public void showFinalResults(ascx_FindingsViewer findingsViewer_BaseFindings,
ascx_StrutsMappings strutsMappingsControl,
ascx_FindingsViewer findingsViewer_FromStrutsMappings,
ascx_FilteredFindings filteredFindings_TaintSources,
ascx_FilteredFindings filteredFindings_FinalSinks,
ascx_FindingsViewer findingsViewer_FinalFindings)
{
// basefindings and strutsmappings
findingsViewer_BaseFindings.loadO2Findings(findingsWith_BaseO2Findings);
strutsMappingsControl.showStrutsMappings(StrutsMappings);
findingsViewer_FromStrutsMappings.loadO2Findings(findingsWith_StrutsMappings);
//filteredFindings_TaintSources
filteredFindings_TaintSources.setSourceSignatureRegEx(TaintSources_SourceRegEx);
filteredFindings_TaintSources.setSinkSignatureRegEx(TaintSources_SinkRegEx);
filteredFindings_TaintSources.setFindingsToFilter(findingsWith_BaseO2Findings);
filteredFindings_TaintSources.setMapJointPointsCallback(XUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sinks);
filteredFindings_TaintSources.setFindingsViewerFilters("_JoinSink", "");
filteredFindings_TaintSources.setFindingsResult(findingsWith_FindingsFromTaintSources);
//filteredFindings_FinalSinks
filteredFindings_FinalSinks.setSourceSignatureRegEx(FinalSinks_SourceRegEx);
filteredFindings_FinalSinks.setSinkSignatureRegEx(FinalSinks_SinkRegEx);
filteredFindings_FinalSinks.setFindingsToFilter(findingsWith_BaseO2Findings);
filteredFindings_FinalSinks.setMapJointPointsCallback(XUtils_Findings_v0_1.mapJoinPoints_HashTagsOn_Sources);
filteredFindings_FinalSinks.setFindingsViewerFilters("_JoinSource", "");
filteredFindings_FinalSinks.setFindingsResult(findingsWith_FindingsToFinalSinks);
// results (i.e. final findings)
//findingsViewer_FinalFindings.loadO2Findings(findingsWith_Results);
findingsViewer_FinalFindings.loadO2Findings(findingsWith_Results, true);
}
public static void createFindingsFromStrutsMappings(IStrutsMappings strutsMappings, ascx_FindingsViewer findingsViewer_ToLoadResults)
{
var createdFindings = StrutsMappingHelpers.createFindingsFromStrutsMappings(strutsMappings);
findingsViewer_ToLoadResults.setTraceTreeViewVisibleStatus(true);
findingsViewer_ToLoadResults.setFilter2Value("(no filter)");
findingsViewer_ToLoadResults.loadO2Findings(createdFindings, true);
}
public static void runFilterOn_FinalSinksFindings(List <IO2Finding> sourceFindings, string sinkSignatures, ascx_FindingsViewer findingsViewer_ToLoadResults)
{
var results = new List <IO2Finding>();
foreach (O2Finding o2Finding in sourceFindings)
{
if (RegEx.findStringInString(o2Finding.Sink, sinkSignatures))
{
results.Add(o2Finding);
}
}
findingsViewer_ToLoadResults.setFilter1Value("Sink");
findingsViewer_ToLoadResults.setFilter2Value("Source");
findingsViewer_ToLoadResults.loadO2Findings(results, true);
}
public void test_ApplyingRulesToFindings()
{
bool addFindingsWithNoMatches = true;
List <IO2Finding> mappedFidings = null;
// applying filter
var thread = applyRulesToFindingsControl.executeFilter(
ascx_ApplyRulesToFindings.AvailableFilters.BasicSinksMapping, addFindingsWithNoMatches,
_mappedFidings => mappedFidings = _mappedFidings);
thread.Join();
Assert.That(mappedFidings != null, "mappedFidings was null");
Assert.That(mappedFidings.Count > 0, "mappedFidings had no findings");
resultsFindingsViewerControl.loadO2Findings(mappedFidings);
Assert.That(resultsFindingsViewerControl.currentO2Findings.Count > 0,
"There were no findings in resultsFindingsViewerControl");
}
public static ascx_FindingsViewer show(this ascx_FindingsViewer findingsViewer, List <IO2Finding> o2Findings)
{
findingsViewer.clearO2Findings();
findingsViewer.loadO2Findings(o2Findings);
return(findingsViewer);
}
public static void createFindingsFromSpringMvcMappings(bool createFindingForUsesOfModelAttribute,
bool createFindingForUsesOfGetParameter,
ascx_FindingsViewer findingsViewer,
Dictionary <SpringMvcController, TreeNode> treeNodesForloadedSpringMvcControllers, ICirData cirData) //IEnumerable<SpringMvcController> springMvcControllers)
{
var findingsCreated = new List <IO2Finding>();
if (createFindingForUsesOfModelAttribute)
{
foreach (SpringMvcController springMvcController in treeNodesForloadedSpringMvcControllers.Keys)
{
var modelAttributeParameter = SpringMvcUtils.getMethodUsedInController(springMvcController, "ModelAttribute");
if (modelAttributeParameter != null)
{
var findingType = "SpringMvc.Use of ModelAttribute";
var findingText = string.Format("{0} {1} {2}", springMvcController.HttpRequestMethod,
springMvcController.HttpRequestUrl,
springMvcController.HttpMappingParameter);
var o2Finding = new O2Finding(findingText, findingType)
{
file = springMvcController.FileName,
lineNumber = springMvcController.LineNumber
};
var rootTrace = new O2Trace(findingType);
var sourceTrace = new O2Trace(springMvcController.HttpRequestUrl)
{
traceType = TraceType.Source
};
var modelAttribute = new O2Trace("ModelAttribute Class: " + modelAttributeParameter.className);
var sinkTrace = new O2Trace(springMvcController.JavaClass)
{
traceType = TraceType.Known_Sink
};
var postTrace = new O2Trace(springMvcController.JavaClassAndFunction);
rootTrace.childTraces.Add(sourceTrace);
sourceTrace.childTraces.Add(modelAttribute);
modelAttribute.childTraces.Add(sinkTrace);
sinkTrace.childTraces.Add(postTrace);
o2Finding.o2Traces.Add(rootTrace);
rootTrace.file = sourceTrace.file = sinkTrace.file = o2Finding.file;
rootTrace.lineNumber = sourceTrace.lineNumber = sinkTrace.lineNumber = o2Finding.lineNumber;
findingsCreated.Add(o2Finding);
//tvControllers.Nodes.Add(
// O2Forms.cloneTreeNode(treeNodesForloadedSpingMvcControllers[springMcvController]));
}
}
}
if (createFindingForUsesOfGetParameter)
{
try
{
var nodesWithGetParameter = getNodes_ThatUseGetParameter_RecursiveSearch(cirData, treeNodesForloadedSpringMvcControllers);
foreach (var treeNode in nodesWithGetParameter)
{
var springMvcController = (SpringMvcController)treeNode.Tag;
/*var o2Finding = new O2Finding(springMvcController.JavaFunction, "SpringMvc.Use of GetParameter")
* {
* file = springMvcController.FileName,
* lineNumber = springMvcController.LineNumber
* };
* findingsCreated.Add(o2Finding);*/
var findingType = "SpringMvc.Use of GetParameter";
var findingText = string.Format("{0} {1} {2}", springMvcController.HttpRequestMethod,
springMvcController.HttpRequestUrl,
springMvcController.HttpMappingParameter);
var o2Finding = new O2Finding(findingText, findingType)
{
file = springMvcController.FileName,
lineNumber = springMvcController.LineNumber
};
var rootTrace = new O2Trace(findingType);
var sourceTrace = new O2Trace(springMvcController.HttpRequestUrl)
{
traceType = TraceType.Source
};
var sinkTrace = new O2Trace(springMvcController.JavaClass)
{
traceType = TraceType.Known_Sink
};
var postTrace = new O2Trace(springMvcController.JavaClassAndFunction);
rootTrace.childTraces.Add(sourceTrace);
sourceTrace.childTraces.Add(sinkTrace);
sinkTrace.childTraces.Add(postTrace);
o2Finding.o2Traces.Add(rootTrace);
rootTrace.file = sourceTrace.file = sinkTrace.file = o2Finding.file;
rootTrace.lineNumber = sourceTrace.lineNumber = sinkTrace.lineNumber = o2Finding.lineNumber;
findingsCreated.Add(o2Finding);
}
}
catch (Exception ex)
{
DI.log.ex(ex, "in createFindingForUsesOfGetParameter");
}
}
// findingsCreated.Add(o2Finding);
findingsViewer.clearO2Findings();
findingsViewer.loadO2Findings(findingsCreated);
}