Esempio n. 1
0
 public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
                                                 AssessmentAssessmentFileFinding fFinding,
                                                 List <AssessmentAssessmentFileFinding>
                                                 lfFindingsThatMatchCriteria,
                                                 List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
 {
     if (fFinding.Trace != null)
     {
         int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
                                                                                          TraceType.
                                                                                          Lost_Sink);
         if (iLostSinkId > 0)        // need to figure out what happens when iLostSinkId =0
         {
             if (bChangeFindingData) // if required changed the name of this finding
             {
                 applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
             }
             if (bDropDuplicateSmartTraces)
             {
                 return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
                                                fFinding, bIgnoreRootCallInvocation));
             }
             else
             {
                 lfFindingsThatMatchCriteria.Add(fFinding);
                 return(true);
             }
         }
     }
     return(false);
 }
Esempio n. 2
0
            private String resolveSource(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation)
            {
                String sSource = "Source: " +
                                 getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Source);

                return(sSource);
            }
        private static string fromAssessmentRunFileCreateNewFileWithUniqueTraces(string sPathToNewAssessmentFile, bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation)
        {
            string sTargetFilename;

            DI.log.debug("Create file with unique traces");
            //
            O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6NewFile = null;

            Analysis.loadAssessmentFile(sPathToNewAssessmentFile, false, ref oadO2AssessmentDataOunceV6NewFile);


            Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType;
            bool bChangeFindingData = false;

            var ffsmFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
                                                                        bIgnoreRootCallInvocation,
                                                                        ffnFindingNameFormat, bChangeFindingData);
            AssessmentRun arFilteredAssessmentRun =
                Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffsmFilter, oadO2AssessmentDataOunceV6NewFile);

            DI.log.debug("Completed process of filtering to remove duplicate findings");
            sTargetFilename = sPathToNewAssessmentFile + "_UniqueTraces.ozasmt";
            Analysis.saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename,
                                               oadO2AssessmentDataOunceV6NewFile);
            return(sTargetFilename);
        }
        private static void addFindingDataToO2Finding(AssessmentAsmntFileFinding finding, IO2Finding o2Finding, AssessmentRun assessmentRun)
        {
            AssessmentRunFindingData findingData = assessmentRun.FindingDataPool[finding.data_id-1];
            AssessmentRunSite siteData = assessmentRun.SitePool[findingData.site_id - 1];
            if (findingData.id != finding.data_id || siteData.id != findingData.site_id)
                "in addFindingDataToO2Finding findingData.id != (finding.data_id-1) or siteData.id != (findingData.site_id - 1)".error();
            else
            {
                o2Finding.actionObject = findingData.ao_id;
                o2Finding.callerName = getStringIndexValue(siteData.caller, assessmentRun);
                o2Finding.columnNumber = siteData.cn;
                o2Finding.confidence = (byte) findingData.conf;
                o2Finding.context = getStringIndexValue(siteData.cxt, assessmentRun);                
                o2Finding.exclude = finding.excluded;
                o2Finding.file = getFileIndexValue(siteData.file_id, assessmentRun);
                o2Finding.lineNumber = siteData.ln;
                o2Finding.method = getStringIndexValue(siteData.method, assessmentRun);
                o2Finding.ordinal = siteData.ord; 
                o2Finding.projectName = getStringIndexValue(findingData.project_name, assessmentRun);
                o2Finding.propertyIds = findingData.prop_ids; /**/
                o2Finding.recordId = findingData.rec_id;
                o2Finding.severity = (byte) findingData.sev;
             //   o2Finding.signature = getStringIndexValue(siteData.sig, assessmentRun);
                o2Finding.text = null; /**/
                o2Finding.vulnName = getStringIndexValue(siteData.sig, assessmentRun); /*making the sig the vuln name*/
                o2Finding.vulnType = getStringIndexValue(findingData.vtype, assessmentRun);                

            }                                                                                                            
        }
Esempio n. 5
0
            public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
                                                            AssessmentAssessmentFileFinding fFinding,
                                                            List <AssessmentAssessmentFileFinding>
                                                            lfFindingsThatMatchCriteria,
                                                            List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
            {
                if (fFinding.Trace != null)
                {
                    if (bChangeFindingData) // if required changed the name of this finding
                    {
                        applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
                    }

                    if (bDropDuplicateSmartTraces)
                    {
                        return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding,
                                                       bIgnoreRootCallInvocation));
                    }
                    else
                    {
                        lfFindingsThatMatchCriteria.Add(fFinding);
                        return(true);
                    }
                }
                return(false);
            }
Esempio n. 6
0
 public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
                                                 AssessmentAssessmentFileFinding fFinding,
                                                 List <AssessmentAssessmentFileFinding>
                                                 lfFindingsThatMatchCriteria,
                                                 List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
 {
     if (fFinding.Trace != null)
     {
         int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
                                                                                          TraceType.
                                                                                          Lost_Sink);
         if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0
         {
             if (false == iLostSinksProcessed.Contains(iLostSinkId))
             {
                 if (bChangeFindingData) // if required changed the name of this finding
                 {
                     applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
                 }
                 lfFindingsThatMatchCriteria.Add(fFinding);
                 iLostSinksProcessed.Add(iLostSinkId);
                 return(true);
             }
         }
     }
     return(false);
 }
Esempio n. 7
0
 public virtual bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
                                                AssessmentAssessmentFileFinding fFinding,
                                                List <AssessmentAssessmentFileFinding>
                                                lfFindingsThatMatchCriteria,
                                                List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
 {
     return(false);
 }
 private static IO2Finding getO2Finding(AssessmentAsmntFileFinding finding, AssessmentRun assessmentRunToImport)
 {
     var o2Finding = new O2Finding();
     addFindingDataToO2Finding(finding, o2Finding, assessmentRunToImport);
     addTraceToO2Finding(finding.trace, o2Finding, assessmentRunToImport);
     OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding);           // fix the 'ExternalSource Source' problem
     return o2Finding;
 }
        public static void create_CustomSavedAssessmentRunFile_From_FindingsResult_List(
            List <AnalysisSearch.FindingsResult> lfrFindingsResults, String sPathToNewAssessmentFile)
        {
            O2Timer tTimer =
                new O2Timer("Creating new AssessmentRun File " + sPathToNewAssessmentFile).start();

            if (lfrFindingsResults.Count == 0)
            {
                DI.log.error("Aborting, no findings to save");
            }
            else
            {
                AssessmentRun arNewAssessmentRun = OzasmtUtils_OunceV6.getDefaultAssessmentRunObject();
                arNewAssessmentRun.name = "Search Results Project";
                var lFilesAndFindingsToAdd =
                    new Dictionary <AssessmentAssessmentFile, List <AssessmentAssessmentFileFinding> >();
                var dNewStringIndex = new Dictionary <String, UInt32>();
                var dNewFileIndex   = new Dictionary <String, UInt32>();
                foreach (AnalysisSearch.FindingsResult frFindingsResult in lfrFindingsResults)
                {
                    if (false == lFilesAndFindingsToAdd.ContainsKey(frFindingsResult.fFile))
                    // doesn't exist so we need to add it
                    {
                        lFilesAndFindingsToAdd.Add(frFindingsResult.fFile, new List <AssessmentAssessmentFileFinding>());
                    }

                    lFilesAndFindingsToAdd[frFindingsResult.fFile].Add(
                        VirtualTraces.createNewFindingFromExistingOne(frFindingsResult.fFinding, dNewStringIndex,
                                                                      dNewFileIndex,
                                                                      frFindingsResult.oadO2AssessmentDataOunceV6));
                }
                arNewAssessmentRun.StringIndeces = OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
                arNewAssessmentRun.FileIndeces   = OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);

                var lafNewAssessmentFilesToAdd = new List <AssessmentAssessmentFile>();
                foreach (AssessmentAssessmentFile afOriginalFile in lFilesAndFindingsToAdd.Keys)
                {
                    AssessmentAssessmentFile afNewFile =
                        VirtualTraces.createNewAssessmentFileFromExistingOne(afOriginalFile);
                    afNewFile.Finding = lFilesAndFindingsToAdd[afOriginalFile].ToArray();
                    lafNewAssessmentFilesToAdd.Add(afNewFile);
                }
                arNewAssessmentRun.Assessment.Assessment[0].AssessmentFile = lafNewAssessmentFilesToAdd.ToArray();

                DI.log.info("New assessmentRun file created in memory, now saving it");
                // and save the serialized object as an Xml file
                OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(arNewAssessmentRun, sPathToNewAssessmentFile);
                tTimer.stop();
            }
            // if (false)
            //     o2Messages.sendMessage("open ViewAssessmentRun," + sPathToNewAssessmentFile);
        }
Esempio n. 10
0
            private String resolveSink(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation)
            {
                String sSink = getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Known_Sink);

                if (sSink != "") // LostSink case
                {
                    sSink = "Sink: " + sSink;
                }
                else
                {
                    sSink = "LostSink: " +
                            getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Lost_Sink);
                }
                return(sSink);
            }
Esempio n. 11
0
            private String getSmartTraceCallName(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation,
                                                 TraceType tTraceType)
            {
                int iSmartTraceIndex = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(cCallInvocation,
                                                                                                      tTraceType);

                if (iSmartTraceIndex > 0)
                {
                    return(arAssessmentRun.StringIndeces[iSmartTraceIndex - 1].value);
                }
                else
                {
                    return("");
                }
            }
 private static void addTraceToO2Finding(string traces, IO2Finding o2Finding, AssessmentRun assessmentRun)
 {
     if (false == string.IsNullOrEmpty(traces))
     {
         var splittedTraces = traces.Split(',');
         var traceStack = new Stack<List<IO2Trace>>(); // use to keep track of where we add the trace
         traceStack.Push(o2Finding.o2Traces);          // the first one is the main o2Findings.o2Traces 
         foreach(var traceItem in splittedTraces)
         {                    
             var splittedTrace = traceItem.Split('.');   // in this version the dots mean how many nodes we have to go up
             int traceIndex;
             if (Int32.TryParse(splittedTrace[0], out traceIndex))
             {
                 AssessmentRunTaint taint = assessmentRun.TaintPool[traceIndex - 1];
                 AssessmentRunSite siteData = assessmentRun.SitePool[taint.site_id - 1];
                 var o2Trace = new O2Trace
                                   {
                                       caller = getStringIndexValue(siteData.caller, assessmentRun),
                                       columnNumber = siteData.cn,
                                       context = getStringIndexValue(siteData.cxt, assessmentRun),
                                       file = getFileIndexValue(siteData.file_id, assessmentRun),
                                       lineNumber = siteData.ln,
                                       method = getStringIndexValue(siteData.method, assessmentRun),
                                       ordinal = siteData.ord,
                                       signature = getStringIndexValue(siteData.sig, assessmentRun),
                                       argument = (uint)taint.arg,  			// taint.arg changed to int in 8.6 version (this might have some side effects)
                                       direction = taint.dir,
                                       traceType =((TraceType) Enum.Parse(typeof (TraceType), taint.trace_type.ToString()))                                              
                                   };                        
                 //o2Trace.clazz = getStringIndexValue(,assessmentRun);  // check if siteData.caller is a good match for clazz
                 //o2Trace.taintPropagation = ;
                 //o2Trace.text = ;
                 traceStack.Peek().Add(o2Trace); // add the current trace as a child of the the item on the top of traceStack
                 traceStack.Push(o2Trace.childTraces);   // and make the current trace the item on the top of traceStack (which will be changed if there were dots in the traceItem (handled below))                        
             }
             else
             {
                 "in addTraceToO2Finding , could not parse into int {0} from {1}".error(splittedTrace[0], traceItem);
             }
             if (splittedTrace.Length > 1) // means there were dots in the traceitem
                 for (var i = 1; i < splittedTrace.Length; i++)
                     traceStack.Pop();
         }
         //o2Finding.o2Traces[0].signature += traces;
     }
 }
Esempio n. 13
0
            public void applyFindingNameFormat(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding,
                                               Analysis.FindingNameFormat ffnFindingNameFormat)
            {
                switch (ffnFindingNameFormat)
                {
                case Analysis.FindingNameFormat.FindingType:     // do nothing in these cases
                    break;

                case Analysis.FindingNameFormat.FindingType_Sink:

                    fFinding.vuln_type += "        " +
                                          resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
                    break;

                case Analysis.FindingNameFormat.FindingType_Source:
                    fFinding.vuln_type += "        " +
                                          resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
                    break;

                case Analysis.FindingNameFormat.Sink:
                    fFinding.vuln_type = "        " +
                                         resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
                    break;

                case Analysis.FindingNameFormat.Source:
                    fFinding.vuln_type = "        " +
                                         resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
                    break;

                case Analysis.FindingNameFormat.Sink_Source:
                    fFinding.vuln_type = resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
                                         "        " +
                                         resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
                    break;

                case Analysis.FindingNameFormat.Source_Sink:
                    fFinding.vuln_type = resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
                                         "        " +
                                         resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
                    break;
                }
            }
        public static List <AssessmentAssessmentFileFinding> getListOfFindingsUsingFilter(String sPathToSavedXmlFile,
                                                                                          AnalysisFilters.
                                                                                          filter_FindUniqueLostSinks
                                                                                          ffulsFilter,
                                                                                          ref O2AssessmentData_OunceV6
                                                                                          fadO2AssessmentDataOunceV6)
        {
            var laaffFinding = new List <AssessmentAssessmentFileFinding>();

            try
            {
                bool bVerbose  = false;
                var  lsMatches = new List <string>();
                Analysis.loadAssessmentFile(sPathToSavedXmlFile, bVerbose, ref fadO2AssessmentDataOunceV6);
                AssessmentRun arFilteredAssessmentRun =
                    Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffulsFilter, fadO2AssessmentDataOunceV6);
                if (null != arFilteredAssessmentRun.Assessment.Assessment)
                {
                    foreach (Assessment aAssessment in arFilteredAssessmentRun.Assessment.Assessment)
                    {
                        foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile)
                        {
                            if (null != afAssessmentFile.Finding)
                            {
                                foreach (AssessmentAssessmentFileFinding aaffFinding in afAssessmentFile.Finding)
                                {
                                    laaffFinding.Add(aaffFinding);
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DI.log.error("getListOfFindingsUsingFilter: {0}", ex.Message);
            }
            return(laaffFinding);
        }
Esempio n. 15
0
            public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
                                                            AssessmentAssessmentFileFinding fFinding,
                                                            List <AssessmentAssessmentFileFinding>
                                                            lfFindingsThatMatchCriteria,
                                                            List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
            {
                if (sActionObjectIdToFind == fFinding.actionobject_id.ToString())
                // and the actionObject matches the filter
                {
                    if (false == bDropFindingsWithNoTraces)
                    {
                        lfFindingsThatMatchCriteria.Add(fFinding);
                        // always add to the list when bDropFindingsWithNoTraces is false
                        return(true);
                    }
                    else if (null != fFinding.Trace)
                    // when bDropFindingsWithNoTraces only add the ones with traces
                    {
                        if (bChangeFindingData) // if required changed the name of this finding
                        {
                            applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
                        }

                        if (bFilterDuplicateFindings)
                        {
                            // and if  bFilterDuplicateFindings is true, consolidate the Trace into similar ones
                            return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
                                                           fFinding, bIgnoreRootCallInvocation));
                        }
                        else
                        {
                            lfFindingsThatMatchCriteria.Add(fFinding);
                            return(true);
                        }
                    }
                }
                return(false);
            }
 public O2AssessmentSave_OunceV7()
 {
     engineName = "O2AssessmentSave_OunceV7";
     assessmentRun = O2Assessment_OunceV7_Utils.getDefaultAssessmentRunObject();
 }
        public static AssessmentRun getDefaultAssessmentRunObject()
        {
            // this is what we need to create a default assessment
            var defaultName = "DefaultAssessmentRun_v8";
            var defaultVersion  = "8.6.0.0";            				 
            
            var arNewAssessmentRun = new AssessmentRun
                                         	{
                                            	AssessmentStats = new AssessmentRunAssessmentStats(),         
									         	AssessmentConfig = new AssessmentRunAssessmentConfig(),
												SharedDataStats = new AssessmentRunSharedDataStats(),
												StringPool = new AssessmentRunString[] {},
												FilePool = new AssessmentRunFile[] {},
												SitePool = new AssessmentRunSite[] {},
												TaintPool = new AssessmentRunTaint[] {},
												FindingDataPool = new AssessmentRunFindingData[] {},
//												Assessment = new AssessmentRunAssessment(),
												Messages = new AssessmentRunMessage[] {},
												name = defaultName,		 			
												version = defaultVersion
                                         	};
//not sure if this is needed                                         	
/*            var armMessage = new AssessmentRunMessage
                                 {
                                     id = 0,
                                     message =
                                         ("Custom Assessment Run File created on " +
                                          DateTime.Now)
                                 };
            arNewAssessmentRun.Messages = new[] { armMessage };*/
            arNewAssessmentRun.Assessment = new AssessmentRunAssessment { Assessment = new[] { new Assessment() } };
            // need to populate the date 
            arNewAssessmentRun.AssessmentStats.date =
                (uint)(DateTime.Now.Minute * 1000 + DateTime.Now.Second * 50 + DateTime.Now.Millisecond);
            // This should be enough to create unique timestamps 
            return arNewAssessmentRun;
        }
 public static string getFileIndexValue(UInt32 uFileIndexId, AssessmentRun assessmentRun)
 {
     if (uFileIndexId > 0 && uFileIndexId <= assessmentRun.FilePool.Length)
         return assessmentRun.FilePool[uFileIndexId - 1].value;
     return "";
 }
 public static string getStringIndexValue(UInt32 uStringIndexId, AssessmentRun assessmentRun)
 {
     if (uStringIndexId > 0 && uStringIndexId <= assessmentRun.StringPool.Length)
         return assessmentRun.StringPool[uStringIndexId - 1].value;
     return "";
 }