public void test_createRulePackWithSourcesAndSinksRulesFromLddbFor_DotNet() { var ruleDbId = MiscUtils_OunceV6.getIdForSuportedLanguage(SupportedLanguage.DotNet).ToString(); // create just sources and sinks var sourcesRulePack = new O2RulePack("MySql_Sources", mySqlRules_OunceV6.getRules_Sources(ruleDbId)); var sourcesRulePackFile = O2RulePackUtils.saveRulePack(sourcesRulePack); Assert.That(File.Exists(sourcesRulePackFile), "sourcesRulePackFile doesn't exist"); var sinksRulePack = new O2RulePack("MySql_Sinks", mySqlRules_OunceV6.getRules_Sinks(ruleDbId)); var sinksRulePackFile = O2RulePackUtils.saveRulePack(sinksRulePack); Assert.That(File.Exists(sinksRulePackFile), "sinksRulePackFile doesn't exist"); }
public void test_createRulePackWithAllRulesFromLddbFor_DotNet() { var numberOfRules = Lddb_OunceV6.getNumberOfRulesInRecTable(); Assert.That(numberOfRules > 0, "numberOfRules == 0"); DI.log.info("There {0} rules", numberOfRules); var o2Rules = mySqlRules_OunceV6.createO2RulesForAllLddbEntriesForLanguage(SupportedLanguage.DotNet); var o2RulePack = new O2RulePack("MySql_Dump", o2Rules); Assert.That(o2Rules.Count > 0, "o2Rules.Count ==0"); var rulePackFile = O2RulePackUtils.saveRulePack(o2RulePack); Assert.That(File.Exists(rulePackFile), "rulePacklFile file didn't exist: " + rulePackFile); DI.log.info("Rule pack (with {0} rules) saved to {1}", o2Rules.Count, rulePackFile); }
public void createRulePacks() { String sCirDataFile = scCurrentScanTarget.ApplicationFile + ".CirData"; //_SourcesAndSinks O2RulePack o2RulePack_SourcesAndSinks = O2RulePackUtils.createRules_SourcesAndSinks(sCirDataFile); O2RulePackUtils.saveRulePack(sCirDataFile, "_SourcesAndSinks", o2RulePack_SourcesAndSinks); //_CallBacksOnEdges_And_ExternalSinks O2RulePack o2RulePack_CallBacksOnEdges_And_ExternalSinks = O2RulePackUtils.createRules_CallBacksOnEdges_And_ExternalSinks(sCirDataFile); O2RulePackUtils.saveRulePack(sCirDataFile, "_CallBacksOnEdges_And_ExternalSinks", o2RulePack_CallBacksOnEdges_And_ExternalSinks); //_CallBacksOnControlFlowGraphs_And_ExternalSinks O2RulePack o2RulePack_CallBacksOnControlFlowGraphs_And_ExternalSinks = O2RulePackUtils.createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(sCirDataFile); O2RulePackUtils.saveRulePack(sCirDataFile, "_CallBacksOnControlFlowGraphs_And_ExternalSinks", o2RulePack_CallBacksOnControlFlowGraphs_And_ExternalSinks); adManualTestTempFiles.refreshDirectoryView(); DI.log.debug("Rule Packs creation complete"); }
public void test_calculateRulePack() { var o2RulePackToUse = O2RulePackUtils.loadRulePack(rulePackToUse); calculateRulePack_forFile(testOzasmtFile1, o2RulePackToUse); }
public bool scanApplication(String applicationToScan) { if (false == File.Exists(applicationToScan)) { DI.log.error("in scanApplication, could not file application file: {0}", applicationToScan); return(false); } sApplicationToScan = applicationToScan; // set standard savedfilelocations sAssessmentFile_ScanWithExistingRules = sApplicationToScan + sAssessmentFile_ScanWithExistingRules; sAssessmentFile_ScanWithNoRules = sApplicationToScan + sAssessmentFile_ScanWithNoRules; sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks = sApplicationToScan + sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks; sAssessmentFile_CallBacksOnEdges_And_ExternalSinks = sApplicationToScan + sAssessmentFile_CallBacksOnEdges_And_ExternalSinks; sAssessmentFile_SourcesAndSinks = sApplicationToScan + sAssessmentFile_SourcesAndSinks; sAssessmentFile_CirDataScan = sApplicationToScan + sAssessmentFile_CirDataScan; bool bContinueWithScans = true; try { DI.log.debug("Scanning Application: {0}", applicationToScan); sTargetScan = applicationToScan; // Utils.debugBreak(); if (bScanWithExistingRules) { _scanApplication(applicationToScan, sAssessmentFile_ScanWithExistingRules); bContinueWithScans = false; // no need to do anything else since we don't want to change the existing rule set (which is what we need the CirDump for) } if (bContinueWithScans && bScanWithNoRules) { mySqlRules_OunceV6.DeleteAllRulesFromDatabase(); _scanApplication(applicationToScan, sAssessmentFile_ScanWithNoRules); bContinueWithScans = false; // since this is only used to tests (to make sure we can scan it } // CreateCirDataFile (using rules so that the CIR creation process is as quick as possible) if (bContinueWithScans) { if (bCreateCirDataFile) { if (sPathToCirDumpFiles == "") { sPathToCirDumpFiles = Files.checkIfDirectoryExistsAndCreateIfNot( Path.Combine(DI.config.O2TempDir, "_CirDumps")); } if (CirDumps.preCirDumpGeneration(sPathToCirDumpFiles)) { if (bDeleteAllRulesForCirCreation) { mySqlRules_OunceV6.DeleteAllRulesFromDatabase(); } _scanApplication(applicationToScan, sAssessmentFile_CirDataScan); } } // CallBacksOnControlFlowGraphs_And_ExternalSinks if (bCallBacksOnControlFlowGraphs_And_ExternalSinks) { //O2RulePack orpO2RulePack = OunceRules.createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(this.sCirDataFile); String sRulePackFile = sCirDataFile + "_CallBacksOnControlFlowGraphs_And_ExternalSinks" + ".O2RulePack"; if (File.Exists(sRulePackFile) == false) { DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile); } else { O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile); mySqlRules_OunceV6.DeleteAllRulesFromDatabase(); mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack); _scanApplication(applicationToScan, sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks); } } // CallBacksOnEdges_And_ExternalSinks if (bCallBacksOnEdges_And_ExternalSinks) { //O2RulePack orpO2RulePack = OunceRules.createRules_CallBacksOnEdges_And_ExternalSinks(this.sCirDataFile); String sRulePackFile = sCirDataFile + "_CallBacksOnEdges_And_ExternalSinks" + ".O2RulePack"; if (File.Exists(sRulePackFile) == false) { DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile); } else { O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile); mySqlRules_OunceV6.DeleteAllRulesFromDatabase(); mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack); _scanApplication(applicationToScan, sAssessmentFile_CallBacksOnEdges_And_ExternalSinks); } } // bSourcesAndSinks if (bSourcesAndSinks) { //O2RulePack orpO2RulePack = OunceRules.createRules_SourcesAndSinks(this.sCirDataFile); String sRulePackFile = sCirDataFile + "_SourcesAndSinks" + ".O2RulePack"; if (File.Exists(sRulePackFile) == false) { DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile); } else { O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile); mySqlRules_OunceV6.DeleteAllRulesFromDatabase(); mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack); _scanApplication(applicationToScan, sAssessmentFile_SourcesAndSinks); } } } } catch (Exception ex) { DI.log.error("in scanApplication:{0}", ex.Message); return(false); } if (bRestartIISAfterScan) { new Thread(Processes.resetIIS).Start(); } if (dProcessCompletionCallback != null) { dProcessCompletionCallback.Invoke(this); } return(true); }