public void test_CreateCirDataFilesForDotNetFramework()
{
var dotNetFrameworkDirectory = @"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727";
string directoryToSaveCidDataFiles = Path.Combine(DI.config.O2TempDir, "_CirDataFilesFor_DotNetFramework2_0_50727");
Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCidDataFiles);
List <string> targetAssemblies = Files.getFilesFromDir_returnFullPath(dotNetFrameworkDirectory, "*.dll");
//targetAssemblies.AddRange(Files.getFilesFromDir_returnFullPath(DI.hardCodedO2DeploymentDir, "*.dll"));
ICirData cirDataWithAllAssemblies = new CirData();
foreach (var assemblyToProcess in targetAssemblies)
{
if (CecilUtils.isDotNetAssembly(assemblyToProcess))
{
DI.log.info("Processing file: {0}", Path.GetFileName(assemblyToProcess));
ICirData cirData = new CirData();
cirFactory.processAssemblyDefinition(cirData, assemblyToProcess);
cirFactory.processAssemblyDefinition(cirDataWithAllAssemblies, assemblyToProcess);
var savedCirDataFile = Path.Combine(directoryToSaveCidDataFiles,
Path.GetFileName(assemblyToProcess) + ".CirData");
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile);
}
}
DI.log.info("Almost there, now saving cirDataWithAllAssemblies ");
var fileWithCirDataWithAllAssemblies = Path.Combine(directoryToSaveCidDataFiles, "cirDataWithAllAssemblies.CirData");
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirDataWithAllAssemblies, fileWithCirDataWithAllAssemblies);
DI.log.info("Done ..");
}
public static O2RulePack createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(String sCirDataFile)
{
var rpRulePack = new O2RulePack();
if (false == File.Exists(sCirDataFile))
{
DI.log.error(
"in createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks, provide CirData file not found: {0}",
sCirDataFile);
}
else
{
List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile);
// in this type of scan, there are two rules
// if functions have a ControlFlowGraph they are Callbacks
// everything else is a sink
ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile);
Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs =
CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData);
foreach (string sFunction in lsFunctions)
{
if (dFunctionsWithControlFlowGraphs.ContainsKey(sFunction))
{
addRule(createRule(O2RuleType.Callback, sFunction, fcdCirData.sDbId), rpRulePack);
}
else
{
addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack);
}
}
}
return(rpRulePack);
}
public static void saveMappedControllers(string targetFolder, List <SpringMvcController> loadedSpingMvcControllers, ICirData cirData)
{
Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder);
if (Directory.Exists(targetFolder) == false)
{
DI.log.error("Could find or create target folder: {0}", targetFolder);
return;
}
var targetFile = Path.Combine(targetFolder, Files.getTempFileName() + ".SpringMvcControllers");
var springMvcMappings = new SpringMvcMappings {
id = "test", controllers = loadedSpingMvcControllers
};
var targetSavedCirDataFile = Path.Combine(targetFolder, Files.getTempFileName() + ".CirData");
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, targetSavedCirDataFile);
if (File.Exists(targetSavedCirDataFile) == false)
{
DI.log.error("In saveMappedControllers, there was an error creating the CirData file");
}
springMvcMappings.cirDataFile = Path.GetFileName(targetSavedCirDataFile);
if (Serialize.createSerializedXmlFileFromObject(springMvcMappings, targetFile))
{
DI.log.info("springMvcMappings saved to: {0}", targetFile);
}
else
{
DI.log.error("Could NOT save serialized springMvcMappings object to: {0}", targetFile);
}
}
public void test_SaveAndLoadAllO2Modules()
{
var directoryToSaveCidDataFiles = Path.Combine(DI.config.O2TempDir, "_O2_CirData_Files");
Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCidDataFiles);
List <string> targetAssemblies = Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.exe");
targetAssemblies.AddRange(Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.dll"));
foreach (var assemblyToProcess in targetAssemblies)
{
DI.log.info("Processing file: {0}", Path.GetFileName(assemblyToProcess));
ICirData cirData = new CirData();
cirFactory.processAssemblyDefinition(cirData, assemblyToProcess);
Assert.That(cirData.dClasses_bySignature.Count > 0 && cirData.dFunctions_bySignature.Count > 0,
"There we no CirData results for :" + assemblyToProcess);
var savedCirDataFile = Path.Combine(directoryToSaveCidDataFiles,
Path.GetFileName(assemblyToProcess) + ".CirData");
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile);
Assert.That(File.Exists(savedCirDataFile), "Saved CirData file Didn't exist: " + savedCirDataFile);
ICirData cirData2 = CirLoad.loadFile(savedCirDataFile);
Assert.That(cirData2 != null, "cirData2 was null");
Assert.That(cirData.dClasses_bySignature.Count == cirData2.dClasses_bySignature.Count,
"dClasses_bySignature Count didnt match");
Assert.That(cirData.dFunctions_bySignature.Count == cirData2.dFunctions_bySignature.Count,
"dFunctions_bySignature Count didnt match");
// comment this to delete created files
//File.Delete(savedCirDataFile);
}
}
public static void loadCirDumpXmlFile_andPopulateDictionariesWithXrefs(String sFileToProcess, CirData fcdCirData,
bool bVerbose)
{
CommonIRDump cidCommonIrDump = loadCirDumpXmlFile_justReturnCommonIRDump(sFileToProcess, bVerbose);
fcdCirData.bVerbose = bVerbose;
CirDataUtils.populateDictionariesWithXrefs(cidCommonIrDump, fcdCirData);
}
public void test_SaveCirDataFile()
{
ICirData cirData = new CirData();
cirFactory.processAssemblyDefinition(cirData, DI.config.ExecutingAssembly);
var savedCirDataFile = DI.config.getTempFileInTempDirectory("CirData");
Assert.That(false == File.Exists(savedCirDataFile), "savedCirDataFile shouldn't exist here");
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile);
Assert.That(File.Exists(savedCirDataFile), "savedCirDataFile exist here");
File.Delete(savedCirDataFile);
Assert.That(false == File.Exists(savedCirDataFile), "savedCirDataFile Should be deleted");
DI.log.info("all done");
}
public static void loadCirDumpXmlFiles_andPopulateDictionariesWithXrefs(List <String> sFilesToProcess,
CirData fcdCirData, bool bVerbose)
{
for (int iFileIndex = 0; iFileIndex < sFilesToProcess.Count; iFileIndex++)
{
O2Timer tO2Timer =
new O2Timer(String.Format("[{0}/{1}] Loading CirDumpFile : {2}", sFilesToProcess.Count,
iFileIndex, sFilesToProcess[iFileIndex])).start();
CommonIRDump cidCommonIrDump = loadCirDumpXmlFile_justReturnCommonIRDump(sFilesToProcess[iFileIndex],
bVerbose);
fcdCirData.bVerbose = true;
CirDataUtils.populateDictionariesWithXrefs(cidCommonIrDump, fcdCirData);
tO2Timer.stop();
}
}
public static CirData loadSerializedO2CirDataObject(String sTargetFile, bool bUseCachedVersionIfAvailable)
{
DI.log.debug("Loading o2CirData file: {0}", sTargetFile);
// add cache support
// return cached object (if available)
if (bUseCachedVersionIfAvailable && vars.get(sTargetFile) != null)
{
return((CirData)vars.get(sTargetFile));
}
CirData fcdLoadedo2CirData = null;
try
{
O2Timer tO2Timer =
new O2Timer("Loading DeSerialized O2CirData from " + Path.GetFileName(sTargetFile)).start();
var bfBinaryFormatter = new BinaryFormatter();
var fsFileStream = new FileStream(sTargetFile, FileMode.Open);
//ounceLabs.O2.classes.
Object oObject = bfBinaryFormatter.Deserialize(fsFileStream);
if (oObject.GetType().Name == "CirData")
{
fcdLoadedo2CirData = (CirData)oObject;
if (fcdLoadedo2CirData.sDbId == "")
{
CirDataUtils.resolveDbId(fcdLoadedo2CirData); // in case was not originally resolved
}
if (fcdLoadedo2CirData.dClasses_bySignature == null)
{
DI.log.error("Something is wrong with this file since the dClasses dictionary is null");
}
// store loaded object as a local o2 var (which will act as a cache)
vars.set_(sTargetFile, fcdLoadedo2CirData);
}
else
{
DI.log.error("Loaded data is not of type o2CirData");
}
fsFileStream.Close();
tO2Timer.stop();
}
catch (Exception ex)
{
DI.log.error("In loadSerializedO2CirDataObject: {0}", ex.Message);
}
return(fcdLoadedo2CirData);
}
internal string processAssemblyAndSaveAsCirDataFile(ICirData cirData, string fileToProcess, string directoryToSaveCirDataFile, bool decompileCodeIfNoPdb)
{
processAssemblyDefinition(cirData, fileToProcess, decompileCodeIfNoPdb);
if (cirData.dClasses_bySignature.Count == 0)
{
DI.log.error("There were no classes in created cirData file, so canceling save");
}
else
{
Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCirDataFile);
var savedFileName = Path.Combine(directoryToSaveCirDataFile, Path.GetFileName(fileToProcess) + ".CirData");
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedFileName);
return(savedFileName);
}
return("");
}
public static void mapXmlFilesToCirData(string pathCirDataFile, string pathToClassFiles, string pathToRootClassFolder)
{
var cirData = CirLoad.loadFile(pathCirDataFile);
DI.log.info("There are {0} functions loaded", cirData.dFunctions_bySignature.Keys.Count);
var attributeXmlFiles = getAttributeXmlFiles(pathToClassFiles, pathToRootClassFolder);
var numberOfControllersMapped = 0;
foreach (var attributeXmlFile in attributeXmlFiles.Keys)
{
var resolvedParentClass = attributeXmlFile.Replace("\\", ".").Replace(".class.JavaAttributes.xml", "");
if (cirData.dClasses_bySignature.ContainsKey(resolvedParentClass))
{
//DI.log.info(" we have a match : {0} -> {1}", resolvedParentClass , attributeXmlFiles[attributeXmlFile]);
XDocument xDoc = XDocument.Load(attributeXmlFiles[attributeXmlFile]);
foreach (var cirFunction in cirData.dClasses_bySignature[resolvedParentClass].dFunctions.Values)
{
var xmlMethodElements = from xElement
in xDoc.Elements("JavaAttributeMappings").Elements("class").Elements("method")
where xElement.Attribute("name").Value == cirFunction.FunctionName
select xElement;
// for now map all xmlMethods to the same CirData (this could create a false positive if there are controllers with the same name (but diferent signature
foreach (var xMethodElement in xmlMethodElements)
{
if (SpringMVCAttributes.addTaintedInfoToCirFunction(xMethodElement, cirFunction))
{
numberOfControllersMapped++;
}
}
if (cirFunction.IsTainted && xmlMethodElements.Count() > 1)
{
DI.log.error("DOUBLE MAPPING since cirFunction.IsTained && xmlMethodElements.Count() >1 : {0} -> {1}", resolvedParentClass, cirFunction.FunctionName);
}
}
}
else
if (resolvedParentClass.IndexOf('$') == -1)
{
DI.log.error(" we DONT have a match : {0}", resolvedParentClass);
}
}
DI.log.info("There were {0} controllers mappings added", numberOfControllersMapped);
var newCirDataFile = pathCirDataFile + ".WithSpringMvcControllersAsCallbacks.CirData";
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, newCirDataFile);
}
public static bool createConsolidatedCirDataFile(String sPathToCirDumpFiles, String sTargetCirDataFile,
bool bStoreControlFlowBlockRawDataInsideCirDataFile)
{
DI.log.debug("Creating Consolidated CirData file");
try
{
List <String> lsCirDumpFiles = Files.getFilesFromDir_returnFullPath(sPathToCirDumpFiles);
var fcdCirData = new CirData
{
bStoreControlFlowBlockRawDataInsideCirDataFile =
bStoreControlFlowBlockRawDataInsideCirDataFile
};
if (lsCirDumpFiles.Count == 0)
{
DI.log.error("No CirDump to process (were created during scan?)");
}
else
{
DI.log.debug("in loadCirDumpXmlFile_andPopulateDictionariesWithXrefs");
foreach (String sFile in lsCirDumpFiles)
{
try
{
fcdCirData.dSymbols = new Dictionary <string, string>();
fcdCirData.dTemp_Functions_bySymbolDef = new Dictionary <string, ICirFunction>();
CirLoad.loadCirDumpXmlFile_andPopulateDictionariesWithXrefs(sFile, fcdCirData, true);
}
catch (Exception ex)
{
DI.log.error("In createConsolidatedCirDataFile, error while processing file {0}: {1}",
sFile, ex.Message);
}
}
DI.log.debug("in saveSerializedO2CirDataObjectToFile");
CirDataUtils.saveSerializedO2CirDataObjectToFile(fcdCirData, sTargetCirDataFile);
return(true);
}
}
catch (Exception ex)
{
DI.log.error("In createConsolidatedCirDataFile: {0}:", ex.Message);
}
return(false);
}
public static List <String> getFunctionsSignaturesFrom02CirData(String sCirDataFile)
{
DI.log.debug("sCirDataFile = {0}", sCirDataFile);
var lsFunctions = new List <string>();
if (false == File.Exists(sCirDataFile))
{
DI.log.error("Provided CirData file does not exist:{0}", sCirDataFile);
return(lsFunctions);
}
ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile);
//var lsResolvedWebMethods = new List<string>();
Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs =
CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData);
// start with all functions that we have a control flow graph for
foreach (ICirFunction cfCirFunction in dFunctionsWithControlFlowGraphs.Values)
{
// first add the current function
if (false == lsFunctions.Contains(cfCirFunction.FunctionSignature))
{
lsFunctions.Add(cfCirFunction.FunctionSignature);
}
// then add all function's called
foreach (ICirFunction cirFunction in cfCirFunction.FunctionsCalledUniqueList)
{
//if ((false == bOnlyAddSinksIfExternalToCurrentCirDataFile || false == dFunctionsWithControlFlowGraphs.ContainsKey(sCalledFunction)) && false == lsSinksToAdd.Contains(sCalledFunction))
if (false == lsFunctions.Contains(cirFunction.FunctionSignature))
{
// if (sCalledFunction.IndexOf("()") == -1) // don't add methods that receive no parameters
lsFunctions.Add(cirFunction.FunctionSignature);
}
}
}
return(lsFunctions);
}
public void findAndFixLoadedCirData()
{
foreach (CirClass ccCirClass in cdaO2CirDataAnalysis.dCirClass.Keys)
{
if (ccCirClass.bClassHasMethodsWithControlFlowGraphs == false)
{
var lsFunctions = new List <string>();
foreach (CirFunction ccCirFunction in ccCirClass.dFunctions.Values)
{
String sSignatureWithoutClass =
ccCirFunction.FunctionSignature.Replace(ccCirFunction.ParentClass.Signature, "");
lsFunctions.Add(sSignatureWithoutClass);
}
if (lsFunctions.Count > 0)
{
foreach (CirClass ccCirClassToMap in cdaO2CirDataAnalysis.dCirClass.Keys)
{
if (ccCirClassToMap.bClassHasMethodsWithControlFlowGraphs)
{
foreach (String sFunction in ccCirClassToMap.dFunctions.Keys)
{
if (sFunction.IndexOf(lsFunctions[0]) > -1) // first only find one, then match all
{
var lsFunctionsInTargetClass = new List <string>();
foreach (CirFunction ccCirFunction in ccCirClassToMap.dFunctions.Values)
{
String sSignatureWithoutClass =
ccCirFunction.FunctionSignature.Replace(
ccCirFunction.ParentClass.Signature, "");
lsFunctionsInTargetClass.Add(sSignatureWithoutClass);
}
bool bFoundAllFunctions = true;
foreach (string sFunctionsToMatch in lsFunctions)
{
if (lsFunctionsInTargetClass.Contains(sFunctionsToMatch) == false)
{
bFoundAllFunctions = false;
break;
}
}
if (bFoundAllFunctions)
{
const string sStatus = "";
if (false == ccCirClassToMap.dSuperClasses.ContainsValue(ccCirClass))
{
// check if we don't already have this mapping
if (cbOnlyMapWithExtra_Imp.Checked)
{
if (ccCirClassToMap.Name == ccCirClass.Name + "Imp")
{
DI.log.debug(
"We have a match, it looks like {0} implements {1} - {2} ",
ccCirClassToMap.Name, ccCirClass.Name, sStatus);
if (cbFixCirDumpFiles.Checked)
{
DI.log.info("Fixing xrefs");
ccCirClassToMap.dSuperClasses.Add(ccCirClass.Signature,
ccCirClass);
ccCirClass.dIsSuperClassedBy.Add(
ccCirClassToMap.Signature, ccCirClassToMap);
}
}
}
else if (ccCirClassToMap.Name.Contains(ccCirClass.Name))
{
DI.log.debug(
"We have a match, it looks like {0} implements {1} - {2} ",
ccCirClassToMap.Name, ccCirClass.Name, sStatus);
}
}
}
// we have a match
}
}
}
}
}
}
}
if (cbFixCirDumpFiles.Checked)
{
DI.log.info("Since cbFixCirDumpFiles is checked, lets Serialize again the loaded CirData files");
foreach (String sLoadedO2CirData in cdaO2CirDataAnalysis.dCirDataFilesLoaded.Keys)
{
CirDataUtils.saveSerializedO2CirDataObjectToFile(cdaO2CirDataAnalysis.dCirDataFilesLoaded[sLoadedO2CirData], sLoadedO2CirData);
}
}
}
public static void saveCirDataAnalysisObjectAsCirDataFile(ICirDataAnalysis cirDataAnalysis, string savedCirDataFile)
{
var cirData = createCirDataFromCirDataAnalysis(cirDataAnalysis);
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile);
}