public void test_CreateCirDataFilesForDotNetFramework() { var dotNetFrameworkDirectory = @"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727"; string directoryToSaveCidDataFiles = Path.Combine(DI.config.O2TempDir, "_CirDataFilesFor_DotNetFramework2_0_50727"); Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCidDataFiles); List <string> targetAssemblies = Files.getFilesFromDir_returnFullPath(dotNetFrameworkDirectory, "*.dll"); //targetAssemblies.AddRange(Files.getFilesFromDir_returnFullPath(DI.hardCodedO2DeploymentDir, "*.dll")); ICirData cirDataWithAllAssemblies = new CirData(); foreach (var assemblyToProcess in targetAssemblies) { if (CecilUtils.isDotNetAssembly(assemblyToProcess)) { DI.log.info("Processing file: {0}", Path.GetFileName(assemblyToProcess)); ICirData cirData = new CirData(); cirFactory.processAssemblyDefinition(cirData, assemblyToProcess); cirFactory.processAssemblyDefinition(cirDataWithAllAssemblies, assemblyToProcess); var savedCirDataFile = Path.Combine(directoryToSaveCidDataFiles, Path.GetFileName(assemblyToProcess) + ".CirData"); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile); } } DI.log.info("Almost there, now saving cirDataWithAllAssemblies "); var fileWithCirDataWithAllAssemblies = Path.Combine(directoryToSaveCidDataFiles, "cirDataWithAllAssemblies.CirData"); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirDataWithAllAssemblies, fileWithCirDataWithAllAssemblies); DI.log.info("Done .."); }
public static O2RulePack createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(String sCirDataFile) { var rpRulePack = new O2RulePack(); if (false == File.Exists(sCirDataFile)) { DI.log.error( "in createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks, provide CirData file not found: {0}", sCirDataFile); } else { List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile); // in this type of scan, there are two rules // if functions have a ControlFlowGraph they are Callbacks // everything else is a sink ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile); Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs = CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData); foreach (string sFunction in lsFunctions) { if (dFunctionsWithControlFlowGraphs.ContainsKey(sFunction)) { addRule(createRule(O2RuleType.Callback, sFunction, fcdCirData.sDbId), rpRulePack); } else { addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack); } } } return(rpRulePack); }
public static void saveMappedControllers(string targetFolder, List <SpringMvcController> loadedSpingMvcControllers, ICirData cirData) { Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder); if (Directory.Exists(targetFolder) == false) { DI.log.error("Could find or create target folder: {0}", targetFolder); return; } var targetFile = Path.Combine(targetFolder, Files.getTempFileName() + ".SpringMvcControllers"); var springMvcMappings = new SpringMvcMappings { id = "test", controllers = loadedSpingMvcControllers }; var targetSavedCirDataFile = Path.Combine(targetFolder, Files.getTempFileName() + ".CirData"); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, targetSavedCirDataFile); if (File.Exists(targetSavedCirDataFile) == false) { DI.log.error("In saveMappedControllers, there was an error creating the CirData file"); } springMvcMappings.cirDataFile = Path.GetFileName(targetSavedCirDataFile); if (Serialize.createSerializedXmlFileFromObject(springMvcMappings, targetFile)) { DI.log.info("springMvcMappings saved to: {0}", targetFile); } else { DI.log.error("Could NOT save serialized springMvcMappings object to: {0}", targetFile); } }
public void test_SaveAndLoadAllO2Modules() { var directoryToSaveCidDataFiles = Path.Combine(DI.config.O2TempDir, "_O2_CirData_Files"); Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCidDataFiles); List <string> targetAssemblies = Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.exe"); targetAssemblies.AddRange(Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.dll")); foreach (var assemblyToProcess in targetAssemblies) { DI.log.info("Processing file: {0}", Path.GetFileName(assemblyToProcess)); ICirData cirData = new CirData(); cirFactory.processAssemblyDefinition(cirData, assemblyToProcess); Assert.That(cirData.dClasses_bySignature.Count > 0 && cirData.dFunctions_bySignature.Count > 0, "There we no CirData results for :" + assemblyToProcess); var savedCirDataFile = Path.Combine(directoryToSaveCidDataFiles, Path.GetFileName(assemblyToProcess) + ".CirData"); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile); Assert.That(File.Exists(savedCirDataFile), "Saved CirData file Didn't exist: " + savedCirDataFile); ICirData cirData2 = CirLoad.loadFile(savedCirDataFile); Assert.That(cirData2 != null, "cirData2 was null"); Assert.That(cirData.dClasses_bySignature.Count == cirData2.dClasses_bySignature.Count, "dClasses_bySignature Count didnt match"); Assert.That(cirData.dFunctions_bySignature.Count == cirData2.dFunctions_bySignature.Count, "dFunctions_bySignature Count didnt match"); // comment this to delete created files //File.Delete(savedCirDataFile); } }
public static void loadCirDumpXmlFile_andPopulateDictionariesWithXrefs(String sFileToProcess, CirData fcdCirData, bool bVerbose) { CommonIRDump cidCommonIrDump = loadCirDumpXmlFile_justReturnCommonIRDump(sFileToProcess, bVerbose); fcdCirData.bVerbose = bVerbose; CirDataUtils.populateDictionariesWithXrefs(cidCommonIrDump, fcdCirData); }
public void test_SaveCirDataFile() { ICirData cirData = new CirData(); cirFactory.processAssemblyDefinition(cirData, DI.config.ExecutingAssembly); var savedCirDataFile = DI.config.getTempFileInTempDirectory("CirData"); Assert.That(false == File.Exists(savedCirDataFile), "savedCirDataFile shouldn't exist here"); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile); Assert.That(File.Exists(savedCirDataFile), "savedCirDataFile exist here"); File.Delete(savedCirDataFile); Assert.That(false == File.Exists(savedCirDataFile), "savedCirDataFile Should be deleted"); DI.log.info("all done"); }
public static void loadCirDumpXmlFiles_andPopulateDictionariesWithXrefs(List <String> sFilesToProcess, CirData fcdCirData, bool bVerbose) { for (int iFileIndex = 0; iFileIndex < sFilesToProcess.Count; iFileIndex++) { O2Timer tO2Timer = new O2Timer(String.Format("[{0}/{1}] Loading CirDumpFile : {2}", sFilesToProcess.Count, iFileIndex, sFilesToProcess[iFileIndex])).start(); CommonIRDump cidCommonIrDump = loadCirDumpXmlFile_justReturnCommonIRDump(sFilesToProcess[iFileIndex], bVerbose); fcdCirData.bVerbose = true; CirDataUtils.populateDictionariesWithXrefs(cidCommonIrDump, fcdCirData); tO2Timer.stop(); } }
public static CirData loadSerializedO2CirDataObject(String sTargetFile, bool bUseCachedVersionIfAvailable) { DI.log.debug("Loading o2CirData file: {0}", sTargetFile); // add cache support // return cached object (if available) if (bUseCachedVersionIfAvailable && vars.get(sTargetFile) != null) { return((CirData)vars.get(sTargetFile)); } CirData fcdLoadedo2CirData = null; try { O2Timer tO2Timer = new O2Timer("Loading DeSerialized O2CirData from " + Path.GetFileName(sTargetFile)).start(); var bfBinaryFormatter = new BinaryFormatter(); var fsFileStream = new FileStream(sTargetFile, FileMode.Open); //ounceLabs.O2.classes. Object oObject = bfBinaryFormatter.Deserialize(fsFileStream); if (oObject.GetType().Name == "CirData") { fcdLoadedo2CirData = (CirData)oObject; if (fcdLoadedo2CirData.sDbId == "") { CirDataUtils.resolveDbId(fcdLoadedo2CirData); // in case was not originally resolved } if (fcdLoadedo2CirData.dClasses_bySignature == null) { DI.log.error("Something is wrong with this file since the dClasses dictionary is null"); } // store loaded object as a local o2 var (which will act as a cache) vars.set_(sTargetFile, fcdLoadedo2CirData); } else { DI.log.error("Loaded data is not of type o2CirData"); } fsFileStream.Close(); tO2Timer.stop(); } catch (Exception ex) { DI.log.error("In loadSerializedO2CirDataObject: {0}", ex.Message); } return(fcdLoadedo2CirData); }
internal string processAssemblyAndSaveAsCirDataFile(ICirData cirData, string fileToProcess, string directoryToSaveCirDataFile, bool decompileCodeIfNoPdb) { processAssemblyDefinition(cirData, fileToProcess, decompileCodeIfNoPdb); if (cirData.dClasses_bySignature.Count == 0) { DI.log.error("There were no classes in created cirData file, so canceling save"); } else { Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCirDataFile); var savedFileName = Path.Combine(directoryToSaveCirDataFile, Path.GetFileName(fileToProcess) + ".CirData"); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedFileName); return(savedFileName); } return(""); }
public static void mapXmlFilesToCirData(string pathCirDataFile, string pathToClassFiles, string pathToRootClassFolder) { var cirData = CirLoad.loadFile(pathCirDataFile); DI.log.info("There are {0} functions loaded", cirData.dFunctions_bySignature.Keys.Count); var attributeXmlFiles = getAttributeXmlFiles(pathToClassFiles, pathToRootClassFolder); var numberOfControllersMapped = 0; foreach (var attributeXmlFile in attributeXmlFiles.Keys) { var resolvedParentClass = attributeXmlFile.Replace("\\", ".").Replace(".class.JavaAttributes.xml", ""); if (cirData.dClasses_bySignature.ContainsKey(resolvedParentClass)) { //DI.log.info(" we have a match : {0} -> {1}", resolvedParentClass , attributeXmlFiles[attributeXmlFile]); XDocument xDoc = XDocument.Load(attributeXmlFiles[attributeXmlFile]); foreach (var cirFunction in cirData.dClasses_bySignature[resolvedParentClass].dFunctions.Values) { var xmlMethodElements = from xElement in xDoc.Elements("JavaAttributeMappings").Elements("class").Elements("method") where xElement.Attribute("name").Value == cirFunction.FunctionName select xElement; // for now map all xmlMethods to the same CirData (this could create a false positive if there are controllers with the same name (but diferent signature foreach (var xMethodElement in xmlMethodElements) { if (SpringMVCAttributes.addTaintedInfoToCirFunction(xMethodElement, cirFunction)) { numberOfControllersMapped++; } } if (cirFunction.IsTainted && xmlMethodElements.Count() > 1) { DI.log.error("DOUBLE MAPPING since cirFunction.IsTained && xmlMethodElements.Count() >1 : {0} -> {1}", resolvedParentClass, cirFunction.FunctionName); } } } else if (resolvedParentClass.IndexOf('$') == -1) { DI.log.error(" we DONT have a match : {0}", resolvedParentClass); } } DI.log.info("There were {0} controllers mappings added", numberOfControllersMapped); var newCirDataFile = pathCirDataFile + ".WithSpringMvcControllersAsCallbacks.CirData"; CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, newCirDataFile); }
public static bool createConsolidatedCirDataFile(String sPathToCirDumpFiles, String sTargetCirDataFile, bool bStoreControlFlowBlockRawDataInsideCirDataFile) { DI.log.debug("Creating Consolidated CirData file"); try { List <String> lsCirDumpFiles = Files.getFilesFromDir_returnFullPath(sPathToCirDumpFiles); var fcdCirData = new CirData { bStoreControlFlowBlockRawDataInsideCirDataFile = bStoreControlFlowBlockRawDataInsideCirDataFile }; if (lsCirDumpFiles.Count == 0) { DI.log.error("No CirDump to process (were created during scan?)"); } else { DI.log.debug("in loadCirDumpXmlFile_andPopulateDictionariesWithXrefs"); foreach (String sFile in lsCirDumpFiles) { try { fcdCirData.dSymbols = new Dictionary <string, string>(); fcdCirData.dTemp_Functions_bySymbolDef = new Dictionary <string, ICirFunction>(); CirLoad.loadCirDumpXmlFile_andPopulateDictionariesWithXrefs(sFile, fcdCirData, true); } catch (Exception ex) { DI.log.error("In createConsolidatedCirDataFile, error while processing file {0}: {1}", sFile, ex.Message); } } DI.log.debug("in saveSerializedO2CirDataObjectToFile"); CirDataUtils.saveSerializedO2CirDataObjectToFile(fcdCirData, sTargetCirDataFile); return(true); } } catch (Exception ex) { DI.log.error("In createConsolidatedCirDataFile: {0}:", ex.Message); } return(false); }
public static List <String> getFunctionsSignaturesFrom02CirData(String sCirDataFile) { DI.log.debug("sCirDataFile = {0}", sCirDataFile); var lsFunctions = new List <string>(); if (false == File.Exists(sCirDataFile)) { DI.log.error("Provided CirData file does not exist:{0}", sCirDataFile); return(lsFunctions); } ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile); //var lsResolvedWebMethods = new List<string>(); Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs = CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData); // start with all functions that we have a control flow graph for foreach (ICirFunction cfCirFunction in dFunctionsWithControlFlowGraphs.Values) { // first add the current function if (false == lsFunctions.Contains(cfCirFunction.FunctionSignature)) { lsFunctions.Add(cfCirFunction.FunctionSignature); } // then add all function's called foreach (ICirFunction cirFunction in cfCirFunction.FunctionsCalledUniqueList) { //if ((false == bOnlyAddSinksIfExternalToCurrentCirDataFile || false == dFunctionsWithControlFlowGraphs.ContainsKey(sCalledFunction)) && false == lsSinksToAdd.Contains(sCalledFunction)) if (false == lsFunctions.Contains(cirFunction.FunctionSignature)) { // if (sCalledFunction.IndexOf("()") == -1) // don't add methods that receive no parameters lsFunctions.Add(cirFunction.FunctionSignature); } } } return(lsFunctions); }
public void findAndFixLoadedCirData() { foreach (CirClass ccCirClass in cdaO2CirDataAnalysis.dCirClass.Keys) { if (ccCirClass.bClassHasMethodsWithControlFlowGraphs == false) { var lsFunctions = new List <string>(); foreach (CirFunction ccCirFunction in ccCirClass.dFunctions.Values) { String sSignatureWithoutClass = ccCirFunction.FunctionSignature.Replace(ccCirFunction.ParentClass.Signature, ""); lsFunctions.Add(sSignatureWithoutClass); } if (lsFunctions.Count > 0) { foreach (CirClass ccCirClassToMap in cdaO2CirDataAnalysis.dCirClass.Keys) { if (ccCirClassToMap.bClassHasMethodsWithControlFlowGraphs) { foreach (String sFunction in ccCirClassToMap.dFunctions.Keys) { if (sFunction.IndexOf(lsFunctions[0]) > -1) // first only find one, then match all { var lsFunctionsInTargetClass = new List <string>(); foreach (CirFunction ccCirFunction in ccCirClassToMap.dFunctions.Values) { String sSignatureWithoutClass = ccCirFunction.FunctionSignature.Replace( ccCirFunction.ParentClass.Signature, ""); lsFunctionsInTargetClass.Add(sSignatureWithoutClass); } bool bFoundAllFunctions = true; foreach (string sFunctionsToMatch in lsFunctions) { if (lsFunctionsInTargetClass.Contains(sFunctionsToMatch) == false) { bFoundAllFunctions = false; break; } } if (bFoundAllFunctions) { const string sStatus = ""; if (false == ccCirClassToMap.dSuperClasses.ContainsValue(ccCirClass)) { // check if we don't already have this mapping if (cbOnlyMapWithExtra_Imp.Checked) { if (ccCirClassToMap.Name == ccCirClass.Name + "Imp") { DI.log.debug( "We have a match, it looks like {0} implements {1} - {2} ", ccCirClassToMap.Name, ccCirClass.Name, sStatus); if (cbFixCirDumpFiles.Checked) { DI.log.info("Fixing xrefs"); ccCirClassToMap.dSuperClasses.Add(ccCirClass.Signature, ccCirClass); ccCirClass.dIsSuperClassedBy.Add( ccCirClassToMap.Signature, ccCirClassToMap); } } } else if (ccCirClassToMap.Name.Contains(ccCirClass.Name)) { DI.log.debug( "We have a match, it looks like {0} implements {1} - {2} ", ccCirClassToMap.Name, ccCirClass.Name, sStatus); } } } // we have a match } } } } } } } if (cbFixCirDumpFiles.Checked) { DI.log.info("Since cbFixCirDumpFiles is checked, lets Serialize again the loaded CirData files"); foreach (String sLoadedO2CirData in cdaO2CirDataAnalysis.dCirDataFilesLoaded.Keys) { CirDataUtils.saveSerializedO2CirDataObjectToFile(cdaO2CirDataAnalysis.dCirDataFilesLoaded[sLoadedO2CirData], sLoadedO2CirData); } } }
public static void saveCirDataAnalysisObjectAsCirDataFile(ICirDataAnalysis cirDataAnalysis, string savedCirDataFile) { var cirData = createCirDataFromCirDataAnalysis(cirDataAnalysis); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile); }