public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
if (AnalysisSearch.doesIdExistInSmartTraceCall_Recursive(fFinding.Trace[0].CallInvocation1,
uSmartTraceCallID, tTraceType))
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bDropDuplicateSmartTraces)
{
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
fFinding, bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
}
return(false);
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
TraceType.
Lost_Sink);
if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0
{
if (false == iLostSinksProcessed.Contains(iLostSinkId))
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
lfFindingsThatMatchCriteria.Add(fFinding);
iLostSinksProcessed.Add(iLostSinkId);
return(true);
}
}
}
return(false);
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
TraceType.
Lost_Sink);
if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bDropDuplicateSmartTraces)
{
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
fFinding, bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
}
return(false);
}
public static O2TraceBlock_OunceV6 getTraceBlockToGlueFinding(AssessmentAssessmentFileFinding fFinding,
TraceType ttTraceType,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6,
Dictionary <String, O2TraceBlock_OunceV6> dO2TraceBlock)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType);
if (ciCallInvocation == null)
{
return(null);
}
String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6);
String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6);
String sLineNumber = ciCallInvocation.line_number.ToString();
String sTraceRootText = OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].sig_id, oadO2AssessmentDataOunceV6);
String sUniqueName = String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber);
// need to find a better way to clue the final sinks since at the moment I am getting a couple sinks trown by the cases when a sink also become a source of tainted data
//String sUniqueName = String.Format("{0} {1} {2} {3}", sSourceSignature, sFile, sLineNumber, sTraceRootText);
if (false == dO2TraceBlock.ContainsKey(sUniqueName))
{
dO2TraceBlock.Add(sUniqueName, new O2TraceBlock_OunceV6());
dO2TraceBlock[sUniqueName].sSignature = sSourceSignature;
dO2TraceBlock[sUniqueName].sFile = sFile;
dO2TraceBlock[sUniqueName].sLineNumber = sLineNumber;
dO2TraceBlock[sUniqueName].sTraceRootText = sTraceRootText;
dO2TraceBlock[sUniqueName].sUniqueName = sUniqueName;
}
return(dO2TraceBlock[sUniqueName]);
}
public static List <AssessmentAssessmentFileFinding> getListOfFindingsWithTraceAndSignature(String sSignature,
TraceType
tTraceType,
O2AssessmentData_OunceV6
fadO2AssessmentDataOunceV6)
{
var fFindingsWithTracesAndSignature = new List <AssessmentAssessmentFileFinding>();
if (fadO2AssessmentDataOunceV6 == null)
{
DI.log.error("in getListOfFindingsWithTraceAndSignature: fadO2AssessmentDataOunceV6 must not be null");
return(fFindingsWithTracesAndSignature);
}
List <AssessmentAssessmentFileFinding> fFindingsWithTraces = getListOfAllFindingsWithTraces("",
ref
fadO2AssessmentDataOunceV6);
foreach (AssessmentAssessmentFileFinding fFinding in fFindingsWithTraces)
{
if (null !=
AnalysisSearch.findTraceTypeAndSignatureInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace,
tTraceType,
sSignature,
fadO2AssessmentDataOunceV6))
{
fFindingsWithTracesAndSignature.Add(fFinding);
}
}
return(fFindingsWithTracesAndSignature);
}
public static String getSource(AssessmentAssessmentFileFinding fFinding, O2AssessmentData_OunceV6 oadF1AssessmentDataOunceV6)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace,
TraceType.Source);
if (ciCallInvocation != null)
{
return(OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadF1AssessmentDataOunceV6));
}
return("");
}
public static void MakeAllLostSinksIntoKnownSinks(O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6)
{
foreach (AssessmentAssessmentFileFinding fFinding in oadO2AssessmentDataOunceV6.dFindings.Keys)
{
CallInvocation ciLostSink =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace,
TraceType.Lost_Sink);
if (ciLostSink != null)
{
ciLostSink.trace_type = (UInt32)TraceType.Known_Sink;
}
}
}
public void populateSearchType()
{
lbAvailableSearchType.Items.AddRange(AnalysisSearch.getListWithSearchTypes().ToArray());
foreach (DataGridViewColumn cColumn in dgvSearchCriteria.Columns)
{
String asd = cColumn.Name;
}
if (dgvSearchCriteria.Columns["sName"] != null)
{
var dgvColumnComboBox = (DataGridViewComboBoxColumn)dgvSearchCriteria.Columns["sName"];
dgvColumnComboBox.Items.AddRange(AnalysisSearch.getListWithSearchTypes().ToArray());
//((DataGridViewComboBoxCell)dgvSearchCriteria.Columns["name"].CellTemplate).Items.AddRange(AnalysisSearch.getListWithSearchTypes().ToArray());
}
}
private String getSmartTraceCallName(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation,
TraceType tTraceType)
{
int iSmartTraceIndex = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(cCallInvocation,
tTraceType);
if (iSmartTraceIndex > 0)
{
return(arAssessmentRun.StringIndeces[iSmartTraceIndex - 1].value);
}
else
{
return("");
}
}
public void populateFindingsResults_Findings(List <AnalysisSearch.FindingsResult> lfrFindingsResults,
String sFindingFilter, bool bUniqueList)
{
Dictionary <String, List <FindingViewItem> > dFilteredFindings = null;
List <FindingViewItem> lviFindingViewItem =
AnalysisSearch.calculateDictionaryWithFilteredFindingsResults(lfrFindingsResults, ref dFilteredFindings,
sFindingFilter, bUniqueList);
//AnalysisSearch.GUI.populateWithListOfFilteredFindings_ListBox(lbSearchResults_Findings, lviFindingViewItem, dFilteredFindings);
//AnalysisSearch.GUI.populateWithListOfFilteredFindings_TreeView(tvSearchResults_Findings, lviFindingViewItem, dFilteredFindings);
//lbSearchResults_Findings.Tag = lfrFindingsResults;
AnalysisSearch.GUI.populateWithDictionaryOfFilteredFindings_TreeView(
tv_CreateSavedAssessment_PerFindingsType, dFilteredFindings);
tv_CreateSavedAssessment_PerFindingsType.Sort();
tv_CreateSavedAssessment_PerFindingsType.Tag = lfrFindingsResults;
}
public static void addSuportForDynamicMethodsOnSinks(TreeView tvRawData, ICirData cdCirData,
bool bAddGluedTracesAsRealTraces)
{
O2Timer tTimer = new O2Timer("Adding Support for Dynamic Methods on Sinks").start();
// first get a unique list of Sink Traces
Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dAllSinkFindings =
analyzer.getUniqueListOfSinks(tvRawData);
//List<String> lsMatches = new List<string>();
foreach (AssessmentAssessmentFileFinding fFinding in dAllSinkFindings.Keys)
{
CallInvocation ciSink =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace,
TraceType.
Known_Sink);
if (ciSink != null)
{
String sContext = OzasmtUtils_OunceV6.getStringIndexValue(ciSink.cxt_id, dAllSinkFindings[fFinding]);
// var fsFilteredSignature = new FilteredSignature(sContext);
if (sContext.IndexOf("java.lang.Object.getClass()") > -1 && sContext.IndexOf("new") > -1 &&
sContext.IndexOf("$") > -1)
{
// we have a match lets get the class out
String sClass = sContext.Substring(sContext.IndexOf("new") + 4);
sClass = sClass.Substring(0, sClass.IndexOf(' '));
// Find traces that match the found class and add them as GluedSinks
foreach (TreeNode tnMatchNode in tvRawData.Nodes)
{
if (tnMatchNode.Text.IndexOf(sClass) > -1)
{
addFindingAsGlueTrace((O2TraceBlock_OunceV6)tnMatchNode.Tag, fFinding,
dAllSinkFindings[fFinding], tvRawData,
bAddGluedTracesAsRealTraces);
}
}
}
}
}
tTimer.stop();
}
public void loadDataForCreateCustomAssessmentFile()
{
List <String> lsCurrentFilters = ascx_FindingsSearchViewer1.getCurrentFilters();
//if (lsCurrentFilters.Count > 0)
List <string> currentFilters = ascx_FindingsSearchViewer1.getSelectedFilters();
if (currentFilters.Count > 0)
{
bool bUniqueList = true;
String sFindingFilter = currentFilters[0];
Dictionary <String, List <FindingViewItem> > dFilteredFindings = null;
List <FindingViewItem> lviFindingViewItem = AnalysisSearch.calculateDictionaryWithFilteredFindingsResults
(
ascx_FindingsSearchViewer1.sasSavedAssessmentSearch.lfrFindingsResults, ref dFilteredFindings,
sFindingFilter, bUniqueList);
AnalysisSearch.GUI.populateWithDictionaryOfFilteredFindings_TreeView(
tv_CreateSavedAssessment_PerFindingsType, dFilteredFindings);
}
}
public static String getUniqueSignature(AssessmentAssessmentFileFinding fFinding, TraceType ttTraceType,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6, bool bShowFullPathForFileName)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType);
if (ciCallInvocation == null)
{
return(null);
}
String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6);
String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6);
String sLineNumber = ciCallInvocation.line_number.ToString();
if (bShowFullPathForFileName)
{
return(String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber));
}
else
{
return(String.Format("{0} {1} {2}", sSourceSignature, Path.GetFileName(sFile), sLineNumber));
}
}
private void configureFilterComboBox()
{
cbSearchResults_Findings_Filter.Items.AddRange(AnalysisSearch.getListWithSearchFilters().ToArray());
cbSearchResults_Findings_Filter.SelectedIndex = 0;
}
public static void mapDotNetWebServices(TreeView tvRawData)
{
String sDotNetWebServicesSinkToFind =
"System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(string;object[]):object[]";
var ltnNodesWithSink = new List <TreeNode>();
analyzer.calculateListOfNodesWithSink_recursive(tvRawData.Nodes, sDotNetWebServicesSinkToFind,
ltnNodesWithSink);
foreach (TreeNode tnTreeNodeWithInvokeSink in ltnNodesWithSink)
{
var otbO2TraceBlockWithSink = (O2TraceBlock_OunceV6)tnTreeNodeWithInvokeSink.Tag;
foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlockWithSink.dSources.Keys)
{
//FindingViewItem fviFindingViewItem
//String sSink = o2.analysis.Analysis.getSink(fFinding,otbO2TraceBlockWithSink.dSources[fFinding]);
//String sSource = o2.analysis.Analysis.getSource(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
var lcaReverseListOfCallInvocation = new List <CallInvocation>();
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnReverseListOfCallInvocation(
fFinding.Trace, TraceType.Known_Sink, lcaReverseListOfCallInvocation);
if (lcaReverseListOfCallInvocation.Count > 1)
{
var fsFilteredSignature =
new FilteredSignature(
OzasmtUtils_OunceV6.getStringIndexValue(lcaReverseListOfCallInvocation[1].sig_id,
otbO2TraceBlockWithSink.dSources[fFinding]));
String sSignatureToMatch = fsFilteredSignature.getFilteredSignature(true, false, false, -1);
// we really should also check the return class, but there are some diferences in the ways the objects are mapped (object[] on the client and ArrayList() on the server)
bool bFoundWebServiceSink = false;
foreach (TreeNode tnRawNode in tvRawData.Nodes)
{
var otbO2TraceBlock = (O2TraceBlock_OunceV6)tnRawNode.Tag;
String sRawTraceSignature =
new FilteredSignature(otbO2TraceBlock.sSignature).getFilteredSignature(true, false,
false, -1);
if (sRawTraceSignature == sSignatureToMatch)
{
if (otbO2TraceBlock.dSources.Count == 0)
{
bFoundWebServiceSink = true;
foreach (
AssessmentAssessmentFileFinding fFindingInMappedSink in
otbO2TraceBlock.dSinks.Keys)
{
String sSource = AnalysisUtils.getSource(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
String sSink = AnalysisUtils.getSink(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
DI.log.info("Adding {0} to {1}", sSource,
otbO2TraceBlockWithSink.sUniqueName);
// add to dGluedSinks
if (false ==
otbO2TraceBlockWithSink.dGluedSinks.ContainsKey(fFindingInMappedSink))
{
otbO2TraceBlockWithSink.dGluedSinks.Add(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
otbO2TraceBlockWithSink.dSinks.Add(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
}
// add to dGluedSinks
if (false == otbO2TraceBlock.dGluedSinks.ContainsKey(fFinding))
{
//otbO2TraceBlock.dGluedSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
//otbO2TraceBlock.dSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
}
}
/* foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlock.dSinks.Keys)
* {
* DI.log.info("Adding trace to : {0} on Root node: {1}", tnTreeNodeWithInvokeSink.Text, O2Forms.getRootNode(tnTreeNodeWithInvokeSink).Text);
* TreeNode tnTreeNodeToAdd = tnTreeNodeWithInvokeSink;
* if (tnTreeNodeToAdd.Nodes.Count >0)
* tnTreeNodeToAdd = tnTreeNodeToAdd.Nodes[0];
* tnTreeNodeToAdd.Nodes.Add(O2Forms.newTreeNode("TEST", "TEST", 0, new FindingViewItem(fFinding, otbO2TraceBlock.dSinks[fFinding])));
* }
* */
//tnTreeNodeWithInvokeSink
// DI.log.debug(" Found Possible match : {0}", otbO2TraceBlock.sSignature);
}
else
{
DI.log.debug(" Found FALSE POSITIVE match : {0}", otbO2TraceBlock.sSignature);
}
}
}
if (false == bFoundWebServiceSink)
{
DI.log.error("in mapDotNetWebServices, could not find a match for: {0}",
sSignatureToMatch);
}
}
}
}
}
/*//case 5: // Analysis.TraceType.Lost_Sink:
* nNode.Attr.Fontcolor = nNode.Attr.Color = Microsoft.Glee.Drawing.Color.DarkOrange;
* break;
* case 2: // Analysis.TraceType.Source:
* nNode.Attr.Fontcolor = nNode.Attr.Color = Microsoft.Glee.Drawing.Color.DarkRed;
* break;
* case 3: // Analysis.TraceType.Known_Sink:
* nNode.Attr.Fontcolor = nNode.Attr.Color = Microsoft.Glee.Drawing.Color.Red;
*/
public static List <TreeNode> populateTreeNodeCollectionWithFilteredSearch_Recursive(
TreeNodeCollection trnTreeNodeCollection, List <AnalysisSearch.FindingsResult> lfrFindingsResults,
bool bUniqueList, List <String> lsFiltersToApply, int iCurrentIndex)
{
if (iCurrentIndex < lsFiltersToApply.Count)
{
Dictionary <String, List <FindingViewItem> > dFilteredFindings = null;
String sFindingFilter = lsFiltersToApply[iCurrentIndex];
var ltnFilteredNodes = new List <TreeNode>();
List <FindingViewItem> lviFindingViewItem =
AnalysisSearch.calculateDictionaryWithFilteredFindingsResults(lfrFindingsResults,
ref dFilteredFindings, sFindingFilter,
bUniqueList);
foreach (String sFilteredFinding in dFilteredFindings.Keys)
{
String sNodeName = sFilteredFinding;
if (sFindingFilter != "Confidence" && sFindingFilter != "Severity")
{
sNodeName = sFindingFilter + ": " + sNodeName;
}
Color cColor = getColorFromFilter(sFindingFilter);
if (bUniqueList)
{
Int32 iImageId = getImageIdFromFilterAndFinding(sFindingFilter,
dFilteredFindings[sFilteredFinding][0]);
sNodeName = String.Format("{0} ({1})", sNodeName,
dFilteredFindings[sFilteredFinding].Count);
TreeNode tnFilteredFinding = O2Forms.newTreeNode(sNodeName, sFilteredFinding, iImageId,
dFilteredFindings[sFilteredFinding]);
tnFilteredFinding.ForeColor = cColor;
trnTreeNodeCollection.Add(tnFilteredFinding);
//frFindingsResult.sStringThatMatchedCriteria);
ltnFilteredNodes.Add(tnFilteredFinding);
}
else
{
foreach (FindingViewItem fviFindingViewItem in dFilteredFindings[sFilteredFinding])
{
Int32 iImageId = getImageIdFromFilterAndFinding(sFindingFilter, fviFindingViewItem);
//String sNodeName = String.Format(sNodeName;
TreeNode tnFilteredFinding = O2Forms.newTreeNode(sNodeName, sFilteredFinding, iImageId,
fviFindingViewItem);
tnFilteredFinding.ForeColor = cColor;
trnTreeNodeCollection.Add(tnFilteredFinding);
//frFindingsResult.sStringThatMatchedCriteria);
ltnFilteredNodes.Add(tnFilteredFinding);
}
}
}
if (++iCurrentIndex < lsFiltersToApply.Count)
{
foreach (TreeNode tnTreeNode in ltnFilteredNodes)
{
/* List<AnalysisSearch.FindingsResult> lfrTreeNodeFindingsResults = new List<AnalysisSearch.FindingsResult>();
* foreach (FindingViewItem fviFindingViewItem in dFilteredFindings[tnTreeNode.Tag.ToString()])// ((Dictionary<String, List<FindingViewItem>>)tnTreeNode.Tag).Values)
* lfrTreeNodeFindingsResults.Add(fviFindingViewItem.frFindingResult);
*
*/
populateTreeNodeCollectionWithFilteredSearch_Recursive(
tnTreeNode.Nodes,
getFindingsResultsListFromTreeNodeTag(tnTreeNode),
bUniqueList,
lsFiltersToApply,
iCurrentIndex);
}
}
return(ltnFilteredNodes);
}
return(null);
}
public bool appendTrace_FindingSourceToFindingSink(AssessmentAssessmentFileFinding fJoinAtSink,
FindingViewItem fviJoinAtSource)
{
//Get the Sink of the first trace
CallInvocation ciSinkNode =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fJoinAtSink.Trace,
TraceType.Known_Sink);
if (ciSinkNode == null)
{
// DI.log.error("in appendTrace_FindingSourceToFindingSink, could not find the Sink of fviJoinAtSink");
return(false);
}
// get the source of the 2nd trace
// There are 3 possible Gluing Scenarios
// a source that has child nodes (when it is a callback)
// a source trace that has a compatible signature with the sink trace (when it was creted via a source of tainded data rule). For this one we will have to find the correct injection point
// a source trace that has nothing do with the source (interfaces gluing for example) and we have the same two cases above
// the strategy to find a gluing point (on the fviJoinAtSource is to find the first trace that has a sink
// try to get case 1 see if the current source has child nodes
CallInvocation ciSourceNode =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(
fviJoinAtSource.fFinding.Trace, TraceType.Source);
if (ciSourceNode == null)
{
DI.log.error(
"in appendTrace_FindingSourceToFindingSink, could not find the Source of fviJoinAtSource");
return(false);
}
if (ciSourceNode.CallInvocation1 == null) // means we are case 2 or 3
{
CallInvocation ciSourceNodeWithSink =
AnalysisSearch.fromSourceFindFirstTraceWithAChildSink(fviJoinAtSource.fFinding,
fviJoinAtSource.oadO2AssessmentDataOunceV6);
if (ciSourceNodeWithSink != null)
{
// if we found this it means that we are now on Trace that the first child node goes to the source and the 2nd goes to the Sink
ciSourceNode = ciSourceNodeWithSink.CallInvocation1[1];
}
}
// make the previous Sink that Type 4 that doesn't seem to be used (could make it sources but it is cleaner with using this extra trace type for the joins
ciSinkNode.trace_type = (int)TraceType.Type_4;
CallInvocation[] aciCallInvocation;
if (AnalysisUtils.getSink(fJoinAtSink, oadNewO2AssessmentDataOunceV6) ==
AnalysisUtils.getSource(fviJoinAtSource.fFinding, fviJoinAtSource.oadO2AssessmentDataOunceV6))
{
aciCallInvocation = ciSourceNode.CallInvocation1;
}
else
{
aciCallInvocation = new[] { ciSourceNode }
};
var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function
ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive(
lciTempNewCallInvocation,
aciCallInvocation,
dNewStringIndex,
dNewFileIndex,
fviJoinAtSource.oadO2AssessmentDataOunceV6);
return(true);
}
public static void createAssessmentFileWithVirtualTraces_fromTwoSourceAssessmentFiles(String sAssessmentFile1,
String sAssessmentFile2,
String sTargetFile)
{
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile1 = null;
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile2 = null;
// get list of traces with
List <AssessmentAssessmentFileFinding> lfFindingsWithTraces_sAssessmentFile2 =
AnalysisUtils.getListOfAllFindingsWithTraces(sAssessmentFile2, ref fadF1AssessmentData_sAssessmentFile2);
// calculate traces to join
var dTracesToAppend = new Dictionary <String, List <CallInvocation> >();
foreach (AssessmentAssessmentFileFinding fFinding in lfFindingsWithTraces_sAssessmentFile2)
{
if (fFinding.Trace != null && fFinding.Trace[0] != null && fFinding.Trace[0].CallInvocation1 != null &&
fFinding.Trace[0].CallInvocation1.Length > 1)
{
if (
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[0].sig_id,
fadF1AssessmentData_sAssessmentFile2).IndexOf(
sExternalSourceString) > -1)
{
String sSignatureOfCallbackFunction =
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[1].sig_id,
fadF1AssessmentData_sAssessmentFile2);
if (false == dTracesToAppend.ContainsKey(sSignatureOfCallbackFunction))
{
dTracesToAppend.Add(sSignatureOfCallbackFunction, new List <CallInvocation>());
}
dTracesToAppend[sSignatureOfCallbackFunction].Add(fFinding.Trace[0].CallInvocation1[1]);
}
}
}
// get sinks to append traces
List <String> lsSinks_sAssessmentFile1 = AnalysisAssessmentFile.getListOf_KnownSinks(sAssessmentFile1, ref fadF1AssessmentData_sAssessmentFile1);
Analysis.populateDictionariesWithXrefsToLoadedAssessment(Analysis.FindingFilter.SmartTraces, true, true,
fadF1AssessmentData_sAssessmentFile1);
var dNewStringIndex = new Dictionary <String, UInt32>();
foreach (
AssessmentRunStringIndex siStringIndex in
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces)
{
dNewStringIndex.Add(siStringIndex.value, siStringIndex.id);
}
var dNewFileIndex = new Dictionary <String, UInt32>();
foreach (AssessmentRunFileIndex siStringIndex in fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces)
{
dNewFileIndex.Add(siStringIndex.value, siStringIndex.id);
}
TraceType tTraceType = TraceType.Known_Sink;
foreach (String sSink in lsSinks_sAssessmentFile1)
{
if (dTracesToAppend.ContainsKey(sSink))
{
List <AssessmentAssessmentFileFinding> lfFindingsWithSink =
AnalysisUtils.getListOfFindingsWithTraceAndSignature(sSink, tTraceType,
fadF1AssessmentData_sAssessmentFile1);
foreach (AssessmentAssessmentFileFinding fFindingToJoin in lfFindingsWithSink)
{
var lfNewFindinds = new List <AssessmentAssessmentFileFinding>();
foreach (CallInvocation ciCallInvocationToAppend in dTracesToAppend[sSink])
{
// append trace
AssessmentAssessmentFileFinding fNewFinding = createNewFindingFromExistingOne(
fFindingToJoin, dNewStringIndex, dNewFileIndex, fadF1AssessmentData_sAssessmentFile1);
CallInvocation ciSinkNode =
AnalysisSearch.findTraceTypeAndSignatureInSmartTrace_Recursive_returnCallInvocation(
fNewFinding.Trace, tTraceType, sSink, fadF1AssessmentData_sAssessmentFile1);
ciSinkNode.trace_type = (int)TraceType.Source;
var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function
ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive(
lciTempNewCallInvocation,
//new CallInvocation[] { ciCallInvocationToAppend },
ciCallInvocationToAppend.CallInvocation1,
dNewStringIndex,
dNewFileIndex,
fadF1AssessmentData_sAssessmentFile2);
lfNewFindinds.Add(fNewFinding);
}
AssessmentAssessmentFile fFile = fadF1AssessmentData_sAssessmentFile1.dFindings[fFindingToJoin];
var lfFindingsInCurrentFile = new List <AssessmentAssessmentFileFinding>(fFile.Finding);
lfFindingsInCurrentFile.Remove(fFindingToJoin);
lfFindingsInCurrentFile.AddRange(lfNewFindinds);
fFile.Finding = lfFindingsInCurrentFile.ToArray();
}
}
}
// update indexes
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces =
OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces =
OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);
//String sTargetFile = config.getTempFileNameInF1TempDirectory();
OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun, sTargetFile);
DI.log.debug("Joined assesment saved to:{0}", sTargetFile);
}
private void populateListBoxWithCurrentFilters()
{
lbFilterList.Items.AddRange(AnalysisSearch.getListWithSearchFilters().ToArray());
}
public static void findSpringAttributes(TreeView tvRawData)
{
String sFunctionSignature = "ModelMap.addAttribute";
O2Timer tTimer = new O2Timer("Resolving attribute based function: {0} ").start();
Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dMatches =
analyzer.getSinksFindingsThatMatchRegEx(tvRawData, sFunctionSignature);
foreach (AssessmentAssessmentFileFinding fFinding in dMatches.Keys)
{
// resolve addAddtibute name
String sSinkContext = AnalysisUtils.getSinkContext(fFinding, dMatches[fFinding]);
var fsFilteredSignature = new FilteredSignature(sSinkContext);
String sParameters = fsFilteredSignature.sParameters.Replace("\"", "");
String sSpringParameter = sParameters.Substring(0, sParameters.IndexOf(',')).Trim();
// create a unique name for it:
String sSink = AnalysisUtils.getSink(fFinding, dMatches[fFinding]);
String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// make sure we have not added this already
if (sSink.IndexOf(sSpringParameter) == -1)
{
// String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// String sSinkWithAttributeName = sSpringParameter;
String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink,
dMatches[fFinding], true);
var otbO2TraceBlockOfThisFinding = (O2TraceBlock_OunceV6)tvRawData.Nodes[sUniqueSignature].Tag;
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(
fFinding.Trace, TraceType.Known_Sink);
UInt32 uNewId = OzasmtUtils_OunceV6.addTextToStringIndexes(sSinkWithAttributeName,
dMatches[fFinding].arAssessmentRun);
;
ciCallInvocation.sig_id = uNewId;
DI.log.debug(" Found spring attribute '{0}' on sinks and modified to {1}", sSpringParameter,
sSinkWithAttributeName);
//o2.analysis.Analysis.getSink(fFinding, dMatches[fFinding]));
otbO2TraceBlockOfThisFinding.sSignature = sSinkWithAttributeName;
otbO2TraceBlockOfThisFinding.sUniqueName = analyzer.getUniqueSignature(fFinding,
TraceType.
Known_Sink,
dMatches[fFinding], true);
List <O2TraceBlock_OunceV6> lotbO2TraceBlockWithVelocityMappings =
analyzer.getO2TraceBlocksThatMatchSignature(sSinkWithAttributeName, tvRawData);
/* String sVelocityMapping = String.Format("{0} 0", sSinkWithAttributeName);
* TreeNode tnVelocityNode = tvRawData.Nodes[sVelocityMapping];
* if (tnVelocityNode != null)
*/
foreach (
O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings in lotbO2TraceBlockWithVelocityMappings)
{
if (otbO2TraceBlockWithVelocityMappings.sFile.IndexOf(".vm") > -1)
{
//O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings = (O2TraceBlock_OunceV6)tnVelocityNode.Tag;
foreach (
AssessmentAssessmentFileFinding fVelocityFinding in
otbO2TraceBlockWithVelocityMappings.dSinks.Keys)
{
if (false == otbO2TraceBlockOfThisFinding.dGluedSinks.ContainsKey(fVelocityFinding))
{
otbO2TraceBlockOfThisFinding.dGluedSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings
.dSinks[fVelocityFinding]);
}
if (false == otbO2TraceBlockOfThisFinding.dSinks.ContainsKey(fVelocityFinding))
{
otbO2TraceBlockOfThisFinding.dSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings.
dSinks[fVelocityFinding]);
}
}
}
}
}
}
tTimer.stop();
}
