public List <IO2Rule> getRules_VulnType(string vulnTypeInMySql, string addAsRuleOfType, string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSinks =
"select rec.signature as recSignature, " +
"actionobjects.severity, actionobjects.vuln_type " +
"from actionobjects , rec " +
"where actionobjects.vuln_id = rec.vuln_id and actionobjects.signature ='" + vulnTypeInMySql + "' and " +
"actionobjects.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
var recSignature = dataRow["recSignature"].ToString();
var severity = dataRow["severity"].ToString();
var vulnType = addAsRuleOfType + "." + dataRow["vuln_type"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Sink,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_DontPropagateTaint(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sql = "select rec.signature from rec,taint_info " +
"where taint_info.vuln_id = rec.vuln_id and propagates=0 and " +
"rec.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
var severity = "";
var vulnType = "";
var recSignature = dataRow["signature"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.DontPropagateTaint,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_PropagateTaint(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sql = "select rec.signature, taint_info.from_args, taint_info.to_args, taint_info.return " +
"from rec,taint_info where taint_info.vuln_id = rec.vuln_id and propagates=1 and " +
"rec.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
var recSignature = dataRow["signature"].ToString();
var fromArgs = dataRow["from_Args"].ToString();
var toArgs = dataRow["to_Args"].ToString();
var _return = dataRow["return"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.PropageTaint,
Signature = recSignature,
Return = _return,
FromArgs = fromArgs,
ToArgs = toArgs
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_Callbacks(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSinks =
"select rec.signature as recSignature from rec " +
"where rec.callback = 1 and " +
"rec.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
//var severity = dataRow["severity"].ToString();
//var vulnType = dataRow["vuln_type"].ToString();
var recSignature = dataRow["recSignature"].ToString();
//var param = dataRow["param"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Callback,
// Severity = severity,
// VulnType = vulnType,
Signature = recSignature
//Param = param
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_Sinks(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSinks =
"select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " +
"actionobjects.severity, actionobjects.vuln_type, sink_info.param " +
"from sink_info , actionobjects , rec " +
"where sink_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " +
"actionobjects.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
var severity = dataRow["severity"].ToString();
var vulnType = dataRow["vuln_type"].ToString();
var recSignature = dataRow["recSignature"].ToString();
var param = dataRow["param"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Sink,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
Param = param
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public static String getProjectFilePath(String sProjectName)
{
//o2.datalayer.mysql.OunceMySql.
DataTable dtResults =
OunceMySql.getDataTableFromSqlQuery(getSqlQueryForRetrivingProjectFilePath(sProjectName), false);
if (dtResults.Rows.Count == 1)
{
var sProjectFile = (String)dtResults.Rows[0].ItemArray[0];
return(Path.GetDirectoryName(sProjectFile));
}
return("");
}
public static String[] getApplications()
{
String sSql = "SELECT File_Path FROM prexis.application";
DataTable dtResult = OunceMySql.getDataTableFromSqlQuery(sSql, false);
if (dtResult != null)
{
var lsApplications = new List <string>();
foreach (DataRow drRow in dtResult.Rows)
{
lsApplications.Add(drRow["File_Path"].ToString());
}
return(lsApplications.ToArray());
}
return(new String[] {});
}
// ounce 6.0 dependent
public List <Rules> getListOfCustomRules(bool bMapActionObjects)
{
var sSqlForRule = "Select * from rec WHERE (rec.added=true OR rec.modified=true)";
//DataTable dtResults_forRule = o2.ounce.datalayer.mysql.OunceMySql.getDataTableFromSqlQuery(sSqlForRule);
var lrCustomRules = new List <Rules>();
OunceMySql.populateListWithDataTable(sSqlForRule, lrCustomRules);
foreach (Rules rRule in lrCustomRules)
{
rRule.lActionObjects = new List <ActionObject>();
if (bMapActionObjects)
{
String sSqlForActionObject =
String.Format("Select * from actionobjects WHERE actionobjects.vuln_id = {0}", rRule.vuln_id);
OunceMySql.populateListWithDataTable(sSqlForActionObject, rRule.lActionObjects);
}
}
return(lrCustomRules);
}
public List <IO2Rule> getRules_Sources(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSource =
"select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " +
"actionobjects.severity, actionobjects.vuln_type, source_info.param, source_info.return " +
"from source_info , actionobjects , rec " +
"where source_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " +
"actionobjects.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSource);
if (mySqlDataReader == null)
{
DI.log.error("in getRules_Sources, mySqlDataReader was null");
return(o2Rules);
}
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
var severity = dataRow["severity"].ToString();
var vulnType = dataRow["vuln_type"].ToString();
var recSignature = dataRow["recSignature"].ToString();
var param = dataRow["param"].ToString();
var _return = dataRow["return"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Source,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
Param = param,
Return = _return
});
}
mySqlDataReader.Close();
return(o2Rules);
}
