public void Similarity() { string text1 = "asldbcv3o9322lif;owq4o-u-4hf3fn4ofwh094f4qq43fqldadsa2GSUACUVAoo32g3f"; string text2 = "xsbadkvivuvsd;ojve;rieorqro8@O*ho848oq34floowahoOAGAGAODOWWOoq38aqo3af"; LettersDiffer differ = new LettersDiffer(); differ.AddTask(text1, 0); differ.AddTask(text2, 0); double diffSimilarity = differ.DoDiff(); double aseSimilarity = ASESimilarityAlgorithm.CalculateSimilarity(text1, text2); Assert.AreEqual(aseSimilarity, diffSimilarity, 0.05, "Incorrect similarity factor"); }
public bool ValueMatches(IDiffObject diffObject) { BaseTextDiffObject otherObject = diffObject as BaseTextDiffObject; bool equals = false; if (otherObject != null) { equals = this.ValueHash == otherObject.ValueHash; if (!equals && SimilarityFactor < 1) { equals = ASESimilarityAlgorithm.CalculateSimilarity(this.Value, otherObject.Value) >= this.SimilarityFactor; } } return(equals); }
/// <summary> /// Checks is the value is equal. If not where applicable a collection of granular differences is outputed /// </summary> /// <param name="diffObject"></param> /// <param name="diffsForSelf"></param> /// <param name="diffsForArgument"></param> /// <param name="commonElements"></param> /// <returns></returns> public bool ValueMatches(IDiffObject diffObject, out IDiffObjectsCollection diffsForSelf, out IDiffObjectsCollection diffsForArgument, out IDiffObjectsCollection commonElements) { BaseTextDiffObject otherObject = diffObject as BaseTextDiffObject; diffsForSelf = null; diffsForArgument = null; commonElements = null; bool matches = false; if (otherObject != null) { matches = this.ValueHash == otherObject.ValueHash; if (!matches) { double simFactor = ASESimilarityAlgorithm.CalculateSimilarity(this.Value, otherObject.Value); LettersDiffer granularDiffer = InitGranularDiffer(); if (simFactor > 0 && granularDiffer != null) { //calculate granular differences granularDiffer.AddTask(Value, Position); //imports the current word into a letters collection starting from the position of the current element granularDiffer.AddTask(otherObject.Value, otherObject.Position); double diffRatio = granularDiffer.DoDiff(0, 1); diffsForSelf = granularDiffer.GetResultingDifferences(0); diffsForArgument = granularDiffer.GetResultingDifferences(1); commonElements = granularDiffer.GetResultingCommonElements(0); matches = diffRatio >= this.SimilarityFactor; } } } return(matches); }
/// <summary> /// Calculates if the current response is different than the original response /// </summary> /// <param name="responseInfo"></param> /// <returns></returns> private bool IsDifferentThanOriginalResponse(HttpResponseInfo responseInfo) { bool isDifferent; if (!_trackingReqInfo.ResponseStatus.Equals(responseInfo.Status.ToString())) { isDifferent = true; } else if (ResponseLengthIsSignificantlyDifferent(responseInfo, _trackingReqInfo)) { isDifferent = true; } else //calculate response similarity { byte[] oldRespBytes = _dataStore.LoadResponseData(_trackingReqInfo.Id); string oldRespString = Constants.DefaultEncoding.GetString(oldRespBytes); double similarity = ASESimilarityAlgorithm.CalculateSimilarity(oldRespString, responseInfo.ToString()); isDifferent = similarity < 0.98; } return(isDifferent); }
/// <summary> /// Diffs the response bodies /// </summary> /// <param name="result"></param> /// <param name="firstResponse"></param> /// <param name="secondResponse"></param> /// <param name="firstRespBasePos"></param> /// <param name="secondRespBasePos"></param> /// <returns></returns> private RequestsDifferResult DiffResponseBody(RequestsDifferResult result, string firstResponse, string secondResponse, int firstRespBasePos, int secondRespBasePos) { int firstResponseBodyStart = FindResponseBodyStart(firstResponse); int secondResponseBodyStart = FindResponseBodyStart(secondResponse); string firstResponseBody = firstResponse.Substring(firstResponseBodyStart); string secondResponseBody = secondResponse.Substring(secondResponseBodyStart); LinesDiffer linesDiffer = new LinesDiffer(); //this differ first compares the lines then the words then the letters linesDiffer.Properties.Sorted = false; linesDiffer.AddTask(firstResponseBody, firstRespBasePos + firstResponseBodyStart); linesDiffer.AddTask(secondResponseBody, secondRespBasePos + secondResponseBodyStart); result.BodyDiffSimilarity = linesDiffer.DoDiff(); //calculate aproximate similarity as generated by appscan algorithm result.BodyAproximateSimilarity = ASESimilarityAlgorithm.CalculateSimilarity(firstResponseBody, secondResponseBody); result = AppendDiffs(result, linesDiffer); return(result); }
/// <summary> /// Validates a response and inserts a vulnerability /// </summary> /// <param name="rawRequest"></param> /// <param name="rawResponse"></param> /// <param name="requestUri"></param> /// <param name="parameterName"></param> /// <param name="entityId"></param> /// <param name="testDef"></param> /// <param name="payload"></param> /// <param name="mutatedRequestList"></param> /// <param name="testResponseList"></param> public bool ValidateTest(string rawRequest, string rawResponse, Uri requestUri, string parameterName, string entityId, CustomTestDef testDef, List <string> mutatedRequestList, List <string> testResponseList) { string validation = testDef.Validation.Trim(); if (String.IsNullOrWhiteSpace(validation)) { return(false); //this is a callback test } bool found = false; bool isMultiValidationRule = IsMultiValidationRule(validation); if (!isMultiValidationRule) { for (int idx = 0; idx < mutatedRequestList.Count; idx++) { string mutatedRequest = mutatedRequestList[idx]; string testResponse = testResponseList[idx]; found |= ValidateSingleTest(rawRequest, rawResponse, requestUri, parameterName, entityId, testDef, mutatedRequest, testResponse); } } else { if (validation.StartsWith(JAVASCRIPT_FUNCTION_TAG)) { found = RunJavaScriptValidation(validation, testResponseList); } else if (validation.StartsWith(TAUTOLOGY_VERIFICATION_FUNC)) { if (testResponseList != null && testResponseList.Count % 3 == 0) { int encodingsCount = testResponseList.Count / 3; for (int i = 0; i < encodingsCount && !found; i++) { int first = i; int second = i + encodingsCount; int third = i + 2 * encodingsCount; double firstAndThirdSimilarity = ASESimilarityAlgorithm.CalculateSimilarity(testResponseList[first], testResponseList[third]); double firstAndSecondSimilarity = ASESimilarityAlgorithm.CalculateSimilarity(testResponseList[first], testResponseList[second]); found = firstAndThirdSimilarity - firstAndSecondSimilarity > 0.2; //first and third are more similar than first and second if (found) { var newMutatedRequestList = new List <string>(); var newTestResponseList = new List <string>(); newMutatedRequestList.Add(mutatedRequestList[first]); newMutatedRequestList.Add(mutatedRequestList[second]); newMutatedRequestList.Add(mutatedRequestList[third]); newTestResponseList.Add(testResponseList[first]); newTestResponseList.Add(testResponseList[second]); newTestResponseList.Add(testResponseList[third]); mutatedRequestList = newMutatedRequestList; testResponseList = newTestResponseList; } } } else { _testController.Log("INCORRECT NUMBER OF PAYLOADS FOR TAUTOLOGY VERIFICATION (MUST BE DIVISIBLE WITH 3)"); } } if (found) { for (int i = 0; i < mutatedRequestList.Count; i++) { _testController.Log("MULTI-VALIDATION rule match on entity '{0}', test '{1}'", parameterName, testDef.Name); } _testController.HandleIssueFound(rawRequest, rawResponse, requestUri, testDef.Type, parameterName, mutatedRequestList, testResponseList, validation, ""); } } return(found); }