//"Glue WebInspect -> Ounce Finding (Sql Injection)";
public static List <IO2Finding> glueOnTraceNames(IO2AssessmentLoad o2AssessmentLoad, String ozasmtWithSinks, String ozasmtWithSoures, string gluedFindingVulnType)
{
var o2AssessmentOfOzasmtWithSinks = new O2Assessment(o2AssessmentLoad, ozasmtWithSinks);
var o2AssessmentOfOzasmtWithSources = new O2Assessment(o2AssessmentLoad, ozasmtWithSoures);
return(glueOnTraceNames(o2AssessmentOfOzasmtWithSinks.o2Findings, o2AssessmentOfOzasmtWithSources.o2Findings, gluedFindingVulnType));
}
public override bool execute()
{
if (sourceObject == null)
DI.log.error("source object was null");
else
if (sourceObject.GetType() != sourceType)
DI.log.error("source object type was not List<string> is was " + sourceObject.GetType().FullName);
else
{
var filesToProcess = (List<string>) sourceObject;
setProgressBarValue(filesToProcess.Count);
var o2Assessment = new O2Assessment();
foreach (string file in filesToProcess)
{
DI.log.info("Importing file {0}", file);
if (false == o2AssessmentLoad.importFile(file, o2Assessment))
return false;
DI.log.info("There are {0} Findings loaded ", o2Assessment.o2Findings.Count);
incProgressBarValue();
}
resultsObject = o2Assessment;
return true;
}
return false;
}
public static void populateTreeNodeWithAssessmentStats(TreeNode treeNode, O2Assessment o2Assessment,
int imageIndex)
{
O2Forms.newTreeNode(treeNode, "# Findings:" + getNumberOf_Findings(o2Assessment), imageIndex, null);
O2Forms.newTreeNode(treeNode, "# Smart Traces:" + getNumberOf_Findings_WithSmartTrace(o2Assessment),
imageIndex, null);
/* O2Forms.newTreeNode(treeNode, "File:" + Path.GetFileName(o2Assessment.lastOzasmtImportFile), imageIndex,
null);
O2Forms.newTreeNode(treeNode, "Size:" + o2Assessment.lastOzasmtImportFileSize, imageIndex, null);
string importTimeString =
((o2Assessment.lastOzasmtImportTimeSpan.Hours > 0)
? o2Assessment.lastOzasmtImportTimeSpan.Hours + "h : "
: "") +
((o2Assessment.lastOzasmtImportTimeSpan.Minutes > 0)
? o2Assessment.lastOzasmtImportTimeSpan.Minutes + "m : "
: "") +
((o2Assessment.lastOzasmtImportTimeSpan.Seconds > 0)
? o2Assessment.lastOzasmtImportTimeSpan.Seconds + "s : "
: "") +
((o2Assessment.lastOzasmtImportTimeSpan.Milliseconds > 0)
? o2Assessment.lastOzasmtImportTimeSpan.Milliseconds + "ms"
: "");
O2Forms.newTreeNode(treeNode, "Imported in: " + importTimeString, imageIndex, null);*/
}
public static void copyAssessmentStats(string ozasmtSource)//, string ozasmtTarget)
{
IO2Assessment o2Assessment = new O2Assessment (new O2AssessmentLoad_OunceV6() ,ozasmtSource);
O2Cmd.log.write("Assessment loaded had {0} findings", o2Assessment.o2Findings.Count);
var newAssessmentName = "O2 v.5 - " + ozasmtSource;
saveWithAssessmentSourceStats(ozasmtSource, o2Assessment, newAssessmentName);
}
public IO2Assessment loadFile(string fileToLoad)
{
var o2Assessment = new O2Assessment();
if (importFile(fileToLoad, o2Assessment))
return o2Assessment;
return null;
}
public static void populateTreeNodeWithAssessmentStats(TreeNode treeNode, O2Assessment o2Assessment,
int imageIndex)
{
O2Forms.newTreeNode(treeNode, "# Findings:" + getNumberOf_Findings(o2Assessment), imageIndex, null);
O2Forms.newTreeNode(treeNode, "# Smart Traces:" + getNumberOf_Findings_WithSmartTrace(o2Assessment),
imageIndex, null);
/* O2Forms.newTreeNode(treeNode, "File:" + Path.GetFileName(o2Assessment.lastOzasmtImportFile), imageIndex,
* null);
* O2Forms.newTreeNode(treeNode, "Size:" + o2Assessment.lastOzasmtImportFileSize, imageIndex, null);
* string importTimeString =
* ((o2Assessment.lastOzasmtImportTimeSpan.Hours > 0)
* ? o2Assessment.lastOzasmtImportTimeSpan.Hours + "h : "
* : "") +
* ((o2Assessment.lastOzasmtImportTimeSpan.Minutes > 0)
* ? o2Assessment.lastOzasmtImportTimeSpan.Minutes + "m : "
* : "") +
* ((o2Assessment.lastOzasmtImportTimeSpan.Seconds > 0)
* ? o2Assessment.lastOzasmtImportTimeSpan.Seconds + "s : "
* : "") +
* ((o2Assessment.lastOzasmtImportTimeSpan.Milliseconds > 0)
* ? o2Assessment.lastOzasmtImportTimeSpan.Milliseconds + "ms"
* : "");
* O2Forms.newTreeNode(treeNode, "Imported in: " + importTimeString, imageIndex, null);*/
}
public static void createO2AssessmentFromTraces(IO2AssessmentSave o2AssessmentSave,string fileToCreate, List<IO2Trace> traces)
{
var o2Assessment = new O2Assessment();
foreach (IO2Trace trace in traces)
o2Assessment.o2Findings.Add(createO2FindingFromTrace(trace));
o2Assessment.save(o2AssessmentSave, fileToCreate);
}
public static O2Assessment createO2Assessment()
{
var o2Assessment = new O2Assessment();
o2Assessment.o2Findings.Add(CreateFinding_WithTrace());
o2Assessment.o2Findings.Add(CreateFinding_WithNoTrace());
return o2Assessment;
}
public void loadOunceOzasmtFile(string fileToLoad)
{
var o2AssessmentOunceScan = new O2Assessment(new O2AssessmentLoad_OunceV6(),fileToLoad);
o2AssessmentOunceScan.o2Findings = AspNetAnalysis.findWebControlSources(o2AssessmentOunceScan.o2Findings);
if (o2AssessmentOunceScan.o2Findings.Count > 0)
fidingsViewer_OunceOzasmt.loadO2Assessment(o2AssessmentOunceScan);
glueTrace();
}
public void mapTextBoxWebControlsAsSinks()
{
Assert.IsTrue(File.Exists(resultsFilefor_clickButtonSource_SystemDataSink), "resultsFilefor_clickButtonSource_SystemDataSink doesn't exist");
var findingsToProcess = new O2Assessment(new O2AssessmentLoad_OunceV6(), resultsFilefor_clickButtonSource_SystemDataSink).o2Findings;
var results = AspNetAnalysis.mapTextBoxWebControlsAsSinks(findingsToProcess);
Assert.IsTrue(results.Count > 0, "no findings calculated");
var assessmentWithResults = new O2Assessment { o2Findings = results };
assessmentWithResults.save(new O2AssessmentSave_OunceV6(), resultsFilefor_clickButtonSource_SystemDataSink_withTexBoxMapping);
}
public void findParameterStaticValueInMethodX()
{
var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile_BigOne);
var result = AspNetAnalysis.findParameterStaticValueInMethodX(cirData);
var createdAssessment = new O2Assessment();
createdAssessment.o2Findings = result;
createdAssessment.save(new O2AssessmentSave_OunceV6(), clickButtonMappingOzasmt);
Assert.IsNotNull(result, "Result was null");
}
public void findWebControlSources()
{
Assert.IsTrue(File.Exists(ozasmtHacmeBankScanWithDefaultRules),
"ozasmtHacmeBankScanWithDefaultRules could not be found");
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtHacmeBankScanWithDefaultRules);
o2Assessment.o2Findings = AspNetAnalysis.findWebControlSources(o2Assessment.o2Findings);
Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "There were no Findings calculated");
o2Assessment.save(new O2AssessmentSave_OunceV6(),ozasmtWithHacmeBankWebControlMappings);
}
public void CreateCustomAssessmentFile() // Test to see if we can sucessfully create custom findings
{
const string name = "Test Name";
var o2Assessment = new O2Assessment {name = name};
Assert.IsTrue(o2Assessment.save(o2AssessmentSave, sFileToCreate), "SaveAssessmentRun failed");
var o2AssessmentLoaded = new O2Assessment(o2AssessmentLoad,sFileToCreate);
Assert.IsTrue(name == o2AssessmentLoaded.name, "Name matches");
}
public static void createO2AssessmentFromTraces(IO2AssessmentSave o2AssessmentSave, string fileToCreate, List <IO2Trace> traces)
{
var o2Assessment = new O2Assessment();
foreach (IO2Trace trace in traces)
{
o2Assessment.o2Findings.Add(createO2FindingFromTrace(trace));
}
o2Assessment.save(o2AssessmentSave, fileToCreate);
}
public static IO2Assessment loadOzasmt(string ozasmtFileToLoad)
{
if (File.Exists(ozasmtFileToLoad))
{
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtFileToLoad);
O2Cmd.log.write("The Ozasmt file loaded has: {0} findings", o2Assessment.o2Findings.Count);
return o2Assessment;
}
return null;
}
public static int getNumberOf_Findings_WithSmartTrace(O2Assessment o2Assessment)
{
/*
* query = new NLinqQuery(
* @" from m in methods
* where !m.IsStatic
* orderby m.Name
* group m by m.Name into g
* select new { MethodName = g.Key, Overloads = g.Count() }");
*/
try
{
//var O2Timer = new O2Timer("Calculating Findings with Native Linq").start();
return
((from O2Finding finding in o2Assessment.o2Findings where finding.o2Traces.Count > 0 select finding).
Count());
//O2Timer.stop();
//if (findingsCountNative != null)// && findingsCountNlinqQuery is List<object>)
//{
//DI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count);
// return (findingsCountNlinqQuery).Count;
/*var timer2 = new O2Timer("Calculating Findings with NLinqQuery").start();
* var query =
* new NLinqQuery(
* //"from O2Finding finding in o2Findings where finding.o2Trace != null select finding).Count()");
* "from O2Finding finding in o2Findings select finding");
* var linq = new LinqToMemory(query);
* linq.AddSource("o2Findings", o2Assessment.o2Findings);
* var findingsCountNlinqQuery = (List<object>)linq.Evaluate();
* timer2.stop();
* if (findingsCountNlinqQuery != null)// && findingsCountNlinqQuery is List<object>)
* {
* DI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count);
* return (findingsCountNlinqQuery).Count;
* }
*/
//foreach (object o in linq.Enumerate())
//{
// DI.log.info(o.ToString());
//}
}
catch (Exception ex)
{
DI.log.ex(ex, "error execution NLinqQuery");
}
/* var O2Timer = new O2Timer("Calculating Findings with Smart Trace").start();
* var findingsCount = (from O2Finding finding in o2Assessment.o2Findings where finding.o2Trace != null select finding).Count();
* O2Timer.stop();*/
//return findingsCount;
return(0);
}
public static int getNumberOf_Findings_WithSmartTrace(O2Assessment o2Assessment)
{
/*
* query = new NLinqQuery(
@" from m in methods
where !m.IsStatic
orderby m.Name
group m by m.Name into g
select new { MethodName = g.Key, Overloads = g.Count() }");
*/
try
{
//var O2Timer = new O2Timer("Calculating Findings with Native Linq").start();
return
(from O2Finding finding in o2Assessment.o2Findings where finding.o2Traces.Count > 0 select finding).
Count();
//O2Timer.stop();
//if (findingsCountNative != null)// && findingsCountNlinqQuery is List<object>)
//{
//DI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count);
// return (findingsCountNlinqQuery).Count;
/*var timer2 = new O2Timer("Calculating Findings with NLinqQuery").start();
var query =
new NLinqQuery(
//"from O2Finding finding in o2Findings where finding.o2Trace != null select finding).Count()");
"from O2Finding finding in o2Findings select finding");
var linq = new LinqToMemory(query);
linq.AddSource("o2Findings", o2Assessment.o2Findings);
var findingsCountNlinqQuery = (List<object>)linq.Evaluate();
timer2.stop();
if (findingsCountNlinqQuery != null)// && findingsCountNlinqQuery is List<object>)
{
DI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count);
return (findingsCountNlinqQuery).Count;
}
*/
//foreach (object o in linq.Enumerate())
//{
// DI.log.info(o.ToString());
//}
}
catch (Exception ex)
{
DI.log.ex(ex, "error execution NLinqQuery");
}
/* var O2Timer = new O2Timer("Calculating Findings with Smart Trace").start();
var findingsCount = (from O2Finding finding in o2Assessment.o2Findings where finding.o2Trace != null select finding).Count();
O2Timer.stop();*/
//return findingsCount;
return 0;
}
public static void filterFindings_usingLinq()
{
string message = string.Format("Hello O2 World");
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtFileToLoad);
log.info("Assessment file loaded with {0} findings", o2Assessment.o2Findings.Count);
var results = from O2Finding finding in o2Assessment.o2Findings
where finding._SinkToSource.IndexOf("Attribute") > -1
select (IO2Finding)finding;
log.info("There are {0} findings that match filter", results.ToList().Count);
ascx_FindingsViewer.openInFloatWindow(results.ToList());
}
public void WasConversionSuccessfull()
{
if (File.Exists(sOzasmtFileToCreate))
File.Delete(sOzasmtFileToCreate);
var cnConverter = new CatNetConverter(sCatFileToConvert);
Assert.IsTrue(cnConverter.convert(sOzasmtFileToCreate), "Converter failed");
Assert.IsTrue(File.Exists(sOzasmtFileToCreate), "sCatFileToConvert file was not created");
// Check if Ozasmt file is ok
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), sOzasmtFileToCreate);
Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "There are no findings in created ozasmt file");
}
public void createClickButtonTraces()
{
var o2Assessment = new O2Assessment
{
o2Findings = OzasmtGlue.glueTraceSinkWithSources(new O2AssessmentLoad_OunceV6() , clickButtonMappingOzasmt,
bothLayersOzasmt)
};
//o2Assessment.o2Findings = AspNetAnalysis.glueClickButtonTraces(clickButtonMappingOzasmt, webLayerOzasmt, webServicesLayerOzasmt);
Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "no findings calculated");
o2Assessment.o2Findings = OzasmtFilter.getFindingsWithSink(o2Assessment.o2Findings, "System.Data");
Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "no System.Data Sinks found");
o2Assessment.save(new O2AssessmentSave_OunceV6(), resultsFilefor_clickButtonSource_SystemDataSink);
Assert.IsTrue(File.Exists(resultsFilefor_clickButtonSource_SystemDataSink), "resultsFilefor_clickButtonSource_SystemDataSink doesn't exist");
}
public static void filterFindings_usingForEachLoop()
{
string message = string.Format("Hello O2 World");
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtFileToLoad);
log.info("Assessment file loaded with {0} findings", o2Assessment.o2Findings.Count);
var results = new List<IO2Finding>();
foreach (O2Finding o2Finding in o2Assessment.o2Findings)
if (o2Finding._SinkToSource.IndexOf("Attribute") > -1)
results.Add(o2Finding);
log.info("There are {0} findings that match filter", results.Count);
var newAssessmentFile = new O2Assessment(results);
var savedFile = newAssessmentFile.save(new O2AssessmentSave_OunceV6());
log.info("Filtered results saved to: {0}", savedFile);
ascx_FindingsViewer.openInFloatWindow(results.ToList());
}
public static string createO2AssessmentWithCallFlowTraces(ICirDataAnalysis cirDataAnalysis)
{
DI.log.info("Creating O2Assessment With Call Flow Traces");
var timer = new O2Timer("Created list of finding").start();
var cirFunctionsToProcess = cirDataAnalysis.dCirFunction_bySignature.Values;
var o2Findings = createO2FindingsFromCirFunctions(cirFunctionsToProcess);
timer.stop();
timer = new O2Timer("Saved Assessment").start();
var o2Assessment = new O2Assessment();
o2Assessment.o2Findings = o2Findings;
var savedFile = o2Assessment.save(new O2AssessmentSave_OunceV6());
DI.log.info("Saved O2Asssessment file created: {0}", savedFile);
timer.stop();
return savedFile;
}
public static void findTracesToJoin(string sinkMethodToFind, string sourceMethodToFind,
List<IO2Finding> sinkFindings, List<IO2Finding> sourceFindings)
{
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtFileToLoad);
foreach (O2Finding o2Finding in o2Assessment.o2Findings)
if (o2Finding.Sink.IndexOf(sinkMethodToFind) > -1)
sinkFindings.Add(o2Finding);
else if (o2Finding.SourceContext.IndexOf(sourceMethodToFind) > -1)
sourceFindings.Add(o2Finding);
log.info("There are {0} sinkFindings ( sink ~= {1} )", sinkFindings.Count, sinkMethodToFind);
log.info("There are {0} sourceFindings ( source ~= {1})", sourceFindings.Count, sourceMethodToFind);
//ascx_FindingsViewer.openInFloatWindow(results.ToList());
}
public static IO2Assessment createO2AssessmentFromWebScarabFile(string conversationFile)
{
O2Assessment o2Assessment = new O2Assessment();
try
{
o2Assessment.name = "Webscarab Import of: " + conversationFile;
var webScarabConversations = new API_WebScarab().loadConversationsFile(conversationFile);
List<IO2Finding> o2Findings = createFindingsFromConversation(webScarabConversations);
o2Assessment.o2Findings = o2Findings;
}
catch (Exception ex)
{
ex.log("in createO2AssessmentFromWebScarabFile");
}
return o2Assessment;
}
public void addFileToArtifactsList(string fileToLoad, Dictionary<Type, object> currentArtifacts, bool loadFileAsObject)
{
if (loadFileAsObject)
switch (Path.GetExtension(fileToLoad))
{
case ".ozasmt":
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), fileToLoad);
addToArtifacts_Findings(o2Assessment.o2Findings, currentArtifacts);
return;
case ".O2StrutsMapping":
var strutsMappings = StrutsMappingHelpers.loadO2StrutsMappingFile(fileToLoad);
addToArtifacts_Object(strutsMappings, currentArtifacts);
return;
}
addFileToListString_WithLoadedArtifacts(fileToLoad, currentArtifacts);
}
internal static void showFindingsCreatedFromWebInspectResults(WebInspectResults webInspectResults)
{
// var webInspectResults = (WebInspectResults)oObject;
var o2Assessment = new O2Assessment
{
o2Findings =
WebInspectToOzasmt.createO2FindingsFromWebInspectResults(
webInspectResults)
};
O2DockPanel.addAscxControlToO2GuiWithDockPanel(typeof(ascx_FindingsViewer),
true,
PoC.dockContentTitle_FindingsViewer);
var findingsViewer = (ascx_FindingsViewer)O2AscxGUI.getAscx(PoC.dockContentTitle_FindingsViewer);
findingsViewer.loadO2Assessment(o2Assessment);
findingsViewer.setFilter1Value("vulnName");
findingsViewer.setFilter2Value("(no Filter)");
//GlobalStaticVars.dO2LoadedO2DockContent[PoC.dockContentTitle_FindingsViewer].dockContent.ParentForm.Height = 500;
}
private void applyFilter(MethodInfo filterToApply)
{
try
{
var tempO2Assessment = new O2Assessment
{
o2Findings = findingsViewer_SourceFindings.currentO2Findings
};
var methodParams = new object[] {tempO2Assessment};
var filteredO2Findings = (IEnumerable<IO2Finding>) filterToApply.Invoke(null, methodParams);
if (filteredO2Findings == null)
filteredO2Findings = new List<IO2Finding>();
findingsViewer_Results.loadO2Findings(filteredO2Findings.ToList(), true);
}
catch (Exception ex)
{
DI.log.ex(ex, "in applyFilter", true);
}
}
public static List<IO2Finding> glueClickButtonTraces(String ClickButtonMappingOzasmt, String webLayerOzasmt, String webServicesLayerOzasmt)
{
var results = new List<IO2Finding>();
var clickButton = new O2Assessment(new O2AssessmentLoad_OunceV6(), ClickButtonMappingOzasmt);
var webLayer = new O2Assessment(new O2AssessmentLoad_OunceV6(), webLayerOzasmt);
// var webServices = new O2Assessment(new O2AssessmentLoad_OunceV6(), webServicesLayerOzasmt);
var webLayerAllTraces = OzasmtUtils.getDictionaryWithO2AllSubTraces(webLayer);
var count = webLayerAllTraces.Count;
foreach (var clickButtonFinding in clickButton.o2Findings)
{
var sinkToFind = OzasmtUtils.getKnownSink(clickButtonFinding.o2Traces).signature;
if (webLayerAllTraces.ContainsKey(sinkToFind))
foreach (var webLayerO2Trace in webLayerAllTraces[sinkToFind])
results.Add(OzasmtGlue.createCopyAndGlueTraceSinkWithSource(clickButtonFinding, webLayerO2Trace));
}
DI.log.debug(" {0} findings in result ", results.Count);
return results;
}
/* public static void loadAssessmentFileAndShowAllFindings()
{
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtFileToLoad);
ascx_FindingsViewer.openInFloatWindow(o2Assessment.o2Findings);
}*/
public static void joinTraces()
{
var sinkFindings = new List<IO2Finding>();
var sourceFindings = new List<IO2Finding>();
findTracesToJoin(sinkFindings, sourceFindings);
fixSinkVulnNamesBasedOnSinkContextHashMapKey("Findings_With_HashMap_To_Join_", sinkFindings);
fixSourceVulnNamesBasedOnSinkContextHashMapKey("Findings_With_HashMap_To_Join_", sourceFindings);
var results = joinTracesWhereSinkMatchesSource(sinkFindings, sourceFindings);
var newAssessmentFile = new O2Assessment(results);
var savedFile = newAssessmentFile.save(new O2AssessmentSave_OunceV6());
log.info("Filtered results saved to: {0}", savedFile);
ascx_FindingsViewer.openInFloatWindow(results);
}
private IO2Assessment createO2AssessmentFromCodeCrawlerObject(Xsd.DocumentElement codeCrawlerObject, String fileName)
{
var o2Assessment = new O2Assessment();
o2Assessment.name = "CodeCrawler Import of: " + fileName;
foreach(var threat in codeCrawlerObject.ThreatList)
{
var o2Finding = new O2Finding
{
vulnName = threat.Threat,
vulnType = threat.Threat,
context = threat.Description,
severity = threat.Level,
confidence = 2,
lineNumber = threat.Line,
file = fileName
};
o2Finding.text.Add(threat.Description);
o2Assessment.o2Findings.Add(o2Finding);
}
return o2Assessment;
}
public void mapWebInspectMappingsToOzamstFindings()
{
// process Ounce Assessment file
string workOzasmtFile = ozasmtHacmeBankScanWithDefaultRules;
Assert.IsTrue(File.Exists(workOzasmtFile), "ozasmtHacmeBankScanWithDefaultRules could not be found");
var o2AssessmentOunceScan = new O2Assessment(new O2AssessmentLoad_OunceV6(), workOzasmtFile);
o2AssessmentOunceScan.o2Findings = AspNetAnalysis.findWebControlSources(o2AssessmentOunceScan.o2Findings);
Assert.IsTrue(o2AssessmentOunceScan.o2Findings.Count > 0, "There were no Findings calculated");
o2AssessmentOunceScan.save(new O2AssessmentSave_OunceV6(),ozasmtWithHacmeBankWebControlMappings);
// process WebInspect file
string workWebInspectFile = webInspectFileWithResults;
Assert.IsTrue(File.Exists(workWebInspectFile), "webInspectFileWithResults does not exist");
var o2AssessmentWebInspectScan = new O2Assessment()
{
o2Findings =
WebInspectConverter.
loadWebInspectResultsAndReturnO2FindingsFor_SqlInjection_PoC2(
workWebInspectFile)
};
Assert.IsTrue(o2AssessmentWebInspectScan.o2Findings.Count > 0, "No O2 findings created");
o2AssessmentWebInspectScan.save(new O2AssessmentSave_OunceV6(),ozasmtFileWebInspectMappings);
var o2AssessmentGluedOnTraceName = new O2Assessment()
{
o2Findings =
OzasmtGlue.glueOnTraceNames(new O2AssessmentLoad_OunceV6(), ozasmtFileWebInspectMappings,
ozasmtWithHacmeBankWebControlMappings,
"Spring MVC Glue")
};
Assert.IsTrue(o2AssessmentGluedOnTraceName.o2Findings.Count > 0, "No Glued Findings created");
o2AssessmentGluedOnTraceName.save(new O2AssessmentSave_OunceV6(),ozasmtWithWebInspectToOunceMappings);
Analysis.createAssessmentFileWithAllTraces(true, false, ozasmtWithWebInspectToOunceMappings,
// ozasmtWithWebInspectToOunceMappings);
ozasmtWithWebInspectToOunceMappings_UniqueTraces);
//
}
public bool convert(String sTargetOzasmtFile)
{
try
{
if (catNetXml == null || catNetXml.InnerXml == "")
return false;
var o2Assessment = new O2Assessment();
addCatNetResultsAsFindings(o2Assessment, catNetXml);
if (o2Assessment.o2Findings.Count > 0)
{
o2Assessment.save(new O2AssessmentSave_OunceV6(),sTargetOzasmtFile);
DI.log.info("Converted ozasmt file (with {0} findings) saved to {0}", sTargetOzasmtFile);
return true;
}
DI.log.info("There were no findings in converted file (from: {0})", sTargetOzasmtFile);
}
catch (Exception ex)
{
DI.log.ex(ex, "in CatNetConverted.convert");
}
return false;
}
public static string saveFindings(this List<IO2Finding> o2Findings)
{
var savedFile = new O2Assessment(o2Findings).save(new O2AssessmentSave_OunceV6());
"Assessemnt File saved with {0} findings: {1}".info(o2Findings.Count, savedFile);
return savedFile;
}
public static List<IO2Finding> loadFindingsFile(this string fileToLoad)
{
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), fileToLoad);
"there are {0} findings loaded in this file".info( o2Assessment.o2Findings.Count);
return o2Assessment.o2Findings;
}
public static Dictionary <String, List <IO2Trace> > getDictionaryWithO2AllSubTraces(O2Assessment o2Assessment, bool uniqueList)
{
var allTracesInAssessmment = new Dictionary <String, List <IO2Trace> >();
foreach (IO2Finding o2Finding in o2Assessment.o2Findings)
{
getAllTraces(o2Finding.o2Traces, allTracesInAssessmment, uniqueList);
}
return(allTracesInAssessmment);
}
public static Dictionary <String, List <IO2Trace> > getDictionaryWithO2AllSubTraces(O2Assessment o2Assessment)
{
return(getDictionaryWithO2AllSubTraces(o2Assessment, true));
}
public static int getNumberOf_Findings(O2Assessment o2Assessment)
{
return(o2Assessment.o2Findings.Count);
}
