public void test_createRulePackWithSourcesAndSinksRulesFromLddbFor_DotNet()
{
var ruleDbId = MiscUtils_OunceV6.getIdForSuportedLanguage(SupportedLanguage.DotNet).ToString();
// create just sources and sinks
var sourcesRulePack = new O2RulePack("MySql_Sources", mySqlRules_OunceV6.getRules_Sources(ruleDbId));
var sourcesRulePackFile = O2RulePackUtils.saveRulePack(sourcesRulePack);
Assert.That(File.Exists(sourcesRulePackFile), "sourcesRulePackFile doesn't exist");
var sinksRulePack = new O2RulePack("MySql_Sinks", mySqlRules_OunceV6.getRules_Sinks(ruleDbId));
var sinksRulePackFile = O2RulePackUtils.saveRulePack(sinksRulePack);
Assert.That(File.Exists(sinksRulePackFile), "sinksRulePackFile doesn't exist");
}
public void test_createRulePackWithAllRulesFromLddbFor_DotNet()
{
var numberOfRules = Lddb_OunceV6.getNumberOfRulesInRecTable();
Assert.That(numberOfRules > 0, "numberOfRules == 0");
DI.log.info("There {0} rules", numberOfRules);
var o2Rules = mySqlRules_OunceV6.createO2RulesForAllLddbEntriesForLanguage(SupportedLanguage.DotNet);
var o2RulePack = new O2RulePack("MySql_Dump", o2Rules);
Assert.That(o2Rules.Count > 0, "o2Rules.Count ==0");
var rulePackFile = O2RulePackUtils.saveRulePack(o2RulePack);
Assert.That(File.Exists(rulePackFile), "rulePacklFile file didn't exist: " + rulePackFile);
DI.log.info("Rule pack (with {0} rules) saved to {1}", o2Rules.Count, rulePackFile);
}
public void createRulePacks()
{
String sCirDataFile = scCurrentScanTarget.ApplicationFile + ".CirData";
//_SourcesAndSinks
O2RulePack o2RulePack_SourcesAndSinks = O2RulePackUtils.createRules_SourcesAndSinks(sCirDataFile);
O2RulePackUtils.saveRulePack(sCirDataFile, "_SourcesAndSinks", o2RulePack_SourcesAndSinks);
//_CallBacksOnEdges_And_ExternalSinks
O2RulePack o2RulePack_CallBacksOnEdges_And_ExternalSinks = O2RulePackUtils.createRules_CallBacksOnEdges_And_ExternalSinks(sCirDataFile);
O2RulePackUtils.saveRulePack(sCirDataFile, "_CallBacksOnEdges_And_ExternalSinks", o2RulePack_CallBacksOnEdges_And_ExternalSinks);
//_CallBacksOnControlFlowGraphs_And_ExternalSinks
O2RulePack o2RulePack_CallBacksOnControlFlowGraphs_And_ExternalSinks = O2RulePackUtils.createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(sCirDataFile);
O2RulePackUtils.saveRulePack(sCirDataFile, "_CallBacksOnControlFlowGraphs_And_ExternalSinks", o2RulePack_CallBacksOnControlFlowGraphs_And_ExternalSinks);
adManualTestTempFiles.refreshDirectoryView();
DI.log.debug("Rule Packs creation complete");
}
public void test_calculateRulePack()
{
var o2RulePackToUse = O2RulePackUtils.loadRulePack(rulePackToUse);
calculateRulePack_forFile(testOzasmtFile1, o2RulePackToUse);
}
public bool scanApplication(String applicationToScan)
{
if (false == File.Exists(applicationToScan))
{
DI.log.error("in scanApplication, could not file application file: {0}", applicationToScan);
return(false);
}
sApplicationToScan = applicationToScan;
// set standard savedfilelocations
sAssessmentFile_ScanWithExistingRules = sApplicationToScan + sAssessmentFile_ScanWithExistingRules;
sAssessmentFile_ScanWithNoRules = sApplicationToScan + sAssessmentFile_ScanWithNoRules;
sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks = sApplicationToScan +
sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks;
sAssessmentFile_CallBacksOnEdges_And_ExternalSinks = sApplicationToScan +
sAssessmentFile_CallBacksOnEdges_And_ExternalSinks;
sAssessmentFile_SourcesAndSinks = sApplicationToScan + sAssessmentFile_SourcesAndSinks;
sAssessmentFile_CirDataScan = sApplicationToScan + sAssessmentFile_CirDataScan;
bool bContinueWithScans = true;
try
{
DI.log.debug("Scanning Application: {0}", applicationToScan);
sTargetScan = applicationToScan;
// Utils.debugBreak();
if (bScanWithExistingRules)
{
_scanApplication(applicationToScan, sAssessmentFile_ScanWithExistingRules);
bContinueWithScans = false;
// no need to do anything else since we don't want to change the existing rule set (which is what we need the CirDump for)
}
if (bContinueWithScans && bScanWithNoRules)
{
mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
_scanApplication(applicationToScan, sAssessmentFile_ScanWithNoRules);
bContinueWithScans = false; // since this is only used to tests (to make sure we can scan it
}
// CreateCirDataFile (using rules so that the CIR creation process is as quick as possible)
if (bContinueWithScans)
{
if (bCreateCirDataFile)
{
if (sPathToCirDumpFiles == "")
{
sPathToCirDumpFiles =
Files.checkIfDirectoryExistsAndCreateIfNot(
Path.Combine(DI.config.O2TempDir, "_CirDumps"));
}
if (CirDumps.preCirDumpGeneration(sPathToCirDumpFiles))
{
if (bDeleteAllRulesForCirCreation)
{
mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
}
_scanApplication(applicationToScan, sAssessmentFile_CirDataScan);
}
}
// CallBacksOnControlFlowGraphs_And_ExternalSinks
if (bCallBacksOnControlFlowGraphs_And_ExternalSinks)
{
//O2RulePack orpO2RulePack = OunceRules.createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(this.sCirDataFile);
String sRulePackFile = sCirDataFile + "_CallBacksOnControlFlowGraphs_And_ExternalSinks" +
".O2RulePack";
if (File.Exists(sRulePackFile) == false)
{
DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile);
}
else
{
O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile);
mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack);
_scanApplication(applicationToScan,
sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks);
}
}
// CallBacksOnEdges_And_ExternalSinks
if (bCallBacksOnEdges_And_ExternalSinks)
{
//O2RulePack orpO2RulePack = OunceRules.createRules_CallBacksOnEdges_And_ExternalSinks(this.sCirDataFile);
String sRulePackFile = sCirDataFile + "_CallBacksOnEdges_And_ExternalSinks" + ".O2RulePack";
if (File.Exists(sRulePackFile) == false)
{
DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile);
}
else
{
O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile);
mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack);
_scanApplication(applicationToScan, sAssessmentFile_CallBacksOnEdges_And_ExternalSinks);
}
}
// bSourcesAndSinks
if (bSourcesAndSinks)
{
//O2RulePack orpO2RulePack = OunceRules.createRules_SourcesAndSinks(this.sCirDataFile);
String sRulePackFile = sCirDataFile + "_SourcesAndSinks" + ".O2RulePack";
if (File.Exists(sRulePackFile) == false)
{
DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile);
}
else
{
O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile);
mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack);
_scanApplication(applicationToScan, sAssessmentFile_SourcesAndSinks);
}
}
}
}
catch (Exception ex)
{
DI.log.error("in scanApplication:{0}", ex.Message);
return(false);
}
if (bRestartIISAfterScan)
{
new Thread(Processes.resetIIS).Start();
}
if (dProcessCompletionCallback != null)
{
dProcessCompletionCallback.Invoke(this);
}
return(true);
}
