public static O2Rule createRule(O2RuleType rtRuleType, String sSignature, String sDbID)
{
var rRule = new O2Rule
{
Severity = "Medium",
DbId = sDbID,
Signature = sSignature,
RuleType = rtRuleType,
VulnType = String.Format("_O2.{0}", rtRuleType)
};
return(rRule);
}
internal static IO2Rule cloneRule(IO2Rule o2RuleToClone)
{
var clonedRule = new O2Rule
{
Comments = o2RuleToClone.Comments,
DbId = o2RuleToClone.DbId,
FromArgs = o2RuleToClone.FromArgs,
Param = o2RuleToClone.Param,
Return = o2RuleToClone.Return,
FromDb = o2RuleToClone.FromDb,
RuleType = o2RuleToClone.RuleType,
Severity = o2RuleToClone.Severity,
Signature = o2RuleToClone.Signature,
Tagged = o2RuleToClone.Tagged,
ToArgs = o2RuleToClone.ToArgs,
VulnType = o2RuleToClone.VulnType
};
return(clonedRule);
}
//rename this method since we do more than just Source or Sinks here
private static void updateSourceOrSinkRule(O2RulePack o2RulePack, IDictionary <string, List <IO2Rule> > indexedO2Rules, string ruleSignature, string languageDBId, TraceType traceType)
{
if (indexedO2Rules != null && ruleSignature != null)
{
//bool createNotMappedRule = false;
var createRuleWithType = O2RuleType.NotMapped;
// only proccess Sources, Sinks and Lost Sinks
if (traceType == TraceType.Source || traceType == TraceType.Known_Sink || traceType == TraceType.Lost_Sink)
{
O2RuleType o2NewRuleType = O2RulePackUtils.getO2RuleTypeFromRuleType(traceType);
createRuleWithType = o2NewRuleType;
/* if (indexedO2Rules != null && false == string.IsNullOrEmpty(ruleSignature))
* if (indexedO2Rules.ContainsKey(ruleSignature))
* {
* bool thereIsAlreadyARuleWithTheSameRuleType = false;
* foreach (var o2Rule in indexedO2Rules[ruleSignature])
* {
* if (o2Rule.RuleType == O2RuleType.NotMapped)
* // if it is not mapped change it to o2NewRuleType
* {
* o2Rule.RuleType = o2NewRuleType;
* return;
* }
* if (o2Rule.RuleType == o2NewRuleType)
* // if it is already a rule of type o2NewRuleType, mark it so we can ignore it below
* thereIsAlreadyARuleWithTheSameRuleType = true;
* }
* if (false == thereIsAlreadyARuleWithTheSameRuleType)
* // if we got this far, create a new rule of o2NewRuleType
* {
* var newRule = O2RulePackUtils.createRule(o2NewRuleType, ruleSignature, languageDBId);
* indexedO2Rules[ruleSignature].Add(newRule);
* // add it to the index so that we don't have to calculate it again
* o2RulePack.o2Rules.Add(newRule);
* }
* }
*/
}
bool createNewRule = true;
IO2Rule notMappedRule = null;
if (indexedO2Rules.ContainsKey(ruleSignature))
{
foreach (var o2Rule in indexedO2Rules[ruleSignature])
{
if (o2Rule.RuleType == createRuleWithType) // dont create if there is already a rule of this type
{
o2Rule.Tagged = true;
createNewRule = false;
}
if (o2Rule.RuleType == O2RuleType.NotMapped)
{
notMappedRule = o2Rule;
}
}
}
// handle the case where we have already added a signature but it is not a NotMapped one
if (createRuleWithType == O2RuleType.NotMapped && createNewRule && notMappedRule == null && indexedO2Rules.ContainsKey(ruleSignature))
{
createNewRule = false;
}
// if required, Create rule
if (createNewRule)
{
var vulnType = "O2.FindingRule." + createRuleWithType.ToString();
var newRule = new O2Rule(createRuleWithType, vulnType, ruleSignature, languageDBId, true);
o2RulePack.o2Rules.Add(newRule);
if (false == indexedO2Rules.ContainsKey(ruleSignature))
{
indexedO2Rules.Add(ruleSignature, new List <IO2Rule>());
}
indexedO2Rules[ruleSignature].Add(newRule);
if (notMappedRule != null)
{
indexedO2Rules[ruleSignature].Remove(notMappedRule);
}
}
}
}
