public static List<String> getListOf_LostSinks_Unique(String sPathToSavedXmlFile,
ref O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6)
{
var lMatches = new List<string>();
bool bChangeFindingData = false;
Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType;
var ffulsFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData);
List<AssessmentAssessmentFileFinding> laaffFindings = getListOfFindingsUsingFilter(sPathToSavedXmlFile,
ffulsFilter,
ref fadO2AssessmentDataOunceV6);
foreach (AssessmentAssessmentFileFinding aaffFinding in laaffFindings)
lMatches.Add(Analysis.getSmartTraceNameOfTraceType(aaffFinding.Trace, TraceType.Lost_Sink,
fadO2AssessmentDataOunceV6));
return lMatches;
}
public static List <String> getListOf_LostSinks_Unique(String sPathToSavedXmlFile,
ref O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6)
{
var lMatches = new List <string>();
bool bChangeFindingData = false;
Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType;
var ffulsFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData);
List <AssessmentAssessmentFileFinding> laaffFindings = getListOfFindingsUsingFilter(sPathToSavedXmlFile,
ffulsFilter,
ref fadO2AssessmentDataOunceV6);
foreach (AssessmentAssessmentFileFinding aaffFinding in laaffFindings)
{
lMatches.Add(Analysis.getSmartTraceNameOfTraceType(aaffFinding.Trace, TraceType.Lost_Sink,
fadO2AssessmentDataOunceV6));
}
return(lMatches);
}
// this is used for quick queries (these dictionaries act like pointers to interresting stuff
public static void populateDictionariesWithXrefsToLoadedAssessment(FindingFilter ffFindingFilter,
bool bDropDuplicateSmartTraces,
bool bIgnoreRootCallInvocation,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6)
{
try
{
DateTime dtStart = DateTime.Now;
// reset Dictionary objects
oadO2AssessmentDataOunceV6.dAssessmentFiles =
new Dictionary<AssessmentAssessmentFile, List<AssessmentAssessmentFileFinding>>();
oadO2AssessmentDataOunceV6.dVulnerabilityType = new Dictionary<string, List<AssessmentAssessmentFileFinding>>();
oadO2AssessmentDataOunceV6.dFindings =
new Dictionary<AssessmentAssessmentFileFinding, AssessmentAssessmentFile>();
oadO2AssessmentDataOunceV6.dActionObjects = new Dictionary<uint, List<AssessmentAssessmentFileFinding>>();
oadO2AssessmentDataOunceV6.dFindings_CallInvocation =
new Dictionary<AssessmentAssessmentFileFinding, List<CallInvocation>>();
// make no changes to the finding's data
FindingNameFormat ffnFindingNameFormat = FindingNameFormat.FindingType;
bool bChangeFindingData = false;
// create filter
var fFilter = new AnalysisFilters.filter();
if (ffFindingFilter == FindingFilter.SmartTraces)
//AnalysisFilters.filter_FindSmartTraces ffsmSmartTraces =
fFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation, ffnFindingNameFormat,
bChangeFindingData);
else if (ffFindingFilter == FindingFilter.SmartTraces_LostSink)
fFilter = new AnalysisFilters.filter_FindLostSinks(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation, ffnFindingNameFormat,
bChangeFindingData);
else if (ffFindingFilter == FindingFilter.SmartTraces_LostSink_Unique)
fFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData);
// create list to contain all findings that match criteria
oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria = new List<AssessmentAssessmentFileFinding>();
var lsAssessmentFiles = new List<String>();
if (StringsAndLists.notNull(oadO2AssessmentDataOunceV6.arAssessmentRun, typeof (AssessmentRun).Name))
if (null != oadO2AssessmentDataOunceV6.arAssessmentRun.Assessment.Assessment)
foreach (Assessment aAssessment in oadO2AssessmentDataOunceV6.arAssessmentRun.Assessment.Assessment)
if (null != aAssessment.AssessmentFile)
foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile)
{
if (afAssessmentFile.Finding != null)
{
// create list to contain findings (from the current file) that match criteria
var lfFindingsThatMatchCriteria = new List<AssessmentAssessmentFileFinding>();
foreach (AssessmentAssessmentFileFinding fFinding in afAssessmentFile.Finding)
{
// populate Findings Dictionary (dFindings)
oadO2AssessmentDataOunceV6.dFindings.Add(fFinding, afAssessmentFile);
// create list for dictionary with finding CallList
oadO2AssessmentDataOunceV6.dFindings_CallInvocation.Add(fFinding,
new List<CallInvocation>());
// calculate CallList
if (fFinding.Trace != null)
AnalysisUtils.getListWithMethodsCalled_Recursive(fFinding.Trace,
oadO2AssessmentDataOunceV6.
dFindings_CallInvocation
[fFinding],
oadO2AssessmentDataOunceV6,
SmartTraceFilter.
MethodName);
/* Analysis.addCallsToNode_Recursive(fFinding.Trace, tnTempNode, fadO2AssessmentData, stfSmartTraceFilter);
List<TreeNode> tnAllNodes = forms.getListWithAllNodesFromTreeView(tnTempNode.Nodes);
foreach (TreeNode tnNode in tnAllNodes)
tnFinding.Nodes.Add((TreeNode)tnNode.Clone());*/
// process filtered Findings
if (ffFindingFilter == FindingFilter.AllFindings ||
ffFindingFilter == FindingFilter.NoSmartTraces && fFinding.Trace == null)
{
lfFindingsThatMatchCriteria.Add(fFinding);
oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria.Add(fFinding);
}
else // which is this case
{
// run filter for the findings that have a trace
if ((ffFindingFilter == FindingFilter.SmartTraces ||
ffFindingFilter == FindingFilter.SmartTraces_LostSink ||
ffFindingFilter == FindingFilter.SmartTraces_LostSink_Unique)
&& fFinding.Trace != null)
//applyFilter(fFilter, lfFindingsThatMatchCriteria, fFinding, fadO2AssessmentData.arAssessmentRun);
if (applyFilter(fFilter,
oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria,
fFinding, oadO2AssessmentDataOunceV6.arAssessmentRun))
lfFindingsThatMatchCriteria.Add(fFinding);
else
{
}
}
}
// populate Assessment Files Dictionary (dAssessmentFiles)
if (lfFindingsThatMatchCriteria.Count > 0)
{
oadO2AssessmentDataOunceV6.dAssessmentFiles.Add(afAssessmentFile,
lfFindingsThatMatchCriteria);
// fadO2AssessmentData.lfAllFindingsThatMatchCriteria.AddRange(lfFindingsThatMatchCriteria);
}
}
}
// populate lfAllFindingsThatMatchCriteria
foreach (AssessmentAssessmentFileFinding fFinding in oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria)
{
String sVulnType = (fFinding.vuln_type != null)
? fFinding.vuln_type
: OzasmtUtils_OunceV6.getStringIndexValue(UInt32.Parse(fFinding.vuln_type_id),
oadO2AssessmentDataOunceV6);
//if (sVulnType != "Vulnerability.Sink.O2" && sVulnType != "Vulnerability.Source.O2")
// {
// }
// VulnerabilityTypes
if (false == oadO2AssessmentDataOunceV6.dVulnerabilityType.ContainsKey(sVulnType))
// means this is the first Finding of this type
oadO2AssessmentDataOunceV6.dVulnerabilityType[sVulnType] = new List<AssessmentAssessmentFileFinding>();
oadO2AssessmentDataOunceV6.dVulnerabilityType[sVulnType].Add(fFinding);
// ActionObjects
if (false == oadO2AssessmentDataOunceV6.dActionObjects.ContainsKey(fFinding.actionobject_id))
// means this is the first Finding of this type
oadO2AssessmentDataOunceV6.dActionObjects[fFinding.actionobject_id] =
new List<AssessmentAssessmentFileFinding>();
oadO2AssessmentDataOunceV6.dActionObjects[fFinding.actionobject_id].Add(fFinding);
}
// fix externalSource source mapping issue
fixExternalSourceMappingIssue(ref oadO2AssessmentDataOunceV6);
TimeSpan spTimeSpan = DateTime.Now - dtStart;
DI.log.info("Populated Dictionaries With Xrefs To Loaded Assessment in {0}.{1} seconds",
spTimeSpan.Minutes.ToString(), spTimeSpan.Milliseconds.ToString());
}
catch (Exception e)
{
DI.log.error("In populateDictionariesWithXrefsToLoadedAssessment: {0}", e.Message);
}
}
public static String createAssessmentFileWithLostSinks_OneExampleEach(String sTargetFilename,
FindingNameFormat ffnFindingNameFormat,
bool bChangeFindingData,
O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6)
{
var ffulsFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData);
AssessmentRun arFilteredAssessmentRun = createFilteredAssessmentRunObjectBasedOnCriteria(ffulsFilter,
fadO2AssessmentDataOunceV6);
saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename, fadO2AssessmentDataOunceV6);
DI.log.debug("Custom Assessment File (with only one example per Lost Sinks) created: {0}",
sTargetFilename);
restoreChangedData(bChangeFindingData, fadO2AssessmentDataOunceV6);
return sTargetFilename;
}
public static List <AssessmentAssessmentFileFinding> getListOfFindingsUsingFilter(String sPathToSavedXmlFile,
AnalysisFilters.
filter_FindUniqueLostSinks
ffulsFilter,
ref O2AssessmentData_OunceV6
fadO2AssessmentDataOunceV6)
{
var laaffFinding = new List <AssessmentAssessmentFileFinding>();
try
{
bool bVerbose = false;
var lsMatches = new List <string>();
Analysis.loadAssessmentFile(sPathToSavedXmlFile, bVerbose, ref fadO2AssessmentDataOunceV6);
AssessmentRun arFilteredAssessmentRun =
Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffulsFilter, fadO2AssessmentDataOunceV6);
if (null != arFilteredAssessmentRun.Assessment.Assessment)
{
foreach (Assessment aAssessment in arFilteredAssessmentRun.Assessment.Assessment)
{
foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile)
{
if (null != afAssessmentFile.Finding)
{
foreach (AssessmentAssessmentFileFinding aaffFinding in afAssessmentFile.Finding)
{
laaffFinding.Add(aaffFinding);
}
}
}
}
}
}
catch (Exception ex)
{
DI.log.error("getListOfFindingsUsingFilter: {0}", ex.Message);
}
return(laaffFinding);
}