Created
March 13, 2022 02:35
-
-
Save dmknght/65114dcb5f0b32fb55292ded3a8f7d44 to your computer and use it in GitHub Desktop.
Simple test code, try to parse C script and scan for dangerous function call with Tree sitter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Code parser with tree sitter | |
`sudo pip3 install tree_sitter` | |
clone parser for each programming language (same dir with code py) `git clone https://github.com/tree-sitter/tree-sitter-c` | |
create any test code (like vuln.c) | |
""" | |
from tree_sitter import Language, Parser | |
# Compile sources to parser. Compile time only | |
Language.build_library('build/parser.so', ['tree-sitter-c']) | |
# Init Parser | |
C_LANG = Language('build/parser.so', 'c') | |
def handle_file(path): | |
with open(path) as f: | |
return f.read() | |
def analysis_function(name, argv): | |
if name.text.decode() in ("gets", "scans"): | |
print(f"[!] Dangerous function {name.text} Buffer Overflow") | |
else: | |
# Calculate buffer? | |
pass | |
def parse_code(cursor): | |
if cursor.type == "compound_statement": | |
for code_line in cursor.children: | |
parse_code(code_line) | |
if cursor.type in ("function_definition", "if_statement"): | |
parse_code(cursor.children[2]) | |
elif cursor.type == "expression_statement": | |
# Detect function call | |
parse_code(cursor.children[0]) | |
elif cursor.type == "call_expression": | |
function_name, function_argv = cursor.children[0], cursor.children[1] | |
analysis_function(function_name, function_argv) | |
def parse_script(script_data): | |
if script_data: | |
parser = Parser() | |
parser.set_language(C_LANG) | |
tree = parser.parse(bytes(script_data, "utf-8")) | |
cursor = tree.walk() | |
cursor.goto_first_child() | |
while True: | |
if cursor.node.type == "function_definition": | |
parse_code(cursor.node.children[2]) | |
if not cursor.goto_next_sibling(): | |
return | |
data = handle_file("/tmp/vuln.c") | |
parse_script(data) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment