public static String createFindingsFromVMFiles(ConsolidatedProcessedVelocityFiles cpvfVelocityFiles,
ascx_TraceViewer ascxTraceViewer)
{
String sTemplateSpringModeMapName =
"org.springframework.ui.ModelMap.addAttribute_{0}(java.lang.String;java.lang.Object):org.springframework.ui.ModelMap";
var lfrFindingsResult = new List<AnalysisSearch.FindingsResult>();
foreach (ProcessedVelocityFile pvFile in cpvfVelocityFiles.getListWithProcessedLoadedFilesObjects())
{
foreach (String sMethod in pvFile.getFunctions())
{
var fsFilteredSignature = new FilteredSignature(sMethod, ',');
if (fsFilteredSignature.sParameters == "")
// if there are no parameters just add them method as both source and sink
{
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sMethod, sMethod,
"Velocity.Finding.Function_noParam",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Function_noParam",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
}
else
{
foreach (String sParameter in fsFilteredSignature.lsParameters_Parsed)
{
String sVelocityVariableName =
sParameter.Replace("$", "").Replace("!", "").Replace("{", "").Replace("}", "");
String sSourceSignature = String.Format(sTemplateSpringModeMapName, sVelocityVariableName);
String sSinkSignature = sMethod;
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sSourceSignature, sSinkSignature,
"Velocity.Finding.Function_withParam",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Function_withParam",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
}
}
}
foreach (String sVar in pvFile.getVars())
{
String sVelocityVariableName = sVar.Replace("$", "").Replace("!", "").Replace("{", "").Replace("}",
"");
String sSourceSignature = String.Format(sTemplateSpringModeMapName, sVelocityVariableName);
String sSinkSignature = sVar;
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sSourceSignature, sSinkSignature,
"Velocity.Finding.Variable",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Variable",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
//FindingViewItem fviFindingViewItem = new FindingViewItem(nfNewFinding.fFinding, nfNewFinding.oadNewO2AssessmentData);
//ascxTraceViewer.setTraceDataAndRefresh(fviFindingViewItem);
}
}
String sNewAssessmentFile = DI.config.TempFileNameInTempDirectory;
CustomAssessmentFile.create_CustomSavedAssessmentRunFile_From_FindingsResult_List(lfrFindingsResult,
sNewAssessmentFile);
return sNewAssessmentFile;
}
public static String createFindingsFromVMFiles(ConsolidatedProcessedVelocityFiles cpvfVelocityFiles,
ascx_TraceViewer ascxTraceViewer)
{
String sTemplateSpringModeMapName =
"org.springframework.ui.ModelMap.addAttribute_{0}(java.lang.String;java.lang.Object):org.springframework.ui.ModelMap";
var lfrFindingsResult = new List <AnalysisSearch.FindingsResult>();
foreach (ProcessedVelocityFile pvFile in cpvfVelocityFiles.getListWithProcessedLoadedFilesObjects())
{
foreach (String sMethod in pvFile.getFunctions())
{
var fsFilteredSignature = new FilteredSignature(sMethod, ',');
if (fsFilteredSignature.sParameters == "")
// if there are no parameters just add them method as both source and sink
{
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sMethod, sMethod,
"Velocity.Finding.Function_noParam",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Function_noParam",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
}
else
{
foreach (String sParameter in fsFilteredSignature.lsParameters_Parsed)
{
String sVelocityVariableName =
sParameter.Replace("$", "").Replace("!", "").Replace("{", "").Replace("}", "");
String sSourceSignature = String.Format(sTemplateSpringModeMapName, sVelocityVariableName);
String sSinkSignature = sMethod;
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sSourceSignature, sSinkSignature,
"Velocity.Finding.Function_withParam",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Function_withParam",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
}
}
}
foreach (String sVar in pvFile.getVars())
{
String sVelocityVariableName = sVar.Replace("$", "").Replace("!", "").Replace("{", "").Replace("}",
"");
String sSourceSignature = String.Format(sTemplateSpringModeMapName, sVelocityVariableName);
String sSinkSignature = sVar;
lfrFindingsResult.Add(createFindingsResultForSourceAndSink(sSourceSignature, sSinkSignature,
"Velocity.Finding.Variable",
pvFile.getNormalizedFileName(),
"Velocity.Finding.Variable",
pvFile.getNormalizedFileName(),
pvFile.sFullPathToOriginalFile
));
//FindingViewItem fviFindingViewItem = new FindingViewItem(nfNewFinding.fFinding, nfNewFinding.oadNewO2AssessmentData);
//ascxTraceViewer.setTraceDataAndRefresh(fviFindingViewItem);
}
}
String sNewAssessmentFile = DI.config.TempFileNameInTempDirectory;
CustomAssessmentFile.create_CustomSavedAssessmentRunFile_From_FindingsResult_List(lfrFindingsResult,
sNewAssessmentFile);
return(sNewAssessmentFile);
}