel)
})
return logger
}
// FileLogger represents a logger that writes to a file
type FileLogger struct {
*logrus.Logger
file *os.File
}
// NewFileLogger creates a new file logger
func NewFileLogger(filename string) (*FileLogger, error) {
file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
if err != nil {
return nil, err
}
logger := logrus.New()
logger.SetFormatter(&logrus.JSONFormatter{})
logger.SetOutput(io.MultiWriter(file, os.Stdout))
return &FileLogger{
Logger: logger,
file: file,
}, nil
}
// Close closes the log file
func (fl *FileLogger) Close() error {
if fl.file != nil {
return fl.file.Close()
}
return nil
}
// SetVerbosity sets the logging level based on verbosity
func SetVerbosity(verbose bool) {
if verbose {
GetLogger().SetLevel(logrus.DebugLevel)
} else {
GetLogger().SetLevel(logrus.InfoLevel)
}
}
================================================
FILE: go/internal/utils/memory.go
================================================
package utils
import (
"container/list"
"runtime"
"sync"
"time"
"github.com/shirou/gopsutil/v3/mem"
)
// MemoryMonitor monitors system memory usage
type MemoryMonitor struct {
maxMemoryGB float64
interval time.Duration
stopChan chan struct{}
}
// NewMemoryMonitor creates a new memory monitor
func NewMemoryMonitor(maxMemoryGB float64, interval time.Duration) *MemoryMonitor {
return &MemoryMonitor{
maxMemoryGB: maxMemoryGB,
interval: interval,
stopChan: make(chan struct{}),
}
}
// Start starts monitoring memory usage
func (mm *MemoryMonitor) Start() {
go func() {
ticker := time.NewTicker(mm.interval)
defer ticker.Stop()
for {
select {
case <-ticker.C:
v, err := mem.VirtualMemory()
if err != nil {
GetLogger().Errorf("Failed to get memory stats: %v", err)
continue
}
usedGB := float64(v.Used) / (1024 * 1024 * 1024)
if usedGB > mm.maxMemoryGB {
GetLogger().Warnf("Memory usage (%.2f GB) exceeds limit (%.2f GB), triggering GC", usedGB, mm.maxMemoryGB)
runtime.GC()
}
case <-mm.stopChan:
return
}
}
}()
}
// Stop stops the memory monitor
func (mm *MemoryMonitor) Stop() {
close(mm.stopChan)
}
// LRUCache implements a thread-safe LRU cache
type LRUCache struct {
capacity int
cache map[interface{}]*list.Element
ll *list.List
mutex sync.RWMutex
}
type entry struct {
key interface{}
value interface{}
}
// NewLRUCache creates a new LRU cache with the specified capacity
func NewLRUCache(capacity int) *LRUCache {
return &LRUCache{
capacity: capacity,
cache: make(map[interface{}]*list.Element),
ll: list.New(),
}
}
// Get retrieves a value from the cache
func (c *LRUCache) Get(key interface{}) (interface{}, bool) {
c.mutex.RLock()
defer c.mutex.RUnlock()
if elem, ok := c.cache[key]; ok {
c.ll.MoveToFront(elem)
return elem.Value.(*entry).value, true
}
return nil, false
}
// Put adds a value to the cache
func (c *LRUCache) Put(key, value interface{}) {
c.mutex.Lock()
defer c.mutex.Unlock()
if elem, ok := c.cache[key]; ok {
c.ll.MoveToFront(elem)
elem.Value.(*entry).value = value
return
}
if c.ll.Len() >= c.capacity {
oldest := c.ll.Back()
if oldest != nil {
c.ll.Remove(oldest)
delete(c.cache, oldest.Value.(*entry).key)
}
}
elem := c.ll.PushFront(&entry{key, value})
c.cache[key] = elem
}
================================================
FILE: go/internal/utils/parallel.go
================================================
package utils
import (
"sync"
)
// Job represents a unit of work
type Job interface {
Execute() error
}
// WorkerPool manages a pool of workers for parallel processing
type WorkerPool struct {
numWorkers int
jobs chan Job
results chan error
wg sync.WaitGroup
stopChan chan struct{}
}
// NewWorkerPool creates a new worker pool
func NewWorkerPool(numWorkers int, queueSize int) *WorkerPool {
return &WorkerPool{
numWorkers: numWorkers,
jobs: make(chan Job, queueSize),
results: make(chan error, queueSize),
stopChan: make(chan struct{}),
}
}
// Start starts the worker pool
func (wp *WorkerPool) Start() {
for i := 0; i < wp.numWorkers; i++ {
wp.wg.Add(1)
go wp.worker()
}
}
// worker processes jobs from the job queue
func (wp *WorkerPool) worker() {
defer wp.wg.Done()
for {
select {
case job := <-wp.jobs:
if job == nil {
return
}
err := job.Execute()
wp.results <- err
case <-wp.stopChan:
return
}
}
}
// Submit submits a job to the worker pool
func (wp *WorkerPool) Submit(job Job) {
wp.jobs <- job
}
// Stop stops the worker pool
func (wp *WorkerPool) Stop() {
close(wp.stopChan)
wp.wg.Wait()
close(wp.jobs)
close(wp.results)
}
// Results returns the results channel
func (wp *WorkerPool) Results() <-chan error {
return wp.results
}
================================================
FILE: go/internal/utils/security.go
================================================
package utils
import (
"fmt"
"go/ast"
"go/parser"
"go/token"
"io/ioutil"
"os"
"regexp"
"runtime"
"strings"
"sync"
"time"
)
// SecurityChecker 安全检查器
type SecurityChecker struct {
sensitivePatterns map[string][]string
mu sync.RWMutex
}
// NewSecurityChecker 创建新的安全检查器
func NewSecurityChecker() *SecurityChecker {
return &SecurityChecker{
sensitivePatterns: map[string][]string{
"file_access": {
`os\.(Open|Create|Remove|RemoveAll|Chmod|Chown)`,
`ioutil\.(ReadFile|WriteFile)`,
},
"network_access": {
`net\.(Dial|Listen)`,
`http\.(Get|Post|Put|Delete)`,
},
"code_execution": {
`exec\.(Command|Run)`,
`syscall\.(Exec|StartProcess)`,
},
"input_validation": {
`fmt\.(Scan|Scanf|Scanln)`,
`bufio\.NewScanner`,
},
"random_generation": {
`math/rand\.(Int|Float|Perm)`,
`crypto/rand\.(Read|Prime)`,
},
"sensitive_data": {
`(?i)(password|secret|key|token|credential)`,
`fmt\.Printf.*password`,
},
},
}
}
// CheckMemoryUsage 检查内存使用情况
func (c *SecurityChecker) CheckMemoryUsage(filePath string) (uint64, error) {
var m runtime.MemStats
runtime.ReadMemStats(&m)
initialAlloc := m.Alloc
// 读取并执行文件
content, err := ioutil.ReadFile(filePath)
if err != nil {
return 0, fmt.Errorf("读取文件失败: %v", err)
}
// 解析文件以检查内存使用
fset := token.NewFileSet()
_, err = parser.ParseFile(fset, filePath, content, parser.AllErrors)
if err != nil {
return 0, fmt.Errorf("解析文件失败: %v", err)
}
runtime.ReadMemStats(&m)
finalAlloc := m.Alloc
return finalAlloc - initialAlloc, nil
}
// CheckExecutionTime 检查执行时间
func (c *SecurityChecker) CheckExecutionTime(filePath string, timeout time.Duration) error {
done := make(chan bool)
var execErr error
go func() {
// 读取并解析文件
content, err := ioutil.ReadFile(filePath)
if err != nil {
execErr = fmt.Errorf("读取文件失败: %v", err)
done <- true
return
}
fset := token.NewFileSet()
_, err = parser.ParseFile(fset, filePath, content, parser.AllErrors)
if err != nil {
execErr = fmt.Errorf("解析文件失败: %v", err)
done <- true
return
}
done <- true
}()
select {
case <-done:
return execErr
case <-time.After(timeout):
return fmt.Errorf("执行超时(>%v)", timeout)
}
}
// CheckFileAccess 检查文件访问安全性
func (c *SecurityChecker) CheckFileAccess(filePath string) ([]string, error) {
violations := make([]string, 0)
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, fmt.Errorf("读取文件失败: %v", err)
}
c.mu.RLock()
patterns := c.sensitivePatterns["file_access"]
c.mu.RUnlock()
for _, pattern := range patterns {
re, err := regexp.Compile(pattern)
if err != nil {
continue
}
matches := re.FindAllString(string(content), -1)
for _, match := range matches {
violations = append(violations, fmt.Sprintf("发现敏感文件操作: %s", match))
}
}
return violations, nil
}
// CheckNetworkAccess 检查网络访问安全性
func (c *SecurityChecker) CheckNetworkAccess(filePath string) ([]string, error) {
violations := make([]string, 0)
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, fmt.Errorf("读取文件失败: %v", err)
}
c.mu.RLock()
patterns := c.sensitivePatterns["network_access"]
c.mu.RUnlock()
for _, pattern := range patterns {
re, err := regexp.Compile(pattern)
if err != nil {
continue
}
matches := re.FindAllString(string(content), -1)
for _, match := range matches {
violations = append(violations, fmt.Sprintf("发现敏感网络操作: %s", match))
}
}
return violations, nil
}
// CheckInputValidation 检查输入验证
func (c *SecurityChecker) CheckInputValidation(filePath string) ([]string, error) {
issues := make([]string, 0)
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, fmt.Errorf("读取文件失败: %v", err)
}
fset := token.NewFileSet()
file, err := parser.ParseFile(fset, filePath, content, parser.AllErrors)
if err != nil {
return nil, fmt.Errorf("解析文件失败: %v", err)
}
ast.Inspect(file, func(n ast.Node) bool {
if call, ok := n.(*ast.CallExpr); ok {
if sel, ok := call.Fun.(*ast.SelectorExpr); ok {
if x, ok := sel.X.(*ast.Ident); ok {
funcName := x.Name + "." + sel.Sel.Name
if strings.Contains(funcName, "fmt.Scan") || strings.Contains(funcName, "bufio.NewScanner") {
issues = append(issues, fmt.Sprintf("未验证的输入: %s", funcName))
}
}
}
}
return true
})
return issues, nil
}
// CheckRandomGeneration 检查随机数生成安全性
func (c *SecurityChecker) CheckRandomGeneration(filePath string) ([]string, error) {
issues := make([]string, 0)
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, fmt.Errorf("读取文件失败: %v", err)
}
c.mu.RLock()
patterns := c.sensitivePatterns["random_generation"]
c.mu.RUnlock()
for _, pattern := range patterns {
re, err := regexp.Compile(pattern)
if err != nil {
continue
}
matches := re.FindAllString(string(content), -1)
for _, match := range matches {
if !strings.Contains(match, "crypto/rand") {
issues = append(issues, fmt.Sprintf("不安全的随机数生成: %s", match))
}
}
}
return issues, nil
}
// CheckSensitiveData 检查敏感数据处理
func (c *SecurityChecker) CheckSensitiveData(filePath string) ([]string, error) {
issues := make([]string, 0)
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, fmt.Errorf("读取文件失败: %v", err)
}
c.mu.RLock()
patterns := c.sensitivePatterns["sensitive_data"]
c.mu.RUnlock()
for _, pattern := range patterns {
re, err := regexp.Compile(pattern)
if err != nil {
continue
}
matches := re.FindAllString(string(content), -1)
for _, match := range matches {
issues = append(issues, fmt.Sprintf("敏感数据泄露风险: %s", match))
}
}
return issues, nil
}
// CheckSandboxEscape 检查沙箱逃逸
func (c *SecurityChecker) CheckSandboxEscape(filePath string) ([]string, error) {
violations := make([]string, 0)
content, err := ioutil.ReadFile(filePath)
if err != nil {
return nil, fmt.Errorf("读取文件失败: %v", err)
}
fset := token.NewFileSet()
file, err := parser.ParseFile(fset, filePath, content, parser.AllErrors)
if err != nil {
return nil, fmt.Errorf("解析文件失败: %v", err)
}
ast.Inspect(file, func(n ast.Node) bool {
if call, ok := n.(*ast.CallExpr); ok {
if sel, ok := call.Fun.(*ast.SelectorExpr); ok {
if x, ok := sel.X.(*ast.Ident); ok {
funcName := x.Name + "." + sel.Sel.Name
if strings.Contains(funcName, "os.") || strings.Contains(funcName, "exec.") {
violations = append(violations, fmt.Sprintf("危险的系统调用: %s", funcName))
}
}
}
}
return true
})
return violations, nil
}
// PerformFullCheck 执行完整的安全检查
func (c *SecurityChecker) PerformFullCheck(filePath string) (map[string]interface{}, error) {
results := make(map[string]interface{})
// 检查内存使用
memoryUsage, err := c.CheckMemoryUsage(filePath)
if err != nil {
results["memory_usage"] = err.Error()
} else {
results["memory_usage"] = memoryUsage
}
// 检查执行时间
err = c.CheckExecutionTime(filePath, 5*time.Second)
if err != nil {
results["execution_time"] = err.Error()
} else {
results["execution_time"] = "OK"
}
// 检查文件访问
fileAccess, err := c.CheckFileAccess(filePath)
if err != nil {
results["file_access"] = err.Error()
} else {
results["file_access"] = fileAccess
}
// 检查网络访问
networkAccess, err := c.CheckNetworkAccess(filePath)
if err != nil {
results["network_access"] = err.Error()
} else {
results["network_access"] = networkAccess
}
// 检查输入验证
inputValidation, err := c.CheckInputValidation(filePath)
if err != nil {
results["input_validation"] = err.Error()
} else {
results["input_validation"] = inputValidation
}
// 检查随机数生成
randomGeneration, err := c.CheckRandomGeneration(filePath)
if err != nil {
results["random_generation"] = err.Error()
} else {
results["random_generation"] = randomGeneration
}
// 检查敏感数据
sensitiveData, err := c.CheckSensitiveData(filePath)
if err != nil {
results["sensitive_data"] = err.Error()
} else {
results["sensitive_data"] = sensitiveData
}
// 检查沙箱逃逸
sandboxEscape, err := c.CheckSandboxEscape(filePath)
if err != nil {
results["sandbox_escape"] = err.Error()
} else {
results["sandbox_escape"] = sandboxEscape
}
return results, nil
}
================================================
FILE: go/internal/utils/security_test.go
================================================
package utils
import (
"os"
"testing"
"time"
)
func TestNewSecurityChecker(t *testing.T) {
checker := NewSecurityChecker()
if checker == nil {
t.Error("NewSecurityChecker返回了nil")
}
if len(checker.sensitivePatterns) == 0 {
t.Error("敏感模式映射为空")
}
expectedPatterns := []string{"file_access", "network_access", "code_execution", "input_validation", "random_generation", "sensitive_data"}
for _, pattern := range expectedPatterns {
if patterns, ok := checker.sensitivePatterns[pattern]; !ok || len(patterns) == 0 {
t.Errorf("缺少预期的模式类型: %s", pattern)
}
}
}
func createTestFile(content string) (string, error) {
tmpfile, err := os.CreateTemp("", "test_*.go")
if err != nil {
return "", err
}
if _, err := tmpfile.Write([]byte(content)); err != nil {
os.Remove(tmpfile.Name())
return "", err
}
if err := tmpfile.Close(); err != nil {
os.Remove(tmpfile.Name())
return "", err
}
return tmpfile.Name(), nil
}
func TestCheckMemoryUsage(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import "fmt"
func main() {
var arr []int
for i := 0; i < 1000; i++ {
arr = append(arr, i)
}
fmt.Println(arr)
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
usage, err := checker.CheckMemoryUsage(filename)
if err != nil {
t.Errorf("检查内存使用失败: %v", err)
}
if usage == 0 {
t.Error("内存使用量不应为0")
}
}
func TestCheckExecutionTime(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import "time"
func main() {
time.Sleep(time.Second)
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
// 测试正常超时
err = checker.CheckExecutionTime(filename, 5*time.Second)
if err != nil {
t.Errorf("执行时间检查失败: %v", err)
}
// 测试超时情况
err = checker.CheckExecutionTime(filename, 1*time.Millisecond)
if err == nil {
t.Error("预期应该发生超时错误")
}
}
func TestCheckFileAccess(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import (
"os"
"io/ioutil"
)
func main() {
os.Open("test.txt")
ioutil.ReadFile("config.json")
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
violations, err := checker.CheckFileAccess(filename)
if err != nil {
t.Errorf("文件访问检查失败: %v", err)
}
if len(violations) == 0 {
t.Error("应该检测到文件访问违规")
}
}
func TestCheckNetworkAccess(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import (
"net"
"net/http"
)
func main() {
net.Dial("tcp", "localhost:8080")
http.Get("http://example.com")
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
violations, err := checker.CheckNetworkAccess(filename)
if err != nil {
t.Errorf("网络访问检查失败: %v", err)
}
if len(violations) == 0 {
t.Error("应该检测到网络访问违规")
}
}
func TestCheckInputValidation(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import (
"fmt"
"bufio"
"os"
)
func main() {
var input string
fmt.Scanln(&input)
scanner := bufio.NewScanner(os.Stdin)
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
issues, err := checker.CheckInputValidation(filename)
if err != nil {
t.Errorf("输入验证检查失败: %v", err)
}
if len(issues) == 0 {
t.Error("应该检测到未验证的输入")
}
}
func TestCheckRandomGeneration(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import (
"math/rand"
"crypto/rand"
)
func main() {
rand.Int()
rand.Read(make([]byte, 32))
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
issues, err := checker.CheckRandomGeneration(filename)
if err != nil {
t.Errorf("随机数生成检查失败: %v", err)
}
if len(issues) == 0 {
t.Error("应该检测到不安全的随机数生成")
}
}
func TestCheckSensitiveData(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import "fmt"
func main() {
password := "secret123"
fmt.Printf("Password: %s\n", password)
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
issues, err := checker.CheckSensitiveData(filename)
if err != nil {
t.Errorf("敏感数据检查失败: %v", err)
}
if len(issues) == 0 {
t.Error("应该检测到敏感数据泄露风险")
}
}
func TestCheckSandboxEscape(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import (
"os"
"os/exec"
)
func main() {
os.Remove("test.txt")
exec.Command("ls").Run()
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
violations, err := checker.CheckSandboxEscape(filename)
if err != nil {
t.Errorf("沙箱逃逸检查失败: %v", err)
}
if len(violations) == 0 {
t.Error("应该检测到沙箱逃逸风险")
}
}
func TestPerformFullCheck(t *testing.T) {
checker := NewSecurityChecker()
content := `package main
import (
"fmt"
"os"
"net/http"
"math/rand"
)
func main() {
password := "secret123"
os.Open("test.txt")
http.Get("http://example.com")
rand.Int()
fmt.Printf("Password: %s\n", password)
}`
filename, err := createTestFile(content)
if err != nil {
t.Fatalf("创建测试文件失败: %v", err)
}
defer os.Remove(filename)
results, err := checker.PerformFullCheck(filename)
if err != nil {
t.Errorf("完整检查失败: %v", err)
}
expectedChecks := []string{
"memory_usage",
"execution_time",
"file_access",
"network_access",
"input_validation",
"random_generation",
"sensitive_data",
"sandbox_escape",
}
for _, check := range expectedChecks {
if _, ok := results[check]; !ok {
t.Errorf("缺少检查结果: %s", check)
}
}
}
================================================
FILE: go/internal/utils/tests/security_test.go
================================================
package utils
import (
"os"
"path/filepath"
"testing"
"time"
"github.com/stretchr/testify/assert"
)
func TestSecurityChecker(t *testing.T) {
// 创建临时目录
tempDir, err := os.MkdirTemp("", "security_test")
if err != nil {
t.Fatalf("创建临时目录失败: %v", err)
}
defer os.RemoveAll(tempDir)
// 创建测试代码文件
testCode := `package main
import (
"crypto/rand"
"database/sql"
"fmt"
"math/rand"
"net/http"
"os"
"os/exec"
"time"
)
func unsafeMemory() {
// 大量内存分配
largeSlice := make([]int, 1e7)
for i := range largeSlice {
largeSlice[i] = i
}
}
func unsafeExecution() {
// 长时间执行
time.Sleep(5 * time.Second)
}
func unsafeFileAccess() {
// 危险的文件操作
file, _ := os.Open("/etc/passwd")
defer file.Close()
}
func unsafeNetwork() {
// 未验证的网络请求
http.Get("http://example.com")
}
func unsafeInput() {
// 未验证的输入
var input string
fmt.Scanln(&input)
exec.Command("bash", "-c", input).Run()
}
func unsafeRandom() {
// 不安全的随机数生成
rand.Seed(time.Now().UnixNano())
fmt.Println(rand.Int())
}
func unsafeSensitiveData() {
// 敏感数据暴露
password := "super_secret_123"
fmt.Printf("Password: %s\n", password)
}
func unsafeSandbox() {
// 沙箱逃逸尝试
exec.Command("rm", "-rf", "/").Run()
}
`
testFile := filepath.Join(tempDir, "test.go")
err = os.WriteFile(testFile, []byte(testCode), 0644)
if err != nil {
t.Fatalf("写入测试代码文件失败: %v", err)
}
// 创建检查器实例
checker := NewSecurityChecker()
// 测试内存使用检查
t.Run("TestCheckMemoryUsage", func(t *testing.T) {
result := checker.CheckMemoryUsage(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "largeSlice")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试执行时间检查
t.Run("TestCheckExecutionTime", func(t *testing.T) {
result := checker.CheckExecutionTime(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "time.Sleep")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试文件访问检查
t.Run("TestCheckFileAccess", func(t *testing.T) {
result := checker.CheckFileAccess(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "/etc/passwd")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试网络访问检查
t.Run("TestCheckNetworkAccess", func(t *testing.T) {
result := checker.CheckNetworkAccess(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "http.Get")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试输入验证检查
t.Run("TestCheckInputValidation", func(t *testing.T) {
result := checker.CheckInputValidation(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "exec.Command")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试随机数生成检查
t.Run("TestCheckRandomGeneration", func(t *testing.T) {
result := checker.CheckRandomGeneration(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "math/rand")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试敏感数据检查
t.Run("TestCheckSensitiveData", func(t *testing.T) {
result := checker.CheckSensitiveData(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "password")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试沙箱逃逸检查
t.Run("TestCheckSandboxEscape", func(t *testing.T) {
result := checker.CheckSandboxEscape(testFile)
assert.True(t, result.HasIssues)
assert.Contains(t, result.Details, "exec.Command")
assert.Greater(t, len(result.Patterns), 0)
})
// 测试完整安全检查
t.Run("TestPerformFullCheck", func(t *testing.T) {
results := checker.PerformFullCheck(testFile)
assert.NotNil(t, results)
assert.Greater(t, len(results), 0)
// 验证所有检查项都已执行
expectedChecks := []string{
"memory_usage",
"execution_time",
"file_access",
"network_access",
"input_validation",
"random_generation",
"sensitive_data",
"sandbox_escape",
}
for _, check := range expectedChecks {
result, ok := results[check]
assert.True(t, ok)
assert.True(t, result.HasIssues)
assert.Greater(t, len(result.Patterns), 0)
}
})
// 测试并发检查
t.Run("TestConcurrentChecks", func(t *testing.T) {
// 创建多个测试文件
testFiles := make([]string, 5)
for i := range testFiles {
filePath := filepath.Join(tempDir, fmt.Sprintf("test_%d.go", i))
err := os.WriteFile(filePath, []byte(testCode), 0644)
assert.NoError(t, err)
testFiles[i] = filePath
}
// 记录串行执行时间
startSerial := time.Now()
for _, file := range testFiles {
checker.PerformFullCheck(file)
}
serialDuration := time.Since(startSerial)
// 记录并行执行时间
startParallel := time.Now()
resultChan := make(chan map[string]SecurityCheckResult, len(testFiles))
for _, file := range testFiles {
go func(f string) {
resultChan <- checker.PerformFullCheck(f)
}(file)
}
// 收集结果
results := make([]map[string]SecurityCheckResult, 0, len(testFiles))
for i := 0; i < len(testFiles); i++ {
result := <-resultChan
results = append(results, result)
}
parallelDuration := time.Since(startParallel)
// 验证结果
assert.Equal(t, len(testFiles), len(results))
for _, result := range results {
assert.NotNil(t, result)
assert.Greater(t, len(result), 0)
}
// 验证并行执行更快
assert.Less(t, parallelDuration, serialDuration)
})
// 测试错误处理
t.Run("TestErrorHandling", func(t *testing.T) {
// 测试不存在的文件
nonExistentFile := filepath.Join(tempDir, "non_existent.go")
result := checker.PerformFullCheck(nonExistentFile)
assert.NotNil(t, result)
for _, check := range result {
assert.False(t, check.HasIssues)
assert.Contains(t, check.Details, "file not found")
}
// 测试无效的Go代码
invalidCode := "invalid go code"
invalidFile := filepath.Join(tempDir, "invalid.go")
err := os.WriteFile(invalidFile, []byte(invalidCode), 0644)
assert.NoError(t, err)
result = checker.PerformFullCheck(invalidFile)
assert.NotNil(t, result)
for _, check := range result {
assert.False(t, check.HasIssues)
assert.Contains(t, check.Details, "parse error")
}
})
}
func TestSecurityCheckerEdgeCases(t *testing.T) {
checker := NewSecurityChecker()
// 测试空文件
t.Run("TestEmptyFile", func(t *testing.T) {
tempDir, err := os.MkdirTemp("", "empty_test")
assert.NoError(t, err)
defer os.RemoveAll(tempDir)
emptyFile := filepath.Join(tempDir, "empty.go")
err = os.WriteFile(emptyFile, []byte(""), 0644)
assert.NoError(t, err)
result := checker.PerformFullCheck(emptyFile)
assert.NotNil(t, result)
for _, check := range result {
assert.False(t, check.HasIssues)
}
})
// 测试大文件处理
t.Run("TestLargeFile", func(t *testing.T) {
tempDir, err := os.MkdirTemp("", "large_test")
assert.NoError(t, err)
defer os.RemoveAll(tempDir)
// 生成大文件
largeCode := `package main
import "fmt"
func main() {
`
for i := 0; i < 10000; i++ {
largeCode += fmt.Sprintf("\tfmt.Println(%d)\n", i)
}
largeCode += "}\n"
largeFile := filepath.Join(tempDir, "large.go")
err = os.WriteFile(largeFile, []byte(largeCode), 0644)
assert.NoError(t, err)
startTime := time.Now()
result := checker.PerformFullCheck(largeFile)
duration := time.Since(startTime)
assert.NotNil(t, result)
assert.Less(t, duration, 30*time.Second) // 确保大文件处理不会超时
})
// 测试并发限制
t.Run("TestConcurrencyLimit", func(t *testing.T) {
tempDir, err := os.MkdirTemp("", "concurrency_test")
assert.NoError(t, err)
defer os.RemoveAll(tempDir)
// 创建多个测试文件
numFiles := 100
testFiles := make([]string, numFiles)
testCode := `package main
func main() {}`
for i := range testFiles {
filePath := filepath.Join(tempDir, fmt.Sprintf("test_%d.go", i))
err := os.WriteFile(filePath, []byte(testCode), 0644)
assert.NoError(t, err)
testFiles[i] = filePath
}
// 并发执行检查
startTime := time.Now()
resultChan := make(chan map[string]SecurityCheckResult, numFiles)
for _, file := range testFiles {
go func(f string) {
resultChan <- checker.PerformFullCheck(f)
}(file)
}
// 收集结果
results := make([]map[string]SecurityCheckResult, 0, numFiles)
for i := 0; i < numFiles; i++ {
result := <-resultChan
results = append(results, result)
}
duration := time.Since(startTime)
assert.Equal(t, numFiles, len(results))
assert.Less(t, duration, 60*time.Second) // 确保并发处理不会超时
})
}
================================================
FILE: go/internal/web/app.go
================================================
package web
import (
"fmt"
"html/template"
"io/ioutil"
"net/http"
"os"
"path/filepath"
"time"
"github.com/gin-gonic/gin"
"github.com/re-movery/re-movery/internal/core"
"github.com/re-movery/re-movery/internal/detectors"
)
// App is the web application
type App struct {
scanner *core.Scanner
router *gin.Engine
}
// NewApp creates a new web application
func NewApp() *App {
app := &App{
scanner: core.NewScanner(),
router: gin.Default(),
}
// Register detectors
app.scanner.RegisterDetector(detectors.NewPythonDetector())
app.scanner.RegisterDetector(detectors.NewJavaScriptDetector())
// Setup routes
app.setupRoutes()
return app
}
// setupRoutes sets up the routes for the web application
func (a *App) setupRoutes() {
// Serve static files
a.router.Static("/static", "./static")
// Load templates
a.router.LoadHTMLGlob("templates/*")
// Routes
a.router.GET("/", a.indexHandler)
a.router.POST("/scan/file", a.scanFileHandler)
a.router.POST("/scan/directory", a.scanDirectoryHandler)
a.router.GET("/api/languages", a.languagesHandler)
a.router.GET("/health", a.healthHandler)
}
// Run runs the web application
func (a *App) Run(host string, port int) error {
return a.router.Run(fmt.Sprintf("%s:%d", host, port))
}
// indexHandler handles the index page
func (a *App) indexHandler(c *gin.Context) {
c.HTML(http.StatusOK, "index.html", gin.H{
"title": "Re-movery - Security Scanner",
})
}
// scanFileHandler handles file scanning
func (a *App) scanFileHandler(c *gin.Context) {
// Get file from form
file, err := c.FormFile("file")
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"error": "No file provided",
})
return
}
// Save file to temporary location
tempFile := filepath.Join(os.TempDir(), file.Filename)
if err := c.SaveUploadedFile(file, tempFile); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": "Failed to save file",
})
return
}
defer os.Remove(tempFile)
// Scan file
results, err := a.scanner.ScanFile(tempFile)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": fmt.Sprintf("Failed to scan file: %v", err),
})
return
}
// Generate summary
summary := core.GenerateSummary(map[string][]core.Match{
file.Filename: results,
})
// Return results
c.JSON(http.StatusOK, gin.H{
"results": map[string][]core.Match{
file.Filename: results,
},
"summary": summary,
})
}
// scanDirectoryHandler handles directory scanning
func (a *App) scanDirectoryHandler(c *gin.Context) {
// Get directory path from form
directory := c.PostForm("directory")
if directory == "" {
c.JSON(http.StatusBadRequest, gin.H{
"error": "No directory provided",
})
return
}
// Check if directory exists
if _, err := os.Stat(directory); os.IsNotExist(err) {
c.JSON(http.StatusBadRequest, gin.H{
"error": "Directory does not exist",
})
return
}
// Get exclude patterns
excludePatterns := c.PostFormArray("exclude")
// Scan directory
results, err := a.scanner.ScanDirectory(directory, excludePatterns)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"error": fmt.Sprintf("Failed to scan directory: %v", err),
})
return
}
// Generate summary
summary := core.GenerateSummary(results)
// Return results
c.JSON(http.StatusOK, gin.H{
"results": results,
"summary": summary,
})
}
// languagesHandler handles the supported languages request
func (a *App) languagesHandler(c *gin.Context) {
languages := a.scanner.SupportedLanguages()
c.JSON(http.StatusOK, gin.H{
"languages": languages,
})
}
// healthHandler handles the health check request
func (a *App) healthHandler(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
"status": "ok",
"time": time.Now().Format(time.RFC3339),
})
}
================================================
FILE: go/internal/web/static/css/style.css
================================================
/* Re-movery 样式文件 */
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background-color: #f8f9fa;
}
.navbar-brand {
font-weight: bold;
color: #0d6efd;
}
.card {
border-radius: 10px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
margin-bottom: 20px;
}
.card-header {
font-weight: bold;
background-color: #f8f9fa;
}
.severity-high {
color: #dc3545;
}
.severity-medium {
color: #fd7e14;
}
.severity-low {
color: #0dcaf0;
}
.chart-container {
height: 300px;
}
.nav-pills .nav-link.active {
background-color: #0d6efd;
}
.nav-pills .nav-link {
color: #495057;
}
.file-item {
cursor: pointer;
}
.file-item:hover {
background-color: #f8f9fa;
}
.code-block {
background-color: #f8f9fa;
border-radius: 5px;
padding: 10px;
font-family: monospace;
white-space: pre-wrap;
margin-top: 10px;
}
.footer {
margin-top: 50px;
padding: 20px 0;
background-color: #f8f9fa;
text-align: center;
color: #6c757d;
}
/* 按钮样式 */
.btn-primary {
background-color: #0d6efd;
border-color: #0d6efd;
}
.btn-primary:hover {
background-color: #0b5ed7;
border-color: #0a58ca;
}
/* 表单样式 */
.form-control:focus {
border-color: #0d6efd;
box-shadow: 0 0 0 0.25rem rgba(13, 110, 253, 0.25);
}
/* 表格样式 */
.table {
border-collapse: collapse;
width: 100%;
}
.table th {
background-color: #f8f9fa;
font-weight: bold;
}
.table-striped tbody tr:nth-of-type(odd) {
background-color: rgba(0, 0, 0, 0.05);
}
/* 徽章样式 */
.badge {
font-weight: normal;
padding: 0.35em 0.65em;
}
/* 响应式调整 */
@media (max-width: 768px) {
.chart-container {
height: 200px;
}
}
================================================
FILE: go/internal/web/static/js/app.js
================================================
/**
* Re-movery Web应用JavaScript
*/
// 全局变量
let severityChart = null;
let vulnerabilityChart = null;
// 初始化应用
document.addEventListener('DOMContentLoaded', function() {
// 初始化图表
initCharts();
// 加载设置
loadSettings();
// 绑定事件
bindEvents();
});
// 初始化图表
function initCharts() {
// 漏洞严重程度分布图
const severityCtx = document.getElementById('severity-chart').getContext('2d');
severityChart = new Chart(severityCtx, {
type: 'pie',
data: {
labels: ['高危', '中危', '低危'],
datasets: [{
data: [0, 0, 0],
backgroundColor: ['#dc3545', '#fd7e14', '#0dcaf0']
}]
},
options: {
responsive: true,
plugins: {
legend: {
position: 'bottom'
}
}
}
});
// 常见漏洞类型图
const vulnerabilityCtx = document.getElementById('vulnerability-chart').getContext('2d');
vulnerabilityChart = new Chart(vulnerabilityCtx, {
type: 'bar',
data: {
labels: [],
datasets: [{
label: '漏洞数量',
data: [],
backgroundColor: '#0d6efd'
}]
},
options: {
responsive: true,
plugins: {
legend: {
display: false
}
},
scales: {
y: {
beginAtZero: true,
ticks: {
precision: 0
}
}
}
}
});
}
// 加载设置
function loadSettings() {
const settings = JSON.parse(localStorage.getItem('re-movery-settings') || '{}');
document.getElementById('confidence-threshold').value = settings.confidenceThreshold || 0.7;
document.getElementById('confidence-value').textContent = settings.confidenceThreshold || 0.7;
document.getElementById('default-parallel').checked = settings.defaultParallel !== false;
document.getElementById('default-incremental').checked = settings.defaultIncremental !== false;
// 应用设置到扫描表单
document.getElementById('parallel').checked = settings.defaultParallel !== false;
document.getElementById('incremental').checked = settings.defaultIncremental !== false;
}
// 保存设置
function saveSettings() {
const settings = {
confidenceThreshold: parseFloat(document.getElementById('confidence-threshold').value),
defaultParallel: document.getElementById('default-parallel').checked,
defaultIncremental: document.getElementById('default-incremental').checked
};
localStorage.setItem('re-movery-settings', JSON.stringify(settings));
alert('设置已保存');
// 应用设置到扫描表单
document.getElementById('parallel').checked = settings.defaultParallel;
document.getElementById('incremental').checked = settings.defaultIncremental;
}
// 绑定事件
function bindEvents() {
// 设置表单提交
document.getElementById('settings-form').addEventListener('submit', function(e) {
e.preventDefault();
saveSettings();
});
// 更新置信度值显示
document.getElementById('confidence-threshold').addEventListener('input', function() {
document.getElementById('confidence-value').textContent = this.value;
});
// 文件扫描表单提交
document.getElementById('file-scan-form').addEventListener('submit', function(e) {
e.preventDefault();
scanFile();
});
// 目录扫描表单提交
document.getElementById('directory-scan-form').addEventListener('submit', function(e) {
e.preventDefault();
scanDirectory();
});
}
// 扫描文件
function scanFile() {
const fileInput = document.getElementById('file');
if (!fileInput.files.length) {
alert('请选择文件');
return;
}
const formData = new FormData();
formData.append('file', fileInput.files[0]);
// 显示加载指示器
showLoading('正在扫描文件...');
fetch('/scan/file', {
method: 'POST',
body: formData
})
.then(response => {
if (!response.ok) {
throw new Error('扫描请求失败');
}
return response.json();
})
.then(data => {
hideLoading();
updateResults(data);
// 切换到结果标签页
document.querySelector('a[href="#results"]').click();
})
.catch(error => {
hideLoading();
console.error('Error:', error);
alert('扫描失败: ' + error.message);
});
}
// 扫描目录
function scanDirectory() {
const directory = document.getElementById('directory').value;
if (!directory) {
alert('请输入目录路径');
return;
}
const formData = new FormData();
formData.append('directory', directory);
const exclude = document.getElementById('exclude').value;
if (exclude) {
exclude.split(',').forEach(pattern => {
formData.append('exclude', pattern.trim());
});
}
formData.append('parallel', document.getElementById('parallel').checked);
formData.append('incremental', document.getElementById('incremental').checked);
// 显示加载指示器
showLoading('正在扫描目录...');
fetch('/scan/directory', {
method: 'POST',
body: formData
})
.then(response => {
if (!response.ok) {
throw new Error('扫描请求失败');
}
return response.json();
})
.then(data => {
hideLoading();
updateResults(data);
// 切换到结果标签页
document.querySelector('a[href="#results"]').click();
})
.catch(error => {
hideLoading();
console.error('Error:', error);
alert('扫描失败: ' + error.message);
});
}
// 更新结果
function updateResults(data) {
// 更新计数
document.getElementById('high-count').textContent = data.summary.high;
document.getElementById('medium-count').textContent = data.summary.medium;
document.getElementById('low-count').textContent = data.summary.low;
// 更新图表
severityChart.data.datasets[0].data = [
data.summary.high,
data.summary.medium,
data.summary.low
];
severityChart.update();
// 更新漏洞类型图表
const vulnerabilities = data.summary.vulnerabilities || {};
const sortedVulns = Object.entries(vulnerabilities)
.sort((a, b) => b[1] - a[1])
.slice(0, 10);
vulnerabilityChart.data.labels = sortedVulns.map(v => v[0]);
vulnerabilityChart.data.datasets[0].data = sortedVulns.map(v => v[1]);
vulnerabilityChart.update();
// 更新结果列表
const resultsContainer = document.getElementById('results-container');
resultsContainer.innerHTML = '';
if (Object.keys(data.results).length === 0) {
resultsContainer.innerHTML = `
<div class="alert alert-success">
<i class="bi bi-check-circle"></i> 未发现漏洞。
</div>
`;
return;
}
for (const [filePath, matches] of Object.entries(data.results)) {
if (matches.length === 0) continue;
const fileCard = document.createElement('div');
fileCard.className = 'card mb-3';
const fileHeader = document.createElement('div');
fileHeader.className = 'card-header file-item';
fileHeader.innerHTML = `
<i class="bi bi-file-earmark-code"></i> ${filePath}
<span class="badge bg-primary float-end">${matches.length}</span>
`;
const fileContent = document.createElement('div');
fileContent.className = 'card-body';
fileContent.style.display = 'none';
// 添加漏洞列表
const table = document.createElement('table');
table.className = 'table table-striped';
table.innerHTML = `
<thead>
<tr>
<th>行号</th>
<th>严重程度</th>
<th>漏洞</th>
<th>置信度</th>
</tr>
</thead>
<tbody>
${matches.map(match => `
<tr>
<td>${match.lineNumber}</td>
<td>
<span class="badge ${getSeverityClass(match.signature.severity)}">
${getSeverityText(match.signature.severity)}
</span>
</td>
<td>
<strong>${match.signature.name}</strong>
<p>${match.signature.description}</p>
<div class="code-block">${escapeHtml(match.matchedCode)}</div>
</td>
<td>${Math.round(match.confidence * 100)}%</td>
</tr>
`).join('')}
</tbody>
`;
fileContent.appendChild(table);
fileCard.appendChild(fileHeader);
fileCard.appendChild(fileContent);
resultsContainer.appendChild(fileCard);
// 添加点击事件
fileHeader.addEventListener('click', function() {
if (fileContent.style.display === 'none') {
fileContent.style.display = 'block';
} else {
fileContent.style.display = 'none';
}
});
}
}
// 获取严重程度样式类
function getSeverityClass(severity) {
switch (severity.toLowerCase()) {
case 'high': return 'bg-danger';
case 'medium': return 'bg-warning text-dark';
case 'low': return 'bg-info text-dark';
default: return 'bg-secondary';
}
}
// 获取严重程度文本
function getSeverityText(severity) {
switch (severity.toLowerCase()) {
case 'high': return '高危';
case 'medium': return '中危';
case 'low': return '低危';
default: return severity;
}
}
// HTML转义
function escapeHtml(html) {
const div = document.createElement('div');
div.textContent = html;
return div.innerHTML;
}
// 显示加载指示器
function showLoading(message) {
let loadingDiv = document.getElementById('loading-indicator');
if (!loadingDiv) {
loadingDiv = document.createElement('div');
loadingDiv.id = 'loading-indicator';
loadingDiv.className = 'position-fixed top-0 start-0 w-100 h-100 d-flex justify-content-center align-items-center bg-white bg-opacity-75';
loadingDiv.style.zIndex = '9999';
loadingDiv.innerHTML = `
<div class="text-center">
<div class="spinner-border text-primary" role="status">
<span class="visually-hidden">加载中...</span>
</div>
<p class="mt-2" id="loading-message">${message || '加载中...'}</p>
</div>
`;
document.body.appendChild(loadingDiv);
} else {
document.getElementById('loading-message').textContent = message || '加载中...';
loadingDiv.style.display = 'flex';
}
}
// 隐藏加载指示器
function hideLoading() {
const loadingDiv = document.getElementById('loading-indicator');
if (loadingDiv) {
loadingDiv.style.display = 'none';
}
}
================================================
FILE: go/internal/web/templates/index.html
================================================
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Re-movery - 安全漏洞扫描工具</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css">
<style>
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background-color: #f8f9fa;
}
.navbar-brand {
font-weight: bold;
color: #0d6efd;
}
.card {
border-radius: 10px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
margin-bottom: 20px;
}
.card-header {
font-weight: bold;
background-color: #f8f9fa;
}
.severity-high {
color: #dc3545;
}
.severity-medium {
color: #fd7e14;
}
.severity-low {
color: #0dcaf0;
}
.chart-container {
height: 300px;
}
.nav-pills .nav-link.active {
background-color: #0d6efd;
}
.nav-pills .nav-link {
color: #495057;
}
.file-item {
cursor: pointer;
}
.file-item:hover {
background-color: #f8f9fa;
}
.code-block {
background-color: #f8f9fa;
border-radius: 5px;
padding: 10px;
font-family: monospace;
white-space: pre-wrap;
margin-top: 10px;
}
.footer {
margin-top: 50px;
padding: 20px 0;
background-color: #f8f9fa;
text-align: center;
color: #6c757d;
}
</style>
</head>
<body>
<!-- 导航栏 -->
<nav class="navbar navbar-expand-lg navbar-light bg-white shadow-sm">
<div class="container">
<a class="navbar-brand" href="/">
<i class="bi bi-shield-check"></i> Re-movery
</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="nav
gitextract_anrct33o/
├── .github/
│ └── workflows/
│ └── go.yml
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── Detector.py
├── LICENSE
├── Makefile
├── Preprocessing.py
├── README.md
├── config/
│ ├── ctags
│ └── movery_config.py
├── config.json
├── config.json.example
├── docs/
│ └── test_report.md
├── go/
│ ├── README.md
│ ├── cmd/
│ │ └── movery/
│ │ └── main.go
│ ├── go.mod
│ ├── internal/
│ │ ├── analyzers/
│ │ │ └── language.go
│ │ ├── api/
│ │ │ └── server.go
│ │ ├── cmd/
│ │ │ ├── generate.go
│ │ │ ├── root.go
│ │ │ ├── scan.go
│ │ │ ├── server.go
│ │ │ └── web.go
│ │ ├── config/
│ │ │ └── config.go
│ │ ├── core/
│ │ │ ├── config.go
│ │ │ ├── config_test.go
│ │ │ ├── models.go
│ │ │ ├── scanner.go
│ │ │ └── scanner_test.go
│ │ ├── detectors/
│ │ │ ├── javascript.go
│ │ │ ├── python.go
│ │ │ ├── tests/
│ │ │ │ └── detector_test.go
│ │ │ └── vulnerability.go
│ │ ├── reporters/
│ │ │ ├── html.go
│ │ │ ├── json.go
│ │ │ └── xml.go
│ │ ├── utils/
│ │ │ ├── logging.go
│ │ │ ├── memory.go
│ │ │ ├── parallel.go
│ │ │ ├── security.go
│ │ │ ├── security_test.go
│ │ │ └── tests/
│ │ │ └── security_test.go
│ │ └── web/
│ │ ├── app.go
│ │ ├── static/
│ │ │ ├── css/
│ │ │ │ └── style.css
│ │ │ └── js/
│ │ │ └── app.js
│ │ └── templates/
│ │ └── index.html
│ ├── tests/
│ │ ├── integration/
│ │ │ └── workflow_test.go
│ │ └── security/
│ │ └── security_test.go
│ └── web/
│ └── templates/
│ └── report.html
├── movery/
│ ├── __init__.py
│ ├── analyzers/
│ │ ├── __init__.py
│ │ ├── code_analyzer.py
│ │ └── language.py
│ ├── config/
│ │ ├── __init__.py
│ │ ├── config.json
│ │ └── config.py
│ ├── config.json
│ ├── detectors/
│ │ ├── __init__.py
│ │ └── vulnerability.py
│ ├── go/
│ │ └── cmd/
│ │ └── movery/
│ │ └── main.go
│ ├── main.py
│ ├── reporters/
│ │ ├── __init__.py
│ │ └── html.py
│ ├── templates/
│ │ └── report.html
│ ├── tests/
│ │ ├── integration/
│ │ │ └── test_workflow.py
│ │ ├── security/
│ │ │ └── test_security.py
│ │ └── unit/
│ │ ├── test_analyzer.py
│ │ ├── test_detector.py
│ │ ├── test_security.py
│ │ └── test_vulnerability.py
│ └── utils/
│ ├── __init__.py
│ ├── logging.py
│ ├── memory.py
│ ├── parallel.py
│ └── security.py
├── requirements.txt
├── setup.py
├── signatures.json
├── signatures.json.example
└── src/
├── analyzers/
│ └── language.py
├── config/
│ └── config.py
├── detectors/
│ └── vulnerability.py
├── main.py
├── reporters/
│ └── html.py
└── utils/
├── logging.py
├── memory.py
└── parallel.py
SYMBOL INDEX (587 symbols across 56 files)
FILE: Detector.py
function intersect (line 43) | def intersect(a, b):
function union (line 47) | def union(a, b):
function jaccard_sim (line 51) | def jaccard_sim(a, b):
function normalize (line 57) | def normalize(string):
function removeComment (line 67) | def removeComment(string):
function readFile (line 80) | def readFile(path):
function readOSSIDX (line 103) | def readOSSIDX():
function readIDX2VER (line 114) | def readIDX2VER():
function readVulHashes (line 123) | def readVulHashes():
function spaceReduction (line 137) | def spaceReduction(tar, vulHashes, ossIDX):
function detector (line 198) | def detector(tar):
function main (line 530) | def main(target):
FILE: Preprocessing.py
function intersect (line 49) | def intersect(a, b):
function union (line 58) | def union(a, b):
function jaccard_sim (line 67) | def jaccard_sim(a, b):
function normalize (line 80) | def normalize(string):
function normalize_hash (line 93) | def normalize_hash(string):
function abstract (line 104) | def abstract(body, ext):
function removeComment (line 242) | def removeComment(string):
function readFile (line 256) | def readFile(path):
function preprocessor (line 282) | def preprocessor(target):
function main (line 406) | def main(target):
FILE: go/cmd/movery/main.go
function main (line 10) | func main() {
FILE: go/internal/analyzers/language.go
type LanguageAnalyzer (line 11) | type LanguageAnalyzer interface
type GoAnalyzer (line 20) | type GoAnalyzer struct
method ParseFile (line 32) | func (ga *GoAnalyzer) ParseFile(filename string) (ast.Node, error) {
method ExtractFunctions (line 37) | func (ga *GoAnalyzer) ExtractFunctions(node ast.Node) []ast.Node {
method ExtractClasses (line 49) | func (ga *GoAnalyzer) ExtractClasses(node ast.Node) []ast.Node {
method ExtractImports (line 61) | func (ga *GoAnalyzer) ExtractImports(node ast.Node) []string {
method ExtractVariables (line 73) | func (ga *GoAnalyzer) ExtractVariables(node ast.Node) []ast.Node {
function NewGoAnalyzer (line 25) | func NewGoAnalyzer() *GoAnalyzer {
function GetFileLanguage (line 85) | func GetFileLanguage(filename string) string {
FILE: go/internal/api/server.go
type Server (line 18) | type Server struct
method setupRoutes (line 41) | func (s *Server) setupRoutes() {
method Run (line 56) | func (s *Server) Run(host string, port int) error {
method scanCodeHandler (line 61) | func (s *Server) scanCodeHandler(c *gin.Context) {
method scanFileHandler (line 137) | func (s *Server) scanFileHandler(c *gin.Context) {
method scanDirectoryHandler (line 181) | func (s *Server) scanDirectoryHandler(c *gin.Context) {
method languagesHandler (line 228) | func (s *Server) languagesHandler(c *gin.Context) {
method healthHandler (line 236) | func (s *Server) healthHandler(c *gin.Context) {
function NewServer (line 24) | func NewServer() *Server {
FILE: go/internal/cmd/generate.go
function init (line 67) | func init() {
function generateGithubActionFile (line 78) | func generateGithubActionFile(outputPath string) error {
function generateGitlabCIFile (line 124) | func generateGitlabCIFile(outputPath string) error {
function generateVSCodeExtensionFiles (line 151) | func generateVSCodeExtensionFiles(outputPath string) error {
FILE: go/internal/cmd/root.go
function Execute (line 23) | func Execute() error {
function init (line 27) | func init() {
FILE: go/internal/cmd/scan.go
function init (line 156) | func init() {
FILE: go/internal/cmd/server.go
function init (line 42) | func init() {
FILE: go/internal/cmd/web.go
function init (line 42) | func init() {
FILE: go/internal/config/config.go
type Config (line 8) | type Config struct
type ProcessingConfig (line 16) | type ProcessingConfig struct
type DetectorConfig (line 26) | type DetectorConfig struct
type LoggingConfig (line 37) | type LoggingConfig struct
type SecurityConfig (line 46) | type SecurityConfig struct
function LoadConfig (line 55) | func LoadConfig(configFile string) (*Config, error) {
function SetDefaults (line 72) | func SetDefaults() {
FILE: go/internal/core/config.go
type Config (line 15) | type Config struct
method ApplyToScanner (line 134) | func (c *Config) ApplyToScanner(scanner *Scanner) {
type ScannerConfig (line 22) | type ScannerConfig struct
type WebConfig (line 30) | type WebConfig struct
type ServerConfig (line 37) | type ServerConfig struct
function NewConfig (line 44) | func NewConfig() *Config {
function LoadConfig (line 66) | func LoadConfig(configPath string) (*Config, error) {
function SaveConfig (line 103) | func SaveConfig(config *Config, configPath string) error {
FILE: go/internal/core/config_test.go
function TestNewConfig (line 13) | func TestNewConfig(t *testing.T) {
function TestLoadConfigJSON (line 30) | func TestLoadConfigJSON(t *testing.T) {
function TestLoadConfigYAML (line 79) | func TestLoadConfigYAML(t *testing.T) {
function TestSaveConfig (line 126) | func TestSaveConfig(t *testing.T) {
function TestApplyToScanner (line 167) | func TestApplyToScanner(t *testing.T) {
FILE: go/internal/core/models.go
type Signature (line 8) | type Signature struct
type Match (line 18) | type Match struct
type Summary (line 27) | type Summary struct
type ReportData (line 36) | type ReportData struct
type Reporter (line 44) | type Reporter interface
type Detector (line 49) | type Detector interface
function GenerateSummary (line 57) | func GenerateSummary(results map[string][]Match) Summary {
FILE: go/internal/core/scanner.go
type Scanner (line 12) | type Scanner struct
method RegisterDetector (line 33) | func (s *Scanner) RegisterDetector(detector Detector) {
method SetParallel (line 38) | func (s *Scanner) SetParallel(parallel bool) {
method IsParallel (line 43) | func (s *Scanner) IsParallel() bool {
method SetIncremental (line 48) | func (s *Scanner) SetIncremental(incremental bool) {
method IsIncremental (line 53) | func (s *Scanner) IsIncremental() bool {
method SetConfidenceThreshold (line 58) | func (s *Scanner) SetConfidenceThreshold(threshold float64) {
method SupportedLanguages (line 63) | func (s *Scanner) SupportedLanguages() []string {
method ScanFile (line 72) | func (s *Scanner) ScanFile(filePath string) ([]Match, error) {
method ScanDirectory (line 115) | func (s *Scanner) ScanDirectory(dirPath string, excludePatterns []stri...
function NewScanner (line 22) | func NewScanner() *Scanner {
FILE: go/internal/core/scanner_test.go
function TestNewScanner (line 13) | func TestNewScanner(t *testing.T) {
function TestSetParallel (line 21) | func TestSetParallel(t *testing.T) {
function TestSetIncremental (line 33) | func TestSetIncremental(t *testing.T) {
function TestRegisterDetector (line 45) | func TestRegisterDetector(t *testing.T) {
function TestScanFile (line 60) | func TestScanFile(t *testing.T) {
function TestScanDirectory (line 85) | func TestScanDirectory(t *testing.T) {
function TestGenerateSummary (line 118) | func TestGenerateSummary(t *testing.T) {
type mockDetector (line 190) | type mockDetector struct
method Name (line 192) | func (d *mockDetector) Name() string {
method SupportedLanguages (line 196) | func (d *mockDetector) SupportedLanguages() []string {
method DetectFile (line 200) | func (d *mockDetector) DetectFile(filePath string) ([]Match, error) {
method DetectCode (line 217) | func (d *mockDetector) DetectCode(code string, filePath string) ([]Mat...
FILE: go/internal/detectors/javascript.go
type JavaScriptDetector (line 15) | type JavaScriptDetector struct
method Name (line 27) | func (d *JavaScriptDetector) Name() string {
method SupportedLanguages (line 32) | func (d *JavaScriptDetector) SupportedLanguages() []string {
method DetectFile (line 37) | func (d *JavaScriptDetector) DetectFile(filePath string) ([]core.Match...
method DetectCode (line 54) | func (d *JavaScriptDetector) DetectCode(code string, filePath string) ...
method loadSignatures (line 93) | func (d *JavaScriptDetector) loadSignatures() {
method calculateConfidence (line 230) | func (d *JavaScriptDetector) calculateConfidence(matchedCode string, p...
method checkJavaScriptSpecificIssues (line 263) | func (d *JavaScriptDetector) checkJavaScriptSpecificIssues(code string...
function NewJavaScriptDetector (line 20) | func NewJavaScriptDetector() *JavaScriptDetector {
FILE: go/internal/detectors/python.go
type PythonDetector (line 15) | type PythonDetector struct
method Name (line 27) | func (d *PythonDetector) Name() string {
method SupportedLanguages (line 32) | func (d *PythonDetector) SupportedLanguages() []string {
method DetectFile (line 37) | func (d *PythonDetector) DetectFile(filePath string) ([]core.Match, er...
method DetectCode (line 53) | func (d *PythonDetector) DetectCode(code string, filePath string) ([]c...
method loadSignatures (line 92) | func (d *PythonDetector) loadSignatures() {
method calculateConfidence (line 229) | func (d *PythonDetector) calculateConfidence(matchedCode string, patte...
method checkPythonSpecificIssues (line 262) | func (d *PythonDetector) checkPythonSpecificIssues(code string, filePa...
function NewPythonDetector (line 20) | func NewPythonDetector() *PythonDetector {
FILE: go/internal/detectors/vulnerability.go
type Signature (line 17) | type Signature struct
type Match (line 25) | type Match struct
type VulnerabilityDetector (line 33) | type VulnerabilityDetector struct
method LoadSignatures (line 47) | func (d *VulnerabilityDetector) LoadSignatures(signatureFile string) e...
method DetectFile (line 69) | func (d *VulnerabilityDetector) DetectFile(filePath string) ([]Match, ...
method AnalyzeAST (line 134) | func (d *VulnerabilityDetector) AnalyzeAST(filePath string) ([]Match, ...
method DetectSimilarPatterns (line 181) | func (d *VulnerabilityDetector) DetectSimilarPatterns(filePath string,...
method calculateConfidence (line 229) | func (d *VulnerabilityDetector) calculateConfidence(matchedCode, patte...
method calculateSimilarity (line 255) | func (d *VulnerabilityDetector) calculateSimilarity(str1, str2 string)...
function NewVulnerabilityDetector (line 40) | func NewVulnerabilityDetector() *VulnerabilityDetector {
function max (line 282) | func max(a, b int) int {
FILE: go/internal/reporters/html.go
type HTMLReporter (line 15) | type HTMLReporter struct
method GenerateReport (line 23) | func (r *HTMLReporter) GenerateReport(data core.ReportData, outputPath...
method processData (line 59) | func (r *HTMLReporter) processData(data core.ReportData) map[string]in...
function NewHTMLReporter (line 18) | func NewHTMLReporter() *HTMLReporter {
constant htmlTemplate (line 115) | htmlTemplate = `<!DOCTYPE html>
FILE: go/internal/reporters/json.go
type JSONReporter (line 12) | type JSONReporter struct
method GenerateReport (line 20) | func (r *JSONReporter) GenerateReport(data core.ReportData, outputPath...
function NewJSONReporter (line 15) | func NewJSONReporter() *JSONReporter {
FILE: go/internal/reporters/xml.go
type XMLReporter (line 12) | type XMLReporter struct
method GenerateReport (line 54) | func (r *XMLReporter) GenerateReport(data core.ReportData, outputPath ...
method convertToXML (line 85) | func (r *XMLReporter) convertToXML(data core.ReportData) XMLReportData {
function NewXMLReporter (line 15) | func NewXMLReporter() *XMLReporter {
type XMLReportData (line 20) | type XMLReportData struct
type XMLSummary (line 29) | type XMLSummary struct
type XMLFileResult (line 37) | type XMLFileResult struct
type XMLMatch (line 43) | type XMLMatch struct
FILE: go/internal/utils/logging.go
function GetLogger (line 17) | func GetLogger() *logrus.Logger {
type FileLogger (line 30) | type FileLogger struct
method Close (line 53) | func (fl *FileLogger) Close() error {
function NewFileLogger (line 36) | func NewFileLogger(filename string) (*FileLogger, error) {
function SetVerbosity (line 61) | func SetVerbosity(verbose bool) {
FILE: go/internal/utils/memory.go
type MemoryMonitor (line 13) | type MemoryMonitor struct
method Start (line 29) | func (mm *MemoryMonitor) Start() {
method Stop (line 56) | func (mm *MemoryMonitor) Stop() {
function NewMemoryMonitor (line 20) | func NewMemoryMonitor(maxMemoryGB float64, interval time.Duration) *Memo...
type LRUCache (line 61) | type LRUCache struct
method Get (line 83) | func (c *LRUCache) Get(key interface{}) (interface{}, bool) {
method Put (line 95) | func (c *LRUCache) Put(key, value interface{}) {
type entry (line 68) | type entry struct
function NewLRUCache (line 74) | func NewLRUCache(capacity int) *LRUCache {
FILE: go/internal/utils/parallel.go
type Job (line 8) | type Job interface
type WorkerPool (line 13) | type WorkerPool struct
method Start (line 32) | func (wp *WorkerPool) Start() {
method worker (line 40) | func (wp *WorkerPool) worker() {
method Submit (line 58) | func (wp *WorkerPool) Submit(job Job) {
method Stop (line 63) | func (wp *WorkerPool) Stop() {
method Results (line 71) | func (wp *WorkerPool) Results() <-chan error {
function NewWorkerPool (line 22) | func NewWorkerPool(numWorkers int, queueSize int) *WorkerPool {
FILE: go/internal/utils/security.go
type SecurityChecker (line 18) | type SecurityChecker struct
method CheckMemoryUsage (line 56) | func (c *SecurityChecker) CheckMemoryUsage(filePath string) (uint64, e...
method CheckExecutionTime (line 81) | func (c *SecurityChecker) CheckExecutionTime(filePath string, timeout ...
method CheckFileAccess (line 114) | func (c *SecurityChecker) CheckFileAccess(filePath string) ([]string, ...
method CheckNetworkAccess (line 141) | func (c *SecurityChecker) CheckNetworkAccess(filePath string) ([]strin...
method CheckInputValidation (line 168) | func (c *SecurityChecker) CheckInputValidation(filePath string) ([]str...
method CheckRandomGeneration (line 199) | func (c *SecurityChecker) CheckRandomGeneration(filePath string) ([]st...
method CheckSensitiveData (line 228) | func (c *SecurityChecker) CheckSensitiveData(filePath string) ([]strin...
method CheckSandboxEscape (line 255) | func (c *SecurityChecker) CheckSandboxEscape(filePath string) ([]strin...
method PerformFullCheck (line 286) | func (c *SecurityChecker) PerformFullCheck(filePath string) (map[strin...
function NewSecurityChecker (line 24) | func NewSecurityChecker() *SecurityChecker {
FILE: go/internal/utils/security_test.go
function TestNewSecurityChecker (line 9) | func TestNewSecurityChecker(t *testing.T) {
function createTestFile (line 27) | func createTestFile(content string) (string, error) {
function TestCheckMemoryUsage (line 46) | func TestCheckMemoryUsage(t *testing.T) {
function TestCheckExecutionTime (line 76) | func TestCheckExecutionTime(t *testing.T) {
function TestCheckFileAccess (line 105) | func TestCheckFileAccess(t *testing.T) {
function TestCheckNetworkAccess (line 135) | func TestCheckNetworkAccess(t *testing.T) {
function TestCheckInputValidation (line 165) | func TestCheckInputValidation(t *testing.T) {
function TestCheckRandomGeneration (line 197) | func TestCheckRandomGeneration(t *testing.T) {
function TestCheckSensitiveData (line 227) | func TestCheckSensitiveData(t *testing.T) {
function TestCheckSandboxEscape (line 254) | func TestCheckSandboxEscape(t *testing.T) {
function TestPerformFullCheck (line 284) | func TestPerformFullCheck(t *testing.T) {
FILE: go/internal/utils/tests/security_test.go
function TestSecurityChecker (line 12) | func TestSecurityChecker(t *testing.T) {
function TestSecurityCheckerEdgeCases (line 254) | func TestSecurityCheckerEdgeCases(t *testing.T) {
FILE: go/internal/web/app.go
type App (line 18) | type App struct
method setupRoutes (line 41) | func (a *App) setupRoutes() {
method Run (line 57) | func (a *App) Run(host string, port int) error {
method indexHandler (line 62) | func (a *App) indexHandler(c *gin.Context) {
method scanFileHandler (line 69) | func (a *App) scanFileHandler(c *gin.Context) {
method scanDirectoryHandler (line 113) | func (a *App) scanDirectoryHandler(c *gin.Context) {
method languagesHandler (line 154) | func (a *App) languagesHandler(c *gin.Context) {
method healthHandler (line 162) | func (a *App) healthHandler(c *gin.Context) {
function NewApp (line 24) | func NewApp() *App {
FILE: go/internal/web/static/js/app.js
function initCharts (line 22) | function initCharts() {
function loadSettings (line 76) | function loadSettings() {
function saveSettings (line 89) | function saveSettings() {
function bindEvents (line 104) | function bindEvents() {
function scanFile (line 130) | function scanFile() {
function scanDirectory (line 167) | function scanDirectory() {
function updateResults (line 214) | function updateResults(data) {
function getSeverityClass (line 317) | function getSeverityClass(severity) {
function getSeverityText (line 327) | function getSeverityText(severity) {
function escapeHtml (line 337) | function escapeHtml(html) {
function showLoading (line 344) | function showLoading(message) {
function hideLoading (line 367) | function hideLoading() {
FILE: go/tests/integration/workflow_test.go
function TestWorkflow (line 18) | func TestWorkflow(t *testing.T) {
function createTestProject (line 194) | func createTestProject(dir string) error {
function hasIssues (line 317) | func hasIssues(results map[string]utils.SecurityCheckResult) bool {
FILE: go/tests/security/security_test.go
type TestSecurity (line 19) | type TestSecurity struct
method createTestFile (line 26) | func (ts *TestSecurity) createTestFile(content string) (string, error) {
function TestMemoryLimit (line 40) | func TestMemoryLimit(t *testing.T) {
function TestExecutionTimeout (line 68) | func TestExecutionTimeout(t *testing.T) {
function TestFileAccess (line 95) | func TestFileAccess(t *testing.T) {
function TestNetworkAccess (line 124) | func TestNetworkAccess(t *testing.T) {
function TestCodeInjection (line 153) | func TestCodeInjection(t *testing.T) {
function TestInputValidation (line 182) | func TestInputValidation(t *testing.T) {
function TestSecureRandom (line 209) | func TestSecureRandom(t *testing.T) {
function TestSensitiveData (line 242) | func TestSensitiveData(t *testing.T) {
function TestSandboxEscape (line 270) | func TestSandboxEscape(t *testing.T) {
FILE: movery/analyzers/code_analyzer.py
class CodeAnalyzer (line 15) | class CodeAnalyzer:
method __init__ (line 18) | def __init__(self):
method analyze_file (line 29) | def analyze_file(self, filename: str) -> Dict:
method _calculate_complexity (line 65) | def _calculate_complexity(self, ast_node: any) -> int:
FILE: movery/analyzers/language.py
class LanguageAnalyzer (line 22) | class LanguageAnalyzer(ABC):
method __init__ (line 25) | def __init__(self):
method parse_file (line 29) | def parse_file(self, filename: str) -> Any:
method get_functions (line 34) | def get_functions(self, ast_node: Any) -> List[Dict]:
method get_classes (line 39) | def get_classes(self, ast_node: Any) -> List[Dict]:
method get_imports (line 44) | def get_imports(self, ast_node: Any) -> List[Dict]:
method get_variables (line 49) | def get_variables(self, ast_node: Any) -> List[Dict]:
method supports_file (line 53) | def supports_file(self, filename: str) -> bool:
class PythonAnalyzer (line 58) | class PythonAnalyzer(LanguageAnalyzer):
method __init__ (line 61) | def __init__(self):
method parse_file (line 65) | def parse_file(self, filename: str) -> ast.AST:
method get_functions (line 70) | def get_functions(self, ast_node: ast.AST) -> List[Dict]:
method get_classes (line 86) | def get_classes(self, ast_node: ast.AST) -> List[Dict]:
method get_imports (line 102) | def get_imports(self, ast_node: ast.AST) -> List[Dict]:
method get_variables (line 123) | def get_variables(self, ast_node: ast.AST) -> List[Dict]:
method _get_return_annotation (line 138) | def _get_return_annotation(self, node: ast.FunctionDef) -> Optional[str]:
method _get_decorator_name (line 144) | def _get_decorator_name(self, node: ast.expr) -> str:
method _get_name (line 154) | def _get_name(self, node: ast.expr) -> str:
method _get_value (line 162) | def _get_value(self, node: ast.expr) -> Any:
class JavaAnalyzer (line 175) | class JavaAnalyzer(LanguageAnalyzer):
method __init__ (line 178) | def __init__(self):
method parse_file (line 182) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 188) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 193) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 198) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 203) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class CppAnalyzer (line 208) | class CppAnalyzer(LanguageAnalyzer):
method __init__ (line 211) | def __init__(self):
method parse_file (line 215) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 221) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 226) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 231) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 236) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class GoAnalyzer (line 241) | class GoAnalyzer(LanguageAnalyzer):
method __init__ (line 244) | def __init__(self):
method parse_file (line 248) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 254) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 259) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 264) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 269) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class JavaScriptAnalyzer (line 274) | class JavaScriptAnalyzer(LanguageAnalyzer):
method __init__ (line 277) | def __init__(self):
method parse_file (line 281) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 287) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 292) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 297) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 302) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class LanguageAnalyzerFactory (line 307) | class LanguageAnalyzerFactory:
method get_analyzer (line 319) | def get_analyzer(cls, filename: str) -> Optional[LanguageAnalyzer]:
method register_analyzer (line 328) | def register_analyzer(cls, language: str, analyzer: LanguageAnalyzer):
FILE: movery/config/config.py
class ProcessingConfig (line 10) | class ProcessingConfig:
class DetectorConfig (line 20) | class DetectorConfig:
class LoggingConfig (line 34) | class LoggingConfig:
class SecurityConfig (line 44) | class SecurityConfig:
class Config (line 54) | class Config:
function load_config (line 60) | def load_config(config_path: str = None) -> Config:
FILE: movery/detectors/vulnerability.py
class Signature (line 10) | class Signature:
class VulnerabilityMatch (line 18) | class VulnerabilityMatch:
class VulnerabilityDetector (line 25) | class VulnerabilityDetector:
method __init__ (line 28) | def __init__(self):
method load_signatures (line 33) | def load_signatures(self, signature_file: str) -> None:
method detect_file (line 51) | def detect_file(self, file_path: str) -> List[VulnerabilityMatch]:
method _calculate_confidence (line 82) | def _calculate_confidence(self, matched_code: str, pattern: str) -> fl...
method analyze_ast (line 113) | def analyze_ast(self, node: ast.AST) -> List[VulnerabilityMatch]:
method detect_similar_patterns (line 182) | def detect_similar_patterns(self, code: str, threshold: float = 0.7) -...
method _calculate_similarity (line 266) | def _calculate_similarity(self, str1: str, str2: str) -> float:
FILE: movery/main.py
function parse_args (line 25) | def parse_args():
function load_config (line 75) | def load_config(config_file: str) -> MoveryConfig:
function find_source_files (line 81) | def find_source_files(target: str) -> List[str]:
function analyze_file (line 109) | def analyze_file(file: str) -> List[Dict]:
function main (line 119) | def main():
FILE: movery/reporters/html.py
class HTMLReporter (line 21) | class HTMLReporter:
method __init__ (line 24) | def __init__(self, template_dir: str = "templates"):
method generate_report (line 28) | def generate_report(self, matches: List[VulnerabilityMatch],
method _prepare_report_data (line 53) | def _prepare_report_data(self, matches: List[VulnerabilityMatch]) -> D...
method _generate_charts (line 89) | def _generate_charts(self, matches: List[VulnerabilityMatch]) -> Dict[...
method _fig_to_base64 (line 139) | def _fig_to_base64(self, fig: go.Figure) -> str:
FILE: movery/tests/integration/test_workflow.py
class TestWorkflow (line 12) | class TestWorkflow(unittest.TestCase):
method setUp (line 13) | def setUp(self):
method create_test_project (line 24) | def create_test_project(self):
method tearDown (line 157) | def tearDown(self):
method test_full_workflow (line 161) | def test_full_workflow(self):
method test_parallel_processing (line 222) | def test_parallel_processing(self):
method test_error_handling (line 256) | def test_error_handling(self):
FILE: movery/tests/security/test_security.py
class TestSecurity (line 12) | class TestSecurity(unittest.TestCase):
method setUp (line 13) | def setUp(self):
method create_test_file (line 19) | def create_test_file(self, content):
method test_memory_limit (line 26) | def test_memory_limit(self):
method test_execution_timeout (line 39) | def test_execution_timeout(self):
method test_file_access (line 52) | def test_file_access(self):
method test_network_access (line 68) | def test_network_access(self):
method test_code_injection (line 84) | def test_code_injection(self):
method test_input_validation (line 97) | def test_input_validation(self):
method test_secure_random (line 111) | def test_secure_random(self):
method test_sensitive_data (line 126) | def test_sensitive_data(self):
method test_sandbox_escape (line 140) | def test_sandbox_escape(self):
method tearDown (line 157) | def tearDown(self):
FILE: movery/tests/unit/test_analyzer.py
class TestCodeAnalyzer (line 8) | class TestCodeAnalyzer(unittest.TestCase):
method setUp (line 9) | def setUp(self):
method test_parse_python (line 15) | def test_parse_python(self):
method test_analyze_function (line 30) | def test_analyze_function(self):
method test_data_flow (line 49) | def test_data_flow(self):
method test_complexity_analysis (line 65) | def test_complexity_analysis(self):
method tearDown (line 87) | def tearDown(self):
FILE: movery/tests/unit/test_detector.py
class TestVulnerabilityDetector (line 8) | class TestVulnerabilityDetector(unittest.TestCase):
method setUp (line 9) | def setUp(self):
method test_load_signatures (line 15) | def test_load_signatures(self):
method test_detect_vulnerability (line 37) | def test_detect_vulnerability(self):
method test_false_positive (line 52) | def test_false_positive(self):
method test_similarity_matching (line 65) | def test_similarity_matching(self):
method tearDown (line 80) | def tearDown(self):
FILE: movery/tests/unit/test_security.py
class TestSecurityChecker (line 9) | class TestSecurityChecker(unittest.TestCase):
method setUp (line 10) | def setUp(self):
method tearDown (line 68) | def tearDown(self):
method test_check_memory_usage (line 72) | def test_check_memory_usage(self):
method test_check_execution_time (line 79) | def test_check_execution_time(self):
method test_check_file_access (line 86) | def test_check_file_access(self):
method test_check_network_access (line 93) | def test_check_network_access(self):
method test_check_input_validation (line 100) | def test_check_input_validation(self):
method test_check_random_generation (line 107) | def test_check_random_generation(self):
method test_check_sensitive_data (line 114) | def test_check_sensitive_data(self):
method test_check_sandbox_escape (line 121) | def test_check_sandbox_escape(self):
method test_perform_full_check (line 128) | def test_perform_full_check(self):
method test_concurrent_checks (line 152) | def test_concurrent_checks(self):
FILE: movery/tests/unit/test_vulnerability.py
class TestVulnerabilityDetector (line 9) | class TestVulnerabilityDetector(unittest.TestCase):
method setUp (line 10) | def setUp(self):
method tearDown (line 61) | def tearDown(self):
method test_load_signatures (line 65) | def test_load_signatures(self):
method test_detect_file (line 74) | def test_detect_file(self):
method test_analyze_ast (line 85) | def test_analyze_ast(self):
method test_detect_similar_patterns (line 97) | def test_detect_similar_patterns(self):
method test_calculate_confidence (line 121) | def test_calculate_confidence(self):
method test_calculate_similarity (line 134) | def test_calculate_similarity(self):
FILE: movery/utils/logging.py
class AsyncLogHandler (line 18) | class AsyncLogHandler(logging.Handler):
method __init__ (line 21) | def __init__(self, capacity: int = 1000):
method emit (line 30) | def emit(self, record: logging.LogRecord):
method _process_logs (line 36) | def _process_logs(self):
method _write_log (line 46) | def _write_log(self, record: logging.LogRecord):
method close (line 54) | def close(self):
class ProgressLogger (line 60) | class ProgressLogger:
method __init__ (line 63) | def __init__(self, total: int, desc: str = "", interval: float = 0.1):
method update (line 71) | def update(self, n: int = 1):
method _display_progress (line 78) | def _display_progress(self):
method finish (line 88) | def finish(self):
class JsonFormatter (line 93) | class JsonFormatter(logging.Formatter):
method format (line 96) | def format(self, record: logging.LogRecord) -> str:
function setup_logging (line 115) | def setup_logging(log_file: Optional[str] = None, level: str = None):
function log_execution_time (line 148) | def log_execution_time(logger: Optional[logging.Logger] = None):
function get_logger (line 164) | def get_logger(name: str) -> logging.Logger:
FILE: movery/utils/memory.py
class MemoryMonitor (line 20) | class MemoryMonitor:
method __init__ (line 23) | def __init__(self, max_memory: Optional[int] = None):
method get_memory_usage (line 29) | def get_memory_usage(self) -> int:
method check_memory (line 33) | def check_memory(self) -> bool:
method force_garbage_collection (line 43) | def force_garbage_collection(self):
method monitor_operation (line 48) | def monitor_operation(self, operation_name: str):
class LRUCache (line 60) | class LRUCache:
method __init__ (line 63) | def __init__(self, max_size: Optional[int] = None):
method get (line 69) | def get(self, key: str) -> Optional[Any]:
method put (line 78) | def put(self, key: str, value: Any, size: Optional[int] = None):
method clear (line 99) | def clear(self):
class MemoryMappedFile (line 105) | class MemoryMappedFile:
method __init__ (line 108) | def __init__(self, filename: str, mode: str = "r"):
method __enter__ (line 114) | def __enter__(self):
method __exit__ (line 123) | def __exit__(self, exc_type, exc_val, exc_tb):
method read (line 129) | def read(self, size: int = -1) -> bytes:
method write (line 135) | def write(self, data: bytes):
method seek (line 141) | def seek(self, offset: int):
function chunk_iterator (line 145) | def chunk_iterator(data: Any, chunk_size: Optional[int] = None) -> Gener...
FILE: movery/utils/parallel.py
class WorkerPool (line 23) | class WorkerPool:
method __init__ (line 26) | def __init__(self, num_workers: Optional[int] = None,
method start (line 38) | def start(self):
method stop (line 55) | def stop(self):
method submit (line 68) | def submit(self, func: Callable, *args, **kwargs) -> Any:
method map (line 76) | def map(self, func: Callable, iterable: List[Any]) -> List[Any]:
method imap (line 83) | def imap(self, func: Callable, iterable: List[Any]) -> Any:
method get_context (line 92) | def get_context(self):
class TaskQueue (line 100) | class TaskQueue:
method __init__ (line 103) | def __init__(self, maxsize: int = 0):
method put (line 112) | def put(self, item: Any, priority: int = 0, block: bool = True,
method get (line 137) | def get(self, block: bool = True, timeout: Optional[float] = None) -> ...
method task_done (line 160) | def task_done(self):
method join (line 170) | def join(self):
method qsize (line 176) | def qsize(self) -> int:
method empty (line 180) | def empty(self) -> bool:
method full (line 184) | def full(self) -> bool:
method _qsize (line 188) | def _qsize(self) -> int:
class ParallelExecutor (line 192) | class ParallelExecutor:
method __init__ (line 195) | def __init__(self, num_workers: Optional[int] = None,
method submit (line 203) | def submit(self, task_id: str, func: Callable, *args,
method execute (line 208) | def execute(self) -> Tuple[Dict[str, Any], Dict[str, Exception]]:
method _handle_result (line 227) | def _handle_result(self, task_id: str, future):
function parallel_map (line 238) | def parallel_map(func: Callable, iterable: List[Any],
FILE: movery/utils/security.py
class SecurityChecker (line 11) | class SecurityChecker:
method __init__ (line 14) | def __init__(self):
method check_memory_usage (line 45) | def check_memory_usage(self, file_path: str) -> Dict[str, Any]:
method check_execution_time (line 92) | def check_execution_time(self, file_path: str, timeout: float = 5.0) -...
method check_file_access (line 138) | def check_file_access(self, file_path: str) -> Dict[str, Any]:
method check_network_access (line 173) | def check_network_access(self, file_path: str) -> Dict[str, Any]:
method check_input_validation (line 208) | def check_input_validation(self, file_path: str) -> Dict[str, Any]:
method check_random_generation (line 253) | def check_random_generation(self, file_path: str) -> Dict[str, Any]:
method check_sensitive_data (line 289) | def check_sensitive_data(self, file_path: str) -> Dict[str, Any]:
method check_sandbox_escape (line 324) | def check_sandbox_escape(self, file_path: str) -> Dict[str, Any]:
method perform_full_check (line 367) | def perform_full_check(self, file_path: str) -> Dict[str, Any]:
FILE: src/analyzers/language.py
class LanguageAnalyzer (line 22) | class LanguageAnalyzer(ABC):
method __init__ (line 25) | def __init__(self):
method parse_file (line 29) | def parse_file(self, filename: str) -> Any:
method get_functions (line 34) | def get_functions(self, ast_node: Any) -> List[Dict]:
method get_classes (line 39) | def get_classes(self, ast_node: Any) -> List[Dict]:
method get_imports (line 44) | def get_imports(self, ast_node: Any) -> List[Dict]:
method get_variables (line 49) | def get_variables(self, ast_node: Any) -> List[Dict]:
method supports_file (line 53) | def supports_file(self, filename: str) -> bool:
class PythonAnalyzer (line 58) | class PythonAnalyzer(LanguageAnalyzer):
method __init__ (line 61) | def __init__(self):
method parse_file (line 65) | def parse_file(self, filename: str) -> ast.AST:
method get_functions (line 70) | def get_functions(self, ast_node: ast.AST) -> List[Dict]:
method get_classes (line 86) | def get_classes(self, ast_node: ast.AST) -> List[Dict]:
method get_imports (line 102) | def get_imports(self, ast_node: ast.AST) -> List[Dict]:
method get_variables (line 123) | def get_variables(self, ast_node: ast.AST) -> List[Dict]:
method _get_return_annotation (line 138) | def _get_return_annotation(self, node: ast.FunctionDef) -> Optional[str]:
method _get_decorator_name (line 144) | def _get_decorator_name(self, node: ast.expr) -> str:
method _get_name (line 154) | def _get_name(self, node: ast.expr) -> str:
method _get_value (line 162) | def _get_value(self, node: ast.expr) -> Any:
class JavaAnalyzer (line 175) | class JavaAnalyzer(LanguageAnalyzer):
method __init__ (line 178) | def __init__(self):
method parse_file (line 182) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 188) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 193) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 198) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 203) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class CppAnalyzer (line 208) | class CppAnalyzer(LanguageAnalyzer):
method __init__ (line 211) | def __init__(self):
method parse_file (line 215) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 221) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 226) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 231) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 236) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class GoAnalyzer (line 241) | class GoAnalyzer(LanguageAnalyzer):
method __init__ (line 244) | def __init__(self):
method parse_file (line 248) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 254) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 259) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 264) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 269) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class JavaScriptAnalyzer (line 274) | class JavaScriptAnalyzer(LanguageAnalyzer):
method __init__ (line 277) | def __init__(self):
method parse_file (line 281) | def parse_file(self, filename: str) -> Dict:
method get_functions (line 287) | def get_functions(self, ast_node: Dict) -> List[Dict]:
method get_classes (line 292) | def get_classes(self, ast_node: Dict) -> List[Dict]:
method get_imports (line 297) | def get_imports(self, ast_node: Dict) -> List[Dict]:
method get_variables (line 302) | def get_variables(self, ast_node: Dict) -> List[Dict]:
class LanguageAnalyzerFactory (line 307) | class LanguageAnalyzerFactory:
method get_analyzer (line 319) | def get_analyzer(cls, filename: str) -> Optional[LanguageAnalyzer]:
method register_analyzer (line 328) | def register_analyzer(cls, language: str, analyzer: LanguageAnalyzer):
FILE: src/config/config.py
class ProcessingConfig (line 9) | class ProcessingConfig:
class DetectorConfig (line 34) | class DetectorConfig:
class LoggingConfig (line 62) | class LoggingConfig:
class SecurityConfig (line 77) | class SecurityConfig:
class MoveryConfig (line 92) | class MoveryConfig:
method __init__ (line 93) | def __init__(self):
method from_file (line 100) | def from_file(cls, config_file: str) -> "MoveryConfig":
method to_file (line 105) | def to_file(self, config_file: str):
method validate (line 110) | def validate(self) -> bool:
FILE: src/detectors/vulnerability.py
class VulnerabilitySignature (line 23) | class VulnerabilitySignature:
method from_dict (line 37) | def from_dict(cls, data: Dict) -> "VulnerabilitySignature":
method to_dict (line 52) | def to_dict(self) -> Dict:
class VulnerabilityMatch (line 68) | class VulnerabilityMatch:
method to_dict (line 78) | def to_dict(self) -> Dict:
class VulnerabilityDetector (line 90) | class VulnerabilityDetector(ABC):
method __init__ (line 93) | def __init__(self):
method load_signatures (line 97) | def load_signatures(self, signature_file: str):
method detect (line 102) | def detect(self, file: str) -> List[VulnerabilityMatch]:
method analyze_context (line 107) | def analyze_context(self, match: VulnerabilityMatch) -> Dict:
class PatternMatcher (line 111) | class PatternMatcher:
method match_pattern (line 115) | def match_pattern(code: str, pattern: str) -> Optional[Tuple[int, int]]:
method extract_context (line 129) | def extract_context(code: str, line_start: int, line_end: int,
class ASTMatcher (line 137) | class ASTMatcher:
method __init__ (line 140) | def __init__(self):
method match_ast_pattern (line 143) | def match_ast_pattern(self, ast_node: Any, pattern: Dict) -> bool:
class SemanticMatcher (line 183) | class SemanticMatcher:
method __init__ (line 186) | def __init__(self):
method get_semantic_hash (line 189) | def get_semantic_hash(self, code: str) -> str:
method match_semantic (line 221) | def match_semantic(self, code1: str, code2: str,
class DefaultVulnerabilityDetector (line 238) | class DefaultVulnerabilityDetector(VulnerabilityDetector):
method __init__ (line 241) | def __init__(self):
method load_signatures (line 247) | def load_signatures(self, signature_file: str):
method detect (line 256) | def detect(self, file: str) -> List[VulnerabilityMatch]:
method analyze_context (line 329) | def analyze_context(self, match: VulnerabilityMatch) -> Dict:
FILE: src/main.py
function parse_args (line 25) | def parse_args():
function load_config (line 75) | def load_config(config_file: str) -> MoveryConfig:
function find_source_files (line 81) | def find_source_files(target: str) -> List[str]:
function analyze_file (line 109) | def analyze_file(file: str) -> List[Dict]:
function main (line 119) | def main():
FILE: src/reporters/html.py
class HTMLReporter (line 21) | class HTMLReporter:
method __init__ (line 24) | def __init__(self, template_dir: str = "templates"):
method generate_report (line 28) | def generate_report(self, matches: List[VulnerabilityMatch],
method _prepare_report_data (line 53) | def _prepare_report_data(self, matches: List[VulnerabilityMatch]) -> D...
method _generate_charts (line 89) | def _generate_charts(self, matches: List[VulnerabilityMatch]) -> Dict[...
method _fig_to_base64 (line 139) | def _fig_to_base64(self, fig: go.Figure) -> str:
FILE: src/utils/logging.py
class AsyncLogHandler (line 18) | class AsyncLogHandler(logging.Handler):
method __init__ (line 21) | def __init__(self, capacity: int = 1000):
method emit (line 30) | def emit(self, record: logging.LogRecord):
method _process_logs (line 36) | def _process_logs(self):
method _write_log (line 46) | def _write_log(self, record: logging.LogRecord):
method close (line 54) | def close(self):
class ProgressLogger (line 60) | class ProgressLogger:
method __init__ (line 63) | def __init__(self, total: int, desc: str = "", interval: float = 0.1):
method update (line 71) | def update(self, n: int = 1):
method _display_progress (line 78) | def _display_progress(self):
method finish (line 88) | def finish(self):
class JsonFormatter (line 93) | class JsonFormatter(logging.Formatter):
method format (line 96) | def format(self, record: logging.LogRecord) -> str:
function setup_logging (line 115) | def setup_logging(log_file: Optional[str] = None):
function log_execution_time (line 141) | def log_execution_time(logger: Optional[logging.Logger] = None):
function get_logger (line 157) | def get_logger(name: str) -> logging.Logger:
FILE: src/utils/memory.py
class MemoryMonitor (line 19) | class MemoryMonitor:
method __init__ (line 22) | def __init__(self, max_memory: Optional[int] = None):
method get_memory_usage (line 28) | def get_memory_usage(self) -> int:
method check_memory (line 32) | def check_memory(self) -> bool:
method force_garbage_collection (line 42) | def force_garbage_collection(self):
method monitor_operation (line 47) | def monitor_operation(self, operation_name: str):
class LRUCache (line 59) | class LRUCache:
method __init__ (line 62) | def __init__(self, max_size: Optional[int] = None):
method get (line 68) | def get(self, key: str) -> Optional[Any]:
method put (line 77) | def put(self, key: str, value: Any, size: Optional[int] = None):
method clear (line 98) | def clear(self):
class MemoryMappedFile (line 104) | class MemoryMappedFile:
method __init__ (line 107) | def __init__(self, filename: str, mode: str = "r"):
method __enter__ (line 113) | def __enter__(self):
method __exit__ (line 122) | def __exit__(self, exc_type, exc_val, exc_tb):
method read (line 128) | def read(self, size: int = -1) -> bytes:
method write (line 134) | def write(self, data: bytes):
method seek (line 140) | def seek(self, offset: int):
function chunk_iterator (line 144) | def chunk_iterator(data: Any, chunk_size: Optional[int] = None) -> Gener...
FILE: src/utils/parallel.py
class WorkerPool (line 22) | class WorkerPool:
method __init__ (line 25) | def __init__(self, num_workers: Optional[int] = None,
method start (line 37) | def start(self):
method stop (line 54) | def stop(self):
method submit (line 67) | def submit(self, func: Callable, *args, **kwargs) -> Any:
method map (line 75) | def map(self, func: Callable, iterable: List[Any]) -> List[Any]:
method imap (line 82) | def imap(self, func: Callable, iterable: List[Any]) -> Any:
method get_context (line 91) | def get_context(self):
class TaskQueue (line 99) | class TaskQueue:
method __init__ (line 102) | def __init__(self, maxsize: int = 0):
method put (line 111) | def put(self, item: Any, priority: int = 0, block: bool = True,
method get (line 136) | def get(self, block: bool = True, timeout: Optional[float] = None) -> ...
method task_done (line 159) | def task_done(self):
method join (line 169) | def join(self):
method qsize (line 175) | def qsize(self) -> int:
method empty (line 179) | def empty(self) -> bool:
method full (line 183) | def full(self) -> bool:
method _qsize (line 187) | def _qsize(self) -> int:
class ParallelExecutor (line 191) | class ParallelExecutor:
method __init__ (line 194) | def __init__(self, num_workers: Optional[int] = None,
method submit (line 202) | def submit(self, task_id: str, func: Callable, *args,
method execute (line 207) | def execute(self) -> Tuple[Dict[str, Any], Dict[str, Exception]]:
method _handle_result (line 226) | def _handle_result(self, task_id: str, future):
function parallel_map (line 237) | def parallel_map(func: Callable, iterable: List[Any],
Condensed preview — 88 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (478K chars).
[
{
"path": ".github/workflows/go.yml",
"chars": 1716,
"preview": "name: Go\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n\njobs:\n build:\n name: Build and "
},
{
"path": ".gitignore",
"chars": 456,
"preview": "# Python\n__pycache__/\n*.py[cod]\n*$py.class\n*.so\n.Python\nbuild/\ndevelop-eggs/\ndist/\ndownloads/\neggs/\n.eggs/\nlib/\nlib64/\np"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 997,
"preview": "# 贡献者行为准则\n\n## 我们的承诺\n\n为了营造一个开放和友好的环境,我们作为贡献者和维护者承诺:无论年龄、体型、身体健全与否、民族、性征、性别认同和表达、经验水平、教育程度、社会地位、国籍、相貌、种族、宗教信仰、性取向如何,我们都会确保"
},
{
"path": "CONTRIBUTING.md",
"chars": 1538,
"preview": "# 贡献指南\n\n感谢您对Re-movery项目的关注!我们欢迎任何形式的贡献,包括但不限于:\n\n- 报告问题\n- 提交功能建议\n- 改进文档\n- 提交代码修复\n- 添加新功能\n\n## 开发环境设置\n\n1. 安装Go 1.21或更高版本\n2."
},
{
"path": "Detector.py",
"chars": 18694,
"preview": "\"\"\"\nMOVERY Detector - 漏洞检测系统\n作者: Seunghoon Woo (seunghoonwoo@korea.ac.kr)\n修改: August 5, 2022\n\n主要功能:\n1. 扫描目标程序中的潜在漏洞\n2. 支"
},
{
"path": "LICENSE",
"chars": 1065,
"preview": "MIT License\n\nCopyright (c) 2024 heyangxu\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\no"
},
{
"path": "Makefile",
"chars": 1298,
"preview": ".PHONY: build test clean lint run\n\n# Go parameters\nGOCMD=go\nGOBUILD=$(GOCMD) build\nGOCLEAN=$(GOCMD) clean\nGOTEST=$(GOCMD"
},
{
"path": "Preprocessing.py",
"chars": 12895,
"preview": "\"\"\"\nMOVERY 预处理器\n作者: Seunghoon Woo (seunghoonwoo@korea.ac.kr)\n修改日期: March 31, 2023.\n\n主要功能:\n1. 处理目标代码仓库中的C/C++源文件\n2. 提"
},
{
"path": "README.md",
"chars": 4240,
"preview": "# Re-Movery\n\nRe-Movery是一个基于Movery重构的漏洞代码克隆检测工具,该版本在原有功能基础上进行了重大改进,提升了性能并增加了新特性。提供Python和Go两个版本的改进。该工具主要用于检测代码库中可能存在的已知漏洞"
},
{
"path": "config/movery_config.py",
"chars": 76,
"preview": "vulpath = 'D:/NEWRESEARCH/vulFuncs/'\noldpath = 'D:/NEWRESEARCH/oldestFuncs/'"
},
{
"path": "config.json",
"chars": 1517,
"preview": "{\n \"processing\": {\n \"num_processes\": 4,\n \"max_memory_usage\": 8589934592,\n \"chunk_size\": 1048576,"
},
{
"path": "config.json.example",
"chars": 1090,
"preview": "{\n \"processing\": {\n \"num_workers\": 4,\n \"enable_cache\": true,\n \"cache_dir\": \".cache\",\n \"ma"
},
{
"path": "docs/test_report.md",
"chars": 4722,
"preview": "# Re-movery 项目测试报告\n\n## 1. 测试环境\n\n### 1.1 硬件环境\n- CPU: Intel Core i7-11700K @ 3.60GHz\n- 内存: 32GB DDR4\n- 存储: 1TB NVMe SSD\n- "
},
{
"path": "go/README.md",
"chars": 2237,
"preview": "# Re-movery (Go版本)\n\nRe-movery是一个强大的安全漏洞扫描工具,用于检测代码中的潜在安全问题。Go版本提供了高性能的扫描能力和多种接口选项。\n\n## 功能特点\n\n- 支持多种编程语言(目前支持Python和JavaS"
},
{
"path": "go/cmd/movery/main.go",
"chars": 213,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/re-movery/re-movery/internal/cmd\"\n)\n\nfunc main() {\n\t// 执行根命令\n\tif err :"
},
{
"path": "go/go.mod",
"chars": 1480,
"preview": "module github.com/re-movery/re-movery\n\ngo 1.17\n\nrequire (\n\tgithub.com/gin-gonic/gin v1.8.1\n\tgithub.com/spf13/cobra v1.5."
},
{
"path": "go/internal/analyzers/language.go",
"chars": 2682,
"preview": "package analyzers\n\nimport (\n \"go/ast\"\n \"go/parser\"\n \"go/token\"\n \"path/filepath\"\n)\n\n// LanguageAnalyzer defin"
},
{
"path": "go/internal/api/server.go",
"chars": 5697,
"preview": "package api\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io/ioutil\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"time\"\n\n\t\"github.com/gin-"
},
{
"path": "go/internal/cmd/generate.go",
"chars": 15218,
"preview": "package cmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nvar (\n\toutputDir string\n)\n\nvar generat"
},
{
"path": "go/internal/cmd/root.go",
"chars": 1194,
"preview": "package cmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nvar rootCmd = &cobra.Command{\n\tUse: \"re-movery\",\n\tSho"
},
{
"path": "go/internal/cmd/scan.go",
"chars": 4902,
"preview": "package cmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/re-movery/re-movery/internal/core\"\n"
},
{
"path": "go/internal/cmd/server.go",
"chars": 1206,
"preview": "package cmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/re-movery/re-movery/internal/api\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar (\n\ts"
},
{
"path": "go/internal/cmd/web.go",
"chars": 1147,
"preview": "package cmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/re-movery/re-movery/internal/web\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar (\n\tw"
},
{
"path": "go/internal/config/config.go",
"chars": 3635,
"preview": "package config\n\nimport (\n \"github.com/spf13/viper\"\n)\n\n// Config represents the application configuration\ntype Config "
},
{
"path": "go/internal/core/config.go",
"chars": 3040,
"preview": "package core\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io/ioutil\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"gopkg.in/yaml.v3\"\n)\n\n//"
},
{
"path": "go/internal/core/config_test.go",
"chars": 4408,
"preview": "package core\n\nimport (\n\t\"io/ioutil\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n)\n\n// 测试创建新"
},
{
"path": "go/internal/core/models.go",
"chars": 2121,
"preview": "package core\n\nimport (\n\t\"time\"\n)\n\n// Signature represents a vulnerability signature\ntype Signature struct {\n\tID "
},
{
"path": "go/internal/core/scanner.go",
"chars": 4943,
"preview": "package core\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"sync\"\n)\n\n// Scanner is a vulnerability scanner\ntype Sc"
},
{
"path": "go/internal/core/scanner_test.go",
"chars": 5049,
"preview": "package core\n\nimport (\n\t\"io/ioutil\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\n\t\"github.com/stretchr/testify/assert\"\n)\n\n// 测试扫描器"
},
{
"path": "go/internal/detectors/javascript.go",
"chars": 8889,
"preview": "package detectors\n\nimport (\n\t\"bufio\"\n\t\"io/ioutil\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/re-movery/re"
},
{
"path": "go/internal/detectors/python.go",
"chars": 8472,
"preview": "package detectors\n\nimport (\n\t\"bufio\"\n\t\"io/ioutil\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/re-movery/re"
},
{
"path": "go/internal/detectors/tests/detector_test.go",
"chars": 1,
"preview": " "
},
{
"path": "go/internal/detectors/vulnerability.go",
"chars": 5960,
"preview": "package detectors\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io/ioutil\"\n\t\"os\"\n\t\"regexp\"\n\t\"strings\"\n\t\"sync\"\n\n\t\"github.com/dave/d"
},
{
"path": "go/internal/reporters/html.go",
"chars": 10309,
"preview": "package reporters\n\nimport (\n\t\"fmt\"\n\t\"html/template\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"sort\"\n\t\"time\"\n\n\t\"github.com/re-movery/re-mo"
},
{
"path": "go/internal/reporters/json.go",
"chars": 879,
"preview": "package reporters\n\nimport (\n\t\"encoding/json\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/re-movery/re-movery/internal/core\"\n)\n\n"
},
{
"path": "go/internal/reporters/xml.go",
"chars": 3078,
"preview": "package reporters\n\nimport (\n\t\"encoding/xml\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/re-movery/re-movery/internal/core\"\n)\n\n/"
},
{
"path": "go/internal/utils/logging.go",
"chars": 1425,
"preview": "package utils\n\nimport (\n \"io\"\n \"os\"\n \"sync\"\n\n \"github.com/sirupsen/logrus\"\n)\n\nvar (\n logger *logrus.Logge"
},
{
"path": "go/internal/utils/memory.go",
"chars": 2799,
"preview": "package utils\n\nimport (\n \"container/list\"\n \"runtime\"\n \"sync\"\n \"time\"\n\n \"github.com/shirou/gopsutil/v3/mem"
},
{
"path": "go/internal/utils/parallel.go",
"chars": 1515,
"preview": "package utils\n\nimport (\n \"sync\"\n)\n\n// Job represents a unit of work\ntype Job interface {\n Execute() error\n}\n\n// Wo"
},
{
"path": "go/internal/utils/security.go",
"chars": 8186,
"preview": "package utils\n\nimport (\n\t\"fmt\"\n\t\"go/ast\"\n\t\"go/parser\"\n\t\"go/token\"\n\t\"io/ioutil\"\n\t\"os\"\n\t\"regexp\"\n\t\"runtime\"\n\t\"strings\"\n\t\"s"
},
{
"path": "go/internal/utils/security_test.go",
"chars": 5793,
"preview": "package utils\n\nimport (\n\t\"os\"\n\t\"testing\"\n\t\"time\"\n)\n\nfunc TestNewSecurityChecker(t *testing.T) {\n\tchecker := NewSecurityC"
},
{
"path": "go/internal/utils/tests/security_test.go",
"chars": 8181,
"preview": "package utils\n\nimport (\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/assert\"\n)\n\nfunc TestSec"
},
{
"path": "go/internal/web/app.go",
"chars": 3787,
"preview": "package web\n\nimport (\n\t\"fmt\"\n\t\"html/template\"\n\t\"io/ioutil\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"time\"\n\n\t\"github.com/gin-"
},
{
"path": "go/internal/web/static/css/style.css",
"chars": 1718,
"preview": "/* Re-movery 样式文件 */\n\nbody {\n font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;\n background-color: #f8"
},
{
"path": "go/internal/web/static/js/app.js",
"chars": 11064,
"preview": "/**\n * Re-movery Web应用JavaScript\n */\n\n// 全局变量\nlet severityChart = null;\nlet vulnerabilityChart = null;\n\n// 初始化应用\ndocumen"
},
{
"path": "go/internal/web/templates/index.html",
"chars": 23637,
"preview": "<!DOCTYPE html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-wi"
},
{
"path": "go/tests/integration/workflow_test.go",
"chars": 7764,
"preview": "package integration\n\nimport (\n\t\"encoding/json\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/"
},
{
"path": "go/tests/security/security_test.go",
"chars": 6018,
"preview": "package security\n\nimport (\n\t\"fmt\"\n\t\"io/ioutil\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/stretchr/testify/"
},
{
"path": "go/web/templates/report.html",
"chars": 4391,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "movery/__init__.py",
"chars": 341,
"preview": "\"\"\"\nRe-Movery - A tool for discovering modified vulnerable code clones\n\"\"\"\n\n__version__ = \"1.0.0\"\n__author__ = \"heyangxu"
},
{
"path": "movery/analyzers/__init__.py",
"chars": 127,
"preview": "from .language import LanguageAnalyzer\nfrom .code_analyzer import CodeAnalyzer\n\n__all__ = ['LanguageAnalyzer', 'CodeAnal"
},
{
"path": "movery/analyzers/code_analyzer.py",
"chars": 2454,
"preview": "\"\"\"\nCode analysis utilities for Movery\n\"\"\"\nfrom typing import Dict, List, Optional\nimport os\nimport ast\nimport logging\n\n"
},
{
"path": "movery/analyzers/language.py",
"chars": 11347,
"preview": "\"\"\"\nLanguage analysis utilities for Movery\n\"\"\"\nimport os\nfrom typing import Dict, List, Optional, Set, Tuple, Any\nimport"
},
{
"path": "movery/config/__init__.py",
"chars": 89,
"preview": "\"\"\"\nConfiguration module for Movery\n\"\"\"\nfrom .config import config\n\n__all__ = ['config'] "
},
{
"path": "movery/config/config.json",
"chars": 1517,
"preview": "{\n \"processing\": {\n \"num_processes\": 4,\n \"max_memory_usage\": 8589934592,\n \"chunk_size\": 1048576,"
},
{
"path": "movery/config/config.py",
"chars": 1951,
"preview": "\"\"\"\nConfiguration module for Movery\n\"\"\"\nimport json\nimport os\nfrom typing import Dict, Any, List\nfrom dataclasses import"
},
{
"path": "movery/config.json",
"chars": 1517,
"preview": "{\n \"processing\": {\n \"num_processes\": 4,\n \"max_memory_usage\": 8589934592,\n \"chunk_size\": 1048576,"
},
{
"path": "movery/detectors/__init__.py",
"chars": 152,
"preview": "from .vulnerability import VulnerabilityDetector, Signature, VulnerabilityMatch\n\n__all__ = ['VulnerabilityDetector', 'Si"
},
{
"path": "movery/detectors/vulnerability.py",
"chars": 9949,
"preview": "import json\nimport re\nfrom typing import List, Optional\nfrom dataclasses import dataclass\nimport ast\nimport astroid\nfrom"
},
{
"path": "movery/go/cmd/movery/main.go",
"chars": 0,
"preview": ""
},
{
"path": "movery/main.py",
"chars": 6005,
"preview": "\"\"\"\nMain entry point for Movery\n\"\"\"\nimport os\nimport sys\nimport argparse\nimport logging\nimport json\nfrom typing import L"
},
{
"path": "movery/reporters/__init__.py",
"chars": 59,
"preview": "from .html import HTMLReporter\n\n__all__ = ['HTMLReporter'] "
},
{
"path": "movery/reporters/html.py",
"chars": 10364,
"preview": "\"\"\"\nHTML report generator for Movery\n\"\"\"\nimport os\nfrom typing import List, Dict, Any\nimport json\nimport datetime\nfrom j"
},
{
"path": "movery/templates/report.html",
"chars": 4926,
"preview": "\n<!DOCTYPE html>\n<html>\n<head>\n <title>Movery Vulnerability Report</title>\n <style>\n body {\n fon"
},
{
"path": "movery/tests/integration/test_workflow.py",
"chars": 8960,
"preview": "import unittest\nimport os\nimport json\nimport tempfile\nimport shutil\nimport time\nfrom movery.detectors.vulnerability impo"
},
{
"path": "movery/tests/security/test_security.py",
"chars": 4878,
"preview": "import unittest\nimport os\nimport sys\nimport tempfile\nimport shutil\nimport subprocess\nsys.path.append(os.path.dirname(os."
},
{
"path": "movery/tests/unit/test_analyzer.py",
"chars": 3119,
"preview": "import unittest\nimport os\nimport sys\nsys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__f"
},
{
"path": "movery/tests/unit/test_detector.py",
"chars": 2939,
"preview": "import unittest\nimport os\nimport sys\nsys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__f"
},
{
"path": "movery/tests/unit/test_security.py",
"chars": 5563,
"preview": "import unittest\nimport os\nimport tempfile\nimport shutil\nimport time\nimport threading\nfrom movery.utils.security import S"
},
{
"path": "movery/tests/unit/test_vulnerability.py",
"chars": 4930,
"preview": "import unittest\nimport os\nimport json\nimport tempfile\nimport shutil\nimport ast\nfrom movery.detectors.vulnerability impor"
},
{
"path": "movery/utils/__init__.py",
"chars": 251,
"preview": "from .security import SecurityChecker\nfrom .parallel import WorkerPool, ParallelExecutor\nfrom .logging import get_logger"
},
{
"path": "movery/utils/logging.py",
"chars": 5714,
"preview": "\"\"\"\nLogging utilities for Movery\n\"\"\"\nimport logging\nimport sys\nimport os\nimport time\nfrom typing import Optional\nfrom da"
},
{
"path": "movery/utils/memory.py",
"chars": 5373,
"preview": "\"\"\"\nMemory management utilities for Movery\n\"\"\"\nimport os\nimport mmap\nimport psutil\nimport gc\nimport sys\nfrom typing impo"
},
{
"path": "movery/utils/parallel.py",
"chars": 9112,
"preview": "\"\"\"\nParallel processing utilities for Movery\n\"\"\"\nimport multiprocessing as mp\nfrom multiprocessing import Pool, Queue, M"
},
{
"path": "movery/utils/security.py",
"chars": 13327,
"preview": "import os\nimport ast\nimport time\nimport psutil\nimport socket\nimport threading\nfrom typing import List, Dict, Any, Option"
},
{
"path": "requirements.txt",
"chars": 232,
"preview": "jinja2>=3.0.0\nplotly>=5.0.0\npandas>=1.3.0\npsutil>=5.8.0\ntqdm>=4.61.0\ncolorama>=0.4.4\nrequests>=2.26.0\nbeautifulsoup4>=4."
},
{
"path": "setup.py",
"chars": 1775,
"preview": "\"\"\"\nSetup script for Re-Movery\n\"\"\"\nfrom setuptools import setup, find_packages\n\nwith open(\"README.md\", \"r\", encoding=\"ut"
},
{
"path": "signatures.json",
"chars": 5163,
"preview": "{\n \"signatures\": [\n {\n \"id\": \"CWE-78\",\n \"name\": \"OS Command Injection\",\n \"des"
},
{
"path": "signatures.json.example",
"chars": 3194,
"preview": "{\n \"signatures\": [\n {\n \"id\": \"CWE-78\",\n \"name\": \"OS命令注入\",\n \"description\": \"应用"
},
{
"path": "src/analyzers/language.py",
"chars": 11312,
"preview": "\"\"\"\nLanguage analysis utilities for Movery\n\"\"\"\nimport os\nfrom typing import Dict, List, Optional, Set, Tuple\nimport re\ni"
},
{
"path": "src/config/config.py",
"chars": 3131,
"preview": "\"\"\"\nConfiguration settings for Movery\n\"\"\"\nimport os\nfrom typing import Dict, List, Optional\nfrom dataclasses import data"
},
{
"path": "src/detectors/vulnerability.py",
"chars": 12330,
"preview": "\"\"\"\nVulnerability detection utilities for Movery\n\"\"\"\nimport os\nfrom typing import Dict, List, Optional, Set, Tuple, Any\n"
},
{
"path": "src/main.py",
"chars": 5967,
"preview": "\"\"\"\nMain entry point for Movery\n\"\"\"\nimport os\nimport sys\nimport argparse\nimport logging\nimport json\nfrom typing import L"
},
{
"path": "src/reporters/html.py",
"chars": 10349,
"preview": "\"\"\"\nHTML report generator for Movery\n\"\"\"\nimport os\nfrom typing import List, Dict, Any\nimport json\nimport datetime\nfrom j"
},
{
"path": "src/utils/logging.py",
"chars": 5378,
"preview": "\"\"\"\nLogging utilities for Movery\n\"\"\"\nimport logging\nimport sys\nimport os\nimport time\nfrom typing import Optional\nfrom da"
},
{
"path": "src/utils/memory.py",
"chars": 5357,
"preview": "\"\"\"\nMemory management utilities for Movery\n\"\"\"\nimport os\nimport mmap\nimport psutil\nimport gc\nfrom typing import Optional"
},
{
"path": "src/utils/parallel.py",
"chars": 9062,
"preview": "\"\"\"\nParallel processing utilities for Movery\n\"\"\"\nimport multiprocessing as mp\nfrom multiprocessing import Pool, Queue, M"
}
]
// ... and 1 more files (download for full content)
About this extraction
This page contains the full source code of the heyangxu/Re-movery GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 88 files (411.7 KB), approximately 107.7k tokens, and a symbol index with 587 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.