public List <IO2Trace> getUniqueTraces()
{
var uniqueTraces = new List <IO2Trace>();
OzasmtUtils.calculateUniqueListOfO2Traces(o2Traces, uniqueTraces);
return(uniqueTraces);
}
/*public static List<O2Finding> glueSinksToSources(O2Assessment o2AssessmentWithSinks, O2Assessment o2AssessmentWithSources)
* {
* var webLayerSources = getO2StringIndexes(webLayer, TraceType.Source);
*
* foreach (var clickButtonFinding in clickButton.o2Findings)
* {
* results.Add(clickButtonFinding);
* var sink = OzasmtUtils.getKnownSink(clickButtonFinding.o2Trace);
* PublicDI.log.debug(sink.signature);
* if (webLayerSources.ContainsKey(sink.signature))
* foreach (var webLayerSource in webLayerSources[sink.signature])
* {
* results.Add(OzasmtGlue.createCopyAndGlueTraceAndSink(clickButtonFinding,
* OzasmtUtils.getSource(
* webLayerSource.o2Trace)));
* /*var o2NewFinding = OzasmtCopy.createCopy(clickButtonFinding);
* var newFindingSink = OzasmtUtils.getKnownSink(o2NewFinding.o2Trace);
* newFindingSink.traceType = TraceType.Type_4;
* var sourceToGlue = OzasmtCopy.createCopy(OzasmtUtils.getSource(webLayerSource.o2Trace));
* sourceToGlue.traceType = TraceType.Type_0;
* newFindingSink.childTraces.Add(sourceToGlue);
* results.Add(o2NewFinding);*/
/* }
* }*/
public static IO2Finding createCopyAndGlueTraceSinkWithSource(IO2Finding o2TemplateFinding,
IO2Trace o2TraceWithSource)
{
IO2Trace sourceToGlue = OzasmtCopy.createCopy(OzasmtUtils.getSource(o2TraceWithSource));
return(createCopyAndGlueTraceSinkWithTrace(o2TemplateFinding, sourceToGlue));
}
public static List <IO2Finding> getFindingsWithSink(List <IO2Finding> findings, string regExToFind)
{
var results = new List <IO2Finding>();
foreach (IO2Finding o2Finding in findings)
{
IO2Trace sink = OzasmtUtils.getKnownSink(o2Finding.o2Traces);
if (sink != null && sink.signature != "" && RegEx.findStringInString(sink.signature, regExToFind))
{
results.Add(o2Finding);
}
}
return(results);
}
public List <IO2Trace> getJoinLocations()
{
var allO2Traces = OzasmtUtils.getListWithAllTraces(this);
var results = new List <IO2Trace>();
foreach (var o2Trace in allO2Traces)
{
if (o2Trace.traceType == TraceType.O2JoinLocation)
{
results.Add(o2Trace);
}
}
return(results);
}
public static IO2Finding createCopyAndGlueTraceSinkWithTrace(IO2Finding o2TemplateFinding,
List <IO2Trace> o2TracesToGlue)
{
IO2Finding o2NewFinding = OzasmtCopy.createCopy(o2TemplateFinding);
//IO2Trace newFindingSink = OzasmtUtils.getKnownSink(o2NewFinding.o2Traces);
IO2Trace newFindingSink = OzasmtUtils.getSink(o2NewFinding.o2Traces);
newFindingSink.traceType = TraceType.Root_Call;
foreach (O2Trace o2TraceToGlue in o2TracesToGlue)
{
o2TraceToGlue.traceType = TraceType.Root_Call;
newFindingSink.childTraces.Add(o2TraceToGlue);
}
return(o2NewFinding);
}
public static List <IO2Finding> glueTraceSinkWithSources(IO2AssessmentLoad o2AssessmentLoad, String ozasmtWithSinks, String ozasmtWithSoures)
{
var results = new List <IO2Finding>();
Dictionary <string, List <IO2Trace> > o2TracesWithSources = OzasmtUtils.getDictionaryWithO2AllSubTraces(o2AssessmentLoad, ozasmtWithSoures);
foreach (IO2Finding o2FindingWithSink in new O2Assessment(o2AssessmentLoad, ozasmtWithSinks).o2Findings)
{
string sinkToFind = OzasmtUtils.getKnownSink(o2FindingWithSink.o2Traces).signature;
if (o2TracesWithSources.ContainsKey(sinkToFind))
{
foreach (IO2Trace o2TraceWithSourcre in o2TracesWithSources[sinkToFind])
{
results.Add(createCopyAndGlueTraceSinkWithSource(o2FindingWithSink, o2TraceWithSourcre));
}
}
}
return(results);
}
public static void makeCompatibleWithOunceV6(IEnumerable <IO2Finding> o2Findings)
{
// fix use of non-OSA supported trace types:
foreach (var o2Finding in o2Findings)
{
foreach (var o2Trace in OzasmtUtils.getListWithAllTraces((O2Finding)o2Finding))
{
switch (o2Trace.traceType)
{
case TraceType.O2Info:
case TraceType.O2JoinSink:
case TraceType.O2JoinSource:
o2Trace.traceType = TraceType.Type_4;
break;
}
}
}
}
public static List <IO2Finding> findWebControlSources(List <IO2Finding> o2Findings)
{
var methodsToFind = new RegEx("System.Web.UI.WebControls.*get_Text");
//var methodsToFind = new RegEx("HttpRequest");
var results = new List <IO2Finding>();
foreach (IO2Finding o2Finding in o2Findings)
{
IO2Trace source = ((O2Finding)o2Finding).getSource();
if (source != null && methodsToFind.find(source.ToString()))
// && o2Finding.getSource.ToString() != "")
{
if (source.context.Contains("txt"))
{
// PublicDI.log.info(source + " -> " + (o2Finding.getSink != null ? o2Finding.getSink.ToString() : ""));
string variableName = OzasmtContext.getVariableNameFromThisObject(source);
// PublicDI.log.info(o2Finding.o2Trace + " ::: " + );// + " : " + source.context);
foreach (IO2Trace o2Trace in o2Finding.o2Traces)
{
List <string> wordsFromSignature =
OzasmtUtils.getListWithWordsFromSignature(o2Trace.signature);
foreach (string word in wordsFromSignature)
{
// var sourceO2Trace = new O2Trace("OunceLabs: " + word);
// var sinkO2Trace = new O2Trace("OunceLabs: " + variableName);
// sinkO2Trace.childTraces.Add(o2Finding.o2Trace);
// sourceO2Trace.childTraces.Add(sinkO2Trace);
var newO2Finding = new O2Finding();
newO2Finding.o2Traces = o2Finding.o2Traces;
newO2Finding.vulnName = word + "_" + variableName;
newO2Finding.vulnType = "ASP.NET Attack Surface";
results.Add(newO2Finding);
}
}
}
// PublicDI.log.info(" " + o2Finding.getSource + " -> " + o2Finding.getSource.context + "\n\n");
}
}
return(results);
}
public IO2Trace getSink()
{
return(OzasmtUtils.getKnownSink(o2Traces) ?? OzasmtUtils.getLostSink(o2Traces));
}
public List <IO2Trace> getPathToSource()
{
return(OzasmtUtils.getPathToSource(o2Traces));
}
// methods that return IO2Trace objects
public IO2Trace getSource()
{
return(OzasmtUtils.getSource(o2Traces));
}
