public void loadWebInspectXmlFile(string fileToProcess)
{
DI.log.info("Processing Web inspect Xml File {0}", fileToProcess);
var webInspectResults = new XmlDocument();
webInspectResults.Load(fileToProcess);
// ReSharper disable PossibleNullReferenceException
foreach (XmlElement sessionCheckFound in getSessionCheckFound(webInspectResults))
{
string sessionId = sessionCheckFound["VulnerableSessionID"].InnerText;
foreach (XmlNode session in getSessionsWithSessionID(webInspectResults, sessionId))
{
var webInspectFinding = new WebInspectFinding
{
fullUrl = session["FullURL"].InnerText,
//filteredUrl = new FilteredUrl(session["FullURL"].InnerText),
payload = session["AttackDescriptor"].InnerText,
param = session["AttackParamDescriptor"].InnerText,
method = session["Method"].InnerText,
engineId = sessionCheckFound["EngineID"].InnerText,
sessionId = sessionId
};
// hack to deal with ctl: in ParamName
webInspectFinding.param = webInspectFinding.param.Replace("%3A", ":");
if (webInspectFinding.param.IndexOf(':') > -1)
{
webInspectFinding.param = webInspectFinding.param.Split(new[] { ':' })[1];
}
if (isFindingUnique(webInspectFinding))
{
webInspectFindings.Add(webInspectFinding);
}
// DI.log.info(webInspectFinding.method + " - " + webInspectFinding.param + " : " + webInspectFinding.fullUrl);
}
}
// ReSharper restore PossibleNullReferenceException
/*
*
* var sessionsCheckFoundWithEngineId = getSessionsCheckFoundWithEngineId(webInspectResults, sqlInjectionEngineId);
* foreach (XmlNode sessionCheckFound in sessionsCheckFoundWithEngineId)
* {
* // ReSharper disable PossibleNullReferenceException
* var sessionId = sessionCheckFound["VulnerableSessionID"].InnerText;
*
* var sessionsFoundWithSessionId = getSessionsWithSessionID(webInspectResults, sessionId);
* foreach (XmlNode session in sessionsFoundWithSessionId)
* {
* var attackParam = session["AttackParamDescriptor"].InnerText;
* // Hack to handle crl#: form parameter names in ASP.NET
* if (attackParam.IndexOf(':') > -1)
* attackParam = attackParam.Split(new char[] {':'})[1];
* var attackPayload = session["AttackDescriptor"].InnerText;
*
* var filteredUrl = new FilteredUrl(session["FullURL"].InnerText);
* }
* }
*/
}
public static IO2Trace createSink(WebInspectFinding webInspectFinding)
{
var filteredUrl = new FilteredUrl(webInspectFinding.fullUrl);
return new O2Trace("WebInspect: " + filteredUrl.pathAndPageAndParameters, TraceType.Known_Sink)
{
context = webInspectFinding.payload,
method = webInspectFinding.param
};
}
public static IO2Trace createSink(WebInspectFinding webInspectFinding)
{
var filteredUrl = new FilteredUrl(webInspectFinding.fullUrl);
return(new O2Trace("WebInspect: " + filteredUrl.pathAndPageAndParameters, TraceType.Known_Sink)
{
context = webInspectFinding.payload,
method = webInspectFinding.param
});
}
public bool isFindingUnique(WebInspectFinding webInspectFinding)
{
foreach (WebInspectFinding currentFinding in webInspectFindings)
{
if (currentFinding.ToString() == webInspectFinding.ToString())
{
return(false);
}
}
return(true);
}
public void loadWebInspectXmlFile(string fileToProcess)
{
DI.log.info("Processing Web inspect Xml File {0}", fileToProcess);
var webInspectResults = new XmlDocument();
webInspectResults.Load(fileToProcess);
// ReSharper disable PossibleNullReferenceException
foreach (XmlElement sessionCheckFound in getSessionCheckFound(webInspectResults))
{
string sessionId = sessionCheckFound["VulnerableSessionID"].InnerText;
foreach (XmlNode session in getSessionsWithSessionID(webInspectResults, sessionId))
{
var webInspectFinding = new WebInspectFinding
{
fullUrl = session["FullURL"].InnerText,
//filteredUrl = new FilteredUrl(session["FullURL"].InnerText),
payload = session["AttackDescriptor"].InnerText,
param = session["AttackParamDescriptor"].InnerText,
method = session["Method"].InnerText,
engineId = sessionCheckFound["EngineID"].InnerText,
sessionId = sessionId
};
// hack to deal with ctl: in ParamName
webInspectFinding.param = webInspectFinding.param.Replace("%3A", ":");
if (webInspectFinding.param.IndexOf(':') > -1)
webInspectFinding.param = webInspectFinding.param.Split(new[] {':'})[1];
if (isFindingUnique(webInspectFinding))
webInspectFindings.Add(webInspectFinding);
// DI.log.info(webInspectFinding.method + " - " + webInspectFinding.param + " : " + webInspectFinding.fullUrl);
}
}
// ReSharper restore PossibleNullReferenceException
/*
var sessionsCheckFoundWithEngineId = getSessionsCheckFoundWithEngineId(webInspectResults, sqlInjectionEngineId);
foreach (XmlNode sessionCheckFound in sessionsCheckFoundWithEngineId)
{
// ReSharper disable PossibleNullReferenceException
var sessionId = sessionCheckFound["VulnerableSessionID"].InnerText;
var sessionsFoundWithSessionId = getSessionsWithSessionID(webInspectResults, sessionId);
foreach (XmlNode session in sessionsFoundWithSessionId)
{
var attackParam = session["AttackParamDescriptor"].InnerText;
// Hack to handle crl#: form parameter names in ASP.NET
if (attackParam.IndexOf(':') > -1)
attackParam = attackParam.Split(new char[] {':'})[1];
var attackPayload = session["AttackDescriptor"].InnerText;
var filteredUrl = new FilteredUrl(session["FullURL"].InnerText);
}
}
*/
}
public static O2Finding createO2FindingFromWebInspectFinding(WebInspectFinding webInspectFinding, string keyword)
{
var o2Trace = new O2Trace("WebInspect -> Ounce Mapping (Sql Injection)");
IO2Trace sink = createSink(webInspectFinding);
o2Trace.childTraces.Add(sink);
return new O2Finding
{
o2Traces = new List<IO2Trace> {o2Trace},
//context = webInspectFinding.payload,
context = webInspectFinding.fullUrl,
vulnName = keyword + "_" + webInspectFinding.param,
vulnType = "Sql Injection (from WebInspect)"
};
}
public static O2Finding createO2FindingFromWebInspectFinding(WebInspectFinding webInspectFinding, string keyword)
{
var o2Trace = new O2Trace("WebInspect -> Ounce Mapping (Sql Injection)");
IO2Trace sink = createSink(webInspectFinding);
o2Trace.childTraces.Add(sink);
return(new O2Finding
{
o2Traces = new List <IO2Trace> {
o2Trace
},
//context = webInspectFinding.payload,
context = webInspectFinding.fullUrl,
vulnName = keyword + "_" + webInspectFinding.param,
vulnType = "Sql Injection (from WebInspect)"
});
}
public bool isFindingUnique(WebInspectFinding webInspectFinding)
{
foreach (WebInspectFinding currentFinding in webInspectFindings)
if (currentFinding.ToString() == webInspectFinding.ToString())
return false;
return true;
}
