public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { if (fFinding.Trace != null) { if (AnalysisSearch.doesIdExistInSmartTraceCall_Recursive(fFinding.Trace[0].CallInvocation1, uSmartTraceCallID, tTraceType)) { if (bChangeFindingData) // if required changed the name of this finding { applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat); } if (bDropDuplicateSmartTraces) { return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding, bIgnoreRootCallInvocation)); } else { lfFindingsThatMatchCriteria.Add(fFinding); return(true); } } } return(false); }
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { if (fFinding.Trace != null) { int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace, TraceType. Lost_Sink); if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0 { if (false == iLostSinksProcessed.Contains(iLostSinkId)) { if (bChangeFindingData) // if required changed the name of this finding { applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat); } lfFindingsThatMatchCriteria.Add(fFinding); iLostSinksProcessed.Add(iLostSinkId); return(true); } } } return(false); }
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { if (fFinding.Trace != null) { int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace, TraceType. Lost_Sink); if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0 { if (bChangeFindingData) // if required changed the name of this finding { applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat); } if (bDropDuplicateSmartTraces) { return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding, bIgnoreRootCallInvocation)); } else { lfFindingsThatMatchCriteria.Add(fFinding); return(true); } } } return(false); }
public static O2TraceBlock_OunceV6 getTraceBlockToGlueFinding(AssessmentAssessmentFileFinding fFinding, TraceType ttTraceType, O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6, Dictionary <String, O2TraceBlock_OunceV6> dO2TraceBlock) { CallInvocation ciCallInvocation = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType); if (ciCallInvocation == null) { return(null); } String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6); String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6); String sLineNumber = ciCallInvocation.line_number.ToString(); String sTraceRootText = OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].sig_id, oadO2AssessmentDataOunceV6); String sUniqueName = String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber); // need to find a better way to clue the final sinks since at the moment I am getting a couple sinks trown by the cases when a sink also become a source of tainted data //String sUniqueName = String.Format("{0} {1} {2} {3}", sSourceSignature, sFile, sLineNumber, sTraceRootText); if (false == dO2TraceBlock.ContainsKey(sUniqueName)) { dO2TraceBlock.Add(sUniqueName, new O2TraceBlock_OunceV6()); dO2TraceBlock[sUniqueName].sSignature = sSourceSignature; dO2TraceBlock[sUniqueName].sFile = sFile; dO2TraceBlock[sUniqueName].sLineNumber = sLineNumber; dO2TraceBlock[sUniqueName].sTraceRootText = sTraceRootText; dO2TraceBlock[sUniqueName].sUniqueName = sUniqueName; } return(dO2TraceBlock[sUniqueName]); }
public static List <AssessmentAssessmentFileFinding> getListOfFindingsWithTraceAndSignature(String sSignature, TraceType tTraceType, O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6) { var fFindingsWithTracesAndSignature = new List <AssessmentAssessmentFileFinding>(); if (fadO2AssessmentDataOunceV6 == null) { DI.log.error("in getListOfFindingsWithTraceAndSignature: fadO2AssessmentDataOunceV6 must not be null"); return(fFindingsWithTracesAndSignature); } List <AssessmentAssessmentFileFinding> fFindingsWithTraces = getListOfAllFindingsWithTraces("", ref fadO2AssessmentDataOunceV6); foreach (AssessmentAssessmentFileFinding fFinding in fFindingsWithTraces) { if (null != AnalysisSearch.findTraceTypeAndSignatureInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, tTraceType, sSignature, fadO2AssessmentDataOunceV6)) { fFindingsWithTracesAndSignature.Add(fFinding); } } return(fFindingsWithTracesAndSignature); }
public static String getSource(AssessmentAssessmentFileFinding fFinding, O2AssessmentData_OunceV6 oadF1AssessmentDataOunceV6) { CallInvocation ciCallInvocation = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, TraceType.Source); if (ciCallInvocation != null) { return(OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadF1AssessmentDataOunceV6)); } return(""); }
public static void MakeAllLostSinksIntoKnownSinks(O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6) { foreach (AssessmentAssessmentFileFinding fFinding in oadO2AssessmentDataOunceV6.dFindings.Keys) { CallInvocation ciLostSink = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, TraceType.Lost_Sink); if (ciLostSink != null) { ciLostSink.trace_type = (UInt32)TraceType.Known_Sink; } } }
public void populateSearchType() { lbAvailableSearchType.Items.AddRange(AnalysisSearch.getListWithSearchTypes().ToArray()); foreach (DataGridViewColumn cColumn in dgvSearchCriteria.Columns) { String asd = cColumn.Name; } if (dgvSearchCriteria.Columns["sName"] != null) { var dgvColumnComboBox = (DataGridViewComboBoxColumn)dgvSearchCriteria.Columns["sName"]; dgvColumnComboBox.Items.AddRange(AnalysisSearch.getListWithSearchTypes().ToArray()); //((DataGridViewComboBoxCell)dgvSearchCriteria.Columns["name"].CellTemplate).Items.AddRange(AnalysisSearch.getListWithSearchTypes().ToArray()); } }
private String getSmartTraceCallName(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation, TraceType tTraceType) { int iSmartTraceIndex = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(cCallInvocation, tTraceType); if (iSmartTraceIndex > 0) { return(arAssessmentRun.StringIndeces[iSmartTraceIndex - 1].value); } else { return(""); } }
public void populateFindingsResults_Findings(List <AnalysisSearch.FindingsResult> lfrFindingsResults, String sFindingFilter, bool bUniqueList) { Dictionary <String, List <FindingViewItem> > dFilteredFindings = null; List <FindingViewItem> lviFindingViewItem = AnalysisSearch.calculateDictionaryWithFilteredFindingsResults(lfrFindingsResults, ref dFilteredFindings, sFindingFilter, bUniqueList); //AnalysisSearch.GUI.populateWithListOfFilteredFindings_ListBox(lbSearchResults_Findings, lviFindingViewItem, dFilteredFindings); //AnalysisSearch.GUI.populateWithListOfFilteredFindings_TreeView(tvSearchResults_Findings, lviFindingViewItem, dFilteredFindings); //lbSearchResults_Findings.Tag = lfrFindingsResults; AnalysisSearch.GUI.populateWithDictionaryOfFilteredFindings_TreeView( tv_CreateSavedAssessment_PerFindingsType, dFilteredFindings); tv_CreateSavedAssessment_PerFindingsType.Sort(); tv_CreateSavedAssessment_PerFindingsType.Tag = lfrFindingsResults; }
public static void addSuportForDynamicMethodsOnSinks(TreeView tvRawData, ICirData cdCirData, bool bAddGluedTracesAsRealTraces) { O2Timer tTimer = new O2Timer("Adding Support for Dynamic Methods on Sinks").start(); // first get a unique list of Sink Traces Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dAllSinkFindings = analyzer.getUniqueListOfSinks(tvRawData); //List<String> lsMatches = new List<string>(); foreach (AssessmentAssessmentFileFinding fFinding in dAllSinkFindings.Keys) { CallInvocation ciSink = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, TraceType. Known_Sink); if (ciSink != null) { String sContext = OzasmtUtils_OunceV6.getStringIndexValue(ciSink.cxt_id, dAllSinkFindings[fFinding]); // var fsFilteredSignature = new FilteredSignature(sContext); if (sContext.IndexOf("java.lang.Object.getClass()") > -1 && sContext.IndexOf("new") > -1 && sContext.IndexOf("$") > -1) { // we have a match lets get the class out String sClass = sContext.Substring(sContext.IndexOf("new") + 4); sClass = sClass.Substring(0, sClass.IndexOf(' ')); // Find traces that match the found class and add them as GluedSinks foreach (TreeNode tnMatchNode in tvRawData.Nodes) { if (tnMatchNode.Text.IndexOf(sClass) > -1) { addFindingAsGlueTrace((O2TraceBlock_OunceV6)tnMatchNode.Tag, fFinding, dAllSinkFindings[fFinding], tvRawData, bAddGluedTracesAsRealTraces); } } } } } tTimer.stop(); }
public void loadDataForCreateCustomAssessmentFile() { List <String> lsCurrentFilters = ascx_FindingsSearchViewer1.getCurrentFilters(); //if (lsCurrentFilters.Count > 0) List <string> currentFilters = ascx_FindingsSearchViewer1.getSelectedFilters(); if (currentFilters.Count > 0) { bool bUniqueList = true; String sFindingFilter = currentFilters[0]; Dictionary <String, List <FindingViewItem> > dFilteredFindings = null; List <FindingViewItem> lviFindingViewItem = AnalysisSearch.calculateDictionaryWithFilteredFindingsResults ( ascx_FindingsSearchViewer1.sasSavedAssessmentSearch.lfrFindingsResults, ref dFilteredFindings, sFindingFilter, bUniqueList); AnalysisSearch.GUI.populateWithDictionaryOfFilteredFindings_TreeView( tv_CreateSavedAssessment_PerFindingsType, dFilteredFindings); } }
public static String getUniqueSignature(AssessmentAssessmentFileFinding fFinding, TraceType ttTraceType, O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6, bool bShowFullPathForFileName) { CallInvocation ciCallInvocation = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType); if (ciCallInvocation == null) { return(null); } String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6); String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6); String sLineNumber = ciCallInvocation.line_number.ToString(); if (bShowFullPathForFileName) { return(String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber)); } else { return(String.Format("{0} {1} {2}", sSourceSignature, Path.GetFileName(sFile), sLineNumber)); } }
private void configureFilterComboBox() { cbSearchResults_Findings_Filter.Items.AddRange(AnalysisSearch.getListWithSearchFilters().ToArray()); cbSearchResults_Findings_Filter.SelectedIndex = 0; }
public static void mapDotNetWebServices(TreeView tvRawData) { String sDotNetWebServicesSinkToFind = "System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(string;object[]):object[]"; var ltnNodesWithSink = new List <TreeNode>(); analyzer.calculateListOfNodesWithSink_recursive(tvRawData.Nodes, sDotNetWebServicesSinkToFind, ltnNodesWithSink); foreach (TreeNode tnTreeNodeWithInvokeSink in ltnNodesWithSink) { var otbO2TraceBlockWithSink = (O2TraceBlock_OunceV6)tnTreeNodeWithInvokeSink.Tag; foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlockWithSink.dSources.Keys) { //FindingViewItem fviFindingViewItem //String sSink = o2.analysis.Analysis.getSink(fFinding,otbO2TraceBlockWithSink.dSources[fFinding]); //String sSource = o2.analysis.Analysis.getSource(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]); var lcaReverseListOfCallInvocation = new List <CallInvocation>(); AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnReverseListOfCallInvocation( fFinding.Trace, TraceType.Known_Sink, lcaReverseListOfCallInvocation); if (lcaReverseListOfCallInvocation.Count > 1) { var fsFilteredSignature = new FilteredSignature( OzasmtUtils_OunceV6.getStringIndexValue(lcaReverseListOfCallInvocation[1].sig_id, otbO2TraceBlockWithSink.dSources[fFinding])); String sSignatureToMatch = fsFilteredSignature.getFilteredSignature(true, false, false, -1); // we really should also check the return class, but there are some diferences in the ways the objects are mapped (object[] on the client and ArrayList() on the server) bool bFoundWebServiceSink = false; foreach (TreeNode tnRawNode in tvRawData.Nodes) { var otbO2TraceBlock = (O2TraceBlock_OunceV6)tnRawNode.Tag; String sRawTraceSignature = new FilteredSignature(otbO2TraceBlock.sSignature).getFilteredSignature(true, false, false, -1); if (sRawTraceSignature == sSignatureToMatch) { if (otbO2TraceBlock.dSources.Count == 0) { bFoundWebServiceSink = true; foreach ( AssessmentAssessmentFileFinding fFindingInMappedSink in otbO2TraceBlock.dSinks.Keys) { String sSource = AnalysisUtils.getSource(fFindingInMappedSink, otbO2TraceBlock.dSinks[ fFindingInMappedSink]); String sSink = AnalysisUtils.getSink(fFindingInMappedSink, otbO2TraceBlock.dSinks[ fFindingInMappedSink]); DI.log.info("Adding {0} to {1}", sSource, otbO2TraceBlockWithSink.sUniqueName); // add to dGluedSinks if (false == otbO2TraceBlockWithSink.dGluedSinks.ContainsKey(fFindingInMappedSink)) { otbO2TraceBlockWithSink.dGluedSinks.Add(fFindingInMappedSink, otbO2TraceBlock.dSinks[ fFindingInMappedSink]); otbO2TraceBlockWithSink.dSinks.Add(fFindingInMappedSink, otbO2TraceBlock.dSinks[ fFindingInMappedSink]); } // add to dGluedSinks if (false == otbO2TraceBlock.dGluedSinks.ContainsKey(fFinding)) { //otbO2TraceBlock.dGluedSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]); //otbO2TraceBlock.dSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]); } } /* foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlock.dSinks.Keys) * { * DI.log.info("Adding trace to : {0} on Root node: {1}", tnTreeNodeWithInvokeSink.Text, O2Forms.getRootNode(tnTreeNodeWithInvokeSink).Text); * TreeNode tnTreeNodeToAdd = tnTreeNodeWithInvokeSink; * if (tnTreeNodeToAdd.Nodes.Count >0) * tnTreeNodeToAdd = tnTreeNodeToAdd.Nodes[0]; * tnTreeNodeToAdd.Nodes.Add(O2Forms.newTreeNode("TEST", "TEST", 0, new FindingViewItem(fFinding, otbO2TraceBlock.dSinks[fFinding]))); * } * */ //tnTreeNodeWithInvokeSink // DI.log.debug(" Found Possible match : {0}", otbO2TraceBlock.sSignature); } else { DI.log.debug(" Found FALSE POSITIVE match : {0}", otbO2TraceBlock.sSignature); } } } if (false == bFoundWebServiceSink) { DI.log.error("in mapDotNetWebServices, could not find a match for: {0}", sSignatureToMatch); } } } } }
/*//case 5: // Analysis.TraceType.Lost_Sink: * nNode.Attr.Fontcolor = nNode.Attr.Color = Microsoft.Glee.Drawing.Color.DarkOrange; * break; * case 2: // Analysis.TraceType.Source: * nNode.Attr.Fontcolor = nNode.Attr.Color = Microsoft.Glee.Drawing.Color.DarkRed; * break; * case 3: // Analysis.TraceType.Known_Sink: * nNode.Attr.Fontcolor = nNode.Attr.Color = Microsoft.Glee.Drawing.Color.Red; */ public static List <TreeNode> populateTreeNodeCollectionWithFilteredSearch_Recursive( TreeNodeCollection trnTreeNodeCollection, List <AnalysisSearch.FindingsResult> lfrFindingsResults, bool bUniqueList, List <String> lsFiltersToApply, int iCurrentIndex) { if (iCurrentIndex < lsFiltersToApply.Count) { Dictionary <String, List <FindingViewItem> > dFilteredFindings = null; String sFindingFilter = lsFiltersToApply[iCurrentIndex]; var ltnFilteredNodes = new List <TreeNode>(); List <FindingViewItem> lviFindingViewItem = AnalysisSearch.calculateDictionaryWithFilteredFindingsResults(lfrFindingsResults, ref dFilteredFindings, sFindingFilter, bUniqueList); foreach (String sFilteredFinding in dFilteredFindings.Keys) { String sNodeName = sFilteredFinding; if (sFindingFilter != "Confidence" && sFindingFilter != "Severity") { sNodeName = sFindingFilter + ": " + sNodeName; } Color cColor = getColorFromFilter(sFindingFilter); if (bUniqueList) { Int32 iImageId = getImageIdFromFilterAndFinding(sFindingFilter, dFilteredFindings[sFilteredFinding][0]); sNodeName = String.Format("{0} ({1})", sNodeName, dFilteredFindings[sFilteredFinding].Count); TreeNode tnFilteredFinding = O2Forms.newTreeNode(sNodeName, sFilteredFinding, iImageId, dFilteredFindings[sFilteredFinding]); tnFilteredFinding.ForeColor = cColor; trnTreeNodeCollection.Add(tnFilteredFinding); //frFindingsResult.sStringThatMatchedCriteria); ltnFilteredNodes.Add(tnFilteredFinding); } else { foreach (FindingViewItem fviFindingViewItem in dFilteredFindings[sFilteredFinding]) { Int32 iImageId = getImageIdFromFilterAndFinding(sFindingFilter, fviFindingViewItem); //String sNodeName = String.Format(sNodeName; TreeNode tnFilteredFinding = O2Forms.newTreeNode(sNodeName, sFilteredFinding, iImageId, fviFindingViewItem); tnFilteredFinding.ForeColor = cColor; trnTreeNodeCollection.Add(tnFilteredFinding); //frFindingsResult.sStringThatMatchedCriteria); ltnFilteredNodes.Add(tnFilteredFinding); } } } if (++iCurrentIndex < lsFiltersToApply.Count) { foreach (TreeNode tnTreeNode in ltnFilteredNodes) { /* List<AnalysisSearch.FindingsResult> lfrTreeNodeFindingsResults = new List<AnalysisSearch.FindingsResult>(); * foreach (FindingViewItem fviFindingViewItem in dFilteredFindings[tnTreeNode.Tag.ToString()])// ((Dictionary<String, List<FindingViewItem>>)tnTreeNode.Tag).Values) * lfrTreeNodeFindingsResults.Add(fviFindingViewItem.frFindingResult); * */ populateTreeNodeCollectionWithFilteredSearch_Recursive( tnTreeNode.Nodes, getFindingsResultsListFromTreeNodeTag(tnTreeNode), bUniqueList, lsFiltersToApply, iCurrentIndex); } } return(ltnFilteredNodes); } return(null); }
public bool appendTrace_FindingSourceToFindingSink(AssessmentAssessmentFileFinding fJoinAtSink, FindingViewItem fviJoinAtSource) { //Get the Sink of the first trace CallInvocation ciSinkNode = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fJoinAtSink.Trace, TraceType.Known_Sink); if (ciSinkNode == null) { // DI.log.error("in appendTrace_FindingSourceToFindingSink, could not find the Sink of fviJoinAtSink"); return(false); } // get the source of the 2nd trace // There are 3 possible Gluing Scenarios // a source that has child nodes (when it is a callback) // a source trace that has a compatible signature with the sink trace (when it was creted via a source of tainded data rule). For this one we will have to find the correct injection point // a source trace that has nothing do with the source (interfaces gluing for example) and we have the same two cases above // the strategy to find a gluing point (on the fviJoinAtSource is to find the first trace that has a sink // try to get case 1 see if the current source has child nodes CallInvocation ciSourceNode = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation( fviJoinAtSource.fFinding.Trace, TraceType.Source); if (ciSourceNode == null) { DI.log.error( "in appendTrace_FindingSourceToFindingSink, could not find the Source of fviJoinAtSource"); return(false); } if (ciSourceNode.CallInvocation1 == null) // means we are case 2 or 3 { CallInvocation ciSourceNodeWithSink = AnalysisSearch.fromSourceFindFirstTraceWithAChildSink(fviJoinAtSource.fFinding, fviJoinAtSource.oadO2AssessmentDataOunceV6); if (ciSourceNodeWithSink != null) { // if we found this it means that we are now on Trace that the first child node goes to the source and the 2nd goes to the Sink ciSourceNode = ciSourceNodeWithSink.CallInvocation1[1]; } } // make the previous Sink that Type 4 that doesn't seem to be used (could make it sources but it is cleaner with using this extra trace type for the joins ciSinkNode.trace_type = (int)TraceType.Type_4; CallInvocation[] aciCallInvocation; if (AnalysisUtils.getSink(fJoinAtSink, oadNewO2AssessmentDataOunceV6) == AnalysisUtils.getSource(fviJoinAtSource.fFinding, fviJoinAtSource.oadO2AssessmentDataOunceV6)) { aciCallInvocation = ciSourceNode.CallInvocation1; } else { aciCallInvocation = new[] { ciSourceNode } }; var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive( lciTempNewCallInvocation, aciCallInvocation, dNewStringIndex, dNewFileIndex, fviJoinAtSource.oadO2AssessmentDataOunceV6); return(true); }
public static void createAssessmentFileWithVirtualTraces_fromTwoSourceAssessmentFiles(String sAssessmentFile1, String sAssessmentFile2, String sTargetFile) { O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile1 = null; O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile2 = null; // get list of traces with List <AssessmentAssessmentFileFinding> lfFindingsWithTraces_sAssessmentFile2 = AnalysisUtils.getListOfAllFindingsWithTraces(sAssessmentFile2, ref fadF1AssessmentData_sAssessmentFile2); // calculate traces to join var dTracesToAppend = new Dictionary <String, List <CallInvocation> >(); foreach (AssessmentAssessmentFileFinding fFinding in lfFindingsWithTraces_sAssessmentFile2) { if (fFinding.Trace != null && fFinding.Trace[0] != null && fFinding.Trace[0].CallInvocation1 != null && fFinding.Trace[0].CallInvocation1.Length > 1) { if ( OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[0].sig_id, fadF1AssessmentData_sAssessmentFile2).IndexOf( sExternalSourceString) > -1) { String sSignatureOfCallbackFunction = OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[1].sig_id, fadF1AssessmentData_sAssessmentFile2); if (false == dTracesToAppend.ContainsKey(sSignatureOfCallbackFunction)) { dTracesToAppend.Add(sSignatureOfCallbackFunction, new List <CallInvocation>()); } dTracesToAppend[sSignatureOfCallbackFunction].Add(fFinding.Trace[0].CallInvocation1[1]); } } } // get sinks to append traces List <String> lsSinks_sAssessmentFile1 = AnalysisAssessmentFile.getListOf_KnownSinks(sAssessmentFile1, ref fadF1AssessmentData_sAssessmentFile1); Analysis.populateDictionariesWithXrefsToLoadedAssessment(Analysis.FindingFilter.SmartTraces, true, true, fadF1AssessmentData_sAssessmentFile1); var dNewStringIndex = new Dictionary <String, UInt32>(); foreach ( AssessmentRunStringIndex siStringIndex in fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces) { dNewStringIndex.Add(siStringIndex.value, siStringIndex.id); } var dNewFileIndex = new Dictionary <String, UInt32>(); foreach (AssessmentRunFileIndex siStringIndex in fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces) { dNewFileIndex.Add(siStringIndex.value, siStringIndex.id); } TraceType tTraceType = TraceType.Known_Sink; foreach (String sSink in lsSinks_sAssessmentFile1) { if (dTracesToAppend.ContainsKey(sSink)) { List <AssessmentAssessmentFileFinding> lfFindingsWithSink = AnalysisUtils.getListOfFindingsWithTraceAndSignature(sSink, tTraceType, fadF1AssessmentData_sAssessmentFile1); foreach (AssessmentAssessmentFileFinding fFindingToJoin in lfFindingsWithSink) { var lfNewFindinds = new List <AssessmentAssessmentFileFinding>(); foreach (CallInvocation ciCallInvocationToAppend in dTracesToAppend[sSink]) { // append trace AssessmentAssessmentFileFinding fNewFinding = createNewFindingFromExistingOne( fFindingToJoin, dNewStringIndex, dNewFileIndex, fadF1AssessmentData_sAssessmentFile1); CallInvocation ciSinkNode = AnalysisSearch.findTraceTypeAndSignatureInSmartTrace_Recursive_returnCallInvocation( fNewFinding.Trace, tTraceType, sSink, fadF1AssessmentData_sAssessmentFile1); ciSinkNode.trace_type = (int)TraceType.Source; var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive( lciTempNewCallInvocation, //new CallInvocation[] { ciCallInvocationToAppend }, ciCallInvocationToAppend.CallInvocation1, dNewStringIndex, dNewFileIndex, fadF1AssessmentData_sAssessmentFile2); lfNewFindinds.Add(fNewFinding); } AssessmentAssessmentFile fFile = fadF1AssessmentData_sAssessmentFile1.dFindings[fFindingToJoin]; var lfFindingsInCurrentFile = new List <AssessmentAssessmentFileFinding>(fFile.Finding); lfFindingsInCurrentFile.Remove(fFindingToJoin); lfFindingsInCurrentFile.AddRange(lfNewFindinds); fFile.Finding = lfFindingsInCurrentFile.ToArray(); } } } // update indexes fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces = OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex); fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces = OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex); //String sTargetFile = config.getTempFileNameInF1TempDirectory(); OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject( fadF1AssessmentData_sAssessmentFile1.arAssessmentRun, sTargetFile); DI.log.debug("Joined assesment saved to:{0}", sTargetFile); }
private void populateListBoxWithCurrentFilters() { lbFilterList.Items.AddRange(AnalysisSearch.getListWithSearchFilters().ToArray()); }
public static void findSpringAttributes(TreeView tvRawData) { String sFunctionSignature = "ModelMap.addAttribute"; O2Timer tTimer = new O2Timer("Resolving attribute based function: {0} ").start(); Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dMatches = analyzer.getSinksFindingsThatMatchRegEx(tvRawData, sFunctionSignature); foreach (AssessmentAssessmentFileFinding fFinding in dMatches.Keys) { // resolve addAddtibute name String sSinkContext = AnalysisUtils.getSinkContext(fFinding, dMatches[fFinding]); var fsFilteredSignature = new FilteredSignature(sSinkContext); String sParameters = fsFilteredSignature.sParameters.Replace("\"", ""); String sSpringParameter = sParameters.Substring(0, sParameters.IndexOf(',')).Trim(); // create a unique name for it: String sSink = AnalysisUtils.getSink(fFinding, dMatches[fFinding]); String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "("); // make sure we have not added this already if (sSink.IndexOf(sSpringParameter) == -1) { // String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "("); // String sSinkWithAttributeName = sSpringParameter; String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink, dMatches[fFinding], true); var otbO2TraceBlockOfThisFinding = (O2TraceBlock_OunceV6)tvRawData.Nodes[sUniqueSignature].Tag; CallInvocation ciCallInvocation = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation( fFinding.Trace, TraceType.Known_Sink); UInt32 uNewId = OzasmtUtils_OunceV6.addTextToStringIndexes(sSinkWithAttributeName, dMatches[fFinding].arAssessmentRun); ; ciCallInvocation.sig_id = uNewId; DI.log.debug(" Found spring attribute '{0}' on sinks and modified to {1}", sSpringParameter, sSinkWithAttributeName); //o2.analysis.Analysis.getSink(fFinding, dMatches[fFinding])); otbO2TraceBlockOfThisFinding.sSignature = sSinkWithAttributeName; otbO2TraceBlockOfThisFinding.sUniqueName = analyzer.getUniqueSignature(fFinding, TraceType. Known_Sink, dMatches[fFinding], true); List <O2TraceBlock_OunceV6> lotbO2TraceBlockWithVelocityMappings = analyzer.getO2TraceBlocksThatMatchSignature(sSinkWithAttributeName, tvRawData); /* String sVelocityMapping = String.Format("{0} 0", sSinkWithAttributeName); * TreeNode tnVelocityNode = tvRawData.Nodes[sVelocityMapping]; * if (tnVelocityNode != null) */ foreach ( O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings in lotbO2TraceBlockWithVelocityMappings) { if (otbO2TraceBlockWithVelocityMappings.sFile.IndexOf(".vm") > -1) { //O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings = (O2TraceBlock_OunceV6)tnVelocityNode.Tag; foreach ( AssessmentAssessmentFileFinding fVelocityFinding in otbO2TraceBlockWithVelocityMappings.dSinks.Keys) { if (false == otbO2TraceBlockOfThisFinding.dGluedSinks.ContainsKey(fVelocityFinding)) { otbO2TraceBlockOfThisFinding.dGluedSinks.Add(fVelocityFinding, otbO2TraceBlockWithVelocityMappings .dSinks[fVelocityFinding]); } if (false == otbO2TraceBlockOfThisFinding.dSinks.ContainsKey(fVelocityFinding)) { otbO2TraceBlockOfThisFinding.dSinks.Add(fVelocityFinding, otbO2TraceBlockWithVelocityMappings. dSinks[fVelocityFinding]); } } } } } } tTimer.stop(); }