public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { if (fFinding.Trace != null) { int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace, TraceType. Lost_Sink); if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0 { if (bChangeFindingData) // if required changed the name of this finding { applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat); } if (bDropDuplicateSmartTraces) { return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding, bIgnoreRootCallInvocation)); } else { lfFindingsThatMatchCriteria.Add(fFinding); return(true); } } } return(false); }
private String resolveSource(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation) { String sSource = "Source: " + getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Source); return(sSource); }
private static string fromAssessmentRunFileCreateNewFileWithUniqueTraces(string sPathToNewAssessmentFile, bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation) { string sTargetFilename; DI.log.debug("Create file with unique traces"); // O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6NewFile = null; Analysis.loadAssessmentFile(sPathToNewAssessmentFile, false, ref oadO2AssessmentDataOunceV6NewFile); Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType; bool bChangeFindingData = false; var ffsmFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces, bIgnoreRootCallInvocation, ffnFindingNameFormat, bChangeFindingData); AssessmentRun arFilteredAssessmentRun = Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffsmFilter, oadO2AssessmentDataOunceV6NewFile); DI.log.debug("Completed process of filtering to remove duplicate findings"); sTargetFilename = sPathToNewAssessmentFile + "_UniqueTraces.ozasmt"; Analysis.saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename, oadO2AssessmentDataOunceV6NewFile); return(sTargetFilename); }
private static void addFindingDataToO2Finding(AssessmentAsmntFileFinding finding, IO2Finding o2Finding, AssessmentRun assessmentRun) { AssessmentRunFindingData findingData = assessmentRun.FindingDataPool[finding.data_id-1]; AssessmentRunSite siteData = assessmentRun.SitePool[findingData.site_id - 1]; if (findingData.id != finding.data_id || siteData.id != findingData.site_id) "in addFindingDataToO2Finding findingData.id != (finding.data_id-1) or siteData.id != (findingData.site_id - 1)".error(); else { o2Finding.actionObject = findingData.ao_id; o2Finding.callerName = getStringIndexValue(siteData.caller, assessmentRun); o2Finding.columnNumber = siteData.cn; o2Finding.confidence = (byte) findingData.conf; o2Finding.context = getStringIndexValue(siteData.cxt, assessmentRun); o2Finding.exclude = finding.excluded; o2Finding.file = getFileIndexValue(siteData.file_id, assessmentRun); o2Finding.lineNumber = siteData.ln; o2Finding.method = getStringIndexValue(siteData.method, assessmentRun); o2Finding.ordinal = siteData.ord; o2Finding.projectName = getStringIndexValue(findingData.project_name, assessmentRun); o2Finding.propertyIds = findingData.prop_ids; /**/ o2Finding.recordId = findingData.rec_id; o2Finding.severity = (byte) findingData.sev; // o2Finding.signature = getStringIndexValue(siteData.sig, assessmentRun); o2Finding.text = null; /**/ o2Finding.vulnName = getStringIndexValue(siteData.sig, assessmentRun); /*making the sig the vuln name*/ o2Finding.vulnType = getStringIndexValue(findingData.vtype, assessmentRun); } }
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { if (fFinding.Trace != null) { if (bChangeFindingData) // if required changed the name of this finding { applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat); } if (bDropDuplicateSmartTraces) { return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding, bIgnoreRootCallInvocation)); } else { lfFindingsThatMatchCriteria.Add(fFinding); return(true); } } return(false); }
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { if (fFinding.Trace != null) { int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace, TraceType. Lost_Sink); if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0 { if (false == iLostSinksProcessed.Contains(iLostSinkId)) { if (bChangeFindingData) // if required changed the name of this finding { applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat); } lfFindingsThatMatchCriteria.Add(fFinding); iLostSinksProcessed.Add(iLostSinkId); return(true); } } } return(false); }
public virtual bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { return(false); }
private static IO2Finding getO2Finding(AssessmentAsmntFileFinding finding, AssessmentRun assessmentRunToImport) { var o2Finding = new O2Finding(); addFindingDataToO2Finding(finding, o2Finding, assessmentRunToImport); addTraceToO2Finding(finding.trace, o2Finding, assessmentRunToImport); OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding); // fix the 'ExternalSource Source' problem return o2Finding; }
public static void create_CustomSavedAssessmentRunFile_From_FindingsResult_List( List <AnalysisSearch.FindingsResult> lfrFindingsResults, String sPathToNewAssessmentFile) { O2Timer tTimer = new O2Timer("Creating new AssessmentRun File " + sPathToNewAssessmentFile).start(); if (lfrFindingsResults.Count == 0) { DI.log.error("Aborting, no findings to save"); } else { AssessmentRun arNewAssessmentRun = OzasmtUtils_OunceV6.getDefaultAssessmentRunObject(); arNewAssessmentRun.name = "Search Results Project"; var lFilesAndFindingsToAdd = new Dictionary <AssessmentAssessmentFile, List <AssessmentAssessmentFileFinding> >(); var dNewStringIndex = new Dictionary <String, UInt32>(); var dNewFileIndex = new Dictionary <String, UInt32>(); foreach (AnalysisSearch.FindingsResult frFindingsResult in lfrFindingsResults) { if (false == lFilesAndFindingsToAdd.ContainsKey(frFindingsResult.fFile)) // doesn't exist so we need to add it { lFilesAndFindingsToAdd.Add(frFindingsResult.fFile, new List <AssessmentAssessmentFileFinding>()); } lFilesAndFindingsToAdd[frFindingsResult.fFile].Add( VirtualTraces.createNewFindingFromExistingOne(frFindingsResult.fFinding, dNewStringIndex, dNewFileIndex, frFindingsResult.oadO2AssessmentDataOunceV6)); } arNewAssessmentRun.StringIndeces = OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex); arNewAssessmentRun.FileIndeces = OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex); var lafNewAssessmentFilesToAdd = new List <AssessmentAssessmentFile>(); foreach (AssessmentAssessmentFile afOriginalFile in lFilesAndFindingsToAdd.Keys) { AssessmentAssessmentFile afNewFile = VirtualTraces.createNewAssessmentFileFromExistingOne(afOriginalFile); afNewFile.Finding = lFilesAndFindingsToAdd[afOriginalFile].ToArray(); lafNewAssessmentFilesToAdd.Add(afNewFile); } arNewAssessmentRun.Assessment.Assessment[0].AssessmentFile = lafNewAssessmentFilesToAdd.ToArray(); DI.log.info("New assessmentRun file created in memory, now saving it"); // and save the serialized object as an Xml file OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(arNewAssessmentRun, sPathToNewAssessmentFile); tTimer.stop(); } // if (false) // o2Messages.sendMessage("open ViewAssessmentRun," + sPathToNewAssessmentFile); }
private String resolveSink(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation) { String sSink = getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Known_Sink); if (sSink != "") // LostSink case { sSink = "Sink: " + sSink; } else { sSink = "LostSink: " + getSmartTraceCallName(arAssessmentRun, cCallInvocation, TraceType.Lost_Sink); } return(sSink); }
private String getSmartTraceCallName(AssessmentRun arAssessmentRun, CallInvocation[] cCallInvocation, TraceType tTraceType) { int iSmartTraceIndex = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(cCallInvocation, tTraceType); if (iSmartTraceIndex > 0) { return(arAssessmentRun.StringIndeces[iSmartTraceIndex - 1].value); } else { return(""); } }
private static void addTraceToO2Finding(string traces, IO2Finding o2Finding, AssessmentRun assessmentRun) { if (false == string.IsNullOrEmpty(traces)) { var splittedTraces = traces.Split(','); var traceStack = new Stack<List<IO2Trace>>(); // use to keep track of where we add the trace traceStack.Push(o2Finding.o2Traces); // the first one is the main o2Findings.o2Traces foreach(var traceItem in splittedTraces) { var splittedTrace = traceItem.Split('.'); // in this version the dots mean how many nodes we have to go up int traceIndex; if (Int32.TryParse(splittedTrace[0], out traceIndex)) { AssessmentRunTaint taint = assessmentRun.TaintPool[traceIndex - 1]; AssessmentRunSite siteData = assessmentRun.SitePool[taint.site_id - 1]; var o2Trace = new O2Trace { caller = getStringIndexValue(siteData.caller, assessmentRun), columnNumber = siteData.cn, context = getStringIndexValue(siteData.cxt, assessmentRun), file = getFileIndexValue(siteData.file_id, assessmentRun), lineNumber = siteData.ln, method = getStringIndexValue(siteData.method, assessmentRun), ordinal = siteData.ord, signature = getStringIndexValue(siteData.sig, assessmentRun), argument = (uint)taint.arg, // taint.arg changed to int in 8.6 version (this might have some side effects) direction = taint.dir, traceType =((TraceType) Enum.Parse(typeof (TraceType), taint.trace_type.ToString())) }; //o2Trace.clazz = getStringIndexValue(,assessmentRun); // check if siteData.caller is a good match for clazz //o2Trace.taintPropagation = ; //o2Trace.text = ; traceStack.Peek().Add(o2Trace); // add the current trace as a child of the the item on the top of traceStack traceStack.Push(o2Trace.childTraces); // and make the current trace the item on the top of traceStack (which will be changed if there were dots in the traceItem (handled below)) } else { "in addTraceToO2Finding , could not parse into int {0} from {1}".error(splittedTrace[0], traceItem); } if (splittedTrace.Length > 1) // means there were dots in the traceitem for (var i = 1; i < splittedTrace.Length; i++) traceStack.Pop(); } //o2Finding.o2Traces[0].signature += traces; } }
public void applyFindingNameFormat(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, Analysis.FindingNameFormat ffnFindingNameFormat) { switch (ffnFindingNameFormat) { case Analysis.FindingNameFormat.FindingType: // do nothing in these cases break; case Analysis.FindingNameFormat.FindingType_Sink: fFinding.vuln_type += " " + resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1); break; case Analysis.FindingNameFormat.FindingType_Source: fFinding.vuln_type += " " + resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1); break; case Analysis.FindingNameFormat.Sink: fFinding.vuln_type = " " + resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1); break; case Analysis.FindingNameFormat.Source: fFinding.vuln_type = " " + resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1); break; case Analysis.FindingNameFormat.Sink_Source: fFinding.vuln_type = resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1) + " " + resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1); break; case Analysis.FindingNameFormat.Source_Sink: fFinding.vuln_type = resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1) + " " + resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1); break; } }
public static List <AssessmentAssessmentFileFinding> getListOfFindingsUsingFilter(String sPathToSavedXmlFile, AnalysisFilters. filter_FindUniqueLostSinks ffulsFilter, ref O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6) { var laaffFinding = new List <AssessmentAssessmentFileFinding>(); try { bool bVerbose = false; var lsMatches = new List <string>(); Analysis.loadAssessmentFile(sPathToSavedXmlFile, bVerbose, ref fadO2AssessmentDataOunceV6); AssessmentRun arFilteredAssessmentRun = Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffulsFilter, fadO2AssessmentDataOunceV6); if (null != arFilteredAssessmentRun.Assessment.Assessment) { foreach (Assessment aAssessment in arFilteredAssessmentRun.Assessment.Assessment) { foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile) { if (null != afAssessmentFile.Finding) { foreach (AssessmentAssessmentFileFinding aaffFinding in afAssessmentFile.Finding) { laaffFinding.Add(aaffFinding); } } } } } } catch (Exception ex) { DI.log.error("getListOfFindingsUsingFilter: {0}", ex.Message); } return(laaffFinding); }
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding, List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria, List <AssessmentAssessmentFile> lafFilteredAssessmentFiles) { if (sActionObjectIdToFind == fFinding.actionobject_id.ToString()) // and the actionObject matches the filter { if (false == bDropFindingsWithNoTraces) { lfFindingsThatMatchCriteria.Add(fFinding); // always add to the list when bDropFindingsWithNoTraces is false return(true); } else if (null != fFinding.Trace) // when bDropFindingsWithNoTraces only add the ones with traces { if (bChangeFindingData) // if required changed the name of this finding { applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat); } if (bFilterDuplicateFindings) { // and if bFilterDuplicateFindings is true, consolidate the Trace into similar ones return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding, bIgnoreRootCallInvocation)); } else { lfFindingsThatMatchCriteria.Add(fFinding); return(true); } } } return(false); }
public O2AssessmentSave_OunceV7() { engineName = "O2AssessmentSave_OunceV7"; assessmentRun = O2Assessment_OunceV7_Utils.getDefaultAssessmentRunObject(); }
public static AssessmentRun getDefaultAssessmentRunObject() { // this is what we need to create a default assessment var defaultName = "DefaultAssessmentRun_v8"; var defaultVersion = "8.6.0.0"; var arNewAssessmentRun = new AssessmentRun { AssessmentStats = new AssessmentRunAssessmentStats(), AssessmentConfig = new AssessmentRunAssessmentConfig(), SharedDataStats = new AssessmentRunSharedDataStats(), StringPool = new AssessmentRunString[] {}, FilePool = new AssessmentRunFile[] {}, SitePool = new AssessmentRunSite[] {}, TaintPool = new AssessmentRunTaint[] {}, FindingDataPool = new AssessmentRunFindingData[] {}, // Assessment = new AssessmentRunAssessment(), Messages = new AssessmentRunMessage[] {}, name = defaultName, version = defaultVersion }; //not sure if this is needed /* var armMessage = new AssessmentRunMessage { id = 0, message = ("Custom Assessment Run File created on " + DateTime.Now) }; arNewAssessmentRun.Messages = new[] { armMessage };*/ arNewAssessmentRun.Assessment = new AssessmentRunAssessment { Assessment = new[] { new Assessment() } }; // need to populate the date arNewAssessmentRun.AssessmentStats.date = (uint)(DateTime.Now.Minute * 1000 + DateTime.Now.Second * 50 + DateTime.Now.Millisecond); // This should be enough to create unique timestamps return arNewAssessmentRun; }
public static string getFileIndexValue(UInt32 uFileIndexId, AssessmentRun assessmentRun) { if (uFileIndexId > 0 && uFileIndexId <= assessmentRun.FilePool.Length) return assessmentRun.FilePool[uFileIndexId - 1].value; return ""; }
public static string getStringIndexValue(UInt32 uStringIndexId, AssessmentRun assessmentRun) { if (uStringIndexId > 0 && uStringIndexId <= assessmentRun.StringPool.Length) return assessmentRun.StringPool[uStringIndexId - 1].value; return ""; }