public List <IO2Rule> getRules_VulnType(string vulnTypeInMySql, string addAsRuleOfType, string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSinks =
"select rec.signature as recSignature, " +
"actionobjects.severity, actionobjects.vuln_type " +
"from actionobjects , rec " +
"where actionobjects.vuln_id = rec.vuln_id and actionobjects.signature ='" + vulnTypeInMySql + "' and " +
"actionobjects.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
var recSignature = dataRow["recSignature"].ToString();
var severity = dataRow["severity"].ToString();
var vulnType = addAsRuleOfType + "." + dataRow["vuln_type"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Sink,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_PropagateTaint(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sql = "select rec.signature, taint_info.from_args, taint_info.to_args, taint_info.return " +
"from rec,taint_info where taint_info.vuln_id = rec.vuln_id and propagates=1 and " +
"rec.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
var recSignature = dataRow["signature"].ToString();
var fromArgs = dataRow["from_Args"].ToString();
var toArgs = dataRow["to_Args"].ToString();
var _return = dataRow["return"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.PropageTaint,
Signature = recSignature,
Return = _return,
FromArgs = fromArgs,
ToArgs = toArgs
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_DontPropagateTaint(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sql = "select rec.signature from rec,taint_info " +
"where taint_info.vuln_id = rec.vuln_id and propagates=0 and " +
"rec.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
var severity = "";
var vulnType = "";
var recSignature = dataRow["signature"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.DontPropagateTaint,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_Callbacks(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSinks =
"select rec.signature as recSignature from rec " +
"where rec.callback = 1 and " +
"rec.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
//var severity = dataRow["severity"].ToString();
//var vulnType = dataRow["vuln_type"].ToString();
var recSignature = dataRow["recSignature"].ToString();
//var param = dataRow["param"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Callback,
// Severity = severity,
// VulnType = vulnType,
Signature = recSignature
//Param = param
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_Sinks(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSinks =
"select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " +
"actionobjects.severity, actionobjects.vuln_type, sink_info.param " +
"from sink_info , actionobjects , rec " +
"where sink_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " +
"actionobjects.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks);
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
var severity = dataRow["severity"].ToString();
var vulnType = dataRow["vuln_type"].ToString();
var recSignature = dataRow["recSignature"].ToString();
var param = dataRow["param"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Sink,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
Param = param
});
}
mySqlDataReader.Close();
return(o2Rules);
}
public List <IO2Rule> getRules_Sources(string ruleDbId)
{
var o2Rules = new List <IO2Rule>();
var sqlForSource =
"select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " +
"actionobjects.severity, actionobjects.vuln_type, source_info.param, source_info.return " +
"from source_info , actionobjects , rec " +
"where source_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " +
"actionobjects.db_id=" + ruleDbId;
var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSource);
if (mySqlDataReader == null)
{
DI.log.error("in getRules_Sources, mySqlDataReader was null");
return(o2Rules);
}
foreach (DbDataRecord dataRow in mySqlDataReader)
{
//var vulnID = dataRow["vuln_id"].ToString();
var severity = dataRow["severity"].ToString();
var vulnType = dataRow["vuln_type"].ToString();
var recSignature = dataRow["recSignature"].ToString();
var param = dataRow["param"].ToString();
var _return = dataRow["return"].ToString();
o2Rules.Add(new O2Rule
{
DbId = ruleDbId,
RuleType = O2RuleType.Source,
Severity = severity,
VulnType = vulnType,
Signature = recSignature,
Param = param,
Return = _return
});
}
mySqlDataReader.Close();
return(o2Rules);
}
