//Module quet LOG
private static List <ItemObject> scanLogging(string fileName, List <ItemObject> listResult)
{
if (listResult == null || listResult.Count == 0)
{
listResult = new List <ItemObject>();
}
string code = readFile2(fileName);
CSharpLexer lexer = new CSharpLexer(new AntlrInputStream(code));
lexer.RemoveErrorListeners();
CommonTokenStream tokens = new CommonTokenStream(lexer);
CSharpParser parser = new CSharpParser(tokens);
IParseTree tree = parser.compilation_unit();
ParseTreeWalker walker = new ParseTreeWalker();
FindLoggingInMethod uploadListener = new FindLoggingInMethod(parser);
walker.Walk(uploadListener, tree);
if (uploadListener.listMethod != null)
{
foreach (var item in uploadListener.listMethod)
{
ItemObject obj = new ItemObject(item.BaselineItem, item.methodName, null, fileName, item.startLine, "FAIL");
listResult.Add(obj);
}
}
return(listResult);
}
//Module quet SQL
private static List <ItemObject> scanSQL(string fileName, List <ItemObject> listResult)
{
if (listResult == null || listResult.Count == 0)
{
listResult = new List <ItemObject>();
}
string code = readFile2(fileName);
CSharpLexer lexer = new CSharpLexer(new AntlrInputStream(code));
lexer.RemoveErrorListeners();
CommonTokenStream tokens = new CommonTokenStream(lexer);
CSharpParser parser = new CSharpParser(tokens);
IParseTree tree = parser.compilation_unit();
ParseTreeWalker walker = new ParseTreeWalker();
ExtractClassParser listener = new ExtractClassParser(parser);
//FindGlobalVariable listener = new FindGlobalVariable(parser);
walker.Walk(listener, tree);
//}
//Main tracer
//sql
if (listener.listMethodContext != null)
{
//Console.WriteLine(filename);
List <MethodContext> listMethod = listener.getListMethod();
foreach (var method in listMethod)
{
ParseTreeWalker methodWalker = new ParseTreeWalker();
FindQueryInMethod queryListener = new FindQueryInMethod(parser, method.lineList);
methodWalker.Walk(queryListener, method.context);
FindLineOfExpression lineListener = new FindLineOfExpression(parser, method.context, queryListener.listExpressLine, queryListener.commandVar, queryListener.queryVar);
methodWalker.Walk(lineListener, method.context);
method.lineList = lineListener.listExpressLine;
FindUsedMethodInClass methodListener = new FindUsedMethodInClass(parser, method);
methodWalker.Walk(methodListener, method.context);
if (methodListener.listResult != null)
{
foreach (var item in methodListener.listResult)
{
ItemObject obj = new ItemObject(item.BaselineItem, item.methodName, item.listExp, fileName, item.startLine, "FAIL");
listResult.Add(obj);
}
}
}
}
return(listResult);
}
//Module quet XXE
private static List <ItemObject> scanXXE(string fileName, List <ItemObject> listResult)
{
if (listResult == null || listResult.Count == 0)
{
listResult = new List <ItemObject>();
}
string code = readFile2(fileName);
CSharpLexer lexer = new CSharpLexer(new AntlrInputStream(code));
lexer.RemoveErrorListeners();
CommonTokenStream tokens = new CommonTokenStream(lexer);
CSharpParser parser = new CSharpParser(tokens);
IParseTree tree = parser.compilation_unit();
ParseTreeWalker walker = new ParseTreeWalker();
ExtractClassParser listener = new ExtractClassParser(parser);
//FindGlobalVariable listener = new FindGlobalVariable(parser);
walker.Walk(listener, tree);
if (listener.listXMLContext != null)
{
List <ParserRuleContext> listMethod = listener.listXMLContext;
foreach (var method in listMethod)
{
ParseTreeWalker methodWalker = new ParseTreeWalker();
FindXXEInMethod methodListener = new FindXXEInMethod(parser);
methodWalker.Walk(methodListener, method);
if (methodListener.isVuln)
{
ItemObject obj = new ItemObject(methodListener.tmpMethod.BaselineItem, methodListener.tmpMethod.methodName, null, fileName, methodListener.tmpMethod.startLine, "FAIL");
listResult.Add(obj);
}
}
}
return(listResult);
}