public static IO2Trace createCopy(IO2Trace o2Trace, bool processChildTraces)
{
if (o2Trace == null)
{
return(null);
}
var newO2Trace = new O2Trace();
newO2Trace.text = createCopy(o2Trace.text);
newO2Trace.traceType = o2Trace.traceType;
newO2Trace.taintPropagation = o2Trace.taintPropagation;
newO2Trace.signature = o2Trace.signature;
newO2Trace.ordinal = o2Trace.ordinal;
newO2Trace.lineNumber = o2Trace.lineNumber;
newO2Trace.method = o2Trace.method;
newO2Trace.file = o2Trace.file;
newO2Trace.context = o2Trace.context;
newO2Trace.columnNumber = o2Trace.columnNumber;
newO2Trace.clazz = o2Trace.clazz;
if (processChildTraces)
{
newO2Trace.childTraces = createCopy(o2Trace.childTraces);
}
return(newO2Trace);
}
public static List<IO2Finding> createFindingsFromConversation(List<IWebscarabConversation> webScarabConversations)
{
List<IO2Finding> o2Findings = new List<IO2Finding>();
foreach (IWebscarabConversation conversation in webScarabConversations)
{
O2Finding o2Finding = new O2Finding();
if ((conversation.TAG != null) && (conversation.TAG != ""))
{
o2Finding.vulnType = conversation.TAG;
}
else
{
o2Finding.vulnType = "Tag not defined";
}
o2Finding.vulnName = conversation.METHOD + ": " + conversation.URL;
addTrace(o2Finding, conversation.COOKIE, "COOKIE");
addTrace(o2Finding, conversation.STATUS, "STATUS");
addTrace(o2Finding, conversation.ORIGIN, "ORIGIN");
addTrace(o2Finding, conversation.URL, "URL");
addTrace(o2Finding, conversation.XSS_GET, "XSS_GET");
addTrace(o2Finding, conversation.CRLF_GET, "CRLF_GET");
addTrace(o2Finding, conversation.SET_COOKIE, "SET_COOKIE");
addTrace(o2Finding, conversation.XSS_POST, "XSS_POST");
var traceRequest = new O2Trace("request: " + conversation.request);
traceRequest.file = conversation.request;
var traceResponse = new O2Trace("response: " + conversation.response);
traceResponse.file = conversation.response;
o2Finding.file = conversation.response;
o2Finding.o2Traces.Add(traceRequest);
o2Finding.o2Traces.Add(traceResponse);
o2Findings.Add(o2Finding);
}
return o2Findings;
}
public static List<IO2Finding> mapSinksToSources(Dictionary<string, List<IO2Finding>> lostSinks, Dictionary<string, List<IO2Finding>> sources)
{
DI.log.info("Looking for matches");
var results = new List<IO2Finding>();
foreach (string lostSinkSignature in lostSinks.Keys)
if (sources.ContainsKey(lostSinkSignature))
{
foreach (O2Finding lostSink in lostSinks[lostSinkSignature])
foreach (O2Finding source in sources[lostSinkSignature])
{
var sinkCopy = (O2Finding)OzasmtCopy.createCopy(lostSink);
var sourceCopy = (O2Finding)OzasmtCopy.createCopy(source);
var lostSinkNode = sinkCopy.getLostSink();
lostSinkNode.traceType = TraceType.Type_4;
var interfaceJoinPoint = new O2Trace("---- Interface join --- ");
interfaceJoinPoint.childTraces.AddRange(sourceCopy.o2Traces);
lostSinkNode.childTraces.Add(interfaceJoinPoint);
sinkCopy.vulnName = sinkCopy.Sink;
results.Add(sinkCopy);
//return results;
}
}
//log.info("We have a match on: {0}", lostSink);
return results;
}
public IO2Trace addTrace(string traceSignature, TraceType _traceType)
{
var newTrace = new O2Trace(traceSignature);
newTrace.traceType = _traceType;
childTraces.Add(newTrace);
return newTrace;
}
public IO2Trace addTrace(string traceSignature, TraceType _traceType)
{
var newTrace = new O2Trace(traceSignature);
newTrace.traceType = _traceType;
childTraces.Add(newTrace);
return(newTrace);
}
public void insertTrace(string traceSignature, TraceType traceType)
{
var newO2Trace = new O2Trace(traceSignature, traceType);
newO2Trace.childTraces.AddRange(o2Traces);
o2Traces = new List <IO2Trace>();
o2Traces.add(newO2Trace);
}
public static IO2Finding createO2FindingForXElement(XElement xElement, string currentFile)
{
var createFinding = false;
var xElementSignature = xElement.Name.LocalName;
var sourceTrace1 = new O2Trace();
var sourceTrace2 = new O2Trace();
foreach (var attribute in xElement.Attributes())
{
if (attribute.Name == "value" && attribute.Value.IndexOf("#{") > -1)
{
createFinding = true;
sourceTrace1.signature = attribute.Value;
sourceTrace2.signature = getFilteredValue(attribute.Value);
sourceTrace2.traceType = TraceType.Source;
// set source file and line number
var attributeLineInfo = (IXmlLineInfo)attribute;
sourceTrace2.file = currentFile;
sourceTrace2.lineNumber = (uint)attributeLineInfo.LineNumber;
}
//
xElementSignature += String.Format(" {0}=\"{1}\" ", attribute.Name, attribute.Value);
}
if (createFinding == false)
return null;
var newFinding = new O2Finding();
newFinding.vulnType = "JSF.AutoMapping";
newFinding.vulnName = xElementSignature;
// add traces
// root trace
var rootTrace = new O2Trace(currentFile);
newFinding.o2Traces.Add(rootTrace);
// traceWithFileName
var traceWithFileName = new O2Trace(Path.GetFileName(currentFile));
rootTrace.childTraces.Add(traceWithFileName);
// sourceTrace
traceWithFileName.childTraces.Add(sourceTrace1);
sourceTrace1.childTraces.Add(sourceTrace2);
// traceWithNamespaceAndElementName
var traceWithNamespaceAndElementName = new O2Trace(xElement.Name.ToString());
sourceTrace2.childTraces.Add(traceWithNamespaceAndElementName);
// Sink trace (with xElementSignature contents)
var sinkTrace = new O2Trace(xElementSignature);
sinkTrace.traceType = TraceType.Known_Sink;
traceWithNamespaceAndElementName.childTraces.Add(sinkTrace);
// set file and line number for sink & finding
var elementLineInfo = (IXmlLineInfo)xElement;
newFinding.file = sourceTrace2.file = currentFile;
newFinding.lineNumber = sourceTrace2.lineNumber = (uint)elementLineInfo.LineNumber;
return newFinding;
}
public void appendNewO2Trace()
{
if (o2Finding.o2Traces.Count == 0)
o2Finding.o2Traces = new List<IO2Trace>().add(new O2Trace("new root trace"));
else if (tvSmartTrace.SelectedNode != null && tvSmartTrace.SelectedNode.Tag.GetType().Name == "O2Trace")
{
o2Trace = new O2Trace("newChildTrace");
((O2Trace)tvSmartTrace.SelectedNode.Tag).childTraces.Add(o2Trace);
}
showO2TraceTree();
}
public List <IO2Trace> addTraces(List <string> traceSignatures)
{
var newTraces = new List <IO2Trace>();
foreach (var traceSignature in traceSignatures)
{
var newTrace = new O2Trace(traceSignature);
o2Traces.Add(newTrace);
newTraces.Add(newTrace);
}
return(newTraces);
}
public List <IO2Trace> addTraces(string prefixText, TraceType _traceType, params string[] traceSignatures)
{
var newTraces = new List <IO2Trace>();
foreach (var traceSignature in traceSignatures)
{
var newTrace = new O2Trace(prefixText + traceSignature);
newTrace.traceType = _traceType;
childTraces.Add(newTrace);
newTraces.Add(newTrace);
}
return(newTraces);
}
public static IO2Trace createCopy(IO2Trace o2Trace, bool processChildTraces)
{
if (o2Trace == null)
return null;
var newO2Trace = new O2Trace();
newO2Trace.text = createCopy(o2Trace.text);
newO2Trace.traceType = o2Trace.traceType;
newO2Trace.taintPropagation = o2Trace.taintPropagation;
newO2Trace.signature = o2Trace.signature;
newO2Trace.ordinal = o2Trace.ordinal;
newO2Trace.lineNumber = o2Trace.lineNumber;
newO2Trace.method = o2Trace.method;
newO2Trace.file = o2Trace.file;
newO2Trace.context = o2Trace.context;
newO2Trace.columnNumber = o2Trace.columnNumber;
newO2Trace.clazz = o2Trace.clazz;
if (processChildTraces)
newO2Trace.childTraces = createCopy(o2Trace.childTraces);
return newO2Trace;
}
public static void showO2TraceInDataGridView(O2Trace o2Trace, DataGridView dataGridView)
{
}
public static void showO2TraceInTreeView(O2Trace o2Trace, DataGridView dataGridView, String showItem)
{
}
public static List<IO2Finding> getSourcesMappedToInterfaces(List<IO2Finding> o2Findings, ICirData cirData)
{
var results = new List<IO2Finding>();
if (cirData == null || o2Findings == null)
return results;
foreach (O2Finding o2Finding in o2Findings)
{
var source = o2Finding.getSource();
if (source != null)
{
if (cirData.dFunctions_bySignature.ContainsKey(source.signature))
{
var cirFunction = cirData.dFunctions_bySignature[source.signature];
var cirClass = cirFunction.ParentClass;
if (cirClass.dSuperClasses.Count > 0)
{
var sourceSig = cirFunction.FunctionSignature.Substring(cirClass.Signature.Length);
//log.info(cirFunction.FunctionSignature);
foreach (var superClass in cirClass.dSuperClasses.Values)
{
foreach (var function in superClass.dFunctions.Values)
{
var interfaceName = function.FunctionSignature.Substring(superClass.Signature.Length);
if (sourceSig == interfaceName)
{
// we have an implementation of a method:
var newO2Finding = OzasmtCopy.createCopy(o2Finding);
var currentSource = ((O2Finding)newO2Finding).getSource();
currentSource.traceType = TraceType.Type_4;
currentSource.signature = "[old source]: " + currentSource.signature;
var interfaceTrace = new O2Trace(function.FunctionSignature);
interfaceTrace.traceType = TraceType.Source;
//interfaceTrace.childTraces.Add(new O2Trace("[interface function Signature (that matched)]: " + sourceSig));
//interfaceTrace.childTraces.Add(new O2Trace("interface: " + interfaceName));
//interfaceTrace.childTraces.Add(new O2Trace("source: " + currentSource.signature));
//interfaceTrace.childTraces.Add(new O2Trace("interface: " + function.FunctionSignature));
//interfaceTrace.childTraces.AddRange(newO2Finding.o2Traces);
interfaceTrace.childTraces.AddRange(currentSource.childTraces);
newO2Finding.o2Traces = new List<IO2Trace>();
newO2Finding.o2Traces.Add(interfaceTrace);
results.Add(newO2Finding);
//return results;
}
}
}
}
//log.info(" {2} : {0} -> {1}", cirFunction.FunctionSignature, cirClass.Name, cirClass.dSuperClasses.Count);
}
}
}
DI.log.info("There were {0} sources mapped to its interfaces (i.e. superclasses))", results.Count);
return results;
}
public static List<IO2Trace> getO2TraceFromCallInvocation(CallInvocation[] callInvocations,
AssessmentRun assessmentRun)
{
var o2Traces = new List<IO2Trace>();
if (callInvocations != null)
{
foreach (CallInvocation callInvocation in callInvocations)
{
var o2Trace = new O2Trace
{
clazz = getStringIndexValue(callInvocation.cn_id, assessmentRun),
columnNumber = callInvocation.column_number,
context = getStringIndexValue(callInvocation.cxt_id, assessmentRun),
file = getFileIndexValue(callInvocation.fn_id, assessmentRun),
lineNumber = callInvocation.line_number,
method = getStringIndexValue(callInvocation.mn_id, assessmentRun),
ordinal = callInvocation.ordinal,
// for the signature try to use the sig_id and if that is 0 then use mn_id
signature = getStringIndexValue((callInvocation.sig_id != 0) ? callInvocation.sig_id : callInvocation.mn_id, assessmentRun),
taintPropagation = callInvocation.taint_propagation,
traceType =
(TraceType)
Enum.Parse(typeof(TraceType),
callInvocation.trace_type.ToString())
};
if (callInvocation.Text != null)
o2Trace.text = new List<string>(callInvocation.Text);
//if (callInvocation.CallInvocation1 != null) // means there are child traces
//{
o2Trace.childTraces = getO2TraceFromCallInvocation(callInvocation.CallInvocation1, assessmentRun);
/*new List<O2Trace>();
foreach (CallInvocation childCallInvocation in callInvocation.CallInvocation1)
o2Trace.childTraces.Add(getO2TraceFromCallInvocation(childCallInvocation, assessmentRun));*/
//}
o2Traces.Add(o2Trace);
}
}
return o2Traces;
}
public static void addCatNetTransformationsAsO2Traces(O2Finding o2Finding, XmlElement transformations)
{
// ReSharper disable PossibleNullReferenceException
//var o2Trace = new O2Trace();
//o2Finding.o2Traces.Add(o2Trace);
foreach (XmlNode transformation in transformations.ChildNodes)
{
var o2Trace = new O2Trace
{
context =
(transformation["Statement"] == null)
? ""
: transformation["Statement"].InnerText,
lineNumber =
(transformation.Attributes["line"] == null)
? 0
: uint.Parse(transformation.Attributes["line"].Value),
file =
(transformation.Attributes["file"] == null)
? ""
: transformation.Attributes["file"].Value
};
switch (transformation.Name)
{
case "Origin":
o2Finding.o2Traces.Add(new O2Trace
{
clazz = "Origin",
traceType = TraceType.Source,
method = transformation["StatementMethod"].InnerText,
signature = transformation["StatementMethod"].InnerText,
context = o2Trace.context,
lineNumber = o2Trace.lineNumber,
file = o2Trace.file
});
o2Finding.o2Traces.Add(o2Trace);
break;
case "MethodBoundary":
case "CallResult":
o2Trace.clazz = transformation.Name;
o2Trace.method = transformation["Method"].InnerText;
o2Trace.signature = o2Trace.method;
if (o2Finding.o2Traces.Count > 0)
{
o2Finding.o2Traces[0].childTraces.Add(o2Trace);
o2Trace.traceType = o2Finding.o2Traces[0].childTraces.Count ==
(transformations.ChildNodes.Count - 1)
? TraceType.Known_Sink
: TraceType.Root_Call;
}
else
o2Finding.o2Traces.Add(o2Trace);
break;
default:
break;
}
}
// ReSharper restore PossibleNullReferenceException
}
public void insertNewO2Trace()
{
if (o2Finding.o2Traces.Count == 0)
o2Finding.o2Traces = new List<IO2Trace>().add(new O2Trace("new root trace"));
else if (tvSmartTrace.SelectedNode != null && tvSmartTrace.SelectedNode.Tag.GetType().Name == "O2Trace")
{
var newO2Trace = new O2Trace("insertedNewTrace");
if (tvSmartTrace.SelectedNode.Parent != null)
{
var parentNodeTrace = (IO2Trace)tvSmartTrace.SelectedNode.Parent.Tag;
var curentNodeTrace = (IO2Trace)tvSmartTrace.SelectedNode.Tag;
newO2Trace.childTraces.Add(curentNodeTrace);
parentNodeTrace.childTraces.Add(newO2Trace);
parentNodeTrace.childTraces.Remove(curentNodeTrace);
}
else
{
var curentNodeTrace = (IO2Trace)tvSmartTrace.SelectedNode.Tag;
newO2Trace.childTraces.Add(curentNodeTrace);
o2Finding.o2Traces.Remove(curentNodeTrace);
o2Finding.o2Traces.Add(newO2Trace);
}
//tvSmartTrace.SelectedNode.Tag = newO2Trace;
o2Trace = newO2Trace;
//currentO2Trace.childTraces.Add(((O2Trace)tvSmartTrace.SelectedNode.Tag));
//tvSmartTrace.SelectedNode.Tag = currentO2Trace;
//.childTraces.Add(currentO2Trace);
}
showO2TraceTree();
}
public static List<IO2Finding> joinTracesWhereSinkMatchesSource(List<IO2Finding> sinkFindings, List<IO2Finding> sourceFindings)
{
var results = new List<IO2Finding>();
foreach (var o2SinkFinding in sinkFindings)
foreach (var o2SourcesFinding in sourceFindings)
//if (o2SourcesFinding.vulnName.IndexOf(o2SinkFinding.vulnName) > -1)
if (o2SourcesFinding.vulnName==o2SinkFinding.vulnName)
{
var o2NewFinding = (O2Finding)OzasmtCopy.createCopy(o2SinkFinding);
results.Add(o2NewFinding);
var sink = o2NewFinding.getSink();
if (sink.notNull())
{
var joinPointTrace = new O2Trace(
string.Format("O2 Auto Join Point::: {0} -> {1}", o2SinkFinding.vulnName, o2SourcesFinding.vulnName));
sink.traceType = TraceType.Type_4;
joinPointTrace.traceType = TraceType.Type_4;
sink.childTraces.Add(joinPointTrace);
var jspSignature = o2SourcesFinding.o2Traces[0].signature;
var indexofJsp = jspSignature.IndexOf("._jsp");
if (indexofJsp > -1)
jspSignature = jspSignature.Substring(0, indexofJsp) + ".jsp";
jspSignature = jspSignature.Replace("jsp_servlet", "").Replace("_45_", @"-").Replace(".__", @"/").Replace("._", @"/");
var jspTrace = new O2Trace("JSP: " + jspSignature);
joinPointTrace.childTraces.Add(jspTrace);
jspTrace.childTraces.AddRange(o2SourcesFinding.o2Traces);
//log.info("we have a match: {0} -> {1}", o2SinkFinding.vulnName, o2SourcesFinding.vulnName);
}
}
return results;
}
/// <summary>
/// This will populate the parent finding with all traces from the provided ICirFunction
/// caution: use the createNewFindingOnExternalCall carefully since it can create a stupid amount of traces (and it is much slower)
/// </summary>
/// <param name="cirFunction"></param>
/// <param name="lineNumber"></param>
/// <param name="o2Traces"></param>
/// <param name="parentTraces"></param>
/// <param name="rootO2Finding"></param>
/// <param name="o2FindingsCreated"></param>
/// <param name="createNewFindingOnExternalCall"></param>
/// <param name="fileName"></param>
public static void createTracesAndFindingsFromCirFunction(ICirFunction cirFunction, string fileName, UInt32 lineNumber,List<IO2Trace> o2Traces, List<IO2Trace> parentTraces, IO2Finding rootO2Finding, List<IO2Finding> o2FindingsCreated, bool createNewFindingOnExternalCall)
{
int maxParentDepth = 10; //30; //10;
var maxNumberOfTraces = 20; //50; //300; //50
var filteredSignature = new FilteredSignature(cirFunction);
var functionSignature = filteredSignature.sSignature;
var o2Trace = new O2Trace(functionSignature, cirFunction.ClassNameFunctionNameAndParameters)
{
file = fileName,
lineNumber = lineNumber
};
// add file references
// handle the case where this is a recursive call or a call to a method already added in the current tree
var recursiveCall = false;
foreach(var o2ParentTrace in parentTraces)
if (o2ParentTrace.signature == functionSignature)
{
recursiveCall = true;
break;
}
parentTraces.Add(o2Trace);
// add this trace to the current trace tree (since we might need to create a copy of it below
o2Traces.Add(o2Trace);
if (recursiveCall)
{
var nodeText = String.Format("{0} : {1} : {2}", cirFunction, "....(Recursive Call so not expanding child traces", functionSignature);
o2Trace.childTraces.Add(new O2Trace(nodeText));
}
else
{
if (parentTraces.Count > maxParentDepth)
o2Trace.childTraces.Add(new O2Trace(" ... {Max trace depth reached} (" + maxParentDepth + ")"));
else
{
//
var numberOfTraces = OzasmtUtils.getAllTraces(rootO2Finding.o2Traces);
if (numberOfTraces.Count > maxNumberOfTraces)
{
o2Trace.childTraces.Add(new O2Trace("**** Max number of traces reached(" + maxNumberOfTraces + ") aborting trace execution"));
return;
}
if (cirFunction.FunctionsCalled.Count == 0) // means we don't have the code for this one, so
{
// let make it a lost sink
var originalTraceTypeValue = o2Trace.traceType; // we might need this below
o2Trace.traceType = TraceType.Lost_Sink;
if (createNewFindingOnExternalCall) // and if createNewFindingOnExternalCall add it as finding
{
// create a copy of the parent finding (which incudes the above trace
var newFinding = OzasmtCopy.createCopy(rootO2Finding);
// make the first call a source (so that we have a source-> pair
newFinding.o2Traces[0].traceType = TraceType.Source;
// add it
o2FindingsCreated.Add(newFinding);
// since the crawl will continue we must restore the originalTraceTypeValue
o2Trace.traceType = originalTraceTypeValue;
}
}
else
foreach (var functionCalled in cirFunction.FunctionsCalled)
createTracesAndFindingsFromCirFunction(functionCalled.cirFunction, functionCalled.fileName, (UInt32)functionCalled.lineNumber, o2Trace.childTraces, parentTraces, rootO2Finding, o2FindingsCreated, createNewFindingOnExternalCall);
}
}
// now remove the signature since we are only interrested in non repeats on the same parent
parentTraces.Remove(o2Trace);
}
public static void createJspELTraces(List<IO2Finding> o2Findings)
{
foreach (var o2Finding in o2Findings)
{
// root trace
var rootTrace = new O2Trace(getRootNodeStringValue(o2Finding.file));
var jspElValue = extractJspElValue(o2Finding.context);
// trace with JSP EL value
var jspElTrace = new O2Trace(jspElValue);
jspElTrace.traceType = TraceType.Source;
rootTrace.childTraces.Add(jspElTrace); // add jspElTrace as a child trace of rootTrace
//sink trace
var sinkTrace = new O2Trace(jspElValue); // also map this to the JSPEl value since that is the one we will want to filter by
sinkTrace.traceType = TraceType.Known_Sink;
jspElTrace.childTraces.Add(sinkTrace); // add sinkTrace as a child trace of jspElTrace
// add the vulnName (println in most cases) as an extrasink trace
var extraSinkTrace = new O2Trace(o2Finding.vulnName);
sinkTrace.childTraces.Add(extraSinkTrace); // add extraSinkTrace as a child trace of sinkTrace
// add root trace to finding's traces colection
o2Finding.o2Traces.Add(rootTrace);
// add source code mappings to all traces:
rootTrace.file = jspElTrace.file = sinkTrace.file = o2Finding.file;
rootTrace.lineNumber = jspElTrace.lineNumber = sinkTrace.lineNumber = o2Finding.lineNumber;
}
}
public static void addClassAttributesToFinding(XElement xClassElement, O2Finding o2Finding)
{
//var pathToSource = o2Finding.getPathToSource();
//var numberOfTraces = pathToSource.Count;
//if (pathToSource.Count >1)
//{
// var rootTrace = pathToSource[numberOfTraces-1];
var classAnnotations = from xelement in xClassElement.Elements("attribute").Elements("annotation") select xelement;
if (classAnnotations.Count() > 0)
{
var annotationsTrace = new O2Trace("Annotations for class: " + xClassElement.Attribute("name").Value);
o2Finding.o2Traces.Insert(0, annotationsTrace);
foreach (var annotation in classAnnotations)
annotationsTrace.childTraces.Add(new O2Trace(annotation.Attribute("toString").Value, TraceType.Type_4));
}
//}
}
public static List<IO2Finding> calculate_Url_to_EntryMethod_Mappings(string pathWithSourceFiles, string urlBase, string port, ProgressBar progressBar)
{
var o2Findings = new List<IO2Finding>();
var filesToAnalyze = pathWithSourceFiles.files("*.cs",true);
progressBar.maximum(filesToAnalyze.size());
foreach(var file in filesToAnalyze)
{
"Processing file:{0}".info(file);
var url = urlBase.format(port, file.replace(pathWithSourceFiles,"").replace(".ascx.cs",""));
foreach(var type in file.csharpAst().types(true))
foreach(var baseType in type.BaseTypes)
if (baseType.str() == "System.Web.UI.UserControl")
{
var astData = new O2MappedAstData();
astData.loadFile(file);
foreach(var iMethod in astData.iMethods())
{
var o2Finding = new O2Finding();
o2Finding.vulnName = url;
o2Finding.vulnType = "Web EntryPoint";
var source = new O2Trace(url);
var sink = new O2Trace(iMethod.fullName());
source.traceType = TraceType.Source;
sink.traceType = TraceType.Known_Sink;
source.childTraces.Add(sink);
o2Finding.o2Traces.Add(source);
o2Findings.Add(o2Finding);
}
}
progressBar.increment(1);
}
return o2Findings;
}
public static void createFindingsFromSpringMvcMappings(bool createFindingForUsesOfModelAttribute,
bool createFindingForUsesOfGetParameter,
ascx_FindingsViewer findingsViewer,
Dictionary<SpringMvcController, TreeNode> treeNodesForloadedSpringMvcControllers, ICirData cirData) //IEnumerable<SpringMvcController> springMvcControllers)
{
var findingsCreated = new List<IO2Finding>();
if (createFindingForUsesOfModelAttribute)
{
foreach (SpringMvcController springMvcController in treeNodesForloadedSpringMvcControllers.Keys)
{
var modelAttributeParameter = SpringMvcUtils.getMethodUsedInController(springMvcController, "ModelAttribute");
if (modelAttributeParameter != null)
{
var findingType = "SpringMvc.Use of ModelAttribute";
var findingText = string.Format("{0} {1} {2}", springMvcController.HttpRequestMethod,
springMvcController.HttpRequestUrl,
springMvcController.HttpMappingParameter);
var o2Finding = new O2Finding(findingText, findingType)
{
file = springMvcController.FileName,
lineNumber = springMvcController.LineNumber
};
var rootTrace = new O2Trace(findingType);
var sourceTrace = new O2Trace(springMvcController.HttpRequestUrl) { traceType = TraceType.Source };
var modelAttribute = new O2Trace("ModelAttribute Class: " + modelAttributeParameter.className);
var sinkTrace = new O2Trace(springMvcController.JavaClass) { traceType = TraceType.Known_Sink };
var postTrace = new O2Trace(springMvcController.JavaClassAndFunction);
rootTrace.childTraces.Add(sourceTrace);
sourceTrace.childTraces.Add(modelAttribute);
modelAttribute.childTraces.Add(sinkTrace);
sinkTrace.childTraces.Add(postTrace);
o2Finding.o2Traces.Add(rootTrace);
rootTrace.file = sourceTrace.file = sinkTrace.file = o2Finding.file;
rootTrace.lineNumber = sourceTrace.lineNumber = sinkTrace.lineNumber = o2Finding.lineNumber;
findingsCreated.Add(o2Finding);
//tvControllers.Nodes.Add(
// O2Forms.cloneTreeNode(treeNodesForloadedSpingMvcControllers[springMcvController]));
}
}
}
if (createFindingForUsesOfGetParameter)
{
try
{
var nodesWithGetParameter = getNodes_ThatUseGetParameter_RecursiveSearch(cirData, treeNodesForloadedSpringMvcControllers);
foreach (var treeNode in nodesWithGetParameter)
{
var springMvcController = (SpringMvcController)treeNode.Tag;
/*var o2Finding = new O2Finding(springMvcController.JavaFunction, "SpringMvc.Use of GetParameter")
{
file = springMvcController.FileName,
lineNumber = springMvcController.LineNumber
};
findingsCreated.Add(o2Finding);*/
var findingType = "SpringMvc.Use of GetParameter";
var findingText = string.Format("{0} {1} {2}", springMvcController.HttpRequestMethod,
springMvcController.HttpRequestUrl,
springMvcController.HttpMappingParameter);
var o2Finding = new O2Finding(findingText, findingType)
{
file = springMvcController.FileName,
lineNumber = springMvcController.LineNumber
};
var rootTrace = new O2Trace(findingType);
var sourceTrace = new O2Trace(springMvcController.HttpRequestUrl) { traceType = TraceType.Source };
var sinkTrace = new O2Trace(springMvcController.JavaClass) { traceType = TraceType.Known_Sink };
var postTrace = new O2Trace(springMvcController.JavaClassAndFunction);
rootTrace.childTraces.Add(sourceTrace);
sourceTrace.childTraces.Add(sinkTrace);
sinkTrace.childTraces.Add(postTrace);
o2Finding.o2Traces.Add(rootTrace);
rootTrace.file = sourceTrace.file = sinkTrace.file = o2Finding.file;
rootTrace.lineNumber = sourceTrace.lineNumber = sinkTrace.lineNumber = o2Finding.lineNumber;
findingsCreated.Add(o2Finding);
}
}
catch (Exception ex)
{
DI.log.ex(ex, "in createFindingForUsesOfGetParameter");
}
}
// findingsCreated.Add(o2Finding);
findingsViewer.clearO2Findings();
findingsViewer.loadO2Findings(findingsCreated);
}
public List<IO2Trace> addTraces(string prefixText, TraceType _traceType, params string[] traceSignatures)
{
var newTraces = new List<IO2Trace>();
foreach (var traceSignature in traceSignatures)
{
var newTrace = new O2Trace(prefixText + traceSignature);
newTrace.traceType = _traceType;
childTraces.Add(newTrace);
newTraces.Add(newTrace);
}
return newTraces;
}
private static void addTraceToO2Finding(string traces, IO2Finding o2Finding, AssessmentRun assessmentRun)
{
if (false == string.IsNullOrEmpty(traces))
{
var splittedTraces = traces.Split(',');
var traceStack = new Stack<List<IO2Trace>>(); // use to keep track of where we add the trace
traceStack.Push(o2Finding.o2Traces); // the first one is the main o2Findings.o2Traces
foreach(var traceItem in splittedTraces)
{
var splittedTrace = traceItem.Split('.'); // in this version the dots mean how many nodes we have to go up
int traceIndex;
if (Int32.TryParse(splittedTrace[0], out traceIndex))
{
AssessmentRunTaint taint = assessmentRun.TaintPool[traceIndex - 1];
AssessmentRunSite siteData = assessmentRun.SitePool[taint.site_id - 1];
var o2Trace = new O2Trace
{
caller = getStringIndexValue(siteData.caller, assessmentRun),
columnNumber = siteData.cn,
context = getStringIndexValue(siteData.cxt, assessmentRun),
file = getFileIndexValue(siteData.file_id, assessmentRun),
lineNumber = siteData.ln,
method = getStringIndexValue(siteData.method, assessmentRun),
ordinal = siteData.ord,
signature = getStringIndexValue(siteData.sig, assessmentRun),
argument = taint.arg,
direction = taint.dir,
traceType =((TraceType) Enum.Parse(typeof (TraceType), taint.trace_type.ToString()))
};
//o2Trace.clazz = getStringIndexValue(,assessmentRun); // check if siteData.caller is a good match for clazz
//o2Trace.taintPropagation = ;
//o2Trace.text = ;
traceStack.Peek().Add(o2Trace); // add the current trace as a child of the the item on the top of traceStack
traceStack.Push(o2Trace.childTraces); // and make the current trace the item on the top of traceStack (which will be changed if there were dots in the traceItem (handled below))
}
else
{
DI.log.error("in addTraceToO2Finding , could not parse into int {0} from {1}", splittedTrace[0], traceItem);
}
if (splittedTrace.Length > 1) // means there were dots in the traceitem
for (var i = 1; i < splittedTrace.Length; i++)
traceStack.Pop();
}
o2Finding.o2Traces[0].signature += traces;
}
}
public static IO2Trace add_Trace(this List<IO2Trace> iO2Traces, string text)
{
var newTrace = new O2Trace(text);
iO2Traces.Add(newTrace);
return newTrace;
}
public static void addMethodAttributesToFinding(XElement xMethodElement, O2Finding o2Finding)
{
var pathToSource = o2Finding.getPathToSource();
var numberOfTraces = pathToSource.Count;
if (pathToSource.Count > 1)
{
var rootTrace = pathToSource[numberOfTraces - 1];
// add annotations in Method's Parameters
var methodParametersAnnotations = from xelement in xMethodElement.Elements("methodParameterAnnotation") select xelement;
if (methodParametersAnnotations.Count() > 0)
{
var methodParametersAttributes = new O2Trace("Spring MVC - Method Parameters Attributes");
foreach (var annotation in methodParametersAnnotations)
{
if (annotation.Attribute("toString") == null)
methodParametersAttributes.childTraces.Add(new O2Trace("no attribute"));
else
{
//var annotationTrace1 = new O2Trace(annotation.Attribute("toString").Value, TraceType.Type_4);
var annotationTrace = new O2Trace(annotation.Attribute("typeName").Value, TraceType.Type_4);
foreach (var member in annotation.Elements("member"))
{
//annotationTrace.childTraces.Add(new O2Trace(annotation.Attribute("typeName").Value, TraceType.Type_6));
var memberTraceText = string.Format("{0}={1}", member.Attribute("memberName").Value, member.Attribute("memberValue").Value);
annotationTrace.childTraces.Add(new O2Trace(memberTraceText, TraceType.Type_6));
}
methodParametersAttributes.childTraces.Add(annotationTrace);
}
}
rootTrace.childTraces.Insert(0, methodParametersAttributes);
}
// add annotations in Method
var methodAnnotations = from xelement in xMethodElement.Elements("methodAttribute").Elements("methodAnnotation") select xelement;
if (methodAnnotations.Count() > 0)
{
var methodAttributes = new O2Trace("Spring MVC - Method Attributes");
foreach (var annotation in methodAnnotations)
{
var annotationTrace = new O2Trace(annotation.Attribute("typeName").Value, TraceType.Type_4);
foreach (var member in annotation.Elements("member"))
{
var memberTraceText = string.Format("{0}={1}", member.Attribute("memberName").Value, member.Attribute("memberValue").Value);
annotationTrace.childTraces.Add(new O2Trace(memberTraceText, TraceType.Type_6));
}
methodAttributes.childTraces.Insert(0, annotationTrace);
// handle special case of org.springframework.web.bind.annotation.RequestMapping (which we want to make the source)
if (annotation.Attribute("typeName").Value == "org.springframework.web.bind.annotation.RequestMapping")
{
//annotationTrace.traceType = TraceType.Source;
o2Finding.vulnType = "O2.SpringMvc.Controller";
o2Finding.vulnName = o2Finding.Sink;
}
}
rootTrace.childTraces.Insert(0, methodAttributes);
}
//else
// log.error("There are no method Attributes for method: " + xMethodElement.ToString());
}
}
private void addTrace(string filename, int line, string traceText)
{
if (traceText == null)
return;
var o2Trace = new O2Trace(traceText);
o2Trace.file = filename ?? "";
o2Trace.lineNumber = (uint)line;
if (true || currentO2Trace == null)
{
o2Trace.traceType = TraceType.Source;
currentDynamicO2Finding.o2Traces.Add(o2Trace);
currentO2Trace = o2Trace;
}
else
{
currentO2Trace.childTraces.Add(o2Trace);
currentO2Trace = o2Trace;
}
reloadTraceViewer();
}
