public static List <IO2Finding> glueClickButtonTraces(String ClickButtonMappingOzasmt, String webLayerOzasmt, String webServicesLayerOzasmt)
{
var results = new List <IO2Finding>();
var clickButton = new O2Assessment(new O2AssessmentLoad_OunceV6(), ClickButtonMappingOzasmt);
var webLayer = new O2Assessment(new O2AssessmentLoad_OunceV6(), webLayerOzasmt);
// var webServices = new O2Assessment(new O2AssessmentLoad_OunceV6(), webServicesLayerOzasmt);
var webLayerAllTraces = OzasmtUtils.getDictionaryWithO2AllSubTraces(webLayer);
var count = webLayerAllTraces.Count;
foreach (var clickButtonFinding in clickButton.o2Findings)
{
var sinkToFind = OzasmtUtils.getKnownSink(clickButtonFinding.o2Traces).signature;
if (webLayerAllTraces.ContainsKey(sinkToFind))
{
foreach (var webLayerO2Trace in webLayerAllTraces[sinkToFind])
{
results.Add(OzasmtGlue.createCopyAndGlueTraceSinkWithSource(clickButtonFinding, webLayerO2Trace));
}
}
}
DI.log.debug(" {0} findings in result ", results.Count);
return(results);
}
public static List <IO2Trace> pathToSink(this IO2Finding o2Finding)
{
var pathToTraceType = new List <IO2Trace>();
OzasmtUtils.getPathToTraceType(o2Finding.o2Traces, TraceType.Known_Sink, pathToTraceType);
return(pathToTraceType);
}
public void task2_AdjustsStrutsFindings()
{
var validatorPatternIDText = "validator: patternid=";
var validatorValidContentText = "validator: valid-content";
O2Cmd.log.write("TASK 2: AdjustsStrutsFindings");
var strutsFindingsFolder = Path.Combine(folderWithArtifacts_Phase3, "Struts Mappings");
if (false == Directory.Exists(strutsFindingsFolder))
{
return;
}
//Assert.That(Directory.Exists(strutsFindingsFolder), "strutsFindingsFolder did not exists: " + strutsFindingsFolder);
foreach (var strutsFindingFile in Files.getFilesFromDir_returnFullPath(strutsFindingsFolder))
{
var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(strutsFindingFile);
foreach (O2Finding o2Finding in o2Findings)
{
var allTraces = OzasmtUtils.getListWithAllTraces(o2Finding);
foreach (var o2Trace in allTraces)
{
if (o2Trace.signature.StartsWith(validatorPatternIDText))
{
var pattern = o2Trace.signature.Replace(validatorPatternIDText, "");
if (pattern == "FREE_TEXT")
{
o2Finding.vulnType = "Struts.CrossSiteScripting.NOT.Validated";
o2Finding.confidence = 1;
o2Finding.severity = 0;
}
else
{
o2Finding.vulnType = "Struts.CrossSiteScripting.Validated";
o2Finding.confidence = 1;
o2Finding.severity = 2;
}
o2Finding.vulnType += " : " + pattern;
break;
}
else if (o2Trace.signature.StartsWith(validatorValidContentText))
{
var pattern = o2Trace.signature.Replace(validatorValidContentText, "");
o2Finding.vulnType = "Struts.CrossSiteScripting.Validated.ValidContent";
o2Finding.confidence = 2;
o2Finding.severity = 2;
}
}
// validator: patternid=
}
//XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings);
var targetFile = Path.Combine(folderWithArtifacts_Phase4, "Struts Mappings - " + Path.GetFileName(strutsFindingFile));
XUtils_Findings_v0_1.saveFindings(o2Findings, targetFile);
O2Cmd.log.write("Struts Mappings saved to: {0}", targetFile);
}
//foreach(var
}
private static IO2Finding getO2Finding(AssessmentAsmntFileFinding finding, AssessmentRun assessmentRunToImport)
{
var o2Finding = new O2Finding();
addFindingDataToO2Finding(finding, o2Finding, assessmentRunToImport);
addTraceToO2Finding(finding.trace, o2Finding, assessmentRunToImport);
OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding); // fix the 'ExternalSource Source' problem
return(o2Finding);
}
public static List <IO2Trace> allTraces(this List <IO2Finding> iO2Findings)
{
var allTraces = new List <IO2Trace>();
foreach (var iO2Finding in iO2Findings)
{
allTraces.AddRange(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding()));
}
return(allTraces);
}
public static IO2Finding getO2Finding(AssessmentAssessmentFileFinding finding,
AssessmentAssessmentFile assessmentFile, AssessmentRun assessmentRun)
{
var o2Finding = new O2Finding
{
actionObject = finding.actionobject_id,
columnNumber = finding.column_number,
confidence = finding.confidence,
exclude = finding.exclude,
file = assessmentFile.filename,
lineNumber = finding.line_number,
ordinal = finding.ordinal,
propertyIds = finding.property_ids,
recordId = finding.record_id,
severity = finding.severity,
o2Traces = getO2TraceFromCallInvocation(finding.Trace, assessmentRun),
};
if (finding.cxt_id != null)
{
o2Finding.context = getStringIndexValue(UInt32.Parse(finding.cxt_id), assessmentRun);
}
o2Finding.callerName = finding.caller_name;
if (o2Finding.callerName == null && finding.caller_name_id != null)
{
o2Finding.callerName = getStringIndexValue(UInt32.Parse(finding.caller_name_id), assessmentRun);
}
o2Finding.projectName = finding.project_name;
if (o2Finding.projectName == null && finding.project_name_id != null)
{
o2Finding.projectName = getStringIndexValue(UInt32.Parse(finding.project_name_id), assessmentRun);
}
o2Finding.vulnName = finding.vuln_name;
if (o2Finding.vulnName == null && finding.vuln_name_id != null)
{
o2Finding.vulnName = getStringIndexValue(UInt32.Parse(finding.vuln_name_id), assessmentRun);
}
o2Finding.vulnType = finding.vuln_type;
if (o2Finding.vulnType == null && finding.vuln_type_id != null)
{
o2Finding.vulnType = getStringIndexValue(UInt32.Parse(finding.vuln_type_id), assessmentRun);
}
if (finding.Text != null)
{
o2Finding.text = new List <string>(finding.Text);
}
OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding);
return(o2Finding);
}
public string RemoveAll3nodeGetSetVulns()
{
// Dinis note, if I understand this request correctly, the query is:
// for all vulns that start in a get and end in set
// only show the ones that have more than 3 traces
var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile);
var thread = XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list of loaded files");
thread.Join(); // we have to do this to make sure we don't continue before the findings are loaded in the Findings Viewer
// first lets see if this happens in the current list of loaded findings
var getsAndSets = new List <IO2Finding>();
foreach (O2Finding o2Finding in o2Findings) // need to cast to O2Finding in order to have access to the prepopulated version of IO2Finding
{
if (o2Finding.Source.IndexOf("get") > -1 && o2Finding.Sink.IndexOf("set") > -1)
{
getsAndSets.Add(o2Finding);
}
}
Assert.That(getsAndSets.Count > 0, "There are no Get->Set pairs in the current loaded findings"); // Dinis note: on the WebGoat 6.0.ozasmt file I'm using there are 54 matches
// show in GUI getsAndSets
XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSets, "Findings with GetsAndSets").Join(); // added .Join() to ensure the load thread is completed
// now check if there are findings with 3 traces
var getsAndSetsWith3Traces = new List <IO2Finding>();
foreach (O2Finding o2Finding in getsAndSets)
{
var allTracesFromFinding = OzasmtUtils.getListWithAllTraces(o2Finding);
if (allTracesFromFinding.Count == 3)
{
getsAndSetsWith3Traces.Add(o2Finding);
}
}
Assert.That(getsAndSetsWith3Traces.Count > 0, "There were no getsAndSetsWith3Traces");
// show in GUI getsAndSetsWith3Traces
XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSetsWith3Traces, "Findings with getsAndSetsWith3Traces").Join(); // Dinis note: I get 4 findings that match this criteria
// finally remove the getsAndSetsWith3Traces from the loaded findings
foreach (var o2FindingToRemove in getsAndSetsWith3Traces)
{
o2Findings.Remove(o2FindingToRemove);
}
// and show the results (note how this window has less 3 findings than the first one that was loaded)
XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list without 3nodeGetSetVulns").Join();
return("Number of findings after filter: " + o2Findings.Count);
} // this function could be greatly reduced by using LINQ (I'll do that later :) )
public List <IO2Finding> removeAllInfos_version_3()
{
// LINQ query
var resultsLinq = from IO2Finding o2Finding in XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile)
where OzasmtUtils.getSeverityFromId(o2Finding.severity) != "Info" // o2Finding.severity = 3 maps to "Info"
select o2Finding;
// since we are using List<IO2Fiding> below, lets covert the LINQ result which is IEnumerable<IO2Finding> to List<IO2Finding>
var results = resultsLinq.ToList();
XUtils_Findings_v0_1.openFindingsInNewWindow(results);
return(results);
}
public static bool doesFindingHasTraceSignature(IO2Finding o2Finding, string signatureRegEx)
{
var allTraces = OzasmtUtils.getListWithAllTraces((O2Finding)o2Finding);
foreach (var o2Trace in allTraces)
{
if (o2Trace.signature.IndexOf(signatureRegEx) > -1)// |
//RegEx.findStringInString(o2Trace.signature,signatureRegEx))
{
return(true);
}
}
return(false);
}
public static List <string> allTraces_SourceCode(this IO2Finding iO2Finding)
{
var sourceCodes = new List <string>();
foreach (O2Trace o2Trace in OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding()))
{
var sourceCode = o2Trace.SourceCode.trim();
if (sourceCode.valid() && sourceCodes.contains(sourceCode).isFalse())
{
sourceCodes.Add(sourceCode);
}
}
return(sourceCodes);
}
public static Thread openInFloatWindow(string ozasmtFile, string controlName)
{
var o2AssessmentLoadEngine = OzasmtUtils.getO2AssessmentLoadEngine(ozasmtFile, o2AssessmentLoadEngines);
if (o2AssessmentLoadEngine != null)
{
var o2Assessment = new O2Assessment(o2AssessmentLoadEngine, ozasmtFile);
if (o2Assessment.o2Findings.Count > 0)
{
return(openInFloatWindow(o2Assessment.o2Findings, controlName));
}
}
return(null);
}
public List <IO2Finding> removeAllInfos_version_2()
{
var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile);
var results = new List <IO2Finding>();
foreach (O2Finding o2Finding in o2Findings)
{
if (OzasmtUtils.getSeverityFromId(o2Finding.severity) != "Info")
{
results.Add(o2Finding);
}
}
XUtils_Findings_v0_1.openFindingsInNewWindow(results);
return(results);
}
public void loadO2TraceIntoTreeNodeCollection(IO2Trace o2TraceToLoad, TreeNodeCollection treeNodeCollection)
{
string nodeText = getNodeText(o2TraceToLoad);
TreeNode newNode = O2Forms.newTreeNode(nodeText, nodeText, 0, o2TraceToLoad);
newNode.ForeColor = OzasmtUtils.getTraceColorBasedOnTraceType(o2TraceToLoad);
treeNodeCollection.Add(newNode);
if (o2TraceToLoad == o2Trace)
{
tvSmartTrace.SelectedNode = newNode;
}
foreach (O2Trace childO2Trace in o2TraceToLoad.childTraces)
{
loadO2TraceIntoTreeNodeCollection(childO2Trace, newNode.Nodes);
}
}
public static List <IO2Finding> findWebControlSources(List <IO2Finding> o2Findings)
{
var methodsToFind = new RegEx("System.Web.UI.WebControls.*get_Text");
//var methodsToFind = new RegEx("HttpRequest");
var results = new List <IO2Finding>();
foreach (IO2Finding o2Finding in o2Findings)
{
IO2Trace source = ((O2Finding)o2Finding).getSource();
if (source != null && methodsToFind.find(source.ToString()))
// && o2Finding.getSource.ToString() != "")
{
if (source.context.Contains("txt"))
{
// DI.log.info(source + " -> " + (o2Finding.getSink != null ? o2Finding.getSink.ToString() : ""));
string variableName = OzasmtContext.getVariableNameFromThisObject(source);
// DI.log.info(o2Finding.o2Trace + " ::: " + );// + " : " + source.context);
foreach (IO2Trace o2Trace in o2Finding.o2Traces)
{
List <string> wordsFromSignature =
OzasmtUtils.getListWithWordsFromSignature(o2Trace.signature);
foreach (string word in wordsFromSignature)
{
// var sourceO2Trace = new O2Trace("OunceLabs: " + word);
// var sinkO2Trace = new O2Trace("OunceLabs: " + variableName);
// sinkO2Trace.childTraces.Add(o2Finding.o2Trace);
// sourceO2Trace.childTraces.Add(sinkO2Trace);
var newO2Finding = new O2Finding
{
vulnType = "ASP.NET Attack Surface",
vulnName = word + "_" + variableName,
//o2Trace = sourceO2Trace
o2Traces = o2Finding.o2Traces
};
results.Add(newO2Finding);
}
}
}
// DI.log.info(" " + o2Finding.getSource + " -> " + o2Finding.getSource.context + "\n\n");
}
}
return(results);
}
public static void mapFunctionInUrlToAscx(List <IO2Finding> findingsToProcess)
{
foreach (var o2Finding in findingsToProcess)
{
var source = OzasmtUtils.getSource(o2Finding.o2Traces);
var indexOfFunction = source.signature.IndexOf("function=");
if (indexOfFunction > 0)
{
var functionCalled = source.signature.Substring(indexOfFunction + 9);
functionCalled = functionCalled.ToLower();
var currentSink = OzasmtUtils.getKnownSink(o2Finding.o2Traces);
currentSink.traceType = TraceType.Root_Call;
string newSinkSignature = String.Format("ASP.ascx_{0}_ascx_{1}", functionCalled.Replace('\\', '_'),
currentSink.signature);
currentSink.childTraces.Add(new O2Trace(newSinkSignature, TraceType.Known_Sink));
}
}
}
public static List <IO2Finding> applySinkRuleToFindingAndTrace(IO2Finding o2Finding, string traceSignature, IDictionary <string, List <IO2Rule> > indexedRules)
{
var newFindings = new List <IO2Finding>();
if (traceSignature != "" && indexedRules.ContainsKey(traceSignature))
{
// apply rules settings to it
foreach (var o2Rule in indexedRules[traceSignature])
{
// create copy of finding
var newO2Finding = OzasmtCopy.createCopy(o2Finding);
// apply rule
newO2Finding.severity = OzasmtUtils.getSeverityFromString(o2Rule.Severity);
newO2Finding.vulnName = o2Rule.Signature;
newO2Finding.vulnType = o2Rule.VulnType;
newFindings.Add(newO2Finding);
}
}
return(newFindings);
}
public void saveCurrentO2Trace()
{
DI.log.info("Saving changes made to CurrentO2Trace");
foreach (DataGridViewRow row in dgvTraceDetails.Rows)
{
object value = getValueFromCell(row.Cells["Value"]);
if (value != null)
{
DI.reflection.setProperty(row.Cells["Name"].Value.ToString(), currentO2Trace, value);
}
//currentO2Trace.setField(row.Cells["Name"].Value.ToString(), value);
}
if (getCellWithCurrentO2TraceText("signature").Value.ToString() != "")
{
ascxTraceTreeView.selectedNode.Text = getCellWithCurrentO2TraceText("signature").Value.ToString();
}
ascxTraceTreeView.selectedNode.ForeColor = OzasmtUtils.getTraceColorBasedOnTraceType(currentO2Trace);
//showO2TraceTree();
//currentO2Finding
}
private static string calculateTreeNodeText(IO2Finding o2Finding, string propertyToUse, string filterToUse)
{
string nodeText;
try
{
switch (propertyToUse)
{
case "severity":
return(OzasmtUtils.getSeverityFromId(o2Finding.severity));
case "confidence":
return(OzasmtUtils.getConfidenceFromId(o2Finding.confidence));
case "o2Traces":
var allO2Traces = OzasmtUtils.getAllTraces(o2Finding.o2Traces);
return((allO2Traces.Keys.Count > 0) ? "# nodes: {0}".format(allO2Traces.Keys.Count) : "");
default:
nodeText = PublicDI.reflection.getProperty(propertyToUse, o2Finding).ToString();
break;
}
if (nodeText != "")
{
if (RegEx.findStringInString(nodeText, filterToUse) || nodeText.index(filterToUse) > -1)
{
return(nodeText);
}
else
{
return("");
}
}
return(nodeText);
}
catch (Exception ex)
{
PublicDI.log.error("in calculateTreeNodeText: {0}", ex.Message);
return("[O2 Error (check logs for details)]");
}
}
public Thread loadO2Assessment(string pathToFileToLoad)
{
if (Path.GetExtension(pathToFileToLoad) == PublicDI.config.O2FindingsFileExtension)
{
var o2Assessment = (IO2Assessment)Serialize.getDeSerializedObjectFromBinaryFile(pathToFileToLoad, typeof(O2Assessment));
if (o2Assessment != null)
{
PublicDI.log.info("Sucessfuly created O2Findings object from file: {0}", pathToFileToLoad);
loadO2Assessment(o2Assessment);
}
else
{
PublicDI.log.error("There was a problem deserializing O2Findings object saved to: {0}", pathToFileToLoad);
}
return(null);
}
else
{
var o2AssessmentLoad = OzasmtUtils.getO2AssessmentLoadEngine(pathToFileToLoad, o2AssessmentLoadEngines);
return(loadO2Assessment(o2AssessmentLoad, pathToFileToLoad));
}
}
public static List <IO2Finding> mapTextBoxWebControlsAsSinks(List <IO2Finding> findingsToMap)
{
var signatureToFind = "System.Web.UI.WebControls.TextBox.get_Text():string";
var results = new List <IO2Finding>();
foreach (var o2Finding in findingsToMap)
{
var o2Match = OzasmtSearch.findO2TraceSignature(o2Finding.o2Traces, signatureToFind);
if (o2Match != null)
{
var variable = o2Match.context.Substring(0, o2Match.context.IndexOf(' '));
variable = variable.Replace("this->", "");
var source = OzasmtUtils.getSource(o2Finding.o2Traces);
source.signature += "_" + variable;
//var o2NewO2Trace = new O2Trace(variable);
//o2NewO2Trace.childTraces.Add(o2Finding.o2Trace);
//o2Finding.o2Trace = o2NewO2Trace;
results.Add(o2Finding);
}
}
return(results);
}
public void createOneO2AssessmentPerUniqueTracesSignature()
{
Assert.IsTrue(File.Exists(testOzasmtFile), "testOzasmtFile didn't exist");
Directory.CreateDirectory(pathToSaveFilesCreated);
Assert.IsTrue(Directory.Exists(pathToSaveFilesCreated), "pathToSaveFilesCreated could not be created");
Files.deleteFilesFromDirThatMatchPattern(pathToSaveFilesCreated, "*.ozasmt");
Dictionary <String, List <IO2Trace> > allTraces = OzasmtUtils.getDictionaryWithO2AllSubTraces(o2AssessmentLoad, testOzasmtFile);
DI.log.info("there are {0} traces", allTraces.Count);
DI.log.info("going to save traces here : {0}", pathToSaveFilesCreated);
DI.log.info("before there are {0} *.ozasnt files ",
Files.getFilesFromDir(pathToSaveFilesCreated, "*.ozasmt").Count);
foreach (string signature in allTraces.Keys)
{
//var fileName = (signature != "") ? signature : "_EmptySignature";
string fileName = signature.Replace(':', '_').Replace('<', '_').Replace('>', '_');
o2AssessmentSave = new O2AssessmentSave_OunceV6();
OzasmtNew.createO2AssessmentFromTraces(o2AssessmentSave, Path.Combine(pathToSaveFilesCreated, fileName + ".ozasmt"),
allTraces[signature]);
}
DI.log.info("after build there are {0} *.ozasnt files ",
Files.getFilesFromDir(pathToSaveFilesCreated, "*.ozasmt").Count);
// for now delete all files so that we don't keep them on disk
Files.deleteFilesFromDirThatMatchPattern(pathToSaveFilesCreated, "*.ozasmt");
DI.log.info("after delete there are {0} *.ozasnt files ",
Files.getFilesFromDir(pathToSaveFilesCreated, "*.ozasmt").Count);
Files.deleteFolder(pathToSaveFilesCreated);
Assert.That(!Directory.Exists(pathToSaveFilesCreated), " pathToSaveFilesCreated still exists");
//log.info("going to save traces here : {0}", pathToSaveFilesCreated);
Assert.Ignore("Todo: reload all files again , " +
"Compress them into 1 file , " +
"Compare with original file and see if they match");
}
public void CreateFinding_WithTrace()
{
string sFileToCreate = DI.config.TempFileNameInTempDirectory;
const uint line_number = 2;
const uint column_number = 3;
const uint ordinal = 1;
const string context = "TraceContext";
const string signature = "TraceSignature";
const string clazz = "class.this.trace.is.in";
const string file = @"c:\o2\temp\file\trace\is\in.cs";
const string method = "methodExectuted";
const uint taintPropagation = 0;
var text = new List <string> {
"this is a text inside a trace"
};
var o2Assessment = new O2Assessment();
// Finding #1
var o2Finding1 = new O2Finding("vulnName.Testing.TraceCreation", "vulnType.CustomType",
"This is the Context",
"This is the caller");
o2Finding1.o2Traces.Add(new O2Trace
{
clazz = clazz,
columnNumber = column_number,
context = context,
file = file,
lineNumber = line_number,
method = method,
ordinal = ordinal,
signature = signature,
taintPropagation = taintPropagation,
text = text,
});
o2Assessment.o2Findings.Add(o2Finding1);
// Finding #1
const string sinkText = "this is a sink";
const string methodOnSinkPath = "method call on sink path";
const string methodOnSourcePath = "method call on source path";
const string sourceText = "this is a source";
var o2Finding2 = new O2Finding("Vulnerability.Name", "Vulnerability.Type");
var o2Trace = new O2Trace("Class.Signature", "Method executed");
var o2TraceOnSinkPath = new O2Trace(methodOnSinkPath, TraceType.Type_0);
o2TraceOnSinkPath.childTraces.Add(new O2Trace(sinkText, TraceType.Known_Sink));
var o2TraceOnSourcePath = new O2Trace(methodOnSourcePath, TraceType.Type_0);
o2TraceOnSourcePath.childTraces.Add(new O2Trace(sourceText, TraceType.Source));
o2Trace.childTraces.Add(o2TraceOnSourcePath);
o2Trace.childTraces.Add(o2TraceOnSinkPath);
o2Finding2.o2Traces = new List <IO2Trace> {
o2Trace
};
o2Assessment.o2Findings.Add(o2Finding2);
// save assessment file
o2Assessment.save(o2AssessmentSave, sFileToCreate);
// check if data was saved correctly
var loadedO2Assessment = new O2Assessment(o2AssessmentLoad, sFileToCreate);
List <IO2Finding> loadedO2Findings = loadedO2Assessment.o2Findings;
Assert.IsTrue(loadedO2Assessment.o2Findings.Count == 2, "There should be 2 findings in the Assessment File");
// in o2Findings1
Assert.IsTrue(loadedO2Assessment.o2Findings[0].o2Traces.Count == 1,
"There should be 1 Trace in the Finding #1");
IO2Trace loadedO2Trace = loadedO2Findings[0].o2Traces[0];
Assert.IsTrue(loadedO2Trace.clazz == clazz, "clazz");
Assert.IsTrue(loadedO2Trace.columnNumber == column_number, "columnNumber");
Assert.IsTrue(loadedO2Trace.context == context, "context");
Assert.IsTrue(loadedO2Trace.file == file, "file");
Assert.IsTrue(loadedO2Trace.lineNumber == line_number, "lineNumber");
Assert.IsTrue(loadedO2Trace.method == method, "method");
Assert.IsTrue(loadedO2Trace.ordinal == ordinal, "ordinal");
Assert.IsTrue(loadedO2Trace.signature == signature, "signature");
Assert.IsTrue(loadedO2Trace.taintPropagation == taintPropagation, "taintPropagation");
Assert.IsTrue(loadedO2Trace.text[0] == text[0], "text");
// in o2Findings2
Assert.IsTrue(loadedO2Assessment.o2Findings[1].o2Traces.Count == 1,
"There should be 1 Trace in the Finding #2");
Assert.IsTrue(loadedO2Assessment.o2Findings[1].o2Traces[0].childTraces.Count == 2,
"There should be 2 child traces in this trace");
Assert.IsNotNull(OzasmtUtils.getKnownSink(loadedO2Assessment.o2Findings[1].o2Traces), "Could not find Sink");
Assert.IsTrue(OzasmtUtils.getKnownSink(loadedO2Assessment.o2Findings[1].o2Traces).clazz == sinkText,
"Sink text didn't match");
Assert.IsTrue(OzasmtUtils.getSource(loadedO2Assessment.o2Findings[1].o2Traces).clazz == sourceText,
"Source text didn't match");
}
/// <summary>
/// This will populate the parent finding with all traces from the provided ICirFunction
/// caution: use the createNewFindingOnExternalCall carefully since it can create a stupid amount of traces (and it is much slower)
/// </summary>
/// <param name="cirFunction"></param>
/// <param name="lineNumber"></param>
/// <param name="o2Traces"></param>
/// <param name="parentTraces"></param>
/// <param name="rootO2Finding"></param>
/// <param name="o2FindingsCreated"></param>
/// <param name="createNewFindingOnExternalCall"></param>
/// <param name="fileName"></param>
public static void createTracesAndFindingsFromCirFunction(ICirFunction cirFunction, string fileName, UInt32 lineNumber, List <IO2Trace> o2Traces, List <IO2Trace> parentTraces, IO2Finding rootO2Finding, List <IO2Finding> o2FindingsCreated, bool createNewFindingOnExternalCall)
{
int maxParentDepth = 10; //30; //10;
var maxNumberOfTraces = 20; //50; //300; //50
var filteredSignature = new FilteredSignature(cirFunction);
var functionSignature = filteredSignature.sSignature;
var o2Trace = new O2Trace(functionSignature, cirFunction.ClassNameFunctionNameAndParameters)
{
file = fileName,
lineNumber = lineNumber
};
// add file references
// handle the case where this is a recursive call or a call to a method already added in the current tree
var recursiveCall = false;
foreach (var o2ParentTrace in parentTraces)
{
if (o2ParentTrace.signature == functionSignature)
{
recursiveCall = true;
break;
}
}
parentTraces.Add(o2Trace);
// add this trace to the current trace tree (since we might need to create a copy of it below
o2Traces.Add(o2Trace);
if (recursiveCall)
{
var nodeText = String.Format("{0} : {1} : {2}", cirFunction, "....(Recursive Call so not expanding child traces", functionSignature);
o2Trace.childTraces.Add(new O2Trace(nodeText));
}
else
{
if (parentTraces.Count > maxParentDepth)
{
o2Trace.childTraces.Add(new O2Trace(" ... {Max trace depth reached} (" + maxParentDepth + ")"));
}
else
{
//
var numberOfTraces = OzasmtUtils.getAllTraces(rootO2Finding.o2Traces);
if (numberOfTraces.Count > maxNumberOfTraces)
{
o2Trace.childTraces.Add(new O2Trace("**** Max number of traces reached(" + maxNumberOfTraces + ") aborting trace execution"));
return;
}
if (cirFunction.FunctionsCalled.Count == 0) // means we don't have the code for this one, so
{
// let make it a lost sink
var originalTraceTypeValue = o2Trace.traceType; // we might need this below
o2Trace.traceType = TraceType.Lost_Sink;
if (createNewFindingOnExternalCall) // and if createNewFindingOnExternalCall add it as finding
{
// create a copy of the parent finding (which incudes the above trace
var newFinding = OzasmtCopy.createCopy(rootO2Finding);
// make the first call a source (so that we have a source-> pair
newFinding.o2Traces[0].traceType = TraceType.Source;
// add it
o2FindingsCreated.Add(newFinding);
// since the crawl will continue we must restore the originalTraceTypeValue
o2Trace.traceType = originalTraceTypeValue;
}
}
else
{
foreach (var functionCalled in cirFunction.FunctionsCalled)
{
createTracesAndFindingsFromCirFunction(functionCalled.cirFunction, functionCalled.fileName, (UInt32)functionCalled.lineNumber, o2Trace.childTraces, parentTraces, rootO2Finding, o2FindingsCreated, createNewFindingOnExternalCall);
}
}
}
}
// now remove the signature since we are only interrested in non repeats on the same parent
parentTraces.Remove(o2Trace);
}
public static List <IO2Trace> allTraces(this IO2Finding iO2Finding)
{
return(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding()));
}
public static DataTable getDataTableFromO2FindingsLinqQuery(List <object> dataToConvert, int maxNumberOfRecords,
ref Dictionary <DataRow, object>
mappingOfDataRowsToObjects)
{
mappingOfDataRowsToObjects = new Dictionary <DataRow, object>();
var dataTable = new DataTable();
try
{
// calculate Rows names
// column names
PropertyInfo[] properties = null;
foreach (object firstItem in dataToConvert)
{
// only first time, others will follow
//if (dataTable.Columns.Count == 0)
{
switch (firstItem.GetType().Name)
{
case "String":
case "Byte":
case "UInt32":
case "Int32":
dataTable.Columns.Add(new DataColumn(firstItem.GetType().Name, firstItem.GetType()));
break;
case "Variant":
foreach (string key in ((Variant)firstItem).members.Keys)
{
switch (key)
{
case "finding":
// this 'finding' is an hardcoded keyword that I am using to represent a complete finding (this way we can also have results to save on queries that result in Variant results
break; // don't show these
case "getSource":
case "o2Traces":
dataTable.Columns.Add(new DataColumn(key, typeof(string)));
break;
default:
dataTable.Columns.Add(new DataColumn(key,
((Variant)firstItem).members[key].
GetType()));
break;
}
// object keyValue = ((Variant)firstItem).members[key];
// if (keyValue is List<O2Trace>)
// dataTable.Columns.Add(new DataColumn("o2Traces", keyType));
// else
//dataTable.Columns.Add(new DataColumn(key, keyType));
//((Variant)firstItem).members[key].GetType()));
}
break;
/* case "o2Trace":
* dataTable.Columns.Add(new DataColumn("o2Trace",typeof(string)));
* break;*/
default:
properties = (firstItem.GetType()).GetProperties();
foreach (PropertyInfo pi in properties)
{
switch (pi.Name)
{
case "getSource":
case "getSink":
case "getLostSink":
case "getKnownSink":
break; // hide this ones
case "confidence":
case "severity":
dataTable.Columns.Add(new DataColumn(pi.Name, typeof(string)));
break;
default:
Type colType = pi.PropertyType;
if ((colType.IsGenericType) &&
(colType.GetGenericTypeDefinition() == typeof(Nullable <>)))
{
colType = colType.GetGenericArguments()[0];
}
dataTable.Columns.Add(new DataColumn(pi.Name, colType));
break;
}
}
break;
}
}
break; // we only want the first one
}
// Could add a check to verify that there is an element 0
foreach (object item in dataToConvert)
{
DataRow dataRow = dataTable.NewRow();
mappingOfDataRowsToObjects.Add(dataRow, item);
// this will allow to save the data of the rows selected
switch (item.GetType().Name)
{
case "String":
case "Byte":
case "UInt32":
case "Int32":
dataRow[item.GetType().Name] = item;
break;
case "Variant":
foreach (string key in ((Variant)item).members.Keys)
{
switch (key)
{
case "finding":
// this 'finding' is an hardcoded keyword that I am using to represent a complete finding (this way we can also have results to save on queries that result in Variant results
break; // don't show these
case "o2Traces":
dataRow[key] = ((List <IO2Trace>)((Variant)item)[key]).Count > 0 ? "has smart trace" : "no trace";
break;
case "getSource":
if (((Variant)item)[key] is IO2Trace)
{
var o2Trace = (IO2Trace)((Variant)item)[key];
dataRow[key] = o2Trace.signature;
}
else
{
dataRow[key] = "..........";
}
break;
default:
dataRow[key] = ((Variant)item)[key];
break;
}
}
break;
default:
if (properties != null)
{
foreach (PropertyInfo pi in properties)
{
switch (pi.Name)
{
case "getSource":
case "getSink":
case "getLostSink":
case "getKnownSink":
break; // hide this ones
case "severity":
dataRow[pi.Name] = OzasmtUtils.getSeverityFromId((byte)pi.GetValue(item, null));
break;
case "confidence":
dataRow[pi.Name] = OzasmtUtils.getConfidenceFromId((byte)pi.GetValue(item, null));
break;
case "o2Traces":
dataRow[pi.Name] = ((List <IO2Trace>)pi.GetValue(item, null)).Count > 0 ? pi.GetValue(item, null) : DBNull.Value;
break;
default:
dataRow[pi.Name] = pi.GetValue(item, null) ?? DBNull.Value;
break;
}
}
}
/*
* {
* if (pi.GetValue(rec, null) == null)
* dr[pi.Name] = DBNull.Value;
* else
* {
* dr[pi.Name] = pi.GetValue(rec, null);
* }
* }*/
break;
}
//
dataTable.Rows.Add(dataRow);
if (dataTable.Rows.Count > maxNumberOfRecords)
{
break;
}
}
}
catch (Exception ex)
{
DI.log.ex(ex, " in getDataTableFromO2FindingsLinqQuery ", true);
}
return(dataTable);
}
public void test_PopulateCirWithTraces()
{
// get Assessment Data
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), findingsFile);
Assert.That(o2Assessment.o2Findings.Count > 0, "There were no findings in o2Assessment");
DI.log.info("There are {0} findings in the assessment loaded", o2Assessment.o2Findings.Count);
var uniqueListOfSignatures = OzasmtUtils.getUniqueListOfSignatures(o2Assessment.o2Findings);
Assert.That(uniqueListOfSignatures.Count() > 0, "uniqueListOfSignatures.Count ==0 ");
DI.log.info("There are {0} unique signatures ", uniqueListOfSignatures.Count());
// get cir data
var cirDataAnalysis = new CirDataAnalysis();
CirDataAnalysisUtils.loadFileIntoCirDataAnalysisObject(fileToCreateCirFrom, cirDataAnalysis);
CirDataAnalysisUtils.remapIsCalledByXrefs(cirDataAnalysis);
Assert.That(cirDataAnalysis.dCirFunction_bySignature.Count > 0, "cirDataAnalysis.dCirFunction_bySignature.Count == 0");
// need to convert to Ozasmt signature format
var cirMappedFunctions = new Dictionary <string, ICirFunction>();
foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values)
{
if (cirFunction.FunctionSignature.IndexOf("O2AppDomainFactory>") > -1)
{
}
var filteredSignature = new FilteredSignature(cirFunction);
cirMappedFunctions.Add(filteredSignature.sSignature, cirFunction);
}
var matches = new List <String>();
foreach (var sig in cirMappedFunctions.Keys)
{
if (sig.IndexOf("IndexOf") > -1)
{
matches.Add(sig);
}
}
//var matches = new List<String>();
/* foreach (var cirFunction in cirMappedFunctions.Values)
* foreach (var called in cirFunction.FunctionsCalledUniqueList)
* if (called.FunctionSignature.IndexOf("System.Object::.ctor") > -1)
* {
* matches.Add(called.FunctionSignature);
* var asd = cirDataAnalysis.dCirFunction_bySignature.ContainsKey(called.FunctionSignature);
* }*/
foreach (var signature in uniqueListOfSignatures)
{
if (false == cirMappedFunctions.ContainsKey(signature))
{
DI.log.info("NO MATCH:" + signature);
}
}
foreach (O2Finding o2Finding in o2Assessment.o2Findings)
{
var source = o2Finding.Sink;
if (source != "" && false == cirMappedFunctions.ContainsKey(source))
{
DI.log.info("NO MATCH for Source:" + source);
}
var sink = o2Finding.Sink;
if (sink != "" && false == cirMappedFunctions.ContainsKey(sink))
{
DI.log.info("NO MATCH for Sink:" + sink);
}
}
/*foreach (var signature in uniqueListOfSignatures)
* DI.log.info(signature);
* return;*/
}
