public void parseUrls()
{
const string urlTest1 = "http://aa";
const string urlTest2 = "http://aa/page.aspx";
const string urlTest3 = "http://aa.bb.cc/page.aspx#tag";
const string urlTest4 = "http://aa.bb.cc/path/page.aspx?param1=aaa";
const string urlTest5 = "http://aa.bb.cc/path1/path2/page.aspx?param1=aaa¶m1=bbb¶m3=ccc#fragment1";
var test1 = new FilteredUrl(urlTest1);
Assert.IsTrue(test1.host == "aa", "test1");
var test2 = new FilteredUrl(urlTest2);
Assert.IsTrue(test2.page == "page.aspx", "test2");
var test3 = new FilteredUrl(urlTest3);
Assert.IsTrue(test3.host == "aa.bb.cc" && test3.fragement == "#tag", "test3");
var test4 = new FilteredUrl(urlTest4);
Assert.IsTrue(test4.path == "/path/" && test4.page == "page.aspx" && test4.parametersRaw == "param1=aaa" &&
test4.parameters[0].name == "param1" && test4.parameters[0].value == "aaa", "test4");
var test5 = new FilteredUrl(urlTest5);
Assert.IsTrue(
test5.path == "/path1/path2/" && test5.wordsInPath[0] == "path1" && test5.wordsInPath[1] == "path2" &&
test5.wordsInPathAndPage[2] == "page.aspx" && test5.parameters[1].name == "param1" &&
test5.parameters[2].name == "param3" && test5.parameters[2].value == "ccc", "test5");
Assert.IsTrue(
test5.words[0] == "http:" && test5.words[1] == "aa.bb.cc" && test5.words[2] == "path1" &&
test5.words[3] == "path2" && test5.words[4] == "page.aspx" && test5.words[5] == "param1" &&
test5.words[6] == "aaa" &&
test5.words[7] == "param1" && test5.words[8] == "bbb" && test5.words[9] == "param3" &&
test5.words[10] == "ccc" && test5.words[11] == "fragment1"
, "test 5 words");
}
public static IO2Trace createSink(WebInspectFinding webInspectFinding)
{
var filteredUrl = new FilteredUrl(webInspectFinding.fullUrl);
return new O2Trace("WebInspect: " + filteredUrl.pathAndPageAndParameters, TraceType.Known_Sink)
{
context = webInspectFinding.payload,
method = webInspectFinding.param
};
}
public static List<IO2Finding> loadWebInspectResultsAndReturnO2FindingsFor_SqlInjection_PoC2(
string webInspectResultsFile)
{
var results = new List<IO2Finding>();
var webInspectResults = new XmlDocument();
webInspectResults.Load(webInspectResultsFile);
List<XmlNode> sessionsCheckFoundWithEngineId = getSessionsCheckFoundWithEngineId(webInspectResults,
sqlInjectionEngineId);
foreach (XmlNode sessionCheckFound in sessionsCheckFoundWithEngineId)
{
// ReSharper disable PossibleNullReferenceException
string sessionId = sessionCheckFound["VulnerableSessionID"].InnerText;
List<XmlNode> sessionsFoundWithSessionId = getSessionsWithSessionID(webInspectResults, sessionId);
foreach (XmlNode session in sessionsFoundWithSessionId)
{
string attackParam = session["AttackParamDescriptor"].InnerText;
// Hack to handle crl#: form parameter names in ASP.NET
if (attackParam.IndexOf(':') > -1)
attackParam = attackParam.Split(new[] {':'})[1];
string attackPayload = session["AttackDescriptor"].InnerText;
var filteredUrl = new FilteredUrl(session["FullURL"].InnerText);
foreach (var word in filteredUrl.words)
{
var sink = new O2Trace("WebInspect: " + filteredUrl.pathAndPageAndParameters,
TraceType.Known_Sink)
{
context = attackPayload,
method = attackParam
};
//var sink = new O2Trace("WebInspect: " + attackParam, TraceType.Known_Sink);
//source.childTraces.Add(sink);
var o2Trace = new O2Trace("WebInspect -> Ounce Mapping (Sql Injection)");
//o2Trace.childTraces.Add(source);
o2Trace.childTraces.Add(sink);
//source.context = "This is the context of the Source";
//sink.context = attackPayload;
var o2Finding = new O2Finding
{
o2Traces = new List<IO2Trace> { o2Trace},
context = attackPayload,
vulnName = word + "_" + attackParam,
vulnType = "Sql Injection (from WebInspect)"
};
results.Add(o2Finding);
}
/*
var o2Finding = new O2Finding
{
o2Trace = new O2Trace("WebInspect -> Ounce Mapping"),
context = attackDescriptor,
vulnName = fullURL,
vulnType = "WebInspect Vulnerability"
};
var source = new O2Trace(fullURL, TraceType.Source);
source.childTraces.Add(new O2Trace(attackDescriptor));
var Sink = new O2Trace(attackParamDescriptor)
{
traceType = TraceType.Known_Sink
};
source.childTraces.Add(Sink);
o2Finding.o2Trace.childTraces.Add(source);
results.Add(o2Finding);*/
}
// ReSharper restore PossibleNullReferenceException
}
return results;
}
