void LoadAndFill()
{
if (this.Trace == null)
{
this.Trace = IronDB.GetScanTrace(this.TraceId);
}
try
{
List <object[]> Rows = IronTrace.GetGridRowsFromTraceAndOverviewXml(Trace.OverviewXml, Trace.MessageXml);
StringBuilder SB = new StringBuilder(@"{\rtf1{\colortbl ;\red0\green77\blue187;\red247\green150\blue70;\red255\green0\blue0;\red0\green200\blue50;\red255\green255\blue255;}");
SB.Append(Tools.RtfSafe(Trace.GetScanTracePrettyMessage()));
this.SetTraceData(Rows, SB.ToString());
}
catch (Exception Exp)
{
IronException.Report("Error loading Scan Trace", Exp);
this.CloseTraceWindow();
}
if (this.UiResults == null)
{
DoAnalysis();
}
else
{
SetAnalysisUiResults(this.UiResults);
}
}
internal static void AddSessionPluginTrace(IronTrace Trace)
{
if (Trace != null)
{
lock (SessionPluginTraces)
{
SessionPluginTraces.Enqueue(Trace);
}
}
}
internal static void AddScanTrace(IronTrace Trace)
{
if (Trace != null)
{
lock (ScanTraces)
{
ScanTraces.Enqueue(Trace);
}
}
}
void AnalyzeTraceId(int CurrentId, string TraceOverviewMessage, IronTrace ScanTraceRecord)
{
ShowAnalysisStatus(string.Format("Analyzing Trace ID - {0}", CurrentId));
List<Dictionary<string, string>> OverviewEntries = IronTrace.GetOverviewEntriesFromXml(TraceOverviewMessage);
List<string> Payloads = new List<string>();
List<int> RoundTrips = new List<int>();
List<int> LogIds = new List<int>();
foreach (Dictionary<string, string> Entry in OverviewEntries)
{
try
{
int LogId = Int32.Parse(Entry["log_id"]);
int Time = Int32.Parse(Entry["time"]);
Payloads.Add(Entry["payload"]);
LogIds.Add(LogId);
RoundTrips.Add(Time);
}
catch { }
}
BehaviourAnalysis BA = new BehaviourAnalysis(this.Keywords, this.RoundtripIncrease, this.RoundtripIncreaseFactor, this.InsertedCharsCount);
BA.Analyze(Payloads, LogIds, RoundTrips, ScanTraceRecord.Section);
bool CodeResultFound = false;
bool KeywordsResultFound = false;
string BodyResultFound = "";
bool SetCookieFound = false;
bool HeadersFound = false;
string RoundtripFound = "";
BehaviourAnalysisResults Results = new BehaviourAnalysisResults(BA.Results);
if (Results.SetCookies.Count > 0) SetCookieFound = true;
if (Results.Codes.Count > 0) CodeResultFound = true;
if (Results.Keywords.Count > 0) KeywordsResultFound = true;
if (Results.Headers.Count > 0) HeadersFound = true;
if (Results.InsertedChars.Count > 0) BodyResultFound = string.Format("{0} chars", Results.InsertedChars[Results.InsertedChars.Count - 1]);
if (Results.PlusRoundtripDiffs.Count > 0 || Results.MinusRoundtripDiffs.Count > 0)
{
int PlusMax = 0;
int MinusMax = 0;
if (Results.PlusRoundtripDiffs.Count > 0) PlusMax = Results.PlusRoundtripDiffs[Results.PlusRoundtripDiffs.Count - 1];
if (Results.MinusRoundtripDiffs.Count > 0) MinusMax = Results.MinusRoundtripDiffs[Results.MinusRoundtripDiffs.Count - 1];
if (PlusMax > MinusMax)
RoundtripFound = string.Format("+{0} ms", PlusMax);
else
RoundtripFound = string.Format("-{0} ms", MinusMax);
}
if (CodeResultFound || KeywordsResultFound || BodyResultFound.Length > 0 || SetCookieFound || HeadersFound || RoundtripFound.Length > 0)
{
List<object> Vals = new List<object>() { CurrentId, ScanTraceRecord.Section, ScanTraceRecord.PluginName, CodeResultFound, KeywordsResultFound, BodyResultFound, SetCookieFound, HeadersFound, RoundtripFound, BA.BaseLineLogId, BA.BaseLinePayload, BA.BaseLineRoundtripTime, BA.BaseLineSession.Response.Code, BA.ResultsXml };
AddAnalysisResultEntry(Vals);
}
}
void DoAnalysis()
{
bool CanDo = true;
int StartId = 1;
int LastId = 0;
if (!this.CheckAllScanTrace)
{
StartId = this.StartScanTraceId;
LastId = this.EndScanTraceId;
}
int CurrentId = StartId;
try
{
while (CanDo && CurrentId <= Config.LastScanTraceId)
{
try
{
CanDo = false;
string TraceOverviewMessage = IronDB.GetScanTraceOverviewAndMessage(CurrentId)[0];
IronTrace ScanTraceRecord = IronDB.GetScanTraces(CurrentId, 1)[0];
if (this.SelectedChecks.Contains(ScanTraceRecord.PluginName))
{
AnalyzeTraceId(CurrentId, TraceOverviewMessage, ScanTraceRecord);
}
}
catch (ThreadAbortException)
{}
catch (Exception Exp)
{
IronException.Report(string.Format("Error performing Payload Effect Analysis on Scan Trace ID - {0}", CurrentId), Exp);
}
if (CurrentId < Config.LastScanTraceId && (CurrentId < LastId || LastId == 0))
{
CanDo = true;
CurrentId++;
}
}
StopAnalysis(true);
}
catch (ThreadAbortException) {}
}
internal void Analyze(string TraceOverviewMessage, string ScannedSection)
{
List <Dictionary <string, string> > OverviewEntries = IronTrace.GetOverviewEntriesFromXml(TraceOverviewMessage);
List <string> Payloads = new List <string>();
List <int> RoundTrips = new List <int>();
List <int> LogIds = new List <int>();
foreach (Dictionary <string, string> Entry in OverviewEntries)
{
try
{
int LogId = Int32.Parse(Entry["log_id"]);
int Time = Int32.Parse(Entry["time"]);
Payloads.Add(Entry["payload"]);
LogIds.Add(LogId);
RoundTrips.Add(Time);
}
catch { }
}
Analyze(Payloads, LogIds, RoundTrips, ScannedSection);
}
internal static void AddTrace(IronTrace Trace)
{
if (Trace != null)
{
lock (Traces)
{
Traces.Enqueue(Trace);
}
}
}
internal static List<IronTrace> GetScanTraces(Finding F)
{
List<IronTrace> TraceRecords = new List<IronTrace>();
using(SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile))
{
DB.Open();
using (SQLiteCommand cmd = DB.CreateCommand())
{
cmd.CommandText = "SELECT ID, Message, OverviewXml FROM ScanTrace WHERE ScanID=@ScanID AND PluginName=@PluginName AND Section=@Section AND Parameter=@Parameter ORDER BY ID";
cmd.Parameters.AddWithValue("@ScanID", F.ScanId);
cmd.Parameters.AddWithValue("@PluginName", F.FinderName);
cmd.Parameters.AddWithValue("@Section", F.AffectedSection);
cmd.Parameters.AddWithValue("@Parameter", F.AffectedParameter);
using (SQLiteDataReader result = cmd.ExecuteReader())
{
while (result.Read())
{
IronTrace Trace = new IronTrace();
try
{ Trace.ID = Int32.Parse(result["ID"].ToString()); }
catch { continue; }
try
{
Trace.MessageXml = result["Message"].ToString();
}
catch
{
Trace.Message = result["Message"].ToString();
}
Trace.OverviewXml = result["OverviewXml"].ToString();
TraceRecords.Add(Trace);
}
}
}
}
return TraceRecords;
}
public void LogTrace(string Title)
{
IronTrace IT = new IronTrace(this.ScanID, CurrentPlugin, this.CurrentSection, this.CurrentParameterName, Title, TraceMsg.ToString());
IT.Report();
this.TraceMsg = new StringBuilder();
this.RequestTraceMsg = "";
}
void LoadAndFill()
{
if (this.Trace == null)
{
this.Trace = IronDB.GetScanTrace(this.TraceId);
}
try
{
List<object[]> Rows = IronTrace.GetGridRowsFromTraceAndOverviewXml(Trace.OverviewXml, Trace.MessageXml);
StringBuilder SB = new StringBuilder(@"{\rtf1{\colortbl ;\red0\green77\blue187;\red247\green150\blue70;\red255\green0\blue0;\red0\green200\blue50;\red255\green255\blue255;}");
SB.Append(Tools.RtfSafe(Trace.GetScanTracePrettyMessage()));
this.SetTraceData(Rows, SB.ToString());
}
catch(Exception Exp)
{
IronException.Report("Error loading Scan Trace", Exp);
this.CloseTraceWindow();
}
if (this.UiResults == null)
{
DoAnalysis();
}
else
{
SetAnalysisUiResults(this.UiResults);
}
}
public static void Trace(string Source, string Message)
{
IronTrace IT = new IronTrace(Source, Message);
IT.Report();
}
void AnalyzeTraceId(int CurrentId, string TraceOverviewMessage, IronTrace ScanTraceRecord)
{
ShowAnalysisStatus(string.Format("Analyzing Trace ID - {0}", CurrentId));
BehaviourAnalysis BA = new BehaviourAnalysis(this.Keywords, this.RoundtripIncrease, this.RoundtripIncreaseFactor, this.InsertedCharsCount);
BA.Analyze(TraceOverviewMessage, ScanTraceRecord.Section);
bool CodeResultFound = false;
bool KeywordsResultFound = false;
string BodyResultFound = "";
bool SetCookieFound = false;
bool HeadersFound = false;
string RoundtripFound = "";
BehaviourAnalysisResults Results = new BehaviourAnalysisResults(BA.Results);
if (Results.SetCookies.Count > 0) SetCookieFound = true;
if (Results.Codes.Count > 0) CodeResultFound = true;
if (Results.Keywords.Count > 0) KeywordsResultFound = true;
if (Results.Headers.Count > 0) HeadersFound = true;
if (Results.InsertedChars.Count > 0) BodyResultFound = string.Format("{0} chars", Results.InsertedChars[Results.InsertedChars.Count - 1]);
if (Results.PlusRoundtripDiffs.Count > 0 || Results.MinusRoundtripDiffs.Count > 0)
{
int PlusMax = 0;
int MinusMax = 0;
if (Results.PlusRoundtripDiffs.Count > 0) PlusMax = Results.PlusRoundtripDiffs[Results.PlusRoundtripDiffs.Count - 1];
if (Results.MinusRoundtripDiffs.Count > 0) MinusMax = Results.MinusRoundtripDiffs[Results.MinusRoundtripDiffs.Count - 1];
if (PlusMax > MinusMax)
RoundtripFound = string.Format("+{0} ms", PlusMax);
else
RoundtripFound = string.Format("-{0} ms", MinusMax);
}
if (CodeResultFound || KeywordsResultFound || BodyResultFound.Length > 0 || SetCookieFound || HeadersFound || RoundtripFound.Length > 0)
{
List<object> Vals = new List<object>() { CurrentId, ScanTraceRecord.Section, ScanTraceRecord.PluginName, CodeResultFound, KeywordsResultFound, BodyResultFound, SetCookieFound, HeadersFound, RoundtripFound, BA.BaseLineLogId, BA.BaseLinePayload, BA.BaseLineRoundtripTime, BA.BaseLineSession.Response.Code, BA.ResultsXml };
AddAnalysisResultEntry(Vals);
}
}
public void LogTrace(string Title)
{
try
{
this.TraceMsgXml.WriteEndElement();
this.TraceMsgXml.WriteEndDocument();
this.TraceMsgXml.Close();
}
catch { }
IronTrace IT = new IronTrace(this.ScanID, CurrentPlugin, this.CurrentSection, this.CurrentParameterName, Title, TraceMsg.ToString(), this.TraceOverviewEntries);
IT.Report();
this.TraceMsg = new StringBuilder();
this.RequestTraceMsg = "";
this.TraceTitle = "";
this.TraceTitleWeight = 0;
}
internal LogTraceViewer(IronTrace Trace)
{
this.Trace = Trace;
InitializeComponent();
}
void AnalyzeTraceId(int CurrentId, string TraceOverviewMessage, IronTrace ScanTraceRecord)
{
ShowAnalysisStatus(string.Format("Analyzing Trace ID - {0}", CurrentId));
BehaviourAnalysis BA = new BehaviourAnalysis(this.Keywords, this.RoundtripIncrease, this.RoundtripIncreaseFactor, this.InsertedCharsCount);
BA.Analyze(TraceOverviewMessage, ScanTraceRecord.Section);
bool CodeResultFound = false;
bool KeywordsResultFound = false;
string BodyResultFound = "";
bool SetCookieFound = false;
bool HeadersFound = false;
string RoundtripFound = "";
BehaviourAnalysisResults Results = new BehaviourAnalysisResults(BA.Results);
if (Results.SetCookies.Count > 0)
{
SetCookieFound = true;
}
if (Results.Codes.Count > 0)
{
CodeResultFound = true;
}
if (Results.Keywords.Count > 0)
{
KeywordsResultFound = true;
}
if (Results.Headers.Count > 0)
{
HeadersFound = true;
}
if (Results.InsertedChars.Count > 0)
{
BodyResultFound = string.Format("{0} chars", Results.InsertedChars[Results.InsertedChars.Count - 1]);
}
if (Results.PlusRoundtripDiffs.Count > 0 || Results.MinusRoundtripDiffs.Count > 0)
{
int PlusMax = 0;
int MinusMax = 0;
if (Results.PlusRoundtripDiffs.Count > 0)
{
PlusMax = Results.PlusRoundtripDiffs[Results.PlusRoundtripDiffs.Count - 1];
}
if (Results.MinusRoundtripDiffs.Count > 0)
{
MinusMax = Results.MinusRoundtripDiffs[Results.MinusRoundtripDiffs.Count - 1];
}
if (PlusMax > MinusMax)
{
RoundtripFound = string.Format("+{0} ms", PlusMax);
}
else
{
RoundtripFound = string.Format("-{0} ms", MinusMax);
}
}
if (CodeResultFound || KeywordsResultFound || BodyResultFound.Length > 0 || SetCookieFound || HeadersFound || RoundtripFound.Length > 0)
{
List <object> Vals = new List <object>()
{
CurrentId, ScanTraceRecord.Section, ScanTraceRecord.PluginName, CodeResultFound, KeywordsResultFound, BodyResultFound, SetCookieFound, HeadersFound, RoundtripFound, BA.BaseLineLogId, BA.BaseLinePayload, BA.BaseLineRoundtripTime, BA.BaseLineSession.Response.Code, BA.ResultsXml
};
AddAnalysisResultEntry(Vals);
}
}
public void Trace(Request Req, string Action, string Message)
{
IronTrace IT = new IronTrace(Req, this.Name, Action, Message);
IT.Report();
}
internal static void AddSessionPluginTrace(IronTrace Trace)
{
if (Trace != null)
{
lock (SessionPluginTraces)
{
SessionPluginTraces.Enqueue(Trace);
}
}
}
public static void ScanTrace(int ScanID, string PluginName, string Section, string Parameter, string Title, string Message)
{
IronTrace IT = new IronTrace(ScanID, PluginName, Section, Parameter, Title, Message, new List <string[]>());
IT.Report();
}
public static void ScanTrace(int ScanID, string PluginName, string Section, string Parameter, string Title, string Message)
{
IronTrace IT = new IronTrace(ScanID, PluginName, Section, Parameter, Title, Message);
IT.Report();
}
internal LogTraceViewer(IronTrace Trace)
{
this.Trace = Trace;
InitializeComponent();
}
public static void Trace(string Source, string Message)
{
IronTrace IT = new IronTrace(Source, Message);
IT.Report();
}
internal static List<IronTrace> GetScanTraces(int StartID, int Count)
{
List<IronTrace> TraceRecords = new List<IronTrace>();
using(SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile))
{
DB.Open();
using (SQLiteCommand cmd = DB.CreateCommand())
{
cmd.CommandText = "SELECT ID, ScanID, PluginName, Section, Parameter, Title, Message, OverviewXml FROM ScanTrace WHERE ID > @StartID ORDER BY ID LIMIT @LIMIT";
cmd.Parameters.AddWithValue("@StartID", StartID - 1);
cmd.Parameters.AddWithValue("@LIMIT", Count);
using (SQLiteDataReader result = cmd.ExecuteReader())
{
while (result.Read())
{
IronTrace Trace = new IronTrace();
try
{ Trace.ID = Int32.Parse(result["ID"].ToString()); }
catch { continue; }
try
{ Trace.ScanID = Int32.Parse(result["ScanID"].ToString()); }
catch { }
Trace.PluginName = result["PluginName"].ToString();
Trace.Section = result["Section"].ToString();
Trace.Parameter = result["Parameter"].ToString();
Trace.Title = result["Title"].ToString();
try
{
Trace.MessageXml = result["Message"].ToString();
}
catch
{
Trace.Message = result["Message"].ToString();
}
Trace.OverviewXml = result["OverviewXml"].ToString();
TraceRecords.Add(Trace);
}
}
}
}
return TraceRecords;
}
public void Trace(Request Req, string Action, string Message)
{
IronTrace IT = new IronTrace(Req, this.Name, Action, Message);
IT.Report();
}
internal static List<IronTrace> GetTraceRecords(int StartID, int Count)
{
List<IronTrace> TraceRecords = new List<IronTrace>();
using (SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile))
{
DB.Open();
using(SQLiteCommand cmd = DB.CreateCommand())
{
cmd.CommandText = "SELECT ID, Time, Date, ThreadID, Source, Message FROM Trace WHERE ID > @StartID LIMIT @LIMIT";
cmd.Parameters.AddWithValue("@StartID", StartID);
cmd.Parameters.AddWithValue("@LIMIT", Count);
using(SQLiteDataReader result = cmd.ExecuteReader())
{
while (result.Read())
{
IronTrace Trace = new IronTrace();
try
{ Trace.ID = Int32.Parse(result["ID"].ToString()); }
catch { continue; }
try
{ Trace.ThreadID = Int32.Parse(result["ThreadID"].ToString()); }
catch { }
Trace.Time = result["Time"].ToString();
Trace.Date = result["Date"].ToString();
Trace.Source = result["Source"].ToString();
Trace.Message = result["Message"].ToString();
TraceRecords.Add(Trace);
}
}
}
}
return TraceRecords;
}
internal static List<IronTrace> GetScanTraceRecords(int StartID)
{
List<IronTrace> TraceRecords = new List<IronTrace>();
SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile);
DB.Open();
try
{
SQLiteCommand cmd = DB.CreateCommand();
cmd.CommandText = "SELECT ID, ScanID, PluginName, Section, Parameter, Title, Message FROM ScanTrace WHERE ID > @StartID LIMIT 1000";
cmd.Parameters.AddWithValue("@StartID", StartID);
SQLiteDataReader result = cmd.ExecuteReader();
while (result.Read())
{
IronTrace Trace = new IronTrace();
try
{ Trace.ID = Int32.Parse(result["ID"].ToString()); }
catch { continue; }
try
{ Trace.ScanID = Int32.Parse(result["ScanID"].ToString()); }
catch { }
Trace.PluginName = result["PluginName"].ToString();
Trace.Section = result["Section"].ToString();
Trace.Parameter = result["Parameter"].ToString();
Trace.Title = result["Title"].ToString();
Trace.Message = result["Message"].ToString();
TraceRecords.Add(Trace);
}
result.Close();
}
catch (Exception Exp)
{
DB.Close();
throw Exp;
}
DB.Close();
return TraceRecords;
}