private static int RunAnalysis(AnalyzeOptions options) { var indexDb = new IndexDb(options.Directory); indexDb.Build(); indexDb.ShowStatistic(); var callGraphBuilder = new CallGraphBuilder(indexDb); CreateCleanDirectory(options.Output); foreach (var group in Loader.GetPatternGroups()) { var callGraph = callGraphBuilder.CreateGraph(group.Patterns); callGraphBuilder.ShowStatistic(); if (callGraph.IsEmpty) { continue; } callGraph.RemoveDuplicatePaths(); var groupDirectory = Path.Combine(options.Output, group.Name); Directory.CreateDirectory(groupDirectory); callGraph.Dump(Path.Combine(groupDirectory, "full.png")); callGraph.RemoveNonPublicEntryNodes(); callGraph.Dump(Path.Combine(groupDirectory, "public.png")); } return(0); }
private static void PrintMethod(MethodDefinition methodDefinition, Gtk.TextView textView) { textView.Buffer.Clear(); var builder = new CallGraphBuilder(methodDefinition); CallGraph callGraph = builder.Create(5); textView.Buffer.Text = callGraph.ToString(); }
private void OnSelectionChanged(object sender, SelectionEventArgs args) { if (args.definition is MethodDefinition) { CGPrettyPrinter.PrintPretty(args.definition, textView); CGPrettyDrawer drawer = new CGPrettyDrawer(drawingArea); var builder = new CallGraphBuilder(args.definition as MethodDefinition); CallGraph currentCg = builder.Create(2); drawer.DrawCallGraph(currentCg); if (args.module != null) { // Dump the module if (args.assembly != null) { // Dump assembly modules. } } } }
//[Ignore("for debugging only, change type and methodName vars for your case")] public void SingleCase() { var type = typeof(KnowledgeBase.Cases.XslCompiledTransformPatterns); var methodName = nameof(KnowledgeBase.Cases.XslCompiledTransformPatterns.XsltLoadWithPayload); var context = Context.CreateToAnalyze(); var method = type.GetMethod(methodName, BindingFlags.Public | BindingFlags.Instance); var errors = Loader.ExecuteCase(context, type, new[] { method }); //var patternGroup = Loader.GetPatternGroup(type, methodName); Assert.That(errors, Is.Empty); Assert.That(context.Patterns.Count, Is.GreaterThan(0)); var builder = new CallGraphBuilder(index); var graph = builder.CreateGraph(context.Patterns); Assert.That(graph.EntryNodes.Count, Is.GreaterThan(0)); Assert.That(graph.EntryNodes.Keys .Contains(MethodUniqueSignature.Create($"{type.FullName}::{methodName}()"))); }
private static int RunAnalysis(AnalyzeOptions options) { var timer = Stopwatch.StartNew(); var indexDb = new IndexDb(options.Directory); indexDb.Build(); indexDb.ShowStatistic(); var callGraphBuilder = new CallGraphBuilder(indexDb); CreateCleanDirectory(options.Output); foreach (var group in Loader.GetTemplateGroups()) { var callGraph = callGraphBuilder.CreateGraph(group.Templates); callGraphBuilder.ShowStatistic(); if (callGraph.IsEmpty) { continue; } callGraph.RemoveDuplicatePaths(); var groupDirectory = Path.Combine(options.Output, group.Name); Directory.CreateDirectory(groupDirectory); callGraph.Dump(Path.Combine(groupDirectory, "full.png")); callGraph.DumpSeparateUsages(Path.Combine(groupDirectory, "usages")); callGraph.RemoveSameClasses(); //callGraph.RemoveMiddleNodes(); callGraph.Dump(Path.Combine(groupDirectory, "classes.png")); //callGraph.RemoveNonPublicEntryNodes(); //callGraph.Dump(Path.Combine(groupDirectory, "public.png")); } timer.Stop(); Console.WriteLine($"{timer.ElapsedMilliseconds}"); Console.WriteLine($"{timer}"); return(0); }
public void AllCases() { foreach (var type in Loader.GetCaseTypes()) { Console.WriteLine($"{type}:"); foreach (var method in Loader.GetCaseMethods(type)) { Console.WriteLine($" {method}"); var context = Context.CreateToAnalyze(); var errors = Loader.ExecuteCase(context, type, new[] { method }); Assert.That(errors, Is.Empty); Assert.That(context.Patterns.Count, Is.GreaterThan(0)); var builder = new CallGraphBuilder(index); var graph = builder.CreateGraph(context.Patterns); Assert.That(graph.EntryNodes.Count, Is.GreaterThan(0)); Assert.That(graph.EntryNodes.Keys .Contains(MethodUniqueSignature.Create($"{type.FullName}::{method.Name}()"))); } } }
private static int RunAnalysis(string input, string entryPoint, string output) { Console.WriteLine("Copying SerialDetector.Experiments..."); File.Copy( typeof(Deserializers).Assembly.Location, Path.Combine(input, Path.GetFileName(typeof(Deserializers).Assembly.Location)), true); Console.WriteLine($"[{DateTime.Now:T}]"); var indexDb = new IndexDb(input); var v = new Version(); var methods = indexDb.Assemblies.FindSensitiveSinkCalls().ToList(); Console.WriteLine($"[{DateTime.Now:T}] {methods.Count} methods!"); var sensitiveSinks = methods .Select(method => method.CreateMethodUniqueSignature()) .Distinct() .Select(name => new TemplateInfo(name, v)) .ToList(); CreateCleanDirectory(output); File.WriteAllLines( Path.Combine(output, "sensitive-sinks.txt"), sensitiveSinks.Select(info => info.Method.ToString())); var setUp = GetEntryPointSetUp(entryPoint); sensitiveSinks = new List <TemplateInfo> { new TemplateInfo(new MethodUniqueSignature(setUp.SensitiveSink), v) }; Console.WriteLine($"[{DateTime.Now:T}] {sensitiveSinks.Count} patterns!"); foreach (var method in sensitiveSinks) { Console.WriteLine($" {method.Method}"); } Console.WriteLine(); // TODO: remove convertedArgumentTypes var convertedArgumentTypes = indexDb.Build(); indexDb.ShowStatistic(); Console.WriteLine($"[{DateTime.Now:T}]"); var callGraphBuilder = new CallGraphBuilder(indexDb); var i = 0; foreach (var sensitiveSink in sensitiveSinks) { var g = callGraphBuilder.CreateGraph(new List <TemplateInfo> { sensitiveSink }); Console.WriteLine(); Console.WriteLine($"[{DateTime.Now:T}] #{++i} {sensitiveSink.Method}"); callGraphBuilder.ShowStatistic(); if (g.IsEmpty) { Console.WriteLine("CFA: Not found!"); continue; } StoreEntryPoints(Path.Combine(output, $"{i}_ep_all.txt"), g); Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}"); g.RemoveDuplicatePaths(); Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}"); g.RemoveNonPublicEntryNodes(); Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}"); g.RemoveNonPublicMiddleNodes(); Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}"); //ShowEntryPoints(currentPatterns, g); StoreEntryPoints(Path.Combine(output, $"{i}_ep_public.txt"), g); if (g.Nodes.Count > 1 && g.Nodes.Count < 1000) { g.Dump(Path.Combine(output, $"{i}_po.png")); } else { Console.WriteLine($"{i}_ep_public graph contains {g.Nodes.Count} nodes!"); } // DFA var symbolicEngine = new SymbolicEngine(indexDb, sensitiveSink.Method, setUp.VirtualCallsLimit, setUp.EnableStaticFields, false); var workingThread = new Thread(() => { RunDataFlowAnalysis(indexDb, g, entryPoint, convertedArgumentTypes, symbolicEngine, output); }); var timer = Stopwatch.StartNew(); workingThread.Start(); Console.WriteLine(); Console.WriteLine("Press q and <Enter> to exit..."); while (Console.ReadLine() != "q") { } if (workingThread.IsAlive) { workingThread.Abort(); workingThread.Join(); timer.Stop(); symbolicEngine.CurrentStat?.DumpConsole(); symbolicEngine.CurrentStat?.DumpTxt(output, "dfa_stat.txt"); //symbolicEngine.CurrentStat?.DumpCsv(output, "dfa_stat.csv"); Console.WriteLine($"Analysis is aborted ({timer.ElapsedMilliseconds} ms)"); } } return(0); }