public static FileInfo[] getFiles()
{
var dir = JSONConfig.GetPath("script");
var dirInfo = new DirectoryInfo(dir);
return(dirInfo.Exists ? dirInfo.GetFiles("*.js") : new FileInfo[0]);
}
public static void SetConfig(JSONConfig input)
{
config = input;
if (config == null)
{
EditorSceneManager.sceneOpened -= EditorSceneManagerUpdateObjects;
SceneManager.sceneLoaded -= SceneManagerUpdateObjects;
}
}
public void createDirectory()
{
var dir = JSONConfig.GetPath("script");
if (!Directory.Exists(dir))
{
Directory.CreateDirectory(dir);
}
}
public JSScript(string name)
{
this.Name = name.Trim();
path = JSONConfig.GetPath("script\\" + name + ".js");
string content = File.ReadAllText(path, Encoding.UTF8);
int index = content.IndexOf("\n", StringComparison.Ordinal);
Remarks = content.Substring(2, index - 2).Trim();
content = content.Substring(index).Trim();
analysis(content);
}
public static void Parse(string filePath)
{
if (!File.Exists(filePath))
{
throw new FileNotFoundException("Cannot find inputted JSON config file at: " + filePath);
}
string fileData = File.ReadAllText(filePath);
config = JsonUtility.FromJson <JSONConfig>(fileData);
EditorSceneManager.sceneOpened += EditorSceneManagerUpdateObjects;
SceneManager.sceneLoaded += SceneManagerUpdateObjects;
}
public List <VulnerableCredentialStorage> GetVulnerableCredentialStorage()
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
JSONConfig json_config = new JSONConfig(config_file);
if (!json_config.ParseSucceded)
{
this.AuditEnvironment.Error("Could not parse JSON from {0}.", json_config.FullFilePath);
if (json_config.LastParseException != null)
{
this.AuditEnvironment.Error(json_config.LastParseException);
}
if (json_config.LastIOException != null)
{
this.AuditEnvironment.Error(json_config.LastIOException);
}
return(null);
}
this.AuditEnvironment.Status("Scanning for git credential storage candidates in {0}", config_file.FullName);
IEnumerable <XElement> candidate_elements =
from e in json_config.XmlConfiguration.Root.Descendants()
//where e.Value.Trim().StartsWith("git+https") || e.Value.Trim().StartsWith("git") || e.Value.Trim().StartsWith("https")
where e.Elements().Count() == 0 && Utility.CalculateEntropy(e.Value) > 4.5
select e;
if (candidate_elements != null && candidate_elements.Count() > 0)
{
this.CredentialStorageCandidates = new List <VulnerableCredentialStorage>();
foreach (XElement e in candidate_elements)
{
this.CredentialStorageCandidates.Add(new VulnerableCredentialStorage
{
File = config_file.FullName,
Contents = json_config,
Location = e.AncestorsAndSelf().Reverse().Select(a => a.Name.LocalName).Aggregate((a1, a2) => a1 + "/" + a2)
.Replace("Container/", string.Empty),
Entropy = Utility.CalculateEntropy(e.Value),
Value = e.Value
});
}
this.AuditEnvironment.Success("Found {0} credential storage candidates.", this.CredentialStorageCandidates.Count);
return(this.CredentialStorageCandidates);
}
else
{
this.AuditEnvironment.Info("No credential storage candidates found.");
return(null);
}
#endregion
}
private void BtnRun_Click(object sender, EventArgs e)
{
runTime = new JSRunTime(SetInfo);
List <FileInfo> files = new List <FileInfo>();
files.Add(new FileInfo(JSONConfig.GetPath("base.js")));
files.AddRange(JSScript.getFiles());
runTime.injectJS(files);
runTime.RegisterJsObject("runtime", jsi);
if (cboListScript.SelectedItem is JSScriptItem item)
{
jsi.stop = false;
runTime.CallFunction(item.Params[0]);
}
}
private void CleanFiles_Load(object sender, EventArgs e)
{
LogBox.SelectionStart = LogBox.Text.Length;
LogBox.ScrollToCaret();
MarkButton.Enabled = false;
CleanButton.Enabled = false;
CurrentPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) +
Path.DirectorySeparatorChar;
Settings = "Configuration.json";
if (!File.Exists(CurrentPath + Settings))
{
GenerateJSONConfig(CurrentPath + Settings);
}
Config = JsonConvert.DeserializeObject <JSONConfig>(File.ReadAllText(CurrentPath + Settings));
ToBeDeleted = new ArrayList();
}
public static void deleteFile(string name)
{
var path = JSONConfig.GetPath("script\\" + name + ".js");
File.Delete(path);
}
public JSScript(string name, string remarks)
{
this.Name = name.Trim();
path = JSONConfig.GetPath("script\\" + name + ".js");
Remarks = remarks;
}