Example #1
0
        //Module quet LOG
        private static List <ItemObject> scanLogging(string fileName, List <ItemObject> listResult)
        {
            if (listResult == null || listResult.Count == 0)
            {
                listResult = new List <ItemObject>();
            }
            string code = readFile2(fileName);

            CSharpLexer lexer = new CSharpLexer(new AntlrInputStream(code));

            lexer.RemoveErrorListeners();
            CommonTokenStream tokens = new CommonTokenStream(lexer);
            CSharpParser      parser = new CSharpParser(tokens);

            IParseTree          tree           = parser.compilation_unit();
            ParseTreeWalker     walker         = new ParseTreeWalker();
            FindLoggingInMethod uploadListener = new FindLoggingInMethod(parser);

            walker.Walk(uploadListener, tree);
            if (uploadListener.listMethod != null)
            {
                foreach (var item in uploadListener.listMethod)
                {
                    ItemObject obj = new ItemObject(item.BaselineItem, item.methodName, null, fileName, item.startLine, "FAIL");
                    listResult.Add(obj);
                }
            }
            return(listResult);
        }
Example #2
0
        //Module quet SQL
        private static List <ItemObject> scanSQL(string fileName, List <ItemObject> listResult)
        {
            if (listResult == null || listResult.Count == 0)
            {
                listResult = new List <ItemObject>();
            }

            string code = readFile2(fileName);

            CSharpLexer lexer = new CSharpLexer(new AntlrInputStream(code));

            lexer.RemoveErrorListeners();
            CommonTokenStream tokens = new CommonTokenStream(lexer);
            CSharpParser      parser = new CSharpParser(tokens);

            IParseTree         tree     = parser.compilation_unit();
            ParseTreeWalker    walker   = new ParseTreeWalker();
            ExtractClassParser listener = new ExtractClassParser(parser);

            //FindGlobalVariable listener = new FindGlobalVariable(parser);

            walker.Walk(listener, tree);
            //}
            //Main tracer

            //sql
            if (listener.listMethodContext != null)
            {
                //Console.WriteLine(filename);
                List <MethodContext> listMethod = listener.getListMethod();
                foreach (var method in listMethod)
                {
                    ParseTreeWalker   methodWalker  = new ParseTreeWalker();
                    FindQueryInMethod queryListener = new FindQueryInMethod(parser, method.lineList);
                    methodWalker.Walk(queryListener, method.context);
                    FindLineOfExpression lineListener = new FindLineOfExpression(parser, method.context, queryListener.listExpressLine, queryListener.commandVar, queryListener.queryVar);
                    methodWalker.Walk(lineListener, method.context);
                    method.lineList = lineListener.listExpressLine;
                    FindUsedMethodInClass methodListener = new FindUsedMethodInClass(parser, method);
                    methodWalker.Walk(methodListener, method.context);
                    if (methodListener.listResult != null)
                    {
                        foreach (var item in methodListener.listResult)
                        {
                            ItemObject obj = new ItemObject(item.BaselineItem, item.methodName, item.listExp, fileName, item.startLine, "FAIL");
                            listResult.Add(obj);
                        }
                    }
                }
            }
            return(listResult);
        }
Example #3
0
        //Module quet XXE
        private static List <ItemObject> scanXXE(string fileName, List <ItemObject> listResult)
        {
            if (listResult == null || listResult.Count == 0)
            {
                listResult = new List <ItemObject>();
            }

            string code = readFile2(fileName);

            CSharpLexer lexer = new CSharpLexer(new AntlrInputStream(code));

            lexer.RemoveErrorListeners();
            CommonTokenStream tokens = new CommonTokenStream(lexer);
            CSharpParser      parser = new CSharpParser(tokens);

            IParseTree         tree     = parser.compilation_unit();
            ParseTreeWalker    walker   = new ParseTreeWalker();
            ExtractClassParser listener = new ExtractClassParser(parser);

            //FindGlobalVariable listener = new FindGlobalVariable(parser);

            walker.Walk(listener, tree);

            if (listener.listXMLContext != null)
            {
                List <ParserRuleContext> listMethod = listener.listXMLContext;
                foreach (var method in listMethod)
                {
                    ParseTreeWalker methodWalker   = new ParseTreeWalker();
                    FindXXEInMethod methodListener = new FindXXEInMethod(parser);
                    methodWalker.Walk(methodListener, method);
                    if (methodListener.isVuln)
                    {
                        ItemObject obj = new ItemObject(methodListener.tmpMethod.BaselineItem, methodListener.tmpMethod.methodName, null, fileName, methodListener.tmpMethod.startLine, "FAIL");
                        listResult.Add(obj);
                    }
                }
            }

            return(listResult);
        }