public string runPhase4(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 4 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase3 = Path.Combine(workflowFolder, "Phase 3 - Artifacts"); folderWithArtifacts_Phase4 = Path.Combine(workflowFolder, "Phase 4 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase4); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase3), "folderWithArtifacts_forPhase3 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase4), "folderWithArtifacts_forPhase4 could not be found"); // delete all files from folderWithArtifacts_Phase4 dir if (deleteAllFiles) { Files.deleteAllFilesFromDir(folderWithArtifacts_Phase4); } if (analysisArtifacts.phase_4.task1_analyseFindingsWithKnownSinks) { task1_analyseFindingsWithKnownSinks(); } if (analysisArtifacts.phase_4.task2_AdjustsStrutsFindings) { task2_AdjustsStrutsFindings(); } O2Cmd.log.write("\n\n***** PHASE 4 COMPLETED ***"); return("Phase 4 completed"); }
// PHASE 1 - TASKS public void task1_copyAssessmentFiles(IAnalysisArtifacts analysisArtifacts) { if (deletePhase1FolderBeforeCopying) Files.deleteAllFilesFromDir(folderWithArtifacts_Phase1); var filesCopied = new List<string>(); foreach(var fileOrFolder in analysisArtifacts.assessmentFilesOrFolderToLoad) { if (File.Exists(fileOrFolder)) filesCopied.Add(Files.CopyVerbose(fileOrFolder, folderWithArtifacts_Phase1,dontCopyIfTargetFileAlreadyExists)); else if (Directory.Exists(fileOrFolder)) foreach(var assessmentFile in Files.getFilesFromDir_returnFullPath(fileOrFolder, "*.ozasmt", true)) filesCopied.Add(Files.CopyVerbose(assessmentFile, folderWithArtifacts_Phase1,dontCopyIfTargetFileAlreadyExists)); } //check to see if files were copied ok foreach(var file in filesCopied) { var fileName = Path.GetFileName(file); var targetFolder = folderWithArtifacts_Phase1; var expectedFile = Path.Combine(targetFolder, fileName); Assert.That(File.Exists(expectedFile),"Expected file did not exist " + expectedFile); } }
public void task2_copyProjectConfigFiles(IAnalysisArtifacts analysisArtifacts) { if (analysisArtifacts.projectWebRoots.Count ==0) return; O2Cmd.log.write("Copying {0} Project Config Files to : {1} ", analysisArtifacts.projectWebRoots.Count, folderWithArtifacts_Phase1); //Assert.That(virtualPathsTo_ProjectWebRoot != null, "virtualPathsTo_ProjectWebRoot was null"); foreach(var projectWebRoot in analysisArtifacts.projectWebRoots) { // check if we can resolve the project web root //var projectWebRoot = Path.Combine(folderWithArtifacts_forPhase1,project.Value); Assert.That(Directory.Exists(projectWebRoot), "projectWebRoot did not exist: " + projectWebRoot); // use the name of the top-level directory of projectWebRoot as the ProjectKey var projectKey = Path.GetFileName(projectWebRoot); // check if we can resolve the WEB-INF web root var projectWebInf = Path.Combine(projectWebRoot,"WEB-INF"); Assert.That(Directory.Exists(projectWebInf), "projectWebInf did not exist: " + projectWebInf); // folder to copy config files to var targetFolder = Path.Combine(folderWithArtifacts_Phase1, "Config files (-) " + projectKey); Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder); Assert.That(Directory.Exists(targetFolder), "targetFolder did not exist: " + targetFolder); // copy config *.xml files foreach(var configFile in Files.getFilesFromDir_returnFullPath(projectWebInf,"*.xml", false)) Files.Copy(configFile, targetFolder); // make sure target folder has at least 1 file Assert.That(Files.getFilesFromDir_returnFullPath(targetFolder).Count > 0, "There wer no config files copied to: " + targetFolder); } }
// PHASE 1 - TASKS public void task1_copyAssessmentFiles(IAnalysisArtifacts analysisArtifacts) { if (deletePhase1FolderBeforeCopying) { Files.deleteAllFilesFromDir(folderWithArtifacts_Phase1); } var filesCopied = new List <string>(); foreach (var fileOrFolder in analysisArtifacts.assessmentFilesOrFolderToLoad) { if (File.Exists(fileOrFolder)) { filesCopied.Add(Files.CopyVerbose(fileOrFolder, folderWithArtifacts_Phase1, dontCopyIfTargetFileAlreadyExists)); } else if (Directory.Exists(fileOrFolder)) { foreach (var assessmentFile in Files.getFilesFromDir_returnFullPath(fileOrFolder, "*.ozasmt", true)) { filesCopied.Add(Files.CopyVerbose(assessmentFile, folderWithArtifacts_Phase1, dontCopyIfTargetFileAlreadyExists)); } } } //check to see if files were copied ok foreach (var file in filesCopied) { var fileName = Path.GetFileName(file); var targetFolder = folderWithArtifacts_Phase1; var expectedFile = Path.Combine(targetFolder, fileName); Assert.That(File.Exists(expectedFile), "Expected file did not exist " + expectedFile); } }
public string runPhase1(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.info("\n\n***** PHASE 1 \n"); O2Cmd.log.write("this phase will copy all artifacts (i.e. scans, config files, etc..) into a unique location"); Files.checkIfDirectoryExistsAndCreateIfNot(analysisArtifacts.targetFolder); Assert.That(Directory.Exists(analysisArtifacts.targetFolder), "could not find analysisArtifacts.targetFolder: " + analysisArtifacts.targetFolder); workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase1 = Path.Combine(workflowFolder, "Phase 1 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase1); Assert.That(Directory.Exists(folderWithArtifacts_Phase1), "folderWithArtifacts_forPhase1 could not be found"); if (analysisArtifacts.phase_1.task1_copyAssessmentFiles) { task1_copyAssessmentFiles(analysisArtifacts); } if (analysisArtifacts.phase_1.task2_copyProjectConfigFiles) { task2_copyProjectConfigFiles(analysisArtifacts); } O2Cmd.log.write("\n\n**** : PHASE 1 Completed"); return("Phase 1 completed"); }
public string start(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n********* O2 Analysis Workflow **********\n\n"); O2Cmd.log.write(analysisArtifacts.getAnalysisDetails()); if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_1.run) { new Analysis_Workflow_Phase_1().runPhase1(analysisArtifacts); } if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_2.run) { new Analysis_Workflow_Phase_2().runPhase2(analysisArtifacts); } if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_3.run) { new Analysis_Workflow_Phase_3().runPhase3(analysisArtifacts); } if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_4.run) { new Analysis_Workflow_Phase_4().runPhase4(analysisArtifacts); } if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_5.run) { new Analysis_Workflow_Phase_5().runPhase5(analysisArtifacts); } return("execution completed"); }
public static void setAllPhasesAndTasksValue(IAnalysisArtifacts analysisArtifacts, bool value) { log.info("in setAllPhasesAndTasksValue"); analysisArtifacts.runAllPhases = true; setAllPropertiesValue(analysisArtifacts.phase_1, value); setAllPropertiesValue(analysisArtifacts.phase_2, value); setAllPropertiesValue(analysisArtifacts.phase_3, value); setAllPropertiesValue(analysisArtifacts.phase_4, value); setAllPropertiesValue(analysisArtifacts.phase_5, value); }
public static void setAllPhasesAndTasksValue(IAnalysisArtifacts analysisArtifacts, bool value) { log.info("in setAllPhasesAndTasksValue"); analysisArtifacts.runAllPhases = true; setAllPropertiesValue(analysisArtifacts.phase_1,value); setAllPropertiesValue(analysisArtifacts.phase_2,value); setAllPropertiesValue(analysisArtifacts.phase_3,value); setAllPropertiesValue(analysisArtifacts.phase_4,value); setAllPropertiesValue(analysisArtifacts.phase_5,value); }
public string runPhase3(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 3 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase2 = Path.Combine(workflowFolder, "Phase 2 - Artifacts"); folderWithArtifacts_Phase3 = Path.Combine(workflowFolder, "Phase 3 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase3); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase2), "folderWithArtifacts_forPhase2 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase3), "folderWithArtifacts_forPhase3 could not be found"); if (analysisArtifacts.phase_3.task1_handleKnownSinks) { task1_handleKnownSinks(); } if (analysisArtifacts.phase_3.task2_filterFindings) { var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Filtered_Findings"); Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder); Files.deleteAllFilesFromDir(targetFolder); var allTraces_KnownSinks = XUtils_Analysis.getAllTraces_KnownSinks(folderWithArtifacts_Phase2); var allTraces_LostSinks = XUtils_Analysis.getAllTraces_LostSinks(folderWithArtifacts_Phase2); task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_KnownSinks, targetFolder, "Known Sinks"); task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_LostSinks, targetFolder, "Lost Sinks"); } if (analysisArtifacts.phase_3.task3_filter_FindingsWithNoTraces) { var allTraces_NoTraces = XUtils_Analysis.getAllTraces_NoTraces(folderWithArtifacts_Phase2); task3_filter_FindingsWithNoTraces(allTraces_NoTraces); } if (analysisArtifacts.phase_3.task4_CalculateStrutsFindings) { task4_CalculateStrutsFindings(); } O2Cmd.log.write("\n\n***** PHASE 3 COMPLETED ***"); return("Phase 3 completed"); }
public string runPhase2(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 2 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase1 = Path.Combine(workflowFolder, "Phase 1 - Artifacts"); folderWithArtifacts_Phase2 = Path.Combine(workflowFolder, "Phase 2 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase2); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase1), "folderWithArtifacts_forPhase1 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase2), "folderWithArtifacts_forPhase2 could not be found"); if (analysisArtifacts.phase_2.task1_SplitFindingsOnTrace) { foreach (var file in Files.getFilesFromDir_returnFullPath(folderWithArtifacts_Phase1)) { var fileName = Path.GetFileName(file); // load findings var o2FindingsInFile = XUtils_Findings_v0_1.loadFindingsFile(file); // check if file was loaded ok Assert.That(o2FindingsInFile != null, "o2FindingsInFile was null. file loaded :" + file); // Assert.That(o2FindingsInFile.Count > 0, "There were no findings loaded from file: " + file); O2Cmd.log.write("Loaded {0} findings from file {1}", o2FindingsInFile.Count, fileName); task1_FilterFindings(o2FindingsInFile, fileName); if (onlyRunTasksOnOneFile) { break; // during development just use first file } } } if (analysisArtifacts.phase_2.task2_createStrutsMappings) { task2_createStrutsMappings(); } O2Cmd.log.write("\n\n**** : PHASE 2 Completed\n\n"); return("Phase 1 completed"); }
public string runPhase5(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 5 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase4 = Path.Combine(workflowFolder,"Phase 4 - Artifacts"); folderWithArtifacts_Phase5 = Path.Combine(workflowFolder,"Phase 5 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase5); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase4), "folderWithArtifacts_forPhase4 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase5), "folderWithArtifacts_forPhase5 could not be found"); if (analysisArtifacts.phase_5.task1_createFinalAssessmentFile) task1_createFinalAssessmentFile(); O2Cmd.log.write("\n\n***** PHASE 5 COMPLETED ***"); return "Phase 4 completed"; }
public string runPhase5(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 5 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase4 = Path.Combine(workflowFolder, "Phase 4 - Artifacts"); folderWithArtifacts_Phase5 = Path.Combine(workflowFolder, "Phase 5 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase5); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase4), "folderWithArtifacts_forPhase4 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase5), "folderWithArtifacts_forPhase5 could not be found"); if (analysisArtifacts.phase_5.task1_createFinalAssessmentFile) { task1_createFinalAssessmentFile(); } O2Cmd.log.write("\n\n***** PHASE 5 COMPLETED ***"); return("Phase 4 completed"); }
public string start(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n********* O2 Analysis Workflow **********\n\n"); O2Cmd.log.write(analysisArtifacts.getAnalysisDetails()); if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_1.run) new Analysis_Workflow_Phase_1().runPhase1(analysisArtifacts); if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_2.run) new Analysis_Workflow_Phase_2().runPhase2(analysisArtifacts); if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_3.run) new Analysis_Workflow_Phase_3().runPhase3(analysisArtifacts); if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_4.run) new Analysis_Workflow_Phase_4().runPhase4(analysisArtifacts); if (analysisArtifacts.runAllPhases || analysisArtifacts.phase_5.run) new Analysis_Workflow_Phase_5().runPhase5(analysisArtifacts); return "execution completed"; }
public void task2_copyProjectConfigFiles(IAnalysisArtifacts analysisArtifacts) { if (analysisArtifacts.projectWebRoots.Count == 0) { return; } O2Cmd.log.write("Copying {0} Project Config Files to : {1} ", analysisArtifacts.projectWebRoots.Count, folderWithArtifacts_Phase1); //Assert.That(virtualPathsTo_ProjectWebRoot != null, "virtualPathsTo_ProjectWebRoot was null"); foreach (var projectWebRoot in analysisArtifacts.projectWebRoots) { // check if we can resolve the project web root //var projectWebRoot = Path.Combine(folderWithArtifacts_forPhase1,project.Value); Assert.That(Directory.Exists(projectWebRoot), "projectWebRoot did not exist: " + projectWebRoot); // use the name of the top-level directory of projectWebRoot as the ProjectKey var projectKey = Path.GetFileName(projectWebRoot); // check if we can resolve the WEB-INF web root var projectWebInf = Path.Combine(projectWebRoot, "WEB-INF"); Assert.That(Directory.Exists(projectWebInf), "projectWebInf did not exist: " + projectWebInf); // folder to copy config files to var targetFolder = Path.Combine(folderWithArtifacts_Phase1, "Config files (-) " + projectKey); Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder); Assert.That(Directory.Exists(targetFolder), "targetFolder did not exist: " + targetFolder); // copy config *.xml files foreach (var configFile in Files.getFilesFromDir_returnFullPath(projectWebInf, "*.xml", false)) { Files.Copy(configFile, targetFolder); } // make sure target folder has at least 1 file Assert.That(Files.getFilesFromDir_returnFullPath(targetFolder).Count > 0, "There wer no config files copied to: " + targetFolder); } }
public string runPhase3(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 3 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase2 = Path.Combine(workflowFolder,"Phase 2 - Artifacts"); folderWithArtifacts_Phase3 = Path.Combine(workflowFolder,"Phase 3 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase3); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase2), "folderWithArtifacts_forPhase2 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase3), "folderWithArtifacts_forPhase3 could not be found"); if (analysisArtifacts.phase_3.task1_handleKnownSinks) task1_handleKnownSinks(); if (analysisArtifacts.phase_3.task2_filterFindings) { var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Filtered_Findings"); Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder); Files.deleteAllFilesFromDir(targetFolder); var allTraces_KnownSinks = XUtils_Analysis.getAllTraces_KnownSinks(folderWithArtifacts_Phase2); var allTraces_LostSinks = XUtils_Analysis.getAllTraces_LostSinks(folderWithArtifacts_Phase2); task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_KnownSinks, targetFolder, "Known Sinks"); task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_LostSinks, targetFolder, "Lost Sinks"); } if (analysisArtifacts.phase_3.task3_filter_FindingsWithNoTraces) { var allTraces_NoTraces = XUtils_Analysis.getAllTraces_NoTraces(folderWithArtifacts_Phase2); task3_filter_FindingsWithNoTraces(allTraces_NoTraces); } if (analysisArtifacts.phase_3.task4_CalculateStrutsFindings) task4_CalculateStrutsFindings(); O2Cmd.log.write("\n\n***** PHASE 3 COMPLETED ***"); return "Phase 3 completed"; }
public string runPhase4(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 4 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase3 = Path.Combine(workflowFolder,"Phase 3 - Artifacts"); folderWithArtifacts_Phase4 = Path.Combine(workflowFolder,"Phase 4 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase4); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase3), "folderWithArtifacts_forPhase3 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase4), "folderWithArtifacts_forPhase4 could not be found"); // delete all files from folderWithArtifacts_Phase4 dir if (deleteAllFiles) Files.deleteAllFilesFromDir(folderWithArtifacts_Phase4); if (analysisArtifacts.phase_4.task1_analyseFindingsWithKnownSinks) task1_analyseFindingsWithKnownSinks(); if (analysisArtifacts.phase_4.task2_AdjustsStrutsFindings) task2_AdjustsStrutsFindings(); O2Cmd.log.write("\n\n***** PHASE 4 COMPLETED ***"); return "Phase 4 completed"; }
public string runPhase1(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.info("\n\n***** PHASE 1 \n"); O2Cmd.log.write("this phase will copy all artifacts (i.e. scans, config files, etc..) into a unique location"); Files.checkIfDirectoryExistsAndCreateIfNot(analysisArtifacts.targetFolder); Assert.That(Directory.Exists(analysisArtifacts.targetFolder), "could not find analysisArtifacts.targetFolder: " + analysisArtifacts.targetFolder); workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase1 = Path.Combine(workflowFolder, "Phase 1 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase1); Assert.That(Directory.Exists(folderWithArtifacts_Phase1), "folderWithArtifacts_forPhase1 could not be found"); if (analysisArtifacts.phase_1.task1_copyAssessmentFiles) task1_copyAssessmentFiles(analysisArtifacts); if (analysisArtifacts.phase_1.task2_copyProjectConfigFiles) task2_copyProjectConfigFiles(analysisArtifacts); O2Cmd.log.write("\n\n**** : PHASE 1 Completed"); return "Phase 1 completed"; }
public string runPhase2(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 2 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase1 = Path.Combine(workflowFolder,"Phase 1 - Artifacts"); folderWithArtifacts_Phase2 = Path.Combine(workflowFolder,"Phase 2 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase2); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase1), "folderWithArtifacts_forPhase1 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase2), "folderWithArtifacts_forPhase2 could not be found"); if (analysisArtifacts.phase_2.task1_SplitFindingsOnTrace) foreach(var file in Files.getFilesFromDir_returnFullPath(folderWithArtifacts_Phase1)) { var fileName = Path.GetFileName(file); // load findings var o2FindingsInFile = XUtils_Findings_v0_1.loadFindingsFile(file); // check if file was loaded ok Assert.That(o2FindingsInFile != null ,"o2FindingsInFile was null. file loaded :"+ file ); // Assert.That(o2FindingsInFile.Count > 0, "There were no findings loaded from file: " + file); O2Cmd.log.write("Loaded {0} findings from file {1}",o2FindingsInFile.Count , fileName); task1_FilterFindings(o2FindingsInFile, fileName); if (onlyRunTasksOnOneFile) break; // during development just use first file } if (analysisArtifacts.phase_2.task2_createStrutsMappings) task2_createStrutsMappings(); O2Cmd.log.write("\n\n**** : PHASE 2 Completed\n\n"); return "Phase 1 completed"; }