public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
TraceType.
Lost_Sink);
if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bDropDuplicateSmartTraces)
{
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
fFinding, bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
}
return(false);
}
private String resolveSource(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation)
{
String sSource = "Source: " +
getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Source);
return(sSource);
}
private static string fromAssessmentRunFileCreateNewFileWithUniqueTraces(string sPathToNewAssessmentFile, bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation)
{
string sTargetFilename;
DI.log.debug("Create file with unique traces");
//
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6NewFile = null;
Analysis.loadAssessmentFile(sPathToNewAssessmentFile, false, ref oadO2AssessmentDataOunceV6NewFile);
Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType;
bool bChangeFindingData = false;
var ffsmFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation,
ffnFindingNameFormat, bChangeFindingData);
AssessmentRun arFilteredAssessmentRun =
Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffsmFilter, oadO2AssessmentDataOunceV6NewFile);
DI.log.debug("Completed process of filtering to remove duplicate findings");
sTargetFilename = sPathToNewAssessmentFile + "_UniqueTraces.ozasmt";
Analysis.saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename,
oadO2AssessmentDataOunceV6NewFile);
return(sTargetFilename);
}
private static void addFindingDataToO2Finding(AssessmentAsmntFileFinding finding, IO2Finding o2Finding, AssessmentRun assessmentRun)
{
AssessmentRunFindingData findingData = assessmentRun.FindingDataPool[finding.data_id-1];
AssessmentRunSite siteData = assessmentRun.SitePool[findingData.site_id - 1];
if (findingData.id != finding.data_id || siteData.id != findingData.site_id)
"in addFindingDataToO2Finding findingData.id != (finding.data_id-1) or siteData.id != (findingData.site_id - 1)".error();
else
{
o2Finding.actionObject = findingData.ao_id;
o2Finding.callerName = getStringIndexValue(siteData.caller, assessmentRun);
o2Finding.columnNumber = siteData.cn;
o2Finding.confidence = (byte) findingData.conf;
o2Finding.context = getStringIndexValue(siteData.cxt, assessmentRun);
o2Finding.exclude = finding.excluded;
o2Finding.file = getFileIndexValue(siteData.file_id, assessmentRun);
o2Finding.lineNumber = siteData.ln;
o2Finding.method = getStringIndexValue(siteData.method, assessmentRun);
o2Finding.ordinal = siteData.ord;
o2Finding.projectName = getStringIndexValue(findingData.project_name, assessmentRun);
o2Finding.propertyIds = findingData.prop_ids; /**/
o2Finding.recordId = findingData.rec_id;
o2Finding.severity = (byte) findingData.sev;
// o2Finding.signature = getStringIndexValue(siteData.sig, assessmentRun);
o2Finding.text = null; /**/
o2Finding.vulnName = getStringIndexValue(siteData.sig, assessmentRun); /*making the sig the vuln name*/
o2Finding.vulnType = getStringIndexValue(findingData.vtype, assessmentRun);
}
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bDropDuplicateSmartTraces)
{
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding,
bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
return(false);
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
TraceType.
Lost_Sink);
if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0
{
if (false == iLostSinksProcessed.Contains(iLostSinkId))
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
lfFindingsThatMatchCriteria.Add(fFinding);
iLostSinksProcessed.Add(iLostSinkId);
return(true);
}
}
}
return(false);
}
public virtual bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
return(false);
}
private static IO2Finding getO2Finding(AssessmentAsmntFileFinding finding, AssessmentRun assessmentRunToImport)
{
var o2Finding = new O2Finding();
addFindingDataToO2Finding(finding, o2Finding, assessmentRunToImport);
addTraceToO2Finding(finding.trace, o2Finding, assessmentRunToImport);
OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding); // fix the 'ExternalSource Source' problem
return o2Finding;
}
public static void create_CustomSavedAssessmentRunFile_From_FindingsResult_List(
List <AnalysisSearch.FindingsResult> lfrFindingsResults, String sPathToNewAssessmentFile)
{
O2Timer tTimer =
new O2Timer("Creating new AssessmentRun File " + sPathToNewAssessmentFile).start();
if (lfrFindingsResults.Count == 0)
{
DI.log.error("Aborting, no findings to save");
}
else
{
AssessmentRun arNewAssessmentRun = OzasmtUtils_OunceV6.getDefaultAssessmentRunObject();
arNewAssessmentRun.name = "Search Results Project";
var lFilesAndFindingsToAdd =
new Dictionary <AssessmentAssessmentFile, List <AssessmentAssessmentFileFinding> >();
var dNewStringIndex = new Dictionary <String, UInt32>();
var dNewFileIndex = new Dictionary <String, UInt32>();
foreach (AnalysisSearch.FindingsResult frFindingsResult in lfrFindingsResults)
{
if (false == lFilesAndFindingsToAdd.ContainsKey(frFindingsResult.fFile))
// doesn't exist so we need to add it
{
lFilesAndFindingsToAdd.Add(frFindingsResult.fFile, new List <AssessmentAssessmentFileFinding>());
}
lFilesAndFindingsToAdd[frFindingsResult.fFile].Add(
VirtualTraces.createNewFindingFromExistingOne(frFindingsResult.fFinding, dNewStringIndex,
dNewFileIndex,
frFindingsResult.oadO2AssessmentDataOunceV6));
}
arNewAssessmentRun.StringIndeces = OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
arNewAssessmentRun.FileIndeces = OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);
var lafNewAssessmentFilesToAdd = new List <AssessmentAssessmentFile>();
foreach (AssessmentAssessmentFile afOriginalFile in lFilesAndFindingsToAdd.Keys)
{
AssessmentAssessmentFile afNewFile =
VirtualTraces.createNewAssessmentFileFromExistingOne(afOriginalFile);
afNewFile.Finding = lFilesAndFindingsToAdd[afOriginalFile].ToArray();
lafNewAssessmentFilesToAdd.Add(afNewFile);
}
arNewAssessmentRun.Assessment.Assessment[0].AssessmentFile = lafNewAssessmentFilesToAdd.ToArray();
DI.log.info("New assessmentRun file created in memory, now saving it");
// and save the serialized object as an Xml file
OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(arNewAssessmentRun, sPathToNewAssessmentFile);
tTimer.stop();
}
// if (false)
// o2Messages.sendMessage("open ViewAssessmentRun," + sPathToNewAssessmentFile);
}
private String resolveSink(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation)
{
String sSink = getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Known_Sink);
if (sSink != "") // LostSink case
{
sSink = "Sink: " + sSink;
}
else
{
sSink = "LostSink: " +
getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Lost_Sink);
}
return(sSink);
}
private String getSmartTraceCallName(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation,
TraceType tTraceType)
{
int iSmartTraceIndex = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(cCallInvocation,
tTraceType);
if (iSmartTraceIndex > 0)
{
return(arAssessmentRun.StringIndeces[iSmartTraceIndex - 1].value);
}
else
{
return("");
}
}
private static void addTraceToO2Finding(string traces, IO2Finding o2Finding, AssessmentRun assessmentRun)
{
if (false == string.IsNullOrEmpty(traces))
{
var splittedTraces = traces.Split(',');
var traceStack = new Stack<List<IO2Trace>>(); // use to keep track of where we add the trace
traceStack.Push(o2Finding.o2Traces); // the first one is the main o2Findings.o2Traces
foreach(var traceItem in splittedTraces)
{
var splittedTrace = traceItem.Split('.'); // in this version the dots mean how many nodes we have to go up
int traceIndex;
if (Int32.TryParse(splittedTrace[0], out traceIndex))
{
AssessmentRunTaint taint = assessmentRun.TaintPool[traceIndex - 1];
AssessmentRunSite siteData = assessmentRun.SitePool[taint.site_id - 1];
var o2Trace = new O2Trace
{
caller = getStringIndexValue(siteData.caller, assessmentRun),
columnNumber = siteData.cn,
context = getStringIndexValue(siteData.cxt, assessmentRun),
file = getFileIndexValue(siteData.file_id, assessmentRun),
lineNumber = siteData.ln,
method = getStringIndexValue(siteData.method, assessmentRun),
ordinal = siteData.ord,
signature = getStringIndexValue(siteData.sig, assessmentRun),
argument = (uint)taint.arg, // taint.arg changed to int in 8.6 version (this might have some side effects)
direction = taint.dir,
traceType =((TraceType) Enum.Parse(typeof (TraceType), taint.trace_type.ToString()))
};
//o2Trace.clazz = getStringIndexValue(,assessmentRun); // check if siteData.caller is a good match for clazz
//o2Trace.taintPropagation = ;
//o2Trace.text = ;
traceStack.Peek().Add(o2Trace); // add the current trace as a child of the the item on the top of traceStack
traceStack.Push(o2Trace.childTraces); // and make the current trace the item on the top of traceStack (which will be changed if there were dots in the traceItem (handled below))
}
else
{
"in addTraceToO2Finding , could not parse into int {0} from {1}".error(splittedTrace[0], traceItem);
}
if (splittedTrace.Length > 1) // means there were dots in the traceitem
for (var i = 1; i < splittedTrace.Length; i++)
traceStack.Pop();
}
//o2Finding.o2Traces[0].signature += traces;
}
}
public void applyFindingNameFormat(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding,
Analysis.FindingNameFormat ffnFindingNameFormat)
{
switch (ffnFindingNameFormat)
{
case Analysis.FindingNameFormat.FindingType: // do nothing in these cases
break;
case Analysis.FindingNameFormat.FindingType_Sink:
fFinding.vuln_type += " " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.FindingType_Source:
fFinding.vuln_type += " " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Sink:
fFinding.vuln_type = " " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Source:
fFinding.vuln_type = " " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Sink_Source:
fFinding.vuln_type = resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
" " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Source_Sink:
fFinding.vuln_type = resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
" " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
}
}
public static List <AssessmentAssessmentFileFinding> getListOfFindingsUsingFilter(String sPathToSavedXmlFile,
AnalysisFilters.
filter_FindUniqueLostSinks
ffulsFilter,
ref O2AssessmentData_OunceV6
fadO2AssessmentDataOunceV6)
{
var laaffFinding = new List <AssessmentAssessmentFileFinding>();
try
{
bool bVerbose = false;
var lsMatches = new List <string>();
Analysis.loadAssessmentFile(sPathToSavedXmlFile, bVerbose, ref fadO2AssessmentDataOunceV6);
AssessmentRun arFilteredAssessmentRun =
Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffulsFilter, fadO2AssessmentDataOunceV6);
if (null != arFilteredAssessmentRun.Assessment.Assessment)
{
foreach (Assessment aAssessment in arFilteredAssessmentRun.Assessment.Assessment)
{
foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile)
{
if (null != afAssessmentFile.Finding)
{
foreach (AssessmentAssessmentFileFinding aaffFinding in afAssessmentFile.Finding)
{
laaffFinding.Add(aaffFinding);
}
}
}
}
}
}
catch (Exception ex)
{
DI.log.error("getListOfFindingsUsingFilter: {0}", ex.Message);
}
return(laaffFinding);
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (sActionObjectIdToFind == fFinding.actionobject_id.ToString())
// and the actionObject matches the filter
{
if (false == bDropFindingsWithNoTraces)
{
lfFindingsThatMatchCriteria.Add(fFinding);
// always add to the list when bDropFindingsWithNoTraces is false
return(true);
}
else if (null != fFinding.Trace)
// when bDropFindingsWithNoTraces only add the ones with traces
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bFilterDuplicateFindings)
{
// and if bFilterDuplicateFindings is true, consolidate the Trace into similar ones
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
fFinding, bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
}
return(false);
}
public O2AssessmentSave_OunceV7()
{
engineName = "O2AssessmentSave_OunceV7";
assessmentRun = O2Assessment_OunceV7_Utils.getDefaultAssessmentRunObject();
}
public static AssessmentRun getDefaultAssessmentRunObject()
{
// this is what we need to create a default assessment
var defaultName = "DefaultAssessmentRun_v8";
var defaultVersion = "8.6.0.0";
var arNewAssessmentRun = new AssessmentRun
{
AssessmentStats = new AssessmentRunAssessmentStats(),
AssessmentConfig = new AssessmentRunAssessmentConfig(),
SharedDataStats = new AssessmentRunSharedDataStats(),
StringPool = new AssessmentRunString[] {},
FilePool = new AssessmentRunFile[] {},
SitePool = new AssessmentRunSite[] {},
TaintPool = new AssessmentRunTaint[] {},
FindingDataPool = new AssessmentRunFindingData[] {},
// Assessment = new AssessmentRunAssessment(),
Messages = new AssessmentRunMessage[] {},
name = defaultName,
version = defaultVersion
};
//not sure if this is needed
/* var armMessage = new AssessmentRunMessage
{
id = 0,
message =
("Custom Assessment Run File created on " +
DateTime.Now)
};
arNewAssessmentRun.Messages = new[] { armMessage };*/
arNewAssessmentRun.Assessment = new AssessmentRunAssessment { Assessment = new[] { new Assessment() } };
// need to populate the date
arNewAssessmentRun.AssessmentStats.date =
(uint)(DateTime.Now.Minute * 1000 + DateTime.Now.Second * 50 + DateTime.Now.Millisecond);
// This should be enough to create unique timestamps
return arNewAssessmentRun;
}
public static string getFileIndexValue(UInt32 uFileIndexId, AssessmentRun assessmentRun)
{
if (uFileIndexId > 0 && uFileIndexId <= assessmentRun.FilePool.Length)
return assessmentRun.FilePool[uFileIndexId - 1].value;
return "";
}
public static string getStringIndexValue(UInt32 uStringIndexId, AssessmentRun assessmentRun)
{
if (uStringIndexId > 0 && uStringIndexId <= assessmentRun.StringPool.Length)
return assessmentRun.StringPool[uStringIndexId - 1].value;
return "";
}
