public void findParameterStaticValueInMethodX()
{
var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile_BigOne);
var result = AspNetAnalysis.findParameterStaticValueInMethodX(cirData);
var createdAssessment = new O2Assessment();
createdAssessment.o2Findings = result;
createdAssessment.save(new O2AssessmentSave_OunceV6(), clickButtonMappingOzasmt);
Assert.IsNotNull(result, "Result was null");
}
public void loadOunceOzasmtFile(string fileToLoad)
{
var o2AssessmentOunceScan = new O2Assessment(new O2AssessmentLoad_OunceV6(), fileToLoad);
o2AssessmentOunceScan.o2Findings = AspNetAnalysis.findWebControlSources(o2AssessmentOunceScan.o2Findings);
if (o2AssessmentOunceScan.o2Findings.Count > 0)
{
fidingsViewer_OunceOzasmt.loadO2Assessment(o2AssessmentOunceScan);
}
glueTrace();
}
public void findWebControlSources()
{
Assert.IsTrue(File.Exists(ozasmtHacmeBankScanWithDefaultRules),
"ozasmtHacmeBankScanWithDefaultRules could not be found");
var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtHacmeBankScanWithDefaultRules);
o2Assessment.o2Findings = AspNetAnalysis.findWebControlSources(o2Assessment.o2Findings);
Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "There were no Findings calculated");
o2Assessment.save(new O2AssessmentSave_OunceV6(), ozasmtWithHacmeBankWebControlMappings);
}
public void mapTextBoxWebControlsAsSinks()
{
Assert.IsTrue(File.Exists(resultsFilefor_clickButtonSource_SystemDataSink), "resultsFilefor_clickButtonSource_SystemDataSink doesn't exist");
var findingsToProcess = new O2Assessment(new O2AssessmentLoad_OunceV6(), resultsFilefor_clickButtonSource_SystemDataSink).o2Findings;
var results = AspNetAnalysis.mapTextBoxWebControlsAsSinks(findingsToProcess);
Assert.IsTrue(results.Count > 0, "no findings calculated");
var assessmentWithResults = new O2Assessment {
o2Findings = results
};
assessmentWithResults.save(new O2AssessmentSave_OunceV6(), resultsFilefor_clickButtonSource_SystemDataSink_withTexBoxMapping);
}
public void mapWebInspectMappingsToOzamstFindings()
{
// process Ounce Assessment file
string workOzasmtFile = ozasmtHacmeBankScanWithDefaultRules;
Assert.IsTrue(File.Exists(workOzasmtFile), "ozasmtHacmeBankScanWithDefaultRules could not be found");
var o2AssessmentOunceScan = new O2Assessment(new O2AssessmentLoad_OunceV6(), workOzasmtFile);
o2AssessmentOunceScan.o2Findings = AspNetAnalysis.findWebControlSources(o2AssessmentOunceScan.o2Findings);
Assert.IsTrue(o2AssessmentOunceScan.o2Findings.Count > 0, "There were no Findings calculated");
o2AssessmentOunceScan.save(new O2AssessmentSave_OunceV6(), ozasmtWithHacmeBankWebControlMappings);
// process WebInspect file
string workWebInspectFile = webInspectFileWithResults;
Assert.IsTrue(File.Exists(workWebInspectFile), "webInspectFileWithResults does not exist");
var o2AssessmentWebInspectScan = new O2Assessment()
{
o2Findings =
WebInspectConverter.
loadWebInspectResultsAndReturnO2FindingsFor_SqlInjection_PoC2(
workWebInspectFile)
};
Assert.IsTrue(o2AssessmentWebInspectScan.o2Findings.Count > 0, "No O2 findings created");
o2AssessmentWebInspectScan.save(new O2AssessmentSave_OunceV6(), ozasmtFileWebInspectMappings);
var o2AssessmentGluedOnTraceName = new O2Assessment()
{
o2Findings =
OzasmtGlue.glueOnTraceNames(new O2AssessmentLoad_OunceV6(), ozasmtFileWebInspectMappings,
ozasmtWithHacmeBankWebControlMappings,
"Spring MVC Glue")
};
Assert.IsTrue(o2AssessmentGluedOnTraceName.o2Findings.Count > 0, "No Glued Findings created");
o2AssessmentGluedOnTraceName.save(new O2AssessmentSave_OunceV6(), ozasmtWithWebInspectToOunceMappings);
Analysis.createAssessmentFileWithAllTraces(true, false, ozasmtWithWebInspectToOunceMappings,
// ozasmtWithWebInspectToOunceMappings);
ozasmtWithWebInspectToOunceMappings_UniqueTraces);
//
}
private void dropObject_OunceOzasmt_eDnDAction_ObjectDataReceived_Event(object oObject)
{
if (File.Exists(oObject.ToString()))
{
var o2AssessmentOunceScan = new O2Assessment(new O2AssessmentLoad_OunceV6(), oObject.ToString());
o2AssessmentOunceScan.o2Findings = AspNetAnalysis.findWebControlSources(o2AssessmentOunceScan.o2Findings);
O2DockPanel.addAscxControlToO2GuiWithDockPanel(typeof(ascx_FindingsViewer),
true,
PoC.dockContentTitle_FindingsViewer);
var findingsViewer = (ascx_FindingsViewer)O2AscxGUI.getAscx(PoC.dockContentTitle_FindingsViewer);
findingsViewer.loadO2Assessment(o2AssessmentOunceScan);
findingsViewer.setFilter1Value("vulnName");
findingsViewer.setFilter2Value("(no Filter)");
}
}
