public void launchGui()
{
var astData = new O2MappedAstData();
astData.loadFile("HacmeBank_v2_Website.ascx.PostMessageForm.btnPostMessage_Click.cs".local());
var control = O2Gui.open<Panel>("test ascx_ViewAST",1000,600);
var viewAST = control.add_Control<ascx_ViewAST>();
viewAST.buildGui(astData);
}
public static O2MappedAstData get(string file)
{
if (CacheEnabled && Cached_O2MappedAstData.hasKey(file))
{
// "[Ast_Engine_Cache] using O2MappedAstData cached version of file: {0}".debug(file);
return Cached_O2MappedAstData[file];
}
// "[Ast_Engine_Cache] creating O2MappedAstData for file: {0}".debug(file);
var astData = new O2MappedAstData();
astData.loadFile(file);
if (CacheEnabled)
Cached_O2MappedAstData.add(file, astData);
return astData;
}
public void buildGui()
{
var topPanel = this;
CodeViewer = topPanel.add_SourceCodeViewer();
DataTreeView = CodeViewer.insert_Left<TreeView>(200).showSelection().sort();
Options = DataTreeView.insert_Below<Panel>(40);
Options.add_CheckBox("View AST",0,0,(value)=> { this.Show_Ast = value;}).check();
Options.add_CheckBox("View CodeDom",0,95,(value)=> {this.Show_CodeDom = value; }).front();
Options.add_CheckBox("View NRefactory",20,0,(value)=> {this.Show_NRefactory = value;}).front().autoSize();
DataTreeView.showSelection();
DataTreeView.configureTreeViewForCodeDomViewAndNRefactoryDom();
AstData.afterSelect_ShowInSourceCodeEditor(DataTreeView, CodeViewer.editor());
DataTreeView.onDrop(
(fileOrFolder)=>{
DataTreeView.backColor(Color.LightPink);
O2Thread.mtaThread(
()=>{
AstData.dispose();
AstData = new O2MappedAstData();
if (fileOrFolder.fileExists())
AstData.loadFile(fileOrFolder);
else
AstData.loadFiles(fileOrFolder.files("*.cs",true));
loadDataInGui();
DataTreeView.backColor(Color.White);
});
});
DataTreeView.afterSelect<string>(
(file)=>{
if (file.fileExists())
CodeViewer.open(file);
});
DataTreeView.beforeExpand<CompilationUnit>(
(compilationUnit)=>{
var treeNode = DataTreeView.selected();
treeNode.clear();
if (Show_Ast)
{
if (compilationUnit!=null)
treeNode.add_Node("AST",null)
.show_Ast(compilationUnit)
.show_Asts(compilationUnit.types(true))
.show_Asts(compilationUnit.methods());
//treeNode.show_Ast(compilationUnit);
}
if (Show_CodeDom)
{
var codeNamespace = AstData.MapAstToDom.CompilationUnitToNameSpaces[compilationUnit];
var domNode = treeNode.add_Node("CodeDom");
domNode.add_Node("CodeNamespaces").show_CodeDom(codeNamespace);
domNode.add_Node("CodeTypeDeclarations").show_CodeDom(AstData.codeTypeDeclarations());
domNode.add_Node("CodeMemberMethods").show_CodeDom(AstData.codeMemberMethods());
//domNode.add_Node("CodeMemberMethods").show_CodeDom(o2MappedAstData.codeMemberMethods());
}
if (Show_NRefactory)
{
var iCompilationUnit = AstData.MapAstToNRefactory.CompilationUnitToICompilationUnit[compilationUnit];
treeNode.add_Node("NRefactory")
.add_Nodes_WithPropertiesAsChildNodes<ICompilationUnit>(iCompilationUnit);
//.show_NRefactoryDom(o2MappedAstData.iClasses())
//.show_NRefactoryDom(o2MappedAstData.iMethods());
}
});
}
public static List<IO2Finding> calculate_Url_to_EntryMethod_Mappings(string pathWithSourceFiles, string urlBase, string port, ProgressBar progressBar)
{
var o2Findings = new List<IO2Finding>();
var filesToAnalyze = pathWithSourceFiles.files("*.cs",true);
progressBar.maximum(filesToAnalyze.size());
foreach(var file in filesToAnalyze)
{
"Processing file:{0}".info(file);
var url = urlBase.format(port, file.replace(pathWithSourceFiles,"").replace(".ascx.cs",""));
foreach(var type in file.csharpAst().types(true))
foreach(var baseType in type.BaseTypes)
if (baseType.str() == "System.Web.UI.UserControl")
{
var astData = new O2MappedAstData();
astData.loadFile(file);
foreach(var iMethod in astData.iMethods())
{
var o2Finding = new O2Finding();
o2Finding.vulnName = url;
o2Finding.vulnType = "Web EntryPoint";
var source = new O2Trace(url);
var sink = new O2Trace(iMethod.fullName());
source.traceType = TraceType.Source;
sink.traceType = TraceType.Known_Sink;
source.childTraces.Add(sink);
o2Finding.o2Traces.Add(source);
o2Findings.Add(o2Finding);
}
}
progressBar.increment(1);
}
return o2Findings;
}
