public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bDropDuplicateSmartTraces)
{
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria, fFinding,
bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
return(false);
}
public void addTreeNodeToComboxWithNodesToPlot(TreeNode tnTreeNodeToAdd,
AssessmentAssessmentFileFinding fFinding,
O2AssessmentData_OunceV6 fadAssessmentDataOunceV6)
{
try
{
if (false == cbGLEE_MultiNodes.Checked)
{
tvGLEE_NodesToGraph.Nodes.Clear();
}
foreach (TreeNode tnTreeNode in tvGLEE_NodesToGraph.Nodes)
{
if (tnTreeNode.Tag == tnTreeNodeToAdd.Tag)
{
DI.log.debug("Trace was already in list of nodes to graph");
return;
}
}
//lfFindingsToGraph.Add(fFinding);
tvGLEE_NodesToGraph.Nodes.Add((TreeNode)tnTreeNodeToAdd.Clone());
// loadSmartTraceGraphInGleeViewer(fadO2AssessmentData);
}
catch (Exception ex)
{
DI.log.ex(ex, "in addTreeNodeToComboxWithNodesToPlot");
}
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
TraceType.
Lost_Sink);
if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0
{
if (false == iLostSinksProcessed.Contains(iLostSinkId))
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
lfFindingsThatMatchCriteria.Add(fFinding);
iLostSinksProcessed.Add(iLostSinkId);
return(true);
}
}
}
return(false);
}
public static void addFindingAsGlueTrace(O2TraceBlock_OunceV6 otbO2TraceBlockOunceV6WithTracesToGlue,
AssessmentAssessmentFileFinding fFinding,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6, TreeView tvRawData,
bool bAddGluedTracesAsRealTraces)
{
String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink,
oadO2AssessmentDataOunceV6, true);
var otbO2TraceBlockWithTracesToReceiveTraces = (O2TraceBlock_OunceV6)tvRawData.Nodes[sUniqueSignature].Tag;
foreach (AssessmentAssessmentFileFinding fFindingToGlue in otbO2TraceBlockOunceV6WithTracesToGlue.dSinks.Keys)
{
if (false == otbO2TraceBlockWithTracesToReceiveTraces.dGluedSinks.ContainsKey(fFindingToGlue))
{
otbO2TraceBlockWithTracesToReceiveTraces.dGluedSinks.Add(fFindingToGlue,
otbO2TraceBlockOunceV6WithTracesToGlue.dSinks[
fFindingToGlue]);
}
if (bAddGluedTracesAsRealTraces) // so that the traces show in the Raw View list
{
if (false == otbO2TraceBlockWithTracesToReceiveTraces.dSinks.ContainsKey(fFindingToGlue))
{
otbO2TraceBlockWithTracesToReceiveTraces.dSinks.Add(fFindingToGlue,
otbO2TraceBlockOunceV6WithTracesToGlue.dSinks[
fFindingToGlue]);
}
}
}
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (fFinding.Trace != null)
{
int iLostSinkId = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnSigId(fFinding.Trace,
TraceType.
Lost_Sink);
if (iLostSinkId > 0) // need to figure out what happens when iLostSinkId =0
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bDropDuplicateSmartTraces)
{
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
fFinding, bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
}
return(false);
}
public static O2TraceBlock_OunceV6 getTraceBlockToGlueFinding(AssessmentAssessmentFileFinding fFinding,
TraceType ttTraceType,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6,
Dictionary <String, O2TraceBlock_OunceV6> dO2TraceBlock)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType);
if (ciCallInvocation == null)
{
return(null);
}
String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6);
String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6);
String sLineNumber = ciCallInvocation.line_number.ToString();
String sTraceRootText = OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].sig_id, oadO2AssessmentDataOunceV6);
String sUniqueName = String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber);
// need to find a better way to clue the final sinks since at the moment I am getting a couple sinks trown by the cases when a sink also become a source of tainted data
//String sUniqueName = String.Format("{0} {1} {2} {3}", sSourceSignature, sFile, sLineNumber, sTraceRootText);
if (false == dO2TraceBlock.ContainsKey(sUniqueName))
{
dO2TraceBlock.Add(sUniqueName, new O2TraceBlock_OunceV6());
dO2TraceBlock[sUniqueName].sSignature = sSourceSignature;
dO2TraceBlock[sUniqueName].sFile = sFile;
dO2TraceBlock[sUniqueName].sLineNumber = sLineNumber;
dO2TraceBlock[sUniqueName].sTraceRootText = sTraceRootText;
dO2TraceBlock[sUniqueName].sUniqueName = sUniqueName;
}
return(dO2TraceBlock[sUniqueName]);
}
public virtual bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
return(false);
}
public static String getSource(AssessmentAssessmentFileFinding fFinding, O2AssessmentData_OunceV6 oadF1AssessmentDataOunceV6)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace,
TraceType.Source);
if (ciCallInvocation != null)
{
return(OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadF1AssessmentDataOunceV6));
}
return("");
}
//public static createNewO2AssessmentDataAndFindingFrom
public static FindingViewItem createNewFindingViewItemFromFindingViewItem(
FindingViewItem fviFindingViewItemToDuplicate)
{
var nfviNewFindingViewItem = new NewFindingViewItem();
AssessmentAssessmentFileFinding fNewFinding =
nfviNewFindingViewItem.AddNewFindingFromExistingOne(fviFindingViewItemToDuplicate.fFinding,
fviFindingViewItemToDuplicate.oadO2AssessmentDataOunceV6);
nfviNewFindingViewItem.updateOadStringLists();
return(nfviNewFindingViewItem.getFindingViewItemForLastFindingAdded());
}
public static AssessmentAssessmentFileFinding createNewFindingFromExistingOne(
AssessmentAssessmentFileFinding fOriginalFinding, Dictionary <String, UInt32> dNewStringIndex,
Dictionary <String, UInt32> dNewFileIndex, O2AssessmentData_OunceV6 fadOriginalO2AssessmentDataOunceV6)
{
if (fOriginalFinding != null && fOriginalFinding.Trace != null)
{
var fFinding = new AssessmentAssessmentFileFinding();
fFinding.actionobject_id = fOriginalFinding.actionobject_id;
fFinding.caller_name = fOriginalFinding.caller_name;
//fFinding.caller_name_id = fOriginalFinding.caller_name_id;
fFinding.caller_name_id = (fOriginalFinding.caller_name_id == null)
? null
: updateNewAssessmentRunWithStringID(
UInt32.Parse(fOriginalFinding.caller_name_id), dNewStringIndex,
fadOriginalO2AssessmentDataOunceV6).ToString();
fFinding.confidence = fOriginalFinding.confidence;
fFinding.context = fOriginalFinding.context;
fFinding.exclude = fOriginalFinding.exclude;
fFinding.line_number = fOriginalFinding.line_number;
fFinding.ordinal = fOriginalFinding.ordinal;
fFinding.project_name = fOriginalFinding.project_name;
fFinding.property_ids = fOriginalFinding.property_ids;
fFinding.record_id = fOriginalFinding.record_id;
fFinding.severity = fOriginalFinding.severity;
fFinding.Text = fOriginalFinding.Text;
fFinding.vuln_name = fOriginalFinding.vuln_name;
fFinding.vuln_name_id = (fOriginalFinding.vuln_name_id == null)
? null
: updateNewAssessmentRunWithStringID(
UInt32.Parse(fOriginalFinding.vuln_name_id), dNewStringIndex,
fadOriginalO2AssessmentDataOunceV6).ToString();
fFinding.vuln_type = fOriginalFinding.vuln_type;
fFinding.vuln_type_id = (fOriginalFinding.vuln_type_id == null)
? null
: updateNewAssessmentRunWithStringID(
UInt32.Parse(fOriginalFinding.vuln_type_id), dNewStringIndex,
fadOriginalO2AssessmentDataOunceV6).ToString();
//fFinding.vuln_name = (fOriginalFinding.vuln_name != null) ? fOriginalFinding.vuln_name : Analysis.getStringIndexValue(UInt32.Parse(fOriginalFinding.vuln_name_id), fadOriginalO2AssessmentDataOunceV6);
//fFinding.vuln_type = (fOriginalFinding.vuln_type != null) ? fOriginalFinding.vuln_type : Analysis.getStringIndexValue(UInt32.Parse(fOriginalFinding.vuln_type_id), fadOriginalO2AssessmentDataOunceV6);
var lciNewCallInvocation = new List <CallInvocation>();
// fOriginalFinding.Trace = updateAssessmentRunWithTraceReferences_recursive(lciNewCallInvocation, fOriginalFinding.Trace, dNewStringIndex, dNewFileIndex, fadOriginalO2AssessmentDataOunceV6);
fFinding.Trace = updateAssessmentRunWithTraceReferences_recursive(lciNewCallInvocation,
fOriginalFinding.Trace,
dNewStringIndex, dNewFileIndex,
fadOriginalO2AssessmentDataOunceV6);
return(fFinding);
}
return(fOriginalFinding);
}
public bool filterDuplicateFindings(List <AssessmentAssessmentFile> lafFilteredAssessmentFiles,
List <AssessmentAssessmentFileFinding> lfFindingsThatMatchCriteria,
AssessmentAssessmentFileFinding fNewFinding,
bool bIgnoreRootCallInvocation)
{
// search the current temp list of Findings (for the current file
foreach (AssessmentAssessmentFileFinding fFinding in lfFindingsThatMatchCriteria)
{
if (fFinding.Trace != null && fFinding.Trace != null)
{
if (areCallInvoctionObjectsEqual(fFinding.Trace[0], fNewFinding.Trace[0],
bIgnoreRootCallInvocation))
{
// bIgnoreRootCallInvocation this will remove all SmartTraces where only the root item (at the top) is different
return(false); // we found an equal so return
}
}
}
// and if there are other AssessmentFiles already process it, also analyze them
if (lafFilteredAssessmentFiles != null && lafFilteredAssessmentFiles.Count > 0)
{
foreach (AssessmentAssessmentFile afAssessmentFile in lafFilteredAssessmentFiles)
{
foreach (AssessmentAssessmentFileFinding fFinding in afAssessmentFile.Finding)
{
if (fFinding.Trace != null && fFinding.Trace != null)
{
if (areCallInvoctionObjectsEqual(fFinding.Trace[0], fNewFinding.Trace[0],
bIgnoreRootCallInvocation))
{
// bIgnoreRootCallInvocation this will remove all SmartTraces where only the root item (at the top) is different
return(false);
}
}
}
}
// we found an equal so return
}
// if we make it this far, means that the current smart trace is unique
lfFindingsThatMatchCriteria.Add(fNewFinding); // only add the different ones*/
return(true);
}
public void applyFindingNameFormat(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding,
Analysis.FindingNameFormat ffnFindingNameFormat)
{
switch (ffnFindingNameFormat)
{
case Analysis.FindingNameFormat.FindingType: // do nothing in these cases
break;
case Analysis.FindingNameFormat.FindingType_Sink:
fFinding.vuln_type += " " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.FindingType_Source:
fFinding.vuln_type += " " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Sink:
fFinding.vuln_type = " " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Source:
fFinding.vuln_type = " " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Sink_Source:
fFinding.vuln_type = resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
" " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Source_Sink:
fFinding.vuln_type = resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
" " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
}
}
public AssessmentAssessmentFileFinding AddNewFindingFromExistingOne(
AssessmentAssessmentFileFinding fFinding, O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6)
{
AssessmentAssessmentFileFinding fNewFinding = createNewFindingFromExistingOne(fFinding, dNewStringIndex,
dNewFileIndex,
oadO2AssessmentDataOunceV6);
lfNewFindinds.Add(fNewFinding);
//AssessmentAssessmentFile fNewFile = AnalysisSearch.createNewAssessmentFileFromExistingOne(fviJoinAtSink.oadO2AssessmentDataOunceV6.dFindings[fviJoinAtSink.fFinding]);
AssessmentAssessmentFile fNewFile =
createNewAssessmentFileFromExistingOne(oadO2AssessmentDataOunceV6.dFindings[fFinding]);
fNewFile.Finding = new[] { fNewFinding };
oadNewO2AssessmentDataOunceV6.dFindings =
new Dictionary <AssessmentAssessmentFileFinding, AssessmentAssessmentFile>();
oadNewO2AssessmentDataOunceV6.dFindings.Add(fNewFinding, fNewFile);
fLastFindingAdded = fNewFinding;
return(fNewFinding);
}
public override bool applyFilterAndPopulateList(AssessmentRun arAssessmentRun,
AssessmentAssessmentFileFinding fFinding,
List <AssessmentAssessmentFileFinding>
lfFindingsThatMatchCriteria,
List <AssessmentAssessmentFile> lafFilteredAssessmentFiles)
{
if (sActionObjectIdToFind == fFinding.actionobject_id.ToString())
// and the actionObject matches the filter
{
if (false == bDropFindingsWithNoTraces)
{
lfFindingsThatMatchCriteria.Add(fFinding);
// always add to the list when bDropFindingsWithNoTraces is false
return(true);
}
else if (null != fFinding.Trace)
// when bDropFindingsWithNoTraces only add the ones with traces
{
if (bChangeFindingData) // if required changed the name of this finding
{
applyFindingNameFormat(arAssessmentRun, fFinding, ffnFindingNameFormat);
}
if (bFilterDuplicateFindings)
{
// and if bFilterDuplicateFindings is true, consolidate the Trace into similar ones
return(filterDuplicateFindings(lafFilteredAssessmentFiles, lfFindingsThatMatchCriteria,
fFinding, bIgnoreRootCallInvocation));
}
else
{
lfFindingsThatMatchCriteria.Add(fFinding);
return(true);
}
}
}
return(false);
}
public static String getUniqueSignature(AssessmentAssessmentFileFinding fFinding, TraceType ttTraceType,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6, bool bShowFullPathForFileName)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType);
if (ciCallInvocation == null)
{
return(null);
}
String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6);
String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6);
String sLineNumber = ciCallInvocation.line_number.ToString();
if (bShowFullPathForFileName)
{
return(String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber));
}
else
{
return(String.Format("{0} {1} {2}", sSourceSignature, Path.GetFileName(sFile), sLineNumber));
}
}
public static FindingViewItem connectTwoFindingNewItems(FindingViewItem fviJoinAtSink,
FindingViewItem fviJoinAtSource)
{
var nfviNewFindingViewItem = new NewFindingViewItem();
AssessmentAssessmentFileFinding fNewFinding =
nfviNewFindingViewItem.AddNewFindingFromExistingOne(fviJoinAtSink.fFinding,
fviJoinAtSink.oadO2AssessmentDataOunceV6);
if (false == nfviNewFindingViewItem.appendTrace_FindingSourceToFindingSink(fNewFinding, fviJoinAtSource))
{
/* DI.log.info("___ appendTrace_FindingSourceToFindingSink error, happened for Source: {0}", o2.analysis.Analysis.getSource(fNewFinding, fviJoinAtSink.oadO2AssessmentDataOunceV6));
* CallInvocation ciSink = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fNewFinding.Trace, Analysis.TraceType.Known_Sink);
* if (ciSink != null)
* DI.log.info("appendTrace_FindingSourceToFindingSink error, happened for Sink: {0}", Analysis.getStringIndexValue(ciSink.sig_id,fviJoinAtSink.oadO2AssessmentDataOunceV6));
* return null;*/
}
// oadNewO2AssessmentDataOunceV6.arAssessmentRun.Assessment = new AssessmentRunAssessment();
nfviNewFindingViewItem.updateOadStringLists();
return(nfviNewFindingViewItem.getFindingViewItemForLastFindingAdded());
}
//public void addNodeToGraph(TreeNode tnNodeToAdd)
public void addNodeToGraph(TreeNode tnNodeToAdd, AssessmentAssessmentFileFinding fFinding)
{
//lfFindingsToGraph.Add(fFinding);
tvGLEE_NodesToGraph.Nodes.Add(tnNodeToAdd);
}
public static void showFindingDetailsInDataGridView(DataGridView dgvDataGridView,
AssessmentAssessmentFileFinding fSelectedFinding,
O2AssessmentData_OunceV6 oadAssessmentDataOunceV6)
{
try
{
dgvDataGridView.Columns.Clear();
O2Forms.addToDataGridView_Column(dgvDataGridView, "Name", 90);
O2Forms.addToDataGridView_Column(dgvDataGridView, "Value", -1);
dgvDataGridView.Rows.Add("vuln Name",
fSelectedFinding.vuln_name ??
OzasmtUtils_OunceV6.getStringIndexValue(UInt32.Parse(fSelectedFinding.vuln_name_id),
oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("Vuln Type",
fSelectedFinding.vuln_type ??
OzasmtUtils_OunceV6.getStringIndexValue(UInt32.Parse(fSelectedFinding.vuln_type_id),
oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("Caller Name",
fSelectedFinding.caller_name ?? ((fSelectedFinding.caller_name_id != null)
? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(fSelectedFinding.caller_name_id),
oadAssessmentDataOunceV6)
: ""));
dgvDataGridView.Rows.Add("Context",
fSelectedFinding.context ?? ((fSelectedFinding.cxt_id != null)
? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(fSelectedFinding.cxt_id), oadAssessmentDataOunceV6)
: ""));
dgvDataGridView.Rows.Add("Severity", fSelectedFinding.severity.ToString());
dgvDataGridView.Rows.Add("Confidence", fSelectedFinding.confidence.ToString());
dgvDataGridView.Rows.Add("Action Object Id", fSelectedFinding.actionobject_id.ToString());
dgvDataGridView.Rows.Add("Project",
(fSelectedFinding.project_name != null)
? fSelectedFinding.project_name
: (fSelectedFinding.project_name_id != null)
? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(fSelectedFinding.project_name_id),
oadAssessmentDataOunceV6)
: "");
dgvDataGridView.Rows.Add("Column Number", fSelectedFinding.column_number.ToString());
dgvDataGridView.Rows.Add("Line Number", fSelectedFinding.line_number.ToString());
dgvDataGridView.Rows.Add("Ordinal", fSelectedFinding.ordinal.ToString());
dgvDataGridView.Rows.Add("Exclude", fSelectedFinding.exclude.ToString());
dgvDataGridView.Rows.Add("Property IDs", fSelectedFinding.property_ids);
dgvDataGridView.Rows.Add("Record ID", fSelectedFinding.record_id.ToString());
if (fSelectedFinding.Text != null)
{
var sbText = new StringBuilder();
foreach (String sLine in fSelectedFinding.Text)
{
sbText.AppendLine(sLine);
}
dgvDataGridView.Rows.Add("Text", sbText.ToString());
}
if (fSelectedFinding.Trace != null)
{
dgvDataGridView.Rows.Add("Trace", "Yes");
}
else
{
dgvDataGridView.Rows.Add("Trace", "No");
}
// dgvFindingData.Rows.Add("Action Object", Lddb.getActionObjectName(fSelectedFinding.actionobject_id.ToString()));
}
catch (Exception ex)
{
DI.log.error("in showFindingDetailsInDataGridView :{0}", ex.Message);
}
}
public static void createAssessmentFileWithVirtualTraces_fromTwoSourceAssessmentFiles(String sAssessmentFile1,
String sAssessmentFile2,
String sTargetFile)
{
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile1 = null;
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile2 = null;
// get list of traces with
List <AssessmentAssessmentFileFinding> lfFindingsWithTraces_sAssessmentFile2 =
AnalysisUtils.getListOfAllFindingsWithTraces(sAssessmentFile2, ref fadF1AssessmentData_sAssessmentFile2);
// calculate traces to join
var dTracesToAppend = new Dictionary <String, List <CallInvocation> >();
foreach (AssessmentAssessmentFileFinding fFinding in lfFindingsWithTraces_sAssessmentFile2)
{
if (fFinding.Trace != null && fFinding.Trace[0] != null && fFinding.Trace[0].CallInvocation1 != null &&
fFinding.Trace[0].CallInvocation1.Length > 1)
{
if (
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[0].sig_id,
fadF1AssessmentData_sAssessmentFile2).IndexOf(
sExternalSourceString) > -1)
{
String sSignatureOfCallbackFunction =
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[1].sig_id,
fadF1AssessmentData_sAssessmentFile2);
if (false == dTracesToAppend.ContainsKey(sSignatureOfCallbackFunction))
{
dTracesToAppend.Add(sSignatureOfCallbackFunction, new List <CallInvocation>());
}
dTracesToAppend[sSignatureOfCallbackFunction].Add(fFinding.Trace[0].CallInvocation1[1]);
}
}
}
// get sinks to append traces
List <String> lsSinks_sAssessmentFile1 = AnalysisAssessmentFile.getListOf_KnownSinks(sAssessmentFile1, ref fadF1AssessmentData_sAssessmentFile1);
Analysis.populateDictionariesWithXrefsToLoadedAssessment(Analysis.FindingFilter.SmartTraces, true, true,
fadF1AssessmentData_sAssessmentFile1);
var dNewStringIndex = new Dictionary <String, UInt32>();
foreach (
AssessmentRunStringIndex siStringIndex in
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces)
{
dNewStringIndex.Add(siStringIndex.value, siStringIndex.id);
}
var dNewFileIndex = new Dictionary <String, UInt32>();
foreach (AssessmentRunFileIndex siStringIndex in fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces)
{
dNewFileIndex.Add(siStringIndex.value, siStringIndex.id);
}
TraceType tTraceType = TraceType.Known_Sink;
foreach (String sSink in lsSinks_sAssessmentFile1)
{
if (dTracesToAppend.ContainsKey(sSink))
{
List <AssessmentAssessmentFileFinding> lfFindingsWithSink =
AnalysisUtils.getListOfFindingsWithTraceAndSignature(sSink, tTraceType,
fadF1AssessmentData_sAssessmentFile1);
foreach (AssessmentAssessmentFileFinding fFindingToJoin in lfFindingsWithSink)
{
var lfNewFindinds = new List <AssessmentAssessmentFileFinding>();
foreach (CallInvocation ciCallInvocationToAppend in dTracesToAppend[sSink])
{
// append trace
AssessmentAssessmentFileFinding fNewFinding = createNewFindingFromExistingOne(
fFindingToJoin, dNewStringIndex, dNewFileIndex, fadF1AssessmentData_sAssessmentFile1);
CallInvocation ciSinkNode =
AnalysisSearch.findTraceTypeAndSignatureInSmartTrace_Recursive_returnCallInvocation(
fNewFinding.Trace, tTraceType, sSink, fadF1AssessmentData_sAssessmentFile1);
ciSinkNode.trace_type = (int)TraceType.Source;
var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function
ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive(
lciTempNewCallInvocation,
//new CallInvocation[] { ciCallInvocationToAppend },
ciCallInvocationToAppend.CallInvocation1,
dNewStringIndex,
dNewFileIndex,
fadF1AssessmentData_sAssessmentFile2);
lfNewFindinds.Add(fNewFinding);
}
AssessmentAssessmentFile fFile = fadF1AssessmentData_sAssessmentFile1.dFindings[fFindingToJoin];
var lfFindingsInCurrentFile = new List <AssessmentAssessmentFileFinding>(fFile.Finding);
lfFindingsInCurrentFile.Remove(fFindingToJoin);
lfFindingsInCurrentFile.AddRange(lfNewFindinds);
fFile.Finding = lfFindingsInCurrentFile.ToArray();
}
}
}
// update indexes
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces =
OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces =
OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);
//String sTargetFile = config.getTempFileNameInF1TempDirectory();
OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun, sTargetFile);
DI.log.debug("Joined assesment saved to:{0}", sTargetFile);
}
public bool appendTrace_FindingSourceToFindingSink(AssessmentAssessmentFileFinding fJoinAtSink,
FindingViewItem fviJoinAtSource)
{
//Get the Sink of the first trace
CallInvocation ciSinkNode =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fJoinAtSink.Trace,
TraceType.Known_Sink);
if (ciSinkNode == null)
{
// DI.log.error("in appendTrace_FindingSourceToFindingSink, could not find the Sink of fviJoinAtSink");
return(false);
}
// get the source of the 2nd trace
// There are 3 possible Gluing Scenarios
// a source that has child nodes (when it is a callback)
// a source trace that has a compatible signature with the sink trace (when it was creted via a source of tainded data rule). For this one we will have to find the correct injection point
// a source trace that has nothing do with the source (interfaces gluing for example) and we have the same two cases above
// the strategy to find a gluing point (on the fviJoinAtSource is to find the first trace that has a sink
// try to get case 1 see if the current source has child nodes
CallInvocation ciSourceNode =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(
fviJoinAtSource.fFinding.Trace, TraceType.Source);
if (ciSourceNode == null)
{
DI.log.error(
"in appendTrace_FindingSourceToFindingSink, could not find the Source of fviJoinAtSource");
return(false);
}
if (ciSourceNode.CallInvocation1 == null) // means we are case 2 or 3
{
CallInvocation ciSourceNodeWithSink =
AnalysisSearch.fromSourceFindFirstTraceWithAChildSink(fviJoinAtSource.fFinding,
fviJoinAtSource.oadO2AssessmentDataOunceV6);
if (ciSourceNodeWithSink != null)
{
// if we found this it means that we are now on Trace that the first child node goes to the source and the 2nd goes to the Sink
ciSourceNode = ciSourceNodeWithSink.CallInvocation1[1];
}
}
// make the previous Sink that Type 4 that doesn't seem to be used (could make it sources but it is cleaner with using this extra trace type for the joins
ciSinkNode.trace_type = (int)TraceType.Type_4;
CallInvocation[] aciCallInvocation;
if (AnalysisUtils.getSink(fJoinAtSink, oadNewO2AssessmentDataOunceV6) ==
AnalysisUtils.getSource(fviJoinAtSource.fFinding, fviJoinAtSource.oadO2AssessmentDataOunceV6))
{
aciCallInvocation = ciSourceNode.CallInvocation1;
}
else
{
aciCallInvocation = new[] { ciSourceNode }
};
var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function
ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive(
lciTempNewCallInvocation,
aciCallInvocation,
dNewStringIndex,
dNewFileIndex,
fviJoinAtSource.oadO2AssessmentDataOunceV6);
return(true);
}
