public static List <IO2Finding> glueClickButtonTraces(String ClickButtonMappingOzasmt, String webLayerOzasmt, String webServicesLayerOzasmt)
{
var results = new List <IO2Finding>();
var clickButton = new O2Assessment(new O2AssessmentLoad_OunceV6(), ClickButtonMappingOzasmt);
var webLayer = new O2Assessment(new O2AssessmentLoad_OunceV6(), webLayerOzasmt);
// var webServices = new O2Assessment(new O2AssessmentLoad_OunceV6(), webServicesLayerOzasmt);
var webLayerAllTraces = OzasmtUtils.getDictionaryWithO2AllSubTraces(webLayer);
var count = webLayerAllTraces.Count;
foreach (var clickButtonFinding in clickButton.o2Findings)
{
var sinkToFind = OzasmtUtils.getKnownSink(clickButtonFinding.o2Traces).signature;
if (webLayerAllTraces.ContainsKey(sinkToFind))
{
foreach (var webLayerO2Trace in webLayerAllTraces[sinkToFind])
{
results.Add(OzasmtGlue.createCopyAndGlueTraceSinkWithSource(clickButtonFinding, webLayerO2Trace));
}
}
}
DI.log.debug(" {0} findings in result ", results.Count);
return(results);
}
public static List <IO2Finding> join_WebLayer_traces_with_WebServices_traces(List <IO2Finding> sourceO2Findings, List <IO2Finding> webLayerFindingsWithUrl)
{
var bySink = webLayerFindingsWithUrl.indexBy_Sink();
var bySource = sourceO2Findings.indexBy_Source();
var jointFindings = new List <IO2Finding>();
foreach (var source in bySource)
{
var fixedSource = source.Key.replace("HacmeBank_v2_WS.WS_UserManagement", "WS_UserManagement");
fixedSource = fixedSource.replace("HacmeBank_v2_WS.WS_AccountManagement", "WS_AccountManagement");
fixedSource = fixedSource.replace("HacmeBank_v2_WS.WS_UsersCommunity", "WS_UsersCommunity");
if (fixedSource.contains("Login"))
{
fixedSource.info();
//source.Key.info();
}
if (bySink.hasKey(fixedSource))
{
foreach (var findingA in bySink[fixedSource])
{
foreach (var findingB in source.Value)
{
var newFinding = OzasmtGlue.createCopyAndGlueTraceSinkWithTrace(findingA, findingB.o2Traces);
jointFindings.add(newFinding);
}
}
}
}
return(jointFindings);
}
private void btDeleteTraceNode_Click(object sender, EventArgs e)
{
if (ascxTraceTreeView.selectedNodeTag != null)
{
OzasmtGlue.deleteO2Trace((List <IO2Trace>)currentO2Finding.o2Traces, ascxTraceTreeView.o2Trace);
ascxTraceTreeView.showO2TraceTree();
}
}
private void tvSmartTrace_KeyUp(object sender, KeyEventArgs e)
{
if (e.KeyCode == Keys.Delete && tvSmartTrace.SelectedNode != null)
{
OzasmtGlue.deleteO2Trace(o2Finding.o2Traces, (IO2Trace)tvSmartTrace.SelectedNode.Tag);
showO2TraceTree();
}
}
public void glueTrace()
{
if (fidingsViewer_WebInspectOzasmt.currentO2Findings.Count > 0 &&
fidingsViewer_OunceOzasmt.currentO2Findings.Count > 0)
{
fidingsViewer_MappedFile.loadO2Findings(
OzasmtGlue.glueOnTraceNames(fidingsViewer_WebInspectOzasmt.currentO2Findings, fidingsViewer_OunceOzasmt.currentO2Findings, "Spring MVC Glue"));
}
}
public void createClickButtonTraces()
{
var o2Assessment = new O2Assessment
{
o2Findings = OzasmtGlue.glueTraceSinkWithSources(new O2AssessmentLoad_OunceV6(), clickButtonMappingOzasmt,
bothLayersOzasmt)
};
//o2Assessment.o2Findings = AspNetAnalysis.glueClickButtonTraces(clickButtonMappingOzasmt, webLayerOzasmt, webServicesLayerOzasmt);
Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "no findings calculated");
o2Assessment.o2Findings = OzasmtFilter.getFindingsWithSink(o2Assessment.o2Findings, "System.Data");
Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "no System.Data Sinks found");
o2Assessment.save(new O2AssessmentSave_OunceV6(), resultsFilefor_clickButtonSource_SystemDataSink);
Assert.IsTrue(File.Exists(resultsFilefor_clickButtonSource_SystemDataSink), "resultsFilefor_clickButtonSource_SystemDataSink doesn't exist");
}
public void mapWebInspectMappingsToOzamstFindings()
{
// process Ounce Assessment file
string workOzasmtFile = ozasmtHacmeBankScanWithDefaultRules;
Assert.IsTrue(File.Exists(workOzasmtFile), "ozasmtHacmeBankScanWithDefaultRules could not be found");
var o2AssessmentOunceScan = new O2Assessment(new O2AssessmentLoad_OunceV6(), workOzasmtFile);
o2AssessmentOunceScan.o2Findings = AspNetAnalysis.findWebControlSources(o2AssessmentOunceScan.o2Findings);
Assert.IsTrue(o2AssessmentOunceScan.o2Findings.Count > 0, "There were no Findings calculated");
o2AssessmentOunceScan.save(new O2AssessmentSave_OunceV6(), ozasmtWithHacmeBankWebControlMappings);
// process WebInspect file
string workWebInspectFile = webInspectFileWithResults;
Assert.IsTrue(File.Exists(workWebInspectFile), "webInspectFileWithResults does not exist");
var o2AssessmentWebInspectScan = new O2Assessment()
{
o2Findings =
WebInspectConverter.
loadWebInspectResultsAndReturnO2FindingsFor_SqlInjection_PoC2(
workWebInspectFile)
};
Assert.IsTrue(o2AssessmentWebInspectScan.o2Findings.Count > 0, "No O2 findings created");
o2AssessmentWebInspectScan.save(new O2AssessmentSave_OunceV6(), ozasmtFileWebInspectMappings);
var o2AssessmentGluedOnTraceName = new O2Assessment()
{
o2Findings =
OzasmtGlue.glueOnTraceNames(new O2AssessmentLoad_OunceV6(), ozasmtFileWebInspectMappings,
ozasmtWithHacmeBankWebControlMappings,
"Spring MVC Glue")
};
Assert.IsTrue(o2AssessmentGluedOnTraceName.o2Findings.Count > 0, "No Glued Findings created");
o2AssessmentGluedOnTraceName.save(new O2AssessmentSave_OunceV6(), ozasmtWithWebInspectToOunceMappings);
Analysis.createAssessmentFileWithAllTraces(true, false, ozasmtWithWebInspectToOunceMappings,
// ozasmtWithWebInspectToOunceMappings);
ozasmtWithWebInspectToOunceMappings_UniqueTraces);
//
}
public static List <IO2Finding> calculate_WebLayer_tracesInto_WebServices_with_URL_as_Source(List <IO2Finding> sourceO2Findings, List <IO2Finding> urlMappings)
{
var webLayerFindingsWithUrl = new List <IO2Finding>();
var mappedFindings = sourceO2Findings.getFindingsWith_WebServicesInvoke()
.makeSinks_WebServicesInvokeTarget();
var indexedByRootMethod = mappedFindings.indexBy(
(o2Finding) => {
if (o2Finding.o2Traces[0].childTraces.size() > 1)
{
return(o2Finding.o2Traces[0].childTraces[1].context);
}
else
{
return("no root method");
}
});
foreach (var sinkValue in urlMappings.indexBy_Sink())
{
if (indexedByRootMethod.hasKey(sinkValue.Key))
{
foreach (var findingA in sinkValue.Value)
{
foreach (var findingB in indexedByRootMethod[sinkValue.Key])
{
//var newFinding = findingA.copy();
var newFinding = OzasmtGlue.createCopyAndGlueTraceSinkWithTrace(findingA, findingB.o2Traces);
webLayerFindingsWithUrl.add(newFinding);
}
}
}
// sinkValue.Key.info();
}
webLayerFindingsWithUrl.removeFirstSource();
return(webLayerFindingsWithUrl);
}
public static List <IO2Finding> joinTraces(List <IO2Finding> findingsToJoinOnSinks, List <IO2Finding> findingsToJoinOnSources)
{
var gluedFindingVulnName = "Spring Mvc Glued finding";
return(OzasmtGlue.glueOnSinkToAproximateSourceNameMatch(findingsToJoinOnSinks, findingsToJoinOnSources, gluedFindingVulnName));
}
private void handleDragDrop(DragEventArgs e)
{
var droppedObject = Dnd.tryToGetObjectFromDroppedObject(e);
switch (droppedObject.GetType().Name)
{
case "O2Trace":
var droppedTrace = (IO2Trace)droppedObject;
var selectedO2Trace = o2Trace;
if (selectedO2Trace == droppedTrace)
{
DI.log.error("on tvSmartTrace_DragDrop: It is not possible to drop a trace on it seft");
}
else if (bMoveTraces &&
(OzasmtSearch.isO2TraceAChildTraceOfO2Trace(selectedO2Trace, droppedTrace)))
{
// if we draged into a parent, we need to make a copy first, then copy it then delete the original
IO2Trace copiedO2Trace = OzasmtCopy.createCopy(droppedTrace);
OzasmtGlue.deleteO2Trace(o2Finding.o2Traces, droppedTrace);
selectedO2Trace.childTraces.Add(copiedO2Trace);
}
else if (bMoveTraces &&
OzasmtSearch.isO2TraceAChildTraceOfO2Trace(droppedTrace, selectedO2Trace))
{
DI.log.error(
"on tvSmartTrace_DragDrop: Could not move trace since it is not possible to drop a trace into its own child node");
}
else
{
IO2Trace copiedO2Trace = OzasmtCopy.createCopy(droppedTrace);
if (bMoveTraces)
{
OzasmtGlue.deleteO2Trace(o2Finding.o2Traces, droppedTrace);
}
selectedO2Trace.childTraces.Add(copiedO2Trace);
}
showO2TraceTree();
break;
case "O2Finding":
loadO2Finding((O2Finding)droppedObject);
break;
case "TreeNode":
var tagObject = ((TreeNode)droppedObject).Tag;
if (tagObject != null)
{
if (tagObject is O2Finding)
{
loadO2Finding((O2Finding)tagObject);
}
}
break;
}
/* var droppedTrace2 = (O2Trace)Dnd.tryToGetObjectFromDroppedObject(e, typeof(O2Trace));
* if (droppedTrace2 != null)
* {
*
* }
* else
* {
* var droppedO2Finding = (O2Finding)Dnd.tryToGetObjectFromDroppedObject(e, typeof(O2Finding));
* if (droppedO2Finding != null)
* loadO2Finding(droppedO2Finding);
* else
* {
* droppedO2Finding = (O2Finding)Dnd.tryToGetObjectFromDroppedObject(e, typeof(TreeNode));
*
* }
* }*/
}
