//public static void addMappedView() public static string saveStrutsMappings(IStrutsMappings strutsMappings, string targetFileOrFolder) { if (strutsMappings == null) { return(""); } if (Directory.Exists(targetFileOrFolder)) { targetFileOrFolder = Path.Combine(targetFileOrFolder, Files.getTempFileName() + strutsMappingExtension); } else if (false == Directory.Exists(Path.GetDirectoryName(targetFileOrFolder))) { PublicDI.log.error("Invalid filename supplied since that directly doesnt exist: {0}", targetFileOrFolder); return(""); } if (Serialize.createSerializedBinaryFileFromObject(strutsMappings, targetFileOrFolder)) { PublicDI.log.info("Serialized Struts Mapping object saved to: {0}", targetFileOrFolder); } else { PublicDI.log.error("There was a problem serializing Struts Mapping object saved to: {0}", targetFileOrFolder); } return(targetFileOrFolder); }
public static void createFindingsFromStrutsMappings(IStrutsMappings strutsMappings, ascx_FindingsViewer findingsViewer_ToLoadResults) { var createdFindings = StrutsMappingHelpers.createFindingsFromStrutsMappings(strutsMappings); findingsViewer_ToLoadResults.setTraceTreeViewVisibleStatus(true); findingsViewer_ToLoadResults.setFilter2Value("(no filter)"); findingsViewer_ToLoadResults.loadO2Findings(createdFindings, true); }
private List <IO2Finding> mapStrutsFindings(IStrutsMappings strutsMappingsObject, List <IO2Finding> o2Findings, bool createConsolidatedView) { // calculate findings from strutsMappings var strutsFindings = StrutsMappingHelpers.createFindingsFromStrutsMappings(strutsMappingsObject); // creates a dictionary with the O2JoinSinks as the key (containing a list of Findings that match that key (i.e. O2LostSink)) var joinSinksDictionary = OzasmtSearch.getDictionaryWithJoinSinks(strutsFindings); // creates a list of findings with the root node as the key (containing a list of Findings that match that key (i.e. root node)) var rootFunctions = new Dictionary <string, List <IO2Finding> >(); foreach (var o2Finding in o2Findings) { if (o2Finding.o2Traces.Count > 0) { var rootFunction = o2Finding.o2Traces[0].clazz; if (rootFunction.StartsWith("jsp_servlet")) { rootFunction = rootFunction.Replace("jsp_servlet", ""). Replace("_45_", "-"). Replace(".__", "/"). Replace("._", "/") + ".jsp"; } if (rootFunction != "") { if (false == rootFunctions.ContainsKey(rootFunction)) { rootFunctions.Add(rootFunction, new List <IO2Finding>()); } rootFunctions[rootFunction].Add(o2Finding); } } } // now map the JoinSinks with the Root Functions if (createConsolidatedView) { return(StrutsMappingHelpers.joinTracesUsingConsolidatedView(joinSinksDictionary, rootFunctions)); } return(joinTracesUsingExpandedView(o2Findings, joinSinksDictionary, rootFunctions)); /*foreach (var values in rootFunctions.Values) * foreach (var o2Finding in values) * { * var modifiedFinding = (O2Finding)OzasmtCopy.createCopy(o2Finding); * var currentSource = modifiedFinding.getSource(); * currentSource.traceType = TraceType.Type_4; * modifiedFinding.o2Traces[0].traceType = TraceType.Source; * mappedFindings.Add(modifiedFinding); * } */ }
public void calculateFinalResults( string taintSources_SourceRegEx, string taintSources_SinkRegEx, string finalSinks_SourceRegEx, string finalSinks_SinkRegEx) { if (findingsWith_BaseO2Findings == null) { findingsWith_BaseO2Findings = XUtils_Findings_v0_1.loadFindingsFile(BaseO2Findings); } // calculate TaintSources findingsWith_FindingsFromTaintSources = O2FindingsHelpers.calculateFindings( findingsWith_BaseO2Findings, taintSources_SourceRegEx, taintSources_SinkRegEx, XUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks); // calculate FinalSinks findingsWith_FindingsToFinalSinks = O2FindingsHelpers.calculateFindings( findingsWith_BaseO2Findings, FinalSinks_SourceRegEx, finalSinks_SinkRegEx, XUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sources); // calculate strutsMapping object and findings if (StrutsMappings == null) { StrutsMappings = (IStrutsMappings)Serialize.getDeSerializedObjectFromBinaryFile(StrutsMappingsFile, typeof(KStrutsMappings)); } findingsWith_StrutsMappings = StrutsMappingHelpers.createFindingsFromStrutsMappings(StrutsMappings); calculateResults(); // results = xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks(results); /*runFilterFor_TaintSources( * taintSources_SourceRegEx, taintSources_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, * xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks, filteredFindings_TaintSources); * runFilterFor_FinalSinks( * finalSinks_SourceRegEx, finalSinks_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, * xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sources, filteredFindings_FinalSinks); * * * /* runFilterFor_TaintSources( * taintSources_SourceRegEx, taintSources_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, * xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks, filteredFindings_TaintSources); * runFilterFor_FinalSinks( * finalSinks_SourceRegEx, finalSinks_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, * xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sources, filteredFindings_FinalSinks); */ /* * createFindingsFromStrutsMappings(strutsMappingsControl, findingsViewer_FromStrutsMappings); * * calculateResults(strutsMappingsControl,filteredFindings_TaintSources, filteredFindings_FinalSinks, findingsViewer_FinalFindings); */ }
public void showStrutsMappings(IStrutsMappings strutsMappings) { if (strutsMappings == null) { PublicDI.log.error("in showStrutsMappings, strutsMappings == null"); return; } StrutsMappings = strutsMappings; tvStrutsMappings.Tag = strutsMappings; tvStrutsMappings.invokeOnThread(() => refreshTreeView()); }
public void showStrutsMappings(IStrutsMappings strutsMappings) { if (strutsMappings == null) { DI.log.error("in showStrutsMappings, strutsMappings == null"); return; } tvStrutsMappings.Tag = strutsMappings; tvStrutsMappings.invokeOnThread(() => refreshTreeView()); }
public static List<IO2Finding> executeStrutsRule(List<IO2Finding> baseO2Findings, IStrutsMappings strutsMappings,string taintSources_SourceRegEx, string taintSources_SinkRegEx, string finalSinks_SourceRegEx, string finalSinks_SinkRegEx) { var xRulesObject = XUtils_Struts_Joins_V0_1_Helpers.executeRule_AndReturn_XRuleStrutsObject( baseO2Findings, strutsMappings, taintSources_SourceRegEx, taintSources_SinkRegEx, finalSinks_SourceRegEx, finalSinks_SinkRegEx, joinPointFilter); if (showResultsInO2RulesStrutsGUI) xRulesObject.showFinalResultsIn_O2RulesStrutsGUI(); if (showResultsInNewFindingsViewer) xRulesObject.showFinalResultsIn_fidingsViewer(); return xRulesObject.getResults(); }
private List<IO2Finding> mapStrutsFindings(IStrutsMappings strutsMappingsObject, List<IO2Finding> o2Findings, bool createConsolidatedView) { // calculate findings from strutsMappings var strutsFindings = StrutsMappingHelpers.createFindingsFromStrutsMappings(strutsMappingsObject); // creates a dictionary with the O2JoinSinks as the key (containing a list of Findings that match that key (i.e. O2LostSink)) var joinSinksDictionary = OzasmtSearch.getDictionaryWithJoinSinks(strutsFindings); // creates a list of findings with the root node as the key (containing a list of Findings that match that key (i.e. root node)) var rootFunctions = new Dictionary<string, List<IO2Finding>>(); foreach(var o2Finding in o2Findings) { if (o2Finding.o2Traces.Count > 0) { var rootFunction = o2Finding.o2Traces[0].clazz; if (rootFunction.StartsWith("jsp_servlet")) rootFunction = rootFunction.Replace("jsp_servlet", ""). Replace("_45_", "-"). Replace(".__", "/"). Replace("._", "/") + ".jsp"; if (rootFunction != "") { if (false == rootFunctions.ContainsKey(rootFunction)) rootFunctions.Add(rootFunction, new List<IO2Finding>()); rootFunctions[rootFunction].Add(o2Finding); } } } // now map the JoinSinks with the Root Functions if (createConsolidatedView) return StrutsMappingHelpers.joinTracesUsingConsolidatedView(joinSinksDictionary, rootFunctions); return joinTracesUsingExpandedView(o2Findings, joinSinksDictionary, rootFunctions); /*foreach (var values in rootFunctions.Values) foreach (var o2Finding in values) { var modifiedFinding = (O2Finding)OzasmtCopy.createCopy(o2Finding); var currentSource = modifiedFinding.getSource(); currentSource.traceType = TraceType.Type_4; modifiedFinding.o2Traces[0].traceType = TraceType.Source; mappedFindings.Add(modifiedFinding); } */ }
public static List<IO2Finding> strutsRule_fromGetParameterToPringViaGetSetAttributeJoins(List<IO2Finding> baseO2Findings, IStrutsMappings strutsMappings) { PublicDI.log.info("executing rule: StrutsRule.from.GetParameter.to.Print.via.SetGetAttributeJoins with {0} fingings and {1} action servlets", baseO2Findings.Count, strutsMappings.actionServlets.Count); var taintSources_SourceRegEx = @"getParameter\(java.lang.String\)"; var taintSources_SinkRegEx = @"setAttribute\(java.lang.String"; var finalSinks_SourceRegEx = @"getAttribute\(java.lang.String\)"; var finalSinks_SinkRegEx = @"print"; var results = executeStrutsRule(baseO2Findings, strutsMappings, taintSources_SourceRegEx, taintSources_SinkRegEx, finalSinks_SourceRegEx, finalSinks_SinkRegEx); return results; }
public static List <IO2Finding> createFindingsFromStrutsMappings(IStrutsMappings iStrutsMappings) { var newO2Findings = new List <IO2Finding>(); foreach (var actionServlet in iStrutsMappings.actionServlets) { foreach (var controler in actionServlet.controllers.Values) { var o2Finding = new O2Finding { vulnType = "Struts.Finding : " + controler.type, vulnName = controler.type ?? "" }; var o2RootTrace = (O2Trace)o2Finding.addTrace("Struts Mapping", TraceType.O2JoinSource); o2RootTrace.addTrace("Controller Type: " + controler.type, TraceType.O2JoinSink); // add formbean if (controler.formBean != null) { var beanTrace = (O2Trace)o2RootTrace.addTrace("Form Bean : " + controler.formBean.name, TraceType.O2Info); beanTrace.addTrace("has validation mapping" + controler.formBean.hasValidationMapping); foreach (var field in controler.formBean.fields) { beanTrace.addTrace(field.Value.name); } } var pathsTrace = (O2Trace)o2RootTrace.addTrace("paths:", TraceType.O2Info); foreach (var path in controler.paths) { var pathTrace = (O2Trace)pathsTrace.addTrace("url: " + path.path); pathTrace.addTrace("controller: " + controler.type + " <- "); pathTrace.addTraces("view: ", TraceType.O2JoinSink, path.resolvedViews.ToArray()); } //o2Finding.o2Traces.Add(o2RootTrace); newO2Findings.Add(o2Finding); } } return(newO2Findings); }
public static XUtils_Struts_Joins_V0_1 executeRule_AndReturn_XRuleStrutsObject( List <IO2Finding> baseO2Findings, IStrutsMappings strutsMappings, string taintSources_SourceRegEx, string taintSources_SinkRegEx, string finalSinks_SourceRegEx, string finalSinks_SinkRegEx, Func <string, string> joinPointFilter) { var xRuleStuts = new XUtils_Struts_Joins_V0_1() { findingsWith_BaseO2Findings = baseO2Findings, StrutsMappings = strutsMappings, TaintSources_SourceRegEx = taintSources_SourceRegEx, TaintSources_SinkRegEx = taintSources_SinkRegEx, FinalSinks_SourceRegEx = finalSinks_SourceRegEx, FinalSinks_SinkRegEx = finalSinks_SinkRegEx, JoinPointFilter = joinPointFilter }; xRuleStuts.calculateFindings(); return(xRuleStuts); }
public static XUtils_Struts_Joins_V0_1 executeRule_AndReturn_XRuleStrutsObject( List<IO2Finding> baseO2Findings, IStrutsMappings strutsMappings, string taintSources_SourceRegEx, string taintSources_SinkRegEx, string finalSinks_SourceRegEx, string finalSinks_SinkRegEx, Func<string, string> joinPointFilter) { var xRuleStuts = new XUtils_Struts_Joins_V0_1() { findingsWith_BaseO2Findings = baseO2Findings, StrutsMappings = strutsMappings, TaintSources_SourceRegEx = taintSources_SourceRegEx, TaintSources_SinkRegEx = taintSources_SinkRegEx, FinalSinks_SourceRegEx = finalSinks_SourceRegEx, FinalSinks_SinkRegEx = finalSinks_SinkRegEx, JoinPointFilter = joinPointFilter }; xRuleStuts.calculateFindings(); return xRuleStuts; }
public static List<IO2Finding> createFindingsFromStrutsMappings(IStrutsMappings iStrutsMappings) { var newO2Findings = new List<IO2Finding>(); foreach (var actionServlet in iStrutsMappings.actionServlets) foreach (var controler in actionServlet.controllers.Values) { var o2Finding = new O2Finding { vulnType = "Struts.Finding : " + controler.type, vulnName = controler.type ?? "" }; var o2RootTrace = (O2Trace)o2Finding.addTrace("Struts Mapping", TraceType.O2JoinSource); o2RootTrace.addTrace("Controller Type: " + controler.type, TraceType.O2JoinSink); // add formbean if (controler.formBean != null) { var beanTrace = (O2Trace)o2RootTrace.addTrace("Form Bean : " + controler.formBean.name, TraceType.O2Info); beanTrace.addTrace("has validation mapping" + controler.formBean.hasValidationMapping); foreach (var field in controler.formBean.fields) beanTrace.addTrace(field.Value.name); } var pathsTrace = (O2Trace)o2RootTrace.addTrace("paths:", TraceType.O2Info); foreach (var path in controler.paths) { var pathTrace = (O2Trace)pathsTrace.addTrace("url: " + path.path); pathTrace.addTrace("controller: " + controler.type + " <- "); pathTrace.addTraces("view: ", TraceType.O2JoinSink, path.resolvedViews.ToArray()); } //o2Finding.o2Traces.Add(o2RootTrace); newO2Findings.Add(o2Finding); } return newO2Findings; }
public void loadStrutsMappings(IStrutsMappings strutsMappings) { refreshTreeView(strutsMappings); }
public static void showStrutsMappings(IStrutsMappings strutsMappings) { var control = (ascx_StrutsMappings)O2AscxGUI.openAscx(typeof(ascx_StrutsMappings), O2DockState.Float, "Struts Mapping File"); control.loadStrutsMappings(strutsMappings); }
public void calculateFinalResults( string taintSources_SourceRegEx, string taintSources_SinkRegEx, string finalSinks_SourceRegEx, string finalSinks_SinkRegEx) { if (findingsWith_BaseO2Findings==null) findingsWith_BaseO2Findings = XUtils_Findings_v0_1.loadFindingsFile(BaseO2Findings); // calculate TaintSources findingsWith_FindingsFromTaintSources = O2FindingsHelpers.calculateFindings( findingsWith_BaseO2Findings, taintSources_SourceRegEx, taintSources_SinkRegEx, XUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks); // calculate FinalSinks findingsWith_FindingsToFinalSinks = O2FindingsHelpers.calculateFindings( findingsWith_BaseO2Findings, FinalSinks_SourceRegEx, finalSinks_SinkRegEx, XUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sources); // calculate strutsMapping object and findings if (StrutsMappings == null) StrutsMappings = (IStrutsMappings)Serialize.getDeSerializedObjectFromBinaryFile(StrutsMappingsFile, typeof(KStrutsMappings)); findingsWith_StrutsMappings = StrutsMappingHelpers.createFindingsFromStrutsMappings(StrutsMappings); calculateResults(); // results = xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks(results); /*runFilterFor_TaintSources( taintSources_SourceRegEx, taintSources_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks, filteredFindings_TaintSources); runFilterFor_FinalSinks( finalSinks_SourceRegEx, finalSinks_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sources, filteredFindings_FinalSinks); /* runFilterFor_TaintSources( taintSources_SourceRegEx, taintSources_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks, filteredFindings_TaintSources); runFilterFor_FinalSinks( finalSinks_SourceRegEx, finalSinks_SinkRegEx, findingsViewer_BaseFindings.currentO2Findings, xUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sources, filteredFindings_FinalSinks); */ /* createFindingsFromStrutsMappings(strutsMappingsControl, findingsViewer_FromStrutsMappings); calculateResults(strutsMappingsControl,filteredFindings_TaintSources, filteredFindings_FinalSinks, findingsViewer_FinalFindings); */ }
public static List <IO2Finding> strutsRule_fromGetParameterToPringViaGetSetAttributeJoins(List <IO2Finding> baseO2Findings, IStrutsMappings strutsMappings) { PublicDI.log.info("executing rule: StrutsRule.from.GetParameter.to.Print.via.SetGetAttributeJoins with {0} fingings and {1} action servlets", baseO2Findings.Count, strutsMappings.actionServlets.Count); var taintSources_SourceRegEx = @"getParameter\(java.lang.String\)"; var taintSources_SinkRegEx = @"setAttribute\(java.lang.String"; var finalSinks_SourceRegEx = @"getAttribute\(java.lang.String\)"; var finalSinks_SinkRegEx = @"print"; var results = executeStrutsRule(baseO2Findings, strutsMappings, taintSources_SourceRegEx, taintSources_SinkRegEx, finalSinks_SourceRegEx, finalSinks_SinkRegEx); return(results); }
private void refreshTreeView(IStrutsMappings _strutsMappings) { tvStrutsMappings.Tag = _strutsMappings; refreshTreeView(); }
//public static void addMappedView() public static string saveStrutsMappings(IStrutsMappings strutsMappings, string targetFileOrFolder) { if (strutsMappings == null) return ""; if (Directory.Exists(targetFileOrFolder)) targetFileOrFolder = Path.Combine(targetFileOrFolder, Files.getTempFileName() + strutsMappingExtension); else if (false == Directory.Exists(Path.GetDirectoryName(targetFileOrFolder))) { DI.log.error("Invalid filename supplied since that directly doesnt exist: {0}", targetFileOrFolder); return ""; } if (Serialize.createSerializedBinaryFileFromObject(strutsMappings, targetFileOrFolder)) DI.log.info("Serialized Struts Mapping object saved to: {0}", targetFileOrFolder); else DI.log.error("There was a problem serializing Struts Mapping object saved to: {0}", targetFileOrFolder); return targetFileOrFolder; }
public static List <IO2Finding> executeStrutsRule(List <IO2Finding> baseO2Findings, IStrutsMappings strutsMappings, string taintSources_SourceRegEx, string taintSources_SinkRegEx, string finalSinks_SourceRegEx, string finalSinks_SinkRegEx) { var xRulesObject = XUtils_Struts_Joins_V0_1_Helpers.executeRule_AndReturn_XRuleStrutsObject( baseO2Findings, strutsMappings, taintSources_SourceRegEx, taintSources_SinkRegEx, finalSinks_SourceRegEx, finalSinks_SinkRegEx, joinPointFilter); if (showResultsInO2RulesStrutsGUI) { xRulesObject.showFinalResultsIn_O2RulesStrutsGUI(); } if (showResultsInNewFindingsViewer) { xRulesObject.showFinalResultsIn_fidingsViewer(); } return(xRulesObject.getResults()); }