public void LoadJsonSpecifications()
{
var jsonFiles = new List <string>();
foreach (var filePath in FunctionSpecification.PHPSpecs)
{
try
{
jsonFiles.AddRange(Directory.GetFiles(filePath, "*.json").ToList());
}
catch (DirectoryNotFoundException)
{
//TODO: Should we stop analysis here, or should we let the exception be thrown or something else?
Console.WriteLine("Could not find the given specification path! Stopping analysis");
Environment.Exit(100);
}
}
foreach (var filePath in FunctionSpecification.ExtensionSpecs)
{
jsonFiles.AddRange(Directory.GetFiles(filePath, "*.json").ToList());
}
foreach (var file in jsonFiles)
{
JToken parsedJson;
try
{
var sr = new StreamReader(file);
parsedJson = JToken.Parse(sr.ReadToEnd());
}
catch (JsonReaderException e)
{
Console.WriteLine("Specification found in {0} was not formatted correctly.. Skipping! {1}", file, Environment.NewLine);
continue;
}
var condSanitizers = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.CondSinks);
var sources = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.Sources);
var sqlSantizers = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.SqlSanitizer);
var sqlSinks = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.SqlSinks);
var xssSanitizers = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.XssSanitizer);
var xssSinks = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.XssSinks);
var storedProviders = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.StoredVulnProviders);
if (condSanitizers != null)
{
foreach (JToken spec in condSanitizers)
{
CondSanitizers.Add(new CondSanitizer(spec));
}
}
if (sources != null)
{
foreach (JToken spec in sources)
{
Sources.Add(new Source(spec));
}
}
if (sqlSantizers != null)
{
foreach (JToken spec in sqlSantizers)
{
SQLSanitizers.Add(new SQLSanitizer(spec));
}
}
if (sqlSinks != null)
{
foreach (JToken spec in sqlSinks)
{
SQLSinks.Add(new SQLSink(spec));
}
}
if (xssSanitizers != null)
{
foreach (JToken spec in xssSanitizers)
{
XSSSanitizers.Add(new XSSSanitizer(spec));
}
}
if (xssSinks != null)
{
foreach (JToken spec in xssSinks)
{
XSSSinks.Add(new XSSSink(spec));
}
}
if (storedProviders != null)
{
foreach (JToken spec in storedProviders)
{
StoredProviders.Add(new Function(spec));
}
}
}
Console.WriteLine("Loaded {0} Conditional sanitizers", CondSanitizers.Count());
Console.WriteLine("Loaded {0} sources", Sources.Count());
Console.WriteLine("Loaded {0} SQL Sanitizers", SQLSanitizers.Count());
Console.WriteLine("Loaded {0} SQL sinks", SQLSinks.Count());
Console.WriteLine("Loaded {0} XSS Sanitizers", XSSSanitizers.Count());
Console.WriteLine("Loaded {0} XSS Sinks", XSSSinks.Count());
Console.WriteLine("Loaded {0} Stored Vulnerability Providers", StoredProviders.Count());
}
/// <summary>
/// Function to find XSSSink by name
/// </summary>
/// <param name="name">The name of the XSS sink to find</param>
/// <returns>The found XSS sink or null if not found</returns>
public XSSSink FindXSSSinkByName(string name)
{
return(XSSSinks.FirstOrDefault(x => x.Name == name) ??
XSSSinks.FirstOrDefault(x => x.Aliases.Any(y => y == name)));
}
