public void AddVulnerability(IVulnerabilityInfo vulnerabilityInfo)
{
if (!DetectedVulns.Contains(vulnerabilityInfo.Message))
{
DetectedVulns.Add(vulnerabilityInfo.Message);
reporter.ReportVulnerability(vulnerabilityInfo);
}
}
public void AddVulnerability(IVulnerabilityInfo vulnerabilityInfo)
{
if (!DetectedVulns.Contains(vulnerabilityInfo.Message))
{
DetectedVulns.Add(vulnerabilityInfo.Message);
reporter.ReportVulnerability(vulnerabilityInfo);
}
}
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo)
{
foreach (var vulnerabilityReporter in _reporters)
{
vulnerabilityReporter.ReportVulnerability(vulnerabilityInfo);
}
NumberOfReportedVulnerabilities++;
}
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo)
{
foreach (var vulnerabilityReporter in _reporters)
{
vulnerabilityReporter.ReportVulnerability(vulnerabilityInfo);
}
NumberOfReportedVulnerabilities++;
}
public void ReportStoredVulnerability(IVulnerabilityInfo[] vulnerabilityPathInfos)
{
foreach (var vulnerabilityReporter in _reporters)
{
vulnerabilityReporter.ReportStoredVulnerability(vulnerabilityPathInfos);
}
NumberOfReportedVulnerabilities++;
}
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo)
{
WriteBeginVulnerability();
WriteInfoLine("Message: " + vulnerabilityInfo.Message);
WriteInfoLine("Include stack: " + String.Join(_stackSeperator, vulnerabilityInfo.IncludeStack));
WriteInfo("Call stack: " + String.Join(_stackSeperator, vulnerabilityInfo.CallStack.Select(c => c.Name)));
WriteFilePath(vulnerabilityInfo);
WriteEndVulnerability();
dbFileWriter.WriteVulnerability(vulnerabilityInfo);
}
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo)
{
WriteBeginVulnerability();
WriteInfoLine("Message: " + vulnerabilityInfo.Message);
WriteInfoLine("Include stack: " + String.Join(_stackSeperator, vulnerabilityInfo.IncludeStack.Select(f => f.FullPath)));
WriteInfo("Call stack: " + String.Join(_stackSeperator, vulnerabilityInfo.CallStack.Select(c => c.Name)));
WriteFilePath(vulnerabilityInfo);
WriteEndVulnerability();
_dbFileWriter.WriteVulnerability(vulnerabilityInfo);
}
public void WriteVulnerability(IVulnerabilityInfo vuln)
{
string vulnType = GetVulnType(vuln.Message);
WriteInfo(vulnType + ";");
WriteInfoLine("Message: " + vuln.Message);
WriteInfoLine("Include stack:" + String.Join(_stackSeperator, vuln.IncludeStack));
WriteInfo("Call stack: " + String.Join(_stackSeperator, vuln.CallStack.Select(c => c.Name)));
WriteFilePath(vuln);
WriteInfo(";");
}
public string GetIncludeSequenceString(IVulnerabilityInfo vulnInfo)
{
var builder = new StringBuilder();
const string delimeter = " → ";
for (int i = vulnInfo.IncludeStack.Count() - 1; i >= 0; i--)
{
builder.Append(vulnInfo.IncludeStack.ElementAt(i).Name);
builder.Append(delimeter);
}
builder.Remove(builder.Length - delimeter.Length, delimeter.Length);
return(builder.ToString());
}
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine();
Console.WriteLine("--------------------");
Console.WriteLine(vulnerabilityInfo.Message);
Console.WriteLine("Include sequence: " + GetIncludeSequenceString(vulnerabilityInfo));
if (vulnerabilityInfo.CallStack.Any())
{
PrintCallStackAndFile(vulnerabilityInfo.CallStack.Peek().Name);
}
Console.WriteLine("--------------------");
Console.ForegroundColor = ConsoleColor.Gray;
}
public void ReportStoredVulnerability(IVulnerabilityInfo[] vulnerabilityPathInfos)
{
WriteBeginVulnerability();
foreach (var pathInfo in vulnerabilityPathInfos)
{
WriteInfoLine(">> Taint Path: ");
WriteInfoLine(pathInfo.Message);
WriteInfoLine(String.Join(_stackSeperator, pathInfo.IncludeStack));
WriteInfoLine("Callstack: " + String.Join(_stackSeperator, pathInfo.CallStack.Select(c => c.Name)));
WriteFilePath(pathInfo);
}
WriteEndVulnerability();
dbFileWriter.WriteStoredVulnerability(vulnerabilityPathInfos);
}
private void WriteFilePath(IVulnerabilityInfo vulnInfo)
{
var funcList = vulnInfo.CallStack.Any() ? _funcHandler.LookupFunction(vulnInfo.CallStack.Peek().Name) : null;
if (funcList == null || !funcList.Any())
{
return;
}
if (funcList.Count == 1)
{
var str = "Function/method: " + funcList.First().Name +
(string.IsNullOrWhiteSpace(funcList.First().File) ? "" : Environment.NewLine + "In file: " + funcList.First().File);
WriteInfo(str);
}
else
{
WriteInfo("Function/method: " + funcList.First().Name + Environment.NewLine
+ "File candidates: " + Environment.NewLine
+ string.Join(Environment.NewLine, funcList.Select(x => x.File)));
}
}
private void WriteFilePath(IVulnerabilityInfo vulnInfo)
{
var funcList = vulnInfo.CallStack.Any() ? FunctionsHandler.Instance.LookupFunction(vulnInfo.CallStack.Peek().Name) : null;
if (funcList == null || !funcList.Any())
{
return;
}
if (funcList.Count == 1)
{
var str = "Function/method: " + funcList.First().Name +
(string.IsNullOrWhiteSpace(funcList.First().File) ? "" : Environment.NewLine + "In file: " + funcList.First().File);
WriteInfo(str);
}
else
{
WriteInfo("Function/method: " + funcList.First().Name + Environment.NewLine
+ "File candidates: " + Environment.NewLine
+ string.Join(Environment.NewLine, funcList.Select(x => x.File)));
}
}
