Exemple #1
0
 private void llPreCirDumps_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
 {
     if (scCurrentScanTarget != null)
     {
         String sPathToCirDumpFiles =
             Files.checkIfDirectoryExistsAndCreateIfNot(Path.Combine(scCurrentScanTarget.WorkDirectory,
                                                                     "_CirDumps"));
         CirDumps.preCirDumpGeneration(sPathToCirDumpFiles);
     }
 }
        public bool scanApplication(String applicationToScan)
        {
            if (false == File.Exists(applicationToScan))
            {
                DI.log.error("in scanApplication, could not file application file: {0}", applicationToScan);
                return(false);
            }

            sApplicationToScan = applicationToScan;
            // set standard savedfilelocations
            sAssessmentFile_ScanWithExistingRules = sApplicationToScan + sAssessmentFile_ScanWithExistingRules;
            sAssessmentFile_ScanWithNoRules       = sApplicationToScan + sAssessmentFile_ScanWithNoRules;
            sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks = sApplicationToScan +
                                                                             sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks;
            sAssessmentFile_CallBacksOnEdges_And_ExternalSinks = sApplicationToScan +
                                                                 sAssessmentFile_CallBacksOnEdges_And_ExternalSinks;
            sAssessmentFile_SourcesAndSinks = sApplicationToScan + sAssessmentFile_SourcesAndSinks;
            sAssessmentFile_CirDataScan     = sApplicationToScan + sAssessmentFile_CirDataScan;

            bool bContinueWithScans = true;

            try
            {
                DI.log.debug("Scanning Application: {0}", applicationToScan);
                sTargetScan = applicationToScan;
                //	Utils.debugBreak();

                if (bScanWithExistingRules)
                {
                    _scanApplication(applicationToScan, sAssessmentFile_ScanWithExistingRules);
                    bContinueWithScans = false;
                    // no need to do anything else since we don't want to change the existing rule set (which is what we need the CirDump for)
                }

                if (bContinueWithScans && bScanWithNoRules)
                {
                    mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
                    _scanApplication(applicationToScan, sAssessmentFile_ScanWithNoRules);
                    bContinueWithScans = false; // since this is only used to tests (to make sure we can scan it
                }
                // CreateCirDataFile  (using rules so that the CIR creation process is as quick as possible)
                if (bContinueWithScans)
                {
                    if (bCreateCirDataFile)
                    {
                        if (sPathToCirDumpFiles == "")
                        {
                            sPathToCirDumpFiles =
                                Files.checkIfDirectoryExistsAndCreateIfNot(
                                    Path.Combine(DI.config.O2TempDir, "_CirDumps"));
                        }
                        if (CirDumps.preCirDumpGeneration(sPathToCirDumpFiles))
                        {
                            if (bDeleteAllRulesForCirCreation)
                            {
                                mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
                            }

                            _scanApplication(applicationToScan, sAssessmentFile_CirDataScan);
                        }
                    }

                    // CallBacksOnControlFlowGraphs_And_ExternalSinks
                    if (bCallBacksOnControlFlowGraphs_And_ExternalSinks)
                    {
                        //O2RulePack orpO2RulePack = OunceRules.createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(this.sCirDataFile);
                        String sRulePackFile = sCirDataFile + "_CallBacksOnControlFlowGraphs_And_ExternalSinks" +
                                               ".O2RulePack";
                        if (File.Exists(sRulePackFile) == false)
                        {
                            DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile);
                        }
                        else
                        {
                            O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile);
                            mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
                            mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack);
                            _scanApplication(applicationToScan,
                                             sAssessmentFile_CallBacksOnControlFlowGraphs_And_ExternalSinks);
                        }
                    }

                    // CallBacksOnEdges_And_ExternalSinks
                    if (bCallBacksOnEdges_And_ExternalSinks)
                    {
                        //O2RulePack orpO2RulePack = OunceRules.createRules_CallBacksOnEdges_And_ExternalSinks(this.sCirDataFile);
                        String sRulePackFile = sCirDataFile + "_CallBacksOnEdges_And_ExternalSinks" + ".O2RulePack";
                        if (File.Exists(sRulePackFile) == false)
                        {
                            DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile);
                        }
                        else
                        {
                            O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile);
                            mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
                            mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack);
                            _scanApplication(applicationToScan, sAssessmentFile_CallBacksOnEdges_And_ExternalSinks);
                        }
                    }

                    // bSourcesAndSinks
                    if (bSourcesAndSinks)
                    {
                        //O2RulePack orpO2RulePack = OunceRules.createRules_SourcesAndSinks(this.sCirDataFile);
                        String sRulePackFile = sCirDataFile + "_SourcesAndSinks" + ".O2RulePack";
                        if (File.Exists(sRulePackFile) == false)
                        {
                            DI.log.error("in scanApplication: Could not file rule pack to load :{0}", sRulePackFile);
                        }
                        else
                        {
                            O2RulePack orpO2RulePack = O2RulePackUtils.loadRulePack(sRulePackFile);
                            mySqlRules_OunceV6.DeleteAllRulesFromDatabase();
                            mySqlRules_OunceV6.addRulesToDatabase(true, orpO2RulePack);
                            _scanApplication(applicationToScan, sAssessmentFile_SourcesAndSinks);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DI.log.error("in scanApplication:{0}", ex.Message);
                return(false);
            }
            if (bRestartIISAfterScan)
            {
                new Thread(Processes.resetIIS).Start();
            }

            if (dProcessCompletionCallback != null)
            {
                dProcessCompletionCallback.Invoke(this);
            }

            return(true);
        }