public void AddVulnerability(IVulnerabilityInfo vulnerabilityInfo) { if (!DetectedVulns.Contains(vulnerabilityInfo.Message)) { DetectedVulns.Add(vulnerabilityInfo.Message); reporter.ReportVulnerability(vulnerabilityInfo); } }
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo) { foreach (var vulnerabilityReporter in _reporters) { vulnerabilityReporter.ReportVulnerability(vulnerabilityInfo); } NumberOfReportedVulnerabilities++; }
public void ReportStoredVulnerability(IVulnerabilityInfo[] vulnerabilityPathInfos) { foreach (var vulnerabilityReporter in _reporters) { vulnerabilityReporter.ReportStoredVulnerability(vulnerabilityPathInfos); } NumberOfReportedVulnerabilities++; }
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo) { WriteBeginVulnerability(); WriteInfoLine("Message: " + vulnerabilityInfo.Message); WriteInfoLine("Include stack: " + String.Join(_stackSeperator, vulnerabilityInfo.IncludeStack)); WriteInfo("Call stack: " + String.Join(_stackSeperator, vulnerabilityInfo.CallStack.Select(c => c.Name))); WriteFilePath(vulnerabilityInfo); WriteEndVulnerability(); dbFileWriter.WriteVulnerability(vulnerabilityInfo); }
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo) { WriteBeginVulnerability(); WriteInfoLine("Message: " + vulnerabilityInfo.Message); WriteInfoLine("Include stack: " + String.Join(_stackSeperator, vulnerabilityInfo.IncludeStack.Select(f => f.FullPath))); WriteInfo("Call stack: " + String.Join(_stackSeperator, vulnerabilityInfo.CallStack.Select(c => c.Name))); WriteFilePath(vulnerabilityInfo); WriteEndVulnerability(); _dbFileWriter.WriteVulnerability(vulnerabilityInfo); }
public void WriteVulnerability(IVulnerabilityInfo vuln) { string vulnType = GetVulnType(vuln.Message); WriteInfo(vulnType + ";"); WriteInfoLine("Message: " + vuln.Message); WriteInfoLine("Include stack:" + String.Join(_stackSeperator, vuln.IncludeStack)); WriteInfo("Call stack: " + String.Join(_stackSeperator, vuln.CallStack.Select(c => c.Name))); WriteFilePath(vuln); WriteInfo(";"); }
public string GetIncludeSequenceString(IVulnerabilityInfo vulnInfo) { var builder = new StringBuilder(); const string delimeter = " → "; for (int i = vulnInfo.IncludeStack.Count() - 1; i >= 0; i--) { builder.Append(vulnInfo.IncludeStack.ElementAt(i).Name); builder.Append(delimeter); } builder.Remove(builder.Length - delimeter.Length, delimeter.Length); return(builder.ToString()); }
public void ReportVulnerability(IVulnerabilityInfo vulnerabilityInfo) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine(); Console.WriteLine("--------------------"); Console.WriteLine(vulnerabilityInfo.Message); Console.WriteLine("Include sequence: " + GetIncludeSequenceString(vulnerabilityInfo)); if (vulnerabilityInfo.CallStack.Any()) { PrintCallStackAndFile(vulnerabilityInfo.CallStack.Peek().Name); } Console.WriteLine("--------------------"); Console.ForegroundColor = ConsoleColor.Gray; }
public void ReportStoredVulnerability(IVulnerabilityInfo[] vulnerabilityPathInfos) { WriteBeginVulnerability(); foreach (var pathInfo in vulnerabilityPathInfos) { WriteInfoLine(">> Taint Path: "); WriteInfoLine(pathInfo.Message); WriteInfoLine(String.Join(_stackSeperator, pathInfo.IncludeStack)); WriteInfoLine("Callstack: " + String.Join(_stackSeperator, pathInfo.CallStack.Select(c => c.Name))); WriteFilePath(pathInfo); } WriteEndVulnerability(); dbFileWriter.WriteStoredVulnerability(vulnerabilityPathInfos); }
private void WriteFilePath(IVulnerabilityInfo vulnInfo) { var funcList = vulnInfo.CallStack.Any() ? _funcHandler.LookupFunction(vulnInfo.CallStack.Peek().Name) : null; if (funcList == null || !funcList.Any()) { return; } if (funcList.Count == 1) { var str = "Function/method: " + funcList.First().Name + (string.IsNullOrWhiteSpace(funcList.First().File) ? "" : Environment.NewLine + "In file: " + funcList.First().File); WriteInfo(str); } else { WriteInfo("Function/method: " + funcList.First().Name + Environment.NewLine + "File candidates: " + Environment.NewLine + string.Join(Environment.NewLine, funcList.Select(x => x.File))); } }
private void WriteFilePath(IVulnerabilityInfo vulnInfo) { var funcList = vulnInfo.CallStack.Any() ? FunctionsHandler.Instance.LookupFunction(vulnInfo.CallStack.Peek().Name) : null; if (funcList == null || !funcList.Any()) { return; } if (funcList.Count == 1) { var str = "Function/method: " + funcList.First().Name + (string.IsNullOrWhiteSpace(funcList.First().File) ? "" : Environment.NewLine + "In file: " + funcList.First().File); WriteInfo(str); } else { WriteInfo("Function/method: " + funcList.First().Name + Environment.NewLine + "File candidates: " + Environment.NewLine + string.Join(Environment.NewLine, funcList.Select(x => x.File))); } }