Beispiel #1
0
        public string checkIf_loadMultipleOzasmtFiles_Worked()
        {
            var o2Findings = XUtils_Findings_v0_1.loadMultipleOzasmtFiles(pathToOzastmFilesToLoad);

            Assert.That(o2Findings.Count > 0);
            return(string.Format("There were {0} findings loaded", o2Findings.Count));
        }
Beispiel #2
0
        public List <IO2Finding> takeDirectoryAndLoadAllAssessmentsWithStringInName()
        {
            var targetDirectory = pathToOzastmFilesToLoad;
            var filter          = "*webgoat*.ozasmt";
            var recursiveSearch = true;

            return(XUtils_Findings_v0_1.loadMultipleOzasmtFiles(targetDirectory, filter, recursiveSearch));
        }
Beispiel #3
0
        public static List <IO2Finding> getAllTraces_LostSinks(string targetFolder)
        {
            var folderWith_LostSinks = Path.Combine(targetFolder, "FindingsWith_Traces_LostSinks");

            Assert.That(Directory.Exists(folderWith_LostSinks), "directory folderWith_LostSinks did not exist: " + folderWith_LostSinks);
            var o2Findings = XUtils_Findings_v0_1.loadMultipleOzasmtFiles(folderWith_LostSinks);

            O2Cmd.log.write("Findings with Lost Sinks: {0}", o2Findings.Count);
            return(o2Findings);
        }
Beispiel #4
0
        public List <IO2Finding> invokeMultipleXRules()
        {
            // executing findings from pathToOzastmFilesToLoad
            var o2Findings = XUtils_Findings_v0_1.loadMultipleOzasmtFiles(pathToOzastmFilesToLoad);
            // run filter that gets only Traces
            var onlyTraces = new XRule_Findings_Filter().onlyTraces(o2Findings);
            // which have getParameter as source
            var results = new XRule_Findings_Filter().whereSource_Contains(onlyTraces, "getParameter");

            return(results);
        }
Beispiel #5
0
        // PHASE 5 : TASKS


        public void task1_createFinalAssessmentFile()
        {
            var o2Findings = XUtils_Findings_v0_1.loadMultipleOzasmtFiles(folderWithArtifacts_Phase4);

            O2Cmd.log.write("There are {0} findings for final assessment file", o2Findings.Count);

            // make them compatible with OSA
            OzasmtCompatibility.makeCompatibleWithOunceV6(o2Findings);
            finalAssessmentFile = Path.Combine(folderWithArtifacts_Phase5, "Final Set of Findings.ozasmt");
            XUtils_Findings_v0_1.saveFindings(o2Findings, finalAssessmentFile);

            O2Cmd.log.write("Final assessment file created: {0}", finalAssessmentFile);

            copyFinalAssessmentFileToWorkflowFolder();
        }
Beispiel #6
0
        // PHASE 3 : TASKS

        // since there are lot a lot of known sinks move them all into one file
        public void task1_handleKnownSinks()
        {
            // for now save these findings in the root of folderWithArtifacts_Phase3
            var folderWithAssessmentFiles = Path.Combine(folderWithArtifacts_Phase2, "FindingsWith_Traces_KnownSinks");

            Assert.That(Directory.Exists(folderWithAssessmentFiles), "Directory folderWithAssessmentFiles does not exist: " + folderWithAssessmentFiles);

            var o2Findings_WithKnownSinks = XUtils_Findings_v0_1.loadMultipleOzasmtFiles(folderWithAssessmentFiles);

            // save as 1 ozasmt file with all findings
            var targetFile = Path.Combine(folderWithArtifacts_Phase3, "Findings with Known Sinks.ozasmt");

            XUtils_Findings_v0_1.saveFindings(o2Findings_WithKnownSinks, targetFile);

            // save as 1 ozasmt file per VulnType
            var targetFolder   = Path.Combine(folderWithArtifacts_Phase3, "Findings with KnownSinks (by VulnType)");
            var mappedFindings = XUtils_Analysis.getDictionaryWithFindingsMappedBy_VulType(o2Findings_WithKnownSinks);

            XUtils_Analysis.saveDictionaryWithMappedFindingsToFolder(mappedFindings, targetFolder);
        }