public static List<IO2Finding> createO2FindingsFromCirFunction(ICirFunction cirFunction, bool createNewFindingOnExternalCall)
{
var o2FindingsCreated = new List<IO2Finding>();
var filteredSignature = new FilteredSignature(cirFunction);
var functionSignature = filteredSignature.sSignature;
var rootO2Finding = new O2Finding
{
method = cirFunction.ClassNameFunctionNameAndParameters,
vulnName = functionSignature,
vulnType = "O2.CirGeneratedTrace",
severity = 2,
confidence = 2,
file= cirFunction.File
};
if (cirFunction.File != null)
{
UInt32 lineNumber;
if (UInt32.TryParse(cirFunction.FileLine, out lineNumber))
rootO2Finding.lineNumber = lineNumber;
}
createTracesAndFindingsFromCirFunction(cirFunction, rootO2Finding.file, rootO2Finding.lineNumber, rootO2Finding.o2Traces, new List<IO2Trace>(), rootO2Finding, o2FindingsCreated, createNewFindingOnExternalCall);
// make the first trace a Source
rootO2Finding.o2Traces[0].traceType = TraceType.Source;
// and add it to the list of Findings Created
o2FindingsCreated.Add(rootO2Finding);
return o2FindingsCreated;
}
public static FilteredSignature createFilteredSignatureFromJavaMethod(string className, string functionName, string methodDescriptor)
{
var newFilteredSignature = new FilteredSignature();
newFilteredSignature.sFunctionClass = className;
newFilteredSignature.sFunctionName = functionName;
// process descriptor
var lastParentesis = methodDescriptor.LastIndexOf(')');
if (lastParentesis > -1)
{
methodDescriptor = methodDescriptor.Replace('/', '.');
lastParentesis++;
newFilteredSignature.sParameters = methodDescriptor.Substring(0, lastParentesis);
newFilteredSignature.sReturnClass = methodDescriptor.Substring(lastParentesis);
// BUG: Major hack to fix the sParameters created by JavaMethod descriptors
if (newFilteredSignature.sReturnClass == "V")
{
newFilteredSignature.sReturnClass = "void";
}
newFilteredSignature.sParameters = newFilteredSignature.sParameters.Replace("(I)", "(int)").Replace("(IL", "(int;").Replace(";IL", ";int;");
newFilteredSignature.sParameters = newFilteredSignature.sParameters.Replace("(L", "(").Replace("(IL", "(").Replace(";L", ";").Replace(";)", ")");
if (newFilteredSignature.sParameters[0] == '(' && newFilteredSignature.sParameters[newFilteredSignature.sParameters.Length - 1] == ')')
{
newFilteredSignature.sParameters = newFilteredSignature.sParameters.Substring(1, newFilteredSignature.sParameters.Length - 2);
}
// fix the sReturnClass
if (newFilteredSignature.sReturnClass[0] == 'L' && newFilteredSignature.sReturnClass[newFilteredSignature.sReturnClass.Length - 1] == ';')
{
newFilteredSignature.sReturnClass = newFilteredSignature.sReturnClass.Substring(1, newFilteredSignature.sReturnClass.Length - 2);
}
newFilteredSignature.sSignature = newFilteredSignature.getSignature();
}
return(newFilteredSignature);
}
public static String filterSignature(String sStringToFilter, bool bShowParameters, bool bShowReturnClass,
bool bShowNamespace, int iNamespaceDepth)
{
if (DI.dFilteredFuntionSignatures.ContainsKey(sStringToFilter))
{
return(DI.dFilteredFuntionSignatures[sStringToFilter].getFilteredSignature(
bShowParameters, bShowReturnClass, bShowNamespace, iNamespaceDepth));
}
var fsFilteredSignature = new FilteredSignature(sStringToFilter);
DI.dFilteredFuntionSignatures.Add(sStringToFilter, fsFilteredSignature);
return(fsFilteredSignature.getFilteredSignature(bShowParameters, bShowReturnClass, bShowNamespace,
iNamespaceDepth));
}
private static void fixFunctionsCalledXRefs(ICirData cirData)
{
if (cirData != null && cirData.dFunctions_bySignature != null)
{
var timer = new O2Timer("fixFunctionsCalledXRefs").start();
foreach (CirFunction cirFunction in cirData.dFunctions_bySignature.Values)
{
if (cirFunction.FunctionName == null)
{
var filteredSignature = new FilteredSignature(cirFunction.FunctionSignature);
cirFunction.FunctionName = filteredSignature.sFunctionName;
cirFunction.FunctionNameAndParameters = filteredSignature.sFunctionNameAndParams;
cirFunction.ClassNameFunctionNameAndParameters = filteredSignature.sFunctionClass + "." +
filteredSignature.sFunctionNameAndParams;
}
}
timer.stop();
}
}
public static void mapDotNetWebServices(TreeView tvRawData)
{
String sDotNetWebServicesSinkToFind =
"System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(string;object[]):object[]";
var ltnNodesWithSink = new List<TreeNode>();
analyzer.calculateListOfNodesWithSink_recursive(tvRawData.Nodes, sDotNetWebServicesSinkToFind,
ltnNodesWithSink);
foreach (TreeNode tnTreeNodeWithInvokeSink in ltnNodesWithSink)
{
var otbO2TraceBlockWithSink = (O2TraceBlock_OunceV6) tnTreeNodeWithInvokeSink.Tag;
foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlockWithSink.dSources.Keys)
{
//FindingViewItem fviFindingViewItem
//String sSink = o2.analysis.Analysis.getSink(fFinding,otbO2TraceBlockWithSink.dSources[fFinding]);
//String sSource = o2.analysis.Analysis.getSource(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
var lcaReverseListOfCallInvocation = new List<CallInvocation>();
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnReverseListOfCallInvocation(
fFinding.Trace, TraceType.Known_Sink, lcaReverseListOfCallInvocation);
if (lcaReverseListOfCallInvocation.Count > 1)
{
var fsFilteredSignature =
new FilteredSignature(
OzasmtUtils_OunceV6.getStringIndexValue(lcaReverseListOfCallInvocation[1].sig_id,
otbO2TraceBlockWithSink.dSources[fFinding]));
String sSignatureToMatch = fsFilteredSignature.getFilteredSignature(true, false, false, -1);
// we really should also check the return class, but there are some diferences in the ways the objects are mapped (object[] on the client and ArrayList() on the server)
bool bFoundWebServiceSink = false;
foreach (TreeNode tnRawNode in tvRawData.Nodes)
{
var otbO2TraceBlock = (O2TraceBlock_OunceV6) tnRawNode.Tag;
String sRawTraceSignature =
new FilteredSignature(otbO2TraceBlock.sSignature).getFilteredSignature(true, false,
false, -1);
if (sRawTraceSignature == sSignatureToMatch)
{
if (otbO2TraceBlock.dSources.Count == 0)
{
bFoundWebServiceSink = true;
foreach (
AssessmentAssessmentFileFinding fFindingInMappedSink in
otbO2TraceBlock.dSinks.Keys)
{
String sSource = AnalysisUtils.getSource(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
String sSink = AnalysisUtils.getSink(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
DI.log.info("Adding {0} to {1}", sSource,
otbO2TraceBlockWithSink.sUniqueName);
// add to dGluedSinks
if (false ==
otbO2TraceBlockWithSink.dGluedSinks.ContainsKey(fFindingInMappedSink))
{
otbO2TraceBlockWithSink.dGluedSinks.Add(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
otbO2TraceBlockWithSink.dSinks.Add(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
}
// add to dGluedSinks
if (false == otbO2TraceBlock.dGluedSinks.ContainsKey(fFinding))
{
//otbO2TraceBlock.dGluedSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
//otbO2TraceBlock.dSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
}
}
/* foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlock.dSinks.Keys)
{
DI.log.info("Adding trace to : {0} on Root node: {1}", tnTreeNodeWithInvokeSink.Text, O2Forms.getRootNode(tnTreeNodeWithInvokeSink).Text);
TreeNode tnTreeNodeToAdd = tnTreeNodeWithInvokeSink;
if (tnTreeNodeToAdd.Nodes.Count >0)
tnTreeNodeToAdd = tnTreeNodeToAdd.Nodes[0];
tnTreeNodeToAdd.Nodes.Add(O2Forms.newTreeNode("TEST", "TEST", 0, new FindingViewItem(fFinding, otbO2TraceBlock.dSinks[fFinding])));
}
* */
//tnTreeNodeWithInvokeSink
// DI.log.debug(" Found Possible match : {0}", otbO2TraceBlock.sSignature);
}
else
{
DI.log.debug(" Found FALSE POSITIVE match : {0}", otbO2TraceBlock.sSignature);
}
}
}
if (false == bFoundWebServiceSink)
DI.log.error("in mapDotNetWebServices, could not find a match for: {0}",
sSignatureToMatch);
}
}
}
}
public static void addVelocityMappings(TreeView tvRawData)
{
String sFunctionSignature = "ModelMap.addAttribute";
O2Timer tTimer = new O2Timer("Adding Velocity Mappings : {0} ").start();
Dictionary<AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dMatches =
analyzer.getSinksFindingsThatMatchRegEx(tvRawData, sFunctionSignature);
foreach (AssessmentAssessmentFileFinding fFinding in dMatches.Keys)
{
// resolve addAddtibute name
String sSinkContext = AnalysisUtils.getSinkContext(fFinding, dMatches[fFinding]);
var fsFilteredSignature = new FilteredSignature(sSinkContext);
String sParameters = fsFilteredSignature.sParameters.Replace("\"", "");
String sSpringParameter = sParameters.Substring(0, sParameters.IndexOf(',')).Trim();
// create a unique name for it:
String sSink = AnalysisUtils.getSink(fFinding, dMatches[fFinding]);
// String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
String sVelocityMapping = String.Format("{0} 0", sSink);
TreeNode tnVelocityNode = tvRawData.Nodes[sSink];
if (tnVelocityNode != null)
{
var otbO2TraceBlockWithVelocityMappings = (O2TraceBlock_OunceV6) tnVelocityNode.Tag;
String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink,
dMatches[fFinding], true);
var otbO2TraceBlockToAddVelocityMappings = (O2TraceBlock_OunceV6) tvRawData.Nodes[sUniqueSignature].Tag;
// sUniqueSignature = sUniqueSignature.Replace("_" + sSpringParameter + "(", "(");
// O2TraceBlock_OunceV6 otbO2TraceBlockToAddVelocityMappings = (O2TraceBlock_OunceV6)tvRawData.Nodes[sUniqueSignature].Tag;
if (otbO2TraceBlockWithVelocityMappings.dSinks.Count > 1)
{
}
foreach (
AssessmentAssessmentFileFinding fVelocityFinding in
otbO2TraceBlockWithVelocityMappings.dSinks.Keys)
{
if (false == otbO2TraceBlockToAddVelocityMappings.dGluedSinks.ContainsKey(fVelocityFinding))
otbO2TraceBlockToAddVelocityMappings.dGluedSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings
.dSinks[fVelocityFinding]);
if (false == otbO2TraceBlockToAddVelocityMappings.dSinks.ContainsKey(fVelocityFinding))
otbO2TraceBlockToAddVelocityMappings.dSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings.
dSinks[fVelocityFinding]);
}
}
}
}
public void onAfterSelectTreeView(TreeNode selectedNode)
{
try
{
if (selectedNode != null)
{
// populate selectedFilteredSignature object
if (selectedNode.Tag != null && selectedNode.Tag.GetType().Name == "FilteredSignature")
selectedFilteredSignature = (FilteredSignature) selectedNode.Tag;
else
selectedFilteredSignature = null;
// get fucntion's signature
var signature = (selectedFilteredSignature!=null)
?
selectedFilteredSignature.sOriginalSignature
:
selectedNode.Name;
// raise callbacks
Callbacks.raiseRegistedCallbacks(eNodeEvent_AfterSelect, new object[] { signature });
Callbacks.raiseRegistedCallbacks(_onAfterSelect, new [] { selectedNode.Tag });
// need to manual handle this backcolor stuff because we lose it when multiple function's viewers are used at the same time
/* if (selectedNode != null)
{
selectedNode.BackColor = Color.White;
selectedNode.ForeColor = Color.Black;
}
//tnSelectedNode = tvTreeView.SelectedNode;
tvTreeView.SelectedNode.BackColor = Color.DarkBlue;
tnSelectedNode.ForeColor = Color.White;*/
/*if (onTreNodeAfterSelect != null)
foreach (Delegate dDelegate in onTreNodeAfterSelect.GetInvocationList())
{
if (selectedNode.Tag != null &&
selectedNode.Tag.GetType().Name == "FilteredSignature")
dDelegate.DynamicInvoke(new[]
{
((FilteredSignature) selectedNode.Tag).sOriginalSignature
});
else
dDelegate.DynamicInvoke(new[] { selectedNode.Text });
}*/
}
}
catch (Exception ex)
{
PublicDI.log.error("In tvTreeView_AfterSelect: {0}", ex.Message);
}
}
public void showDataForSignature_thread(String sSignatureToShow)
{
if (cirDataAnalysis == null)
DI.log.error("in ascx_CirViewer_Signature.showDataForSignature , fcdAnalysis == null");
else
{
lbClassesBeingViewed.Text = sSignatureToShow;
if (false == cirDataAnalysis.dCirFunction_bySignature.ContainsKey(sSignatureToShow) ||
cirDataAnalysis.dCirFunction_bySignature.ContainsKey(sSignatureToShow) &&
cirDataAnalysis.dCirFunction_bySignature[sSignatureToShow].HasControlFlowGraph == false)
{
DI.log.debug("{0} is not recognized as a full signature, trying to resolve it by name",
sSignatureToShow);
foreach (CirFunction ccFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
{
String sFunctionFullNameWithNoParamsAndReturnvalue =
new FilteredSignature(ccFunction.FunctionSignature).sFunctionFullName;
if (sFunctionFullNameWithNoParamsAndReturnvalue.IndexOf(sSignatureToShow) > -1)
{
DI.log.debug("Found a match:{0}", ccFunction.FunctionSignature);
sSignatureToShow = ccFunction.FunctionSignature;
break;
}
}
}
if (cirDataAnalysis.dCirFunction_bySignature.ContainsKey(sSignatureToShow))
{
ICirFunction ccCirFunction = cirDataAnalysis.dCirFunction_bySignature[sSignatureToShow];
afv_Calls.showSignatures(ViewHelpers.getCirFunctionStringList(ccCirFunction.FunctionsCalledUniqueList));
afv_IsCalledBy.showSignatures(ViewHelpers.getCirFunctionStringList(ccCirFunction.FunctionIsCalledBy));
lbBoxSsaVariables.Items.Clear();
lBoxVariables.Items.Clear();
foreach (SsaVariable cfSSaVariable in ccCirFunction.dSsaVariables.Values)
{
String sVariableMapping = String.Format("{0} = {1}", cfSSaVariable.sBaseName,
cfSSaVariable.sPrintableType);
lbBoxSsaVariables.Items.Add(sVariableMapping);
// DI.log.debug(sVariableMapping);
}
foreach (FunctionVariable fvVariable in ccCirFunction.dVariables.Values)
{
lBoxVariables.Items.Add(String.Format("[def:{0}] [ref:{1}] {2}", fvVariable.sSymbolDef,
fvVariable.refSymbol, fvVariable.sUniqueID));
}
ViewHelpers.showFunctionBlocksInWebBrower(((CirFunction)ccCirFunction).lcfgBasicBlocks,
wbControlFlowGraphsOFSelectedMethod);
asv_CalledFunctions.showDataForSignature(sSignatureToShow);
asv_IsCalledBy.showDataForSignature(sSignatureToShow);
}
else
{
var lsEmpty = new List<string>();
afv_Calls.showSignatures(lsEmpty);
afv_IsCalledBy.showSignatures(lsEmpty);
lbBoxSsaVariables.Items.Clear();
lBoxVariables.Items.Clear();
asv_CalledFunctions.showDataForSignature(sSignatureToShow);
asv_IsCalledBy.showDataForSignature(sSignatureToShow);
}
}
// lBoxVariables.Items.Add(fcdO2CirData_ofThisFunction.getSymbol(sVariable));
}
private void showClassAttributes(ICirClass cirClass)
{
if (cirClass != null)
{
tvClassAttributes.Nodes.Clear();
foreach (var attribute in cirClass.ClassAttributes)
{
var signature = new FilteredSignature(attribute.AttributeClass).sSignature;
var treeNode = tvClassAttributes.Nodes.Add(signature);
foreach (var parameter in attribute.Parameters)
treeNode.Nodes.Add(parameter.Key);
}
}
}
public static String filterSignature(String sStringToFilter, bool bShowParameters, bool bShowReturnClass,
bool bShowNamespace, int iNamespaceDepth)
{
if (DI.dFilteredFuntionSignatures.ContainsKey(sStringToFilter))
return DI.dFilteredFuntionSignatures[sStringToFilter].getFilteredSignature(
bShowParameters, bShowReturnClass, bShowNamespace, iNamespaceDepth);
var fsFilteredSignature = new FilteredSignature(sStringToFilter);
DI.dFilteredFuntionSignatures.Add(sStringToFilter, fsFilteredSignature);
return fsFilteredSignature.getFilteredSignature(bShowParameters, bShowReturnClass, bShowNamespace,
iNamespaceDepth);
}
public static void mapMethodsToFilteredSignatures(List<MethodInfo> methodsToMap, ref List<FilteredSignature> filteredSignatures, ref Dictionary<string, MethodInfo> methods_bySignature, bool hideCSharpGeneratedMethods)
{
filteredSignatures = new List<FilteredSignature>();
methods_bySignature = new Dictionary<string, MethodInfo>();
foreach (var method in methodsToMap)
{
var filteredSignature = new FilteredSignature(method);
if (hideCSharpGeneratedMethods == false || (filteredSignature.sSignature.IndexOf("<>") == -1 &&
false == filteredSignature.sFunctionName.StartsWith("b__")))
{
filteredSignatures.Add(filteredSignature);
// create methodsLoaded_bySignature
if (methods_bySignature.ContainsKey(filteredSignature.sSignature))
{
PublicDI.log.error("in mapMethodsToFilteredSignatures, repeated signature: {0}", filteredSignature.sSignature);
}
else
methods_bySignature.Add(filteredSignature.sSignature, method);
}
else
{
//PublicDI.log.info("Skipping: {0}", method.Name);
}
}
}
/// <summary>
/// This will populate the parent finding with all traces from the provided ICirFunction
/// caution: use the createNewFindingOnExternalCall carefully since it can create a stupid amount of traces (and it is much slower)
/// </summary>
/// <param name="cirFunction"></param>
/// <param name="lineNumber"></param>
/// <param name="o2Traces"></param>
/// <param name="parentTraces"></param>
/// <param name="rootO2Finding"></param>
/// <param name="o2FindingsCreated"></param>
/// <param name="createNewFindingOnExternalCall"></param>
/// <param name="fileName"></param>
public static void createTracesAndFindingsFromCirFunction(ICirFunction cirFunction, string fileName, UInt32 lineNumber,List<IO2Trace> o2Traces, List<IO2Trace> parentTraces, IO2Finding rootO2Finding, List<IO2Finding> o2FindingsCreated, bool createNewFindingOnExternalCall)
{
int maxParentDepth = 10; //30; //10;
var maxNumberOfTraces = 20; //50; //300; //50
var filteredSignature = new FilteredSignature(cirFunction);
var functionSignature = filteredSignature.sSignature;
var o2Trace = new O2Trace(functionSignature, cirFunction.ClassNameFunctionNameAndParameters)
{
file = fileName,
lineNumber = lineNumber
};
// add file references
// handle the case where this is a recursive call or a call to a method already added in the current tree
var recursiveCall = false;
foreach(var o2ParentTrace in parentTraces)
if (o2ParentTrace.signature == functionSignature)
{
recursiveCall = true;
break;
}
parentTraces.Add(o2Trace);
// add this trace to the current trace tree (since we might need to create a copy of it below
o2Traces.Add(o2Trace);
if (recursiveCall)
{
var nodeText = String.Format("{0} : {1} : {2}", cirFunction, "....(Recursive Call so not expanding child traces", functionSignature);
o2Trace.childTraces.Add(new O2Trace(nodeText));
}
else
{
if (parentTraces.Count > maxParentDepth)
o2Trace.childTraces.Add(new O2Trace(" ... {Max trace depth reached} (" + maxParentDepth + ")"));
else
{
//
var numberOfTraces = OzasmtUtils.getAllTraces(rootO2Finding.o2Traces);
if (numberOfTraces.Count > maxNumberOfTraces)
{
o2Trace.childTraces.Add(new O2Trace("**** Max number of traces reached(" + maxNumberOfTraces + ") aborting trace execution"));
return;
}
if (cirFunction.FunctionsCalled.Count == 0) // means we don't have the code for this one, so
{
// let make it a lost sink
var originalTraceTypeValue = o2Trace.traceType; // we might need this below
o2Trace.traceType = TraceType.Lost_Sink;
if (createNewFindingOnExternalCall) // and if createNewFindingOnExternalCall add it as finding
{
// create a copy of the parent finding (which incudes the above trace
var newFinding = OzasmtCopy.createCopy(rootO2Finding);
// make the first call a source (so that we have a source-> pair
newFinding.o2Traces[0].traceType = TraceType.Source;
// add it
o2FindingsCreated.Add(newFinding);
// since the crawl will continue we must restore the originalTraceTypeValue
o2Trace.traceType = originalTraceTypeValue;
}
}
else
foreach (var functionCalled in cirFunction.FunctionsCalled)
createTracesAndFindingsFromCirFunction(functionCalled.cirFunction, functionCalled.fileName, (UInt32)functionCalled.lineNumber, o2Trace.childTraces, parentTraces, rootO2Finding, o2FindingsCreated, createNewFindingOnExternalCall);
}
}
// now remove the signature since we are only interrested in non repeats on the same parent
parentTraces.Remove(o2Trace);
}
public ICirFunction getCirFunctionFromSelectedItem(object selectedItem)
{
if (selectedItem != null && selectedItem is FilteredSignature)
{
var filteredSignature = (FilteredSignature)selectedItem;
var functionSignature = filteredSignature.sOriginalSignature;
if (cirDataAnalysis.dCirFunction_bySignature.ContainsKey(functionSignature))
return cirDataAnalysis.dCirFunction_bySignature[functionSignature];
// if we could not find using the originalSignature, try the signature
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
{
var s = new FilteredSignature(cirFunction).sSignature;
var d = filteredSignature.sSignature;
if (new FilteredSignature(cirFunction).sSignature == filteredSignature.sSignature)
{
return cirFunction;
}
if (cirFunction.FunctionName == filteredSignature.sFunctionName)
{
}
}
}
return null;
}
public void showSignatures(List<FilteredSignature> filteredSignatures)
{
var signaturesToShow = new List<String>();
// get them all in one collection
var filteredSignaturesAsStrings = new List<String>();
foreach (var filteredSignature in filteredSignatures)
filteredSignaturesAsStrings.Add(filteredSignature.sOriginalSignature);
// now search for them on all loaded CirFunctions
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
{
var cirFunctionFilteredSignature = new FilteredSignature(cirFunction);
if (filteredSignaturesAsStrings.Contains(cirFunctionFilteredSignature.sOriginalSignature))
{
signaturesToShow.Add(cirFunction.FunctionSignature);
filteredSignaturesAsStrings.Remove(cirFunctionFilteredSignature.sOriginalSignature);
}
if (filteredSignaturesAsStrings.Contains(cirFunctionFilteredSignature.sSignature))
{
signaturesToShow.Add(cirFunction.FunctionSignature);
filteredSignaturesAsStrings.Remove(cirFunctionFilteredSignature.sSignature);
}
}
/* foreach (var filteredSignature in filteredSignatures)
{
if (cirDataAnalysis.dCirFunction_bySignature.ContainsKey(filteredSignature.sOriginalSignature))
signaturesToShow.Add(filteredSignature.sOriginalSignature);
else
DI.log.error("dropped signature is currently not loaded: {0}", filteredSignature);
}*/
if (filteredSignaturesAsStrings.Count > 0)
{
DI.log.error("There were {0} dropped signatures that could not be resolved", filteredSignaturesAsStrings.Count);
foreach (var signatureNotFound in filteredSignaturesAsStrings)
DI.log.error(" {0}", signatureNotFound);
}
if (signaturesToShow.Count == 0)
DI.log.error("None of the dropped signature was resolved, you need to load their CIR");
else
showSignatures(signaturesToShow);
}
public void showSignatures(FilteredSignature filteredSignature)
{
}
private static String MakeSignatureCompatibleWithOunceRules(string signatureToFix)
{
if (signatureToFix.IndexOf("..ctor") > -1)
{
var filteredSiganture = new FilteredSignature(signatureToFix);
if (filteredSiganture.lsFunctionClass_Parsed.Count > 1)
signatureToFix = signatureToFix.Replace(".ctor", filteredSiganture.lsFunctionClass_Parsed[filteredSiganture.lsFunctionClass_Parsed.Count - 2]).Replace(".(", "("); ;
}
signatureToFix = signatureToFix.Replace("..ctor", "");
return FilteredSignature.makeDotNetSignatureCompatibleWithOunceRules(signatureToFix);
}
public Reflection_MethodInfo(MethodInfo method)
{
Method = method;
filteredSignature = new FilteredSignature(method);
}
public void showSelectedMethodDetails(FilteredSignature filteredSignature)
{
if (filteredSignature != null)
{
tbMethodDetails_Name.invokeOnThread(
() =>
{
tbMethodDetails_Name.Text = filteredSignature.sFunctionName;
tbMethodDetails_OriginalSignature.Text = filteredSignature.sOriginalSignature;
tbMethodDetails_Parameters.Text = filteredSignature.sParameters;
tbMethodDetails_ReturnType.Text = filteredSignature.sReturnClass;
tbMethodDetails_Signature.Text = filteredSignature.sSignature;
tbMethodDetails_Type.Text = filteredSignature.sFunctionClass;
});
}
}
public static FilteredSignature createFilteredSignatureFromJavaMethod(string className, string functionName, string methodDescriptor)
{
var newFilteredSignature = new FilteredSignature();
newFilteredSignature.sFunctionClass = className;
newFilteredSignature.sFunctionName = functionName;
// process descriptor
var lastParentesis = methodDescriptor.LastIndexOf(')');
if (lastParentesis > -1)
{
methodDescriptor = methodDescriptor.Replace('/', '.');
lastParentesis++;
newFilteredSignature.sParameters = methodDescriptor.Substring(0, lastParentesis);
newFilteredSignature.sReturnClass = methodDescriptor.Substring(lastParentesis);
// BUG: Major hack to fix the sParameters created by JavaMethod descriptors
if (newFilteredSignature.sReturnClass == "V")
{
newFilteredSignature.sReturnClass = "void";
}
newFilteredSignature.sParameters = newFilteredSignature.sParameters.Replace("(I)", "(int)").Replace("(IL", "(int;").Replace(";IL", ";int;");
newFilteredSignature.sParameters = newFilteredSignature.sParameters.Replace("(L", "(").Replace("(IL", "(").Replace(";L", ";").Replace(";)", ")");
if (newFilteredSignature.sParameters[0] == '(' && newFilteredSignature.sParameters[newFilteredSignature.sParameters.Length -1] == ')')
newFilteredSignature.sParameters = newFilteredSignature.sParameters.Substring(1, newFilteredSignature.sParameters.Length - 2);
// fix the sReturnClass
if (newFilteredSignature.sReturnClass[0] == 'L' && newFilteredSignature.sReturnClass[newFilteredSignature.sReturnClass.Length - 1] == ';')
newFilteredSignature.sReturnClass = newFilteredSignature.sReturnClass.Substring(1,newFilteredSignature.sReturnClass.Length - 2);
newFilteredSignature.sSignature = newFilteredSignature.getSignature();
}
return newFilteredSignature;
}
public static void mapJavaAttributesToTraces(IO2Assessment o2Assessment, Dictionary<string, string> attributesXmlFiles)
{
DI.log.debug("Mapping Java Attributes to Traces");
//var testFindings = from O2Finding finding in o2Assessment.o2Findings where finding.Source.Contains("BugController") select (IO2Finding)finding;
//var testFindings = o2Assessment.o2Findings;
DI.log.debug("There are {0} findings to process", o2Assessment.o2Findings.Count());
foreach (O2Finding finding in o2Assessment.o2Findings)
{
var filteredSignature = new FilteredSignature(finding.Source);
var className = filteredSignature.sFunctionClass;
var fileToFind = string.Format("{0}.class.JavaAttributes.xml", className.Replace(".", "\\"));
if (attributesXmlFiles.ContainsKey(fileToFind))
mapJavaAttributesToFinding(finding, attributesXmlFiles[fileToFind]);
//DI.log.info("Found: {0} - > {1}", fileToFind , attributesXmlFiles[fileToFind]);
//else
// DI.log.error("could NOT find Xml Attribute file for: {0}", fileToFind);
//DI.log.info(fileToFind);
}
//var findingsWithSpringMVCControllersAsSources = new List<IO2Finding>();
// save temp assessment file
// var o2FindingsOfTypeO2SpringMvcController = (from o2Finding in o2Assessment.o2Findings where o2Finding.vulnType == "O2.SpringMvc.Controller" select o2Finding).ToList();
// DI.log.debug("There are {0} o2FindingsOfTypeO2SpringMvcController");
/* O2.Views.ASCX.O2Findings.ascx_FindingsViewer.openInFloatWindow(o2FindingsOfTypeO2SpringMvcController);
saveFindingsInNewO2AssessmentFile(o2FindingsOfTypeO2SpringMvcController, pathToOzasmtFile + "_SpringMvcController.ozasmt");
* */
}
private void showFunctionAttributes(ICirFunction _rootCirFunction)
{
showClassAttributes(_rootCirFunction.ParentClass);
tvFunctionAttributes.Nodes.Clear();
foreach (var attribute in _rootCirFunction.FunctionAttributes)
{
var signature = new FilteredSignature(attribute.AttributeClass).sSignature;
var treeNode = tvFunctionAttributes.Nodes.Add(signature);
foreach (var parameter in attribute.Parameters)
treeNode.Nodes.Add(parameter.Key);
}
}
public static bool mapJavaAttributesToFinding(O2Finding o2Finding, string xmlAttributeFile)
{
var source = o2Finding.Source;
var filteredSignature = new FilteredSignature(source);
//DI.log.info(filteredSignature.sFunctionClass + " - " + filteredSignature.sFunctionName);
var xClassElement = getClassDataFromXmlAttributeFile(xmlAttributeFile, filteredSignature.sFunctionClass);
if (xClassElement != null)
{
SpringMVCAttributes.addClassAttributesToFinding(xClassElement, o2Finding);
var xMethodElement = getMethodDataFromXmlAttributeFile(xClassElement, filteredSignature.sFunctionName);
if (xMethodElement != null)
{
SpringMVCAttributes.addMethodAttributesToFinding(xMethodElement, o2Finding);
return true;
// DI.log.info("have xElement");
}
}
return false;
//DI.log.info("mapping finding {0} with xml file {1}", o2Finding.ToString(), xmlAttributeFile);
}
public CirFunction(string functionSignature) : this()
{
FunctionSignature = functionSignature;
var filteredSignature = new FilteredSignature(FunctionSignature);
FunctionName = filteredSignature.sFunctionName;
FunctionNameAndParameters = filteredSignature.sFunctionNameAndParams;
ClassNameFunctionNameAndParameters = filteredSignature.sFunctionClass + "." + filteredSignature.sFunctionNameAndParams;
ReturnType = filteredSignature.sReturnClass;
}
private void addCirFunctionsAsRules(
List<ICirFunction> cirFunctionsToProcess, bool keepRulesLoadedFromDatabase,
bool bAddExternalMethodsAsSourcesAndSinks,bool bAddInternalMethodsWithNoCallersAsCallbacks,
bool bDontMarkAsCallbackOrSinksMethodsWithNoParameters,
bool bdontAddIfRuleSignatureAlreadyExists, bool bDontAddIfThereAreNoCallersAndCallees,
string newRulesVulnType)
{
// for performance reasons run this on a separade thread
O2Thread.mtaThread(
() =>
{
// before adding more rules, clear the current list (the return null is to force the Sync version of invokeOnThread )
this.invokeOnThread(()=>
{
clearChangedRulesList();
return null;
});
var newCallbackSignature = "O2.AutoMapping";
DI.log.info("adding {0} cirFunctions as rules", cirFunctionsToProcess.Count);
// get rules that we will keep (if there are rules loaded from Db and keepRulesLoadedFromDatabase is set)
var newO2Rules = (keepRulesLoadedFromDatabase)
? O2RulePackUtils.getRulesThatAreFromDB(currentO2RulePack)
: new List<IO2Rule>();
//update index
indexedCurrentO2Rules = IndexedO2Rules.indexAll(newO2Rules);
if (keepRulesLoadedFromDatabase)
foreach (var o2Rule in newO2Rules)
o2Rule.Tagged = false;
var currentDatabaseID = MiscUtils_OunceV6.getIdForSuportedLanguage(currentLanguage).ToString();
var listOfChangedRules = new List<IO2Rule>();
var functionsToProcess = cirFunctionsToProcess.Count;
var functionsProcessed = 0;
foreach (var cirFunction in cirFunctionsToProcess)
{
var functionSignature = new FilteredSignature(cirFunction).sSignature;
// first check if there are any callers or callees on this function
//bDontAddIfThereAreNoCallersAndCallees
if (bDontAddIfThereAreNoCallersAndCallees && cirFunction.FunctionIsCalledBy.Count == 0 &&
cirFunction.FunctionsCalledUniqueList.Count == 0)
{
// don't add
}
else
// then check if this already exists on the database
if (bdontAddIfRuleSignatureAlreadyExists &&
indexedCurrentO2Rules.ContainsKey(functionSignature))
{
foreach (var o2Rule in indexedCurrentO2Rules[functionSignature])
o2Rule.Tagged = true;
}
// if not, then we will need ot create a new rule for this function
else
{
bool addAsNotMappedRule = false;
//var functionSignature = new FilteredSignature(cirFunction).sSignature;
// handle special cases
//bAddInternalMethodsWithNoCallersAsCallbacks (or the function is explicitly marked with cirFunction.IsTainted
if (cirFunction.IsTainted ||
(bAddInternalMethodsWithNoCallersAsCallbacks && cirFunction.HasControlFlowGraph && cirFunction.FunctionIsCalledBy.Count == 0))
{
//bDontMarkAsCallbackMethodsWithNoParameters
if (false == bDontMarkAsCallbackOrSinksMethodsWithNoParameters ||
cirFunction.FunctionSignature.IndexOf("()") == - 1)
//cirFunction.FunctionParameters.Count > 0) // can't use this since it is not 100% reliable
{
var newCallback = new O2Rule(O2RuleType.Callback,
newCallbackSignature + ".Callback",
functionSignature, currentDatabaseID, true);
listOfChangedRules.Add(newCallback);
newO2Rules.Add(newCallback);
}
else
addAsNotMappedRule = true;
}
//bAddExternalMethodsAsSourcesAndSinks - function calls nobody but it is called by others
else if (bAddExternalMethodsAsSourcesAndSinks &&
cirFunction.FunctionsCalledUniqueList.Count == 0 &&
cirFunction.FunctionIsCalledBy.Count > 0)
{
// when importing CirData created by Core on Java, there is a bug that causes the ReturnType NOT to be populated
// this is why we use the cirFunction.FunctionSignature.IndexOf(":void") > -1 below instead of the more correct if (string.IsNullOrEmpty(cirFunction.ReturnType))
//if (string.IsNullOrEmpty(cirFunction.ReturnType))
// DI.log.info("Method had empty cirFunction.ReturnType: {0}", cirFunction.FunctionSignature);
// Only add source if the return parameter is not void
if (!(cirFunction.FunctionSignature.IndexOf(":void") > -1 || cirFunction.ReturnType == "void" || cirFunction.ReturnType == "System.Void"))
{
var newSource = new O2Rule(O2RuleType.Source,
newCallbackSignature + ".Source",
functionSignature, currentDatabaseID, true);
listOfChangedRules.Add(newSource);
newO2Rules.Add(newSource);
}
else
DI.log.info("Method Not marked as Source: {0}", cirFunction.FunctionSignature);
// for sinks check for bDontMarkAsCallbackOrSinksMethodsWithNoParameters
if (false == bDontMarkAsCallbackOrSinksMethodsWithNoParameters ||
cirFunction.FunctionSignature.IndexOf("()") == -1)
//cirFunction.FunctionParameters.Count > 0)
{
var newSink = new O2Rule(O2RuleType.Sink, newCallbackSignature + ".Sink",
functionSignature, currentDatabaseID, true);
listOfChangedRules.Add(newSink);
newO2Rules.Add(newSink);
}
//else
// DI.log.info("Method Not marked as Sink: ", cirFunction.FunctionSignature);
}
else
{
addAsNotMappedRule = true;
}
if (addAsNotMappedRule)
{
// add as NotMapped
var newO2Rule = new O2Rule(newRulesVulnType, functionSignature, currentDatabaseID) { Tagged = true };
newO2Rules.Add(newO2Rule);
}
}
// Counter
if ((functionsProcessed++)%200 == 0)
DI.log.info("In addCirFunctionsAsRules: {0} / {1} cir Functions processed",
functionsProcessed, functionsToProcess);
}
// make the current rule pack the one with the rules we have just loaded
DI.log.info("{0} rules created", newO2Rules.Count);
var newRulePack = new O2RulePack("Rule Pack", newO2Rules);
setCurrentRulePack(newRulePack);
// we need to back to the GUI thread for the updates
this.invokeOnThread(
() =>
{
// hide this ListView for performance reasons
lvChangedRules.Visible = false;
dgvRules.Visible = false;
// add rules
addRulesToChangedRulesList_BatchMode(listOfChangedRules);
// foreach (var changedO2Rule in listOfChangedRules)
// addRuleToChangedRulesList(changedO2Rule, false /*checkIfRuleIsAlreadyInList*/);
// if we are in view all mode changed it to OnlyTaggedRules
if (rbViewMode_AllRules.Checked)
rbViewMode_OnlyTaggedRules.Checked = true;
else
setRulesViewMode(); // trigger refresh
// now that all rules have been added make it visible again
lvChangedRules.Visible = true;
dgvRules.Visible = true;
});
});
}
private void filterByFilteredSignature(FilteredSignature filteredSignature)
{
setFilter1TextValue(filteredSignature.sSignature, true);
}
public static void remapIsCalledByXrefs(ICirDataAnalysis cirDataAnalysis)
{
try
{
remapSuperClassesXrefs(cirDataAnalysis);
var timer = new O2Timer("remapIsCalledByXrefs").start();
// first clear all Xref
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
cirFunction.FunctionIsCalledBy = new List<ICirFunctionCall>();
// make sure all FunctionsCalledUniqueList and FunctionsCalled are syncronized with dCirFunction_bySignature
var functionsToMap = cirDataAnalysis.dCirFunction_bySignature.Values.ToList().Count;
var functionsProcessed = 0;
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values.ToList())
{
for (int i = 0; i < cirFunction.FunctionsCalledUniqueList.Count; i++)
cirFunction.FunctionsCalledUniqueList[i] = syncFunctions(cirDataAnalysis, cirFunction.FunctionsCalledUniqueList[i]);
for (int i = 0; i < cirFunction.FunctionsCalled.Count; i++)
cirFunction.FunctionsCalled[i].cirFunction = syncFunctions(cirDataAnalysis, cirFunction.FunctionsCalled[i].cirFunction);
if ((functionsProcessed++) % 500 == 0)
DI.log.info(" processed {0} / {1}", functionsProcessed, functionsToMap);
}
// check the FunctionsCalledUniqueList is calledby mappngs
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
foreach (var functionCalled in cirFunction.FunctionsCalled)
{
var functionCalledXref = getFunctionRef(cirDataAnalysis, functionCalled.cirFunction);
/*if (false == cirDataAnalysis.dCirFunction_bySignature.ContainsValue(functionCalled))
DI.log.error("in remapIsCalledByXrefs something is wrong because the called fucntions does not have a cirFunction mapping: {0}", functionCalled.FunctionSignature);
else
//{*/
bool found = false;
foreach (var functionCall in functionCalled.cirFunction.FunctionIsCalledBy)
if (functionCall.cirFunction == functionCalledXref)
found = true;
if (found == false)
functionCalled.cirFunction.FunctionIsCalledBy.Add(new CirFunctionCall(cirFunction, functionCalled.fileName, functionCalled.lineNumber));
//if (false == functionCalledXref.FunctionIsCalledBy.Contains(cirFunction))
// functionCalledXref.FunctionIsCalledBy.Add(cirFunction);
}
// make sure all functions are syncronized with dCirFunction_bySignature
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
for (int i = 0; i < cirFunction.FunctionsCalledUniqueList.Count; i++)
cirFunction.FunctionsCalledUniqueList[i] = syncFunctions(cirDataAnalysis, cirFunction.FunctionsCalledUniqueList[i]);
// endure all iscalledby are correcly mapped
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
for (int i = 0; i < cirFunction.FunctionIsCalledBy.Count; i++)
cirFunction.FunctionIsCalledBy[i].cirFunction = syncFunctions(cirDataAnalysis, cirFunction.FunctionIsCalledBy[i].cirFunction);
// make sure there is a reference to this function on the Classes Dictionanry
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
foreach (var functionCalled in cirFunction.FunctionsCalled)
if (functionCalled.cirFunction.ParentClass == null)
{
var functionSignature = new FilteredSignature(functionCalled.cirFunction.FunctionSignature);
var parentClassName = functionSignature.sFunctionClass;
if (false == cirDataAnalysis.dCirClass_bySignature.ContainsKey(parentClassName))
cirDataAnalysis.dCirClass_bySignature.Add(parentClassName, new CirClass(parentClassName));
var parentCirClass = cirDataAnalysis.dCirClass_bySignature[parentClassName];
var functionAlreadyMappedToClass = false;
foreach (var cirFunctionMappedToClass in parentCirClass.dFunctions.Values)
if (cirFunctionMappedToClass.FunctionSignature == functionCalled.cirFunction.FunctionSignature)
functionAlreadyMappedToClass = true;
if (false == functionAlreadyMappedToClass)
parentCirClass.dFunctions.Add(functionCalled.cirFunction.FunctionSignature, functionCalled.cirFunction);
functionCalled.cirFunction.ParentClass = parentCirClass;
functionCalled.cirFunction.ParentClassName = parentCirClass.Name;
functionCalled.cirFunction.ParentClassFullName = parentCirClass.FullName;
}
timer.stop();
}
catch (Exception ex)
{
DI.log.error("in remapIsCalledByXrefs: {0}", ex.Message);
}
}
public static void findSpringAttributes(TreeView tvRawData)
{
String sFunctionSignature = "ModelMap.addAttribute";
O2Timer tTimer = new O2Timer("Resolving attribute based function: {0} ").start();
Dictionary<AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dMatches =
analyzer.getSinksFindingsThatMatchRegEx(tvRawData, sFunctionSignature);
foreach (AssessmentAssessmentFileFinding fFinding in dMatches.Keys)
{
// resolve addAddtibute name
String sSinkContext = AnalysisUtils.getSinkContext(fFinding, dMatches[fFinding]);
var fsFilteredSignature = new FilteredSignature(sSinkContext);
String sParameters = fsFilteredSignature.sParameters.Replace("\"", "");
String sSpringParameter = sParameters.Substring(0, sParameters.IndexOf(',')).Trim();
// create a unique name for it:
String sSink = AnalysisUtils.getSink(fFinding, dMatches[fFinding]);
String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// make sure we have not added this already
if (sSink.IndexOf(sSpringParameter) == -1)
{
// String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// String sSinkWithAttributeName = sSpringParameter;
String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink,
dMatches[fFinding], true);
var otbO2TraceBlockOfThisFinding = (O2TraceBlock_OunceV6) tvRawData.Nodes[sUniqueSignature].Tag;
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(
fFinding.Trace, TraceType.Known_Sink);
UInt32 uNewId = OzasmtUtils_OunceV6.addTextToStringIndexes(sSinkWithAttributeName,
dMatches[fFinding].arAssessmentRun);
;
ciCallInvocation.sig_id = uNewId;
DI.log.debug(" Found spring attribute '{0}' on sinks and modified to {1}", sSpringParameter,
sSinkWithAttributeName);
//o2.analysis.Analysis.getSink(fFinding, dMatches[fFinding]));
otbO2TraceBlockOfThisFinding.sSignature = sSinkWithAttributeName;
otbO2TraceBlockOfThisFinding.sUniqueName = analyzer.getUniqueSignature(fFinding,
TraceType.
Known_Sink,
dMatches[fFinding], true);
List<O2TraceBlock_OunceV6> lotbO2TraceBlockWithVelocityMappings =
analyzer.getO2TraceBlocksThatMatchSignature(sSinkWithAttributeName, tvRawData);
/* String sVelocityMapping = String.Format("{0} 0", sSinkWithAttributeName);
TreeNode tnVelocityNode = tvRawData.Nodes[sVelocityMapping];
if (tnVelocityNode != null)
*/
foreach (
O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings in lotbO2TraceBlockWithVelocityMappings)
{
if (otbO2TraceBlockWithVelocityMappings.sFile.IndexOf(".vm") > -1)
//O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings = (O2TraceBlock_OunceV6)tnVelocityNode.Tag;
foreach (
AssessmentAssessmentFileFinding fVelocityFinding in
otbO2TraceBlockWithVelocityMappings.dSinks.Keys)
{
if (false == otbO2TraceBlockOfThisFinding.dGluedSinks.ContainsKey(fVelocityFinding))
otbO2TraceBlockOfThisFinding.dGluedSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings
.dSinks[fVelocityFinding]);
if (false == otbO2TraceBlockOfThisFinding.dSinks.ContainsKey(fVelocityFinding))
otbO2TraceBlockOfThisFinding.dSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings.
dSinks[fVelocityFinding]);
}
}
}
}
tTimer.stop();
}
public static List<String> getListWithWordsFromSignature(string signature)
{
var filteredSignature = new FilteredSignature(signature);
List<string> wordsFromSignature = filteredSignature.lsFunctionClass_Parsed; // words in namespace & class
wordsFromSignature.Add(filteredSignature.sFunctionName); // also add the method name
return wordsFromSignature;
}
public void test_PopulateCirWithTraces()
{
// get Assessment Data
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), findingsFile);
Assert.That(o2Assessment.o2Findings.Count > 0, "There were no findings in o2Assessment");
DI.log.info("There are {0} findings in the assessment loaded", o2Assessment.o2Findings.Count);
var uniqueListOfSignatures = OzasmtUtils.getUniqueListOfSignatures(o2Assessment.o2Findings);
Assert.That(uniqueListOfSignatures.Count() > 0, "uniqueListOfSignatures.Count ==0 ");
DI.log.info("There are {0} unique signatures ", uniqueListOfSignatures.Count());
// get cir data
var cirDataAnalysis = new CirDataAnalysis();
CirDataAnalysisUtils.loadFileIntoCirDataAnalysisObject(fileToCreateCirFrom,cirDataAnalysis);
CirDataAnalysisUtils.remapIsCalledByXrefs(cirDataAnalysis);
Assert.That(cirDataAnalysis.dCirFunction_bySignature.Count > 0, "cirDataAnalysis.dCirFunction_bySignature.Count == 0");
// need to convert to Ozasmt signature format
var cirMappedFunctions = new Dictionary<string, ICirFunction>();
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
{
if (cirFunction.FunctionSignature.IndexOf("O2AppDomainFactory>") > -1)
{
}
var filteredSignature = new FilteredSignature(cirFunction);
cirMappedFunctions.Add(filteredSignature.sSignature, cirFunction);
}
var matches = new List<String>();
foreach (var sig in cirMappedFunctions.Keys)
if (sig.IndexOf("IndexOf") > -1)
matches.Add(sig);
//var matches = new List<String>();
/* foreach (var cirFunction in cirMappedFunctions.Values)
foreach (var called in cirFunction.FunctionsCalledUniqueList)
if (called.FunctionSignature.IndexOf("System.Object::.ctor") > -1)
{
matches.Add(called.FunctionSignature);
var asd = cirDataAnalysis.dCirFunction_bySignature.ContainsKey(called.FunctionSignature);
}*/
foreach (var signature in uniqueListOfSignatures)
if (false == cirMappedFunctions.ContainsKey(signature))
DI.log.info("NO MATCH:" + signature);
foreach(O2Finding o2Finding in o2Assessment.o2Findings)
{
var source = o2Finding.Sink;
if (source != "" && false == cirMappedFunctions.ContainsKey(source))
DI.log.info("NO MATCH for Source:" + source);
var sink = o2Finding.Sink;
if (sink != "" && false == cirMappedFunctions.ContainsKey(sink))
DI.log.info("NO MATCH for Sink:" + sink);
}
/*foreach (var signature in uniqueListOfSignatures)
DI.log.info(signature);
return;*/
}
void TextArea_DragDrop(object sender, DragEventArgs e)
{
var fileOrFolder = Dnd.tryToGetFileOrDirectoryFromDroppedObject(e);
if (fileOrFolder.fileExists())
{
loadSourceCodeFile(fileOrFolder);
return;
}
var data = Dnd.tryToGetObjectFromDroppedObject(e);
if (data != null)
{
var dsa = data.GetType().FullName;
if (data is List<MethodInfo>)
{
var methods = (List<MethodInfo>)data;
if (methods.Count > 0)
{
var filteredSignature = new FilteredSignature(methods[0]);
tecSourceCode.ActiveTextAreaControl.TextArea.InsertString(filteredSignature.sFunctionNameAndParams);
// var functionSignature = new FilteredSignature
}
}
else
tecSourceCode.ActiveTextAreaControl.TextArea.InsertString(data.ToString());
}
}
public static String createFindingsFromVMFiles(ConsolidatedProcessedVelocityFiles cpvfVelocityFiles,
ascx_TraceViewer ascxTraceViewer)
{
String sTemplateSpringModeMapName =
"org.springframework.ui.ModelMap.addAttribute_{0}(java.lang.String;java.lang.Object):org.springframework.ui.ModelMap";
var lfrFindingsResult = new List<AnalysisSearch.FindingsResult>();
foreach (ProcessedVelocityFile pvFile in cpvfVelocityFiles.getListWithProcessedLoadedFilesObjects())
{
foreach (String sMethod in pvFile.getFunctions())
{
var fsFilteredSignature = new FilteredSignature(sMethod, ',');
if (fsFilteredSignature.sParameters == "")
// if there are no parameters just add them method as both source and sink
{
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sMethod, sMethod,
"Velocity.Finding.Function_noParam",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Function_noParam",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
}
else
{
foreach (String sParameter in fsFilteredSignature.lsParameters_Parsed)
{
String sVelocityVariableName =
sParameter.Replace("$", "").Replace("!", "").Replace("{", "").Replace("}", "");
String sSourceSignature = String.Format(sTemplateSpringModeMapName, sVelocityVariableName);
String sSinkSignature = sMethod;
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sSourceSignature, sSinkSignature,
"Velocity.Finding.Function_withParam",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Function_withParam",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
}
}
}
foreach (String sVar in pvFile.getVars())
{
String sVelocityVariableName = sVar.Replace("$", "").Replace("!", "").Replace("{", "").Replace("}",
"");
String sSourceSignature = String.Format(sTemplateSpringModeMapName, sVelocityVariableName);
String sSinkSignature = sVar;
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sSourceSignature, sSinkSignature,
"Velocity.Finding.Variable",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Variable",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
//FindingViewItem fviFindingViewItem = new FindingViewItem(nfNewFinding.fFinding, nfNewFinding.oadNewO2AssessmentData);
//ascxTraceViewer.setTraceDataAndRefresh(fviFindingViewItem);
}
}
String sNewAssessmentFile = DI.config.TempFileNameInTempDirectory;
CustomAssessmentFile.create_CustomSavedAssessmentRunFile_From_FindingsResult_List(lfrFindingsResult,
sNewAssessmentFile);
return sNewAssessmentFile;
}
public void addBindableFieldsIntoTreeView_Recursive(TreeNodeCollection tncTreeNodes, String sClassToFind,
bool bHideGetAndSetStrings, ICirData fadCirData)
{
String sFixedClassToFind = sClassToFind[0].ToString().ToUpper() + sClassToFind.Substring(1);
foreach (ICirClass ccCirClass in fadCirData.dClasses_bySignature.Values)
{
if (ccCirClass.Name == sFixedClassToFind)
{
var tnClass = new TreeNode(ccCirClass.Signature);
foreach (ICirFunction cfCirFunction in ccCirClass.dFunctions.Values)
{
String sFunctionName = new FilteredSignature(cfCirFunction.FunctionSignature).sFunctionName;
switch (sFunctionName.Substring(0, 3))
{
case "get":
var tnSubObject = new TreeNode(sFunctionName);
String sFixedSubObjectName = sFunctionName.Replace("get", "");
if (bHideGetAndSetStrings)
tnSubObject.Text = sFixedSubObjectName;
// tnSubObject = tnClass;
addBindableFieldsIntoTreeView_Recursive(tnSubObject.Nodes, sFixedSubObjectName,
bHideGetAndSetStrings, fadCirData);
if (tnSubObject.Nodes.Count > 0)
tnClass.Nodes.Add(tnSubObject);
break;
case "set":
String sSetNodeText = new FilteredSignature(cfCirFunction.FunctionSignature).sFunctionName;
if (bHideGetAndSetStrings)
sSetNodeText = sSetNodeText.Replace("set", "");
tnClass.Nodes.Add(sSetNodeText);
break;
default:
break;
}
}
tncTreeNodes.Add(tnClass);
}
// String sClassName =
}
}
