|
| 1 | +[](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [](https://github.com/hktalent/) |
| 2 | +# Ai(ChatGPT-4) Code Security Audit |
| 3 | + |
| 4 | +<img width="1106" alt="image" src="https://user-images.githubusercontent.com/18223385/229397981-b0eab8a6-9635-4520-8e1a-d11e1c3ffcfe.png"> |
| 5 | + |
| 6 | + |
| 7 | +# feature |
| 8 | +- 相同 jar、相同 java 文件,chatGPT ( GPT-4 ) 只执行一次,结果保留在索引库中,所以不用担心多次重复执行的问题 |
| 9 | +- 免费的 chatGPT 限速20次/分钟,付费用户可以通过修改 config/config.json 调整频率 |
| 10 | +- 文件大于 3500 字节自动拆分发送给 chatGPT,避免过长的文件导致 chatGPT 无法处理 |
| 11 | +- 支持 若干个 openai api key,提高并发能力 |
| 12 | +- 基于大数据索引存储结果 |
| 13 | +- 提供 HTTP/2.0 HTTP/3.0 web 界面 |
| 14 | + |
| 15 | +# web UI |
| 16 | +``` |
| 17 | +https://127.0.0.1:8080/indexes/ |
| 18 | +``` |
| 19 | + |
| 20 | +# How Test |
| 21 | +- 运行前,请先调整 ./tools/doFernflower.sh 文件,确保 java 是 11 或高版本 |
| 22 | +- 确定 rt.jar 的路径,修改 ./tools/doFernflower.sh 文件中的 rt.jar 路径 |
| 23 | + |
| 24 | +``` |
| 25 | +find /Library/Java/JavaVirtualMachines -name "rt.jar" |
| 26 | +``` |
| 27 | + |
| 28 | +out |
| 29 | +``` |
| 30 | +/Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home/jre/lib/rt.jar |
| 31 | +/Library/Java/JavaVirtualMachines/jdk1.8.0_72.jdk/Contents/Home/jre/lib/rt.jar |
| 32 | +``` |
| 33 | + |
| 34 | +## config/config.json example |
| 35 | +LimitPerMinute: 建议 api key 个数 * 3 |
| 36 | +``` |
| 37 | +{ |
| 38 | + "proxy": "socks5://127.0.0.1:7890", |
| 39 | + "LimitPerMinute": 6, |
| 40 | + "HttpPort": 8080, |
| 41 | + "org": "org-xx", |
| 42 | + "api_key": "sk-xxx,sk-xxx2", |
| 43 | + "Prefix": "用中文问答,分析%s java代码存在哪些安全风险,如何验证、确认他们", |
| 44 | + "CheckRpt": true |
| 45 | +} |
| 46 | +``` |
| 47 | + |
| 48 | +# How build |
| 49 | +``` |
| 50 | +go get -u ./... |
| 51 | +go mod vendor |
| 52 | +go build -o AiCSA main.go |
| 53 | +``` |
| 54 | + |
| 55 | +## 反编译jar to java |
| 56 | +- 源码将自动保存在 src 目录中 |
| 57 | +- 不同的 ja r会根据hash构建一个源码目录,避免多个jar的源码冲突 |
| 58 | + |
| 59 | +``` |
| 60 | +find $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3 -type f -name "*.jar" | xargs -I {} ./tools/doFernflower.sh {} |
| 61 | +ls $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3/coherence/lib/*.jar|xargs -I {} ./tools/doFernflower.sh {} |
| 62 | +./tools/doFernflower.sh $HOME/MyWork/vulScanPro/tools/weblogic/weblogic12.2.1.3/coherence/lib/coherence.jar |
| 63 | +``` |
| 64 | + |
| 65 | +# Tips |
| 66 | +- Mac OS 所有子目录图片转换为mp4 |
| 67 | +``` |
| 68 | +brew install ffmpeg |
| 69 | +brew update && brew upgrade ffmpeg |
| 70 | +
|
| 71 | +find $HOME/Downloads/outImg -name '*.png' | sort | sed 's/.*/"&"/' | tr '\n' ' ' | xargs ffmpeg -r 30 -i - -c:v libx264 -pix_fmt yuv420p output.mp4 |
| 72 | +``` |
| 73 | + |
| 74 | +## 💖Star |
| 75 | +[](https://starchart.cc/hktalent/AiCSA_pub) |
| 76 | + |
| 77 | +# Donation |
| 78 | +| Wechat Pay | AliPay | Paypal | BTC Pay |BCH Pay | |
| 79 | +| --- | --- | --- | --- | --- | |
| 80 | +|<img src= https://raw.githubusercontent.com/hktalent/myhktools/main/md/wc.png>|<img width=166 src= https://raw.githubusercontent.com/hktalent/myhktools/main/md/zfb.png>|[paypal ](https://www.paypal.me/pwned2019) **miracletalent@gmail.com**|<img width=166 src= https://raw.githubusercontent.com/hktalent/myhktools/main/md/BTC.png>|<img width=166 src= https://raw.githubusercontent.com/hktalent/myhktools/main/md/BCH.jpg>| |
| 81 | + |
0 commit comments