public void task2_AdjustsStrutsFindings() { var validatorPatternIDText = "validator: patternid="; var validatorValidContentText = "validator: valid-content"; O2Cmd.log.write("TASK 2: AdjustsStrutsFindings"); var strutsFindingsFolder = Path.Combine(folderWithArtifacts_Phase3, "Struts Mappings"); if (false == Directory.Exists(strutsFindingsFolder)) { return; } //Assert.That(Directory.Exists(strutsFindingsFolder), "strutsFindingsFolder did not exists: " + strutsFindingsFolder); foreach (var strutsFindingFile in Files.getFilesFromDir_returnFullPath(strutsFindingsFolder)) { var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(strutsFindingFile); foreach (O2Finding o2Finding in o2Findings) { var allTraces = OzasmtUtils.getListWithAllTraces(o2Finding); foreach (var o2Trace in allTraces) { if (o2Trace.signature.StartsWith(validatorPatternIDText)) { var pattern = o2Trace.signature.Replace(validatorPatternIDText, ""); if (pattern == "FREE_TEXT") { o2Finding.vulnType = "Struts.CrossSiteScripting.NOT.Validated"; o2Finding.confidence = 1; o2Finding.severity = 0; } else { o2Finding.vulnType = "Struts.CrossSiteScripting.Validated"; o2Finding.confidence = 1; o2Finding.severity = 2; } o2Finding.vulnType += " : " + pattern; break; } else if (o2Trace.signature.StartsWith(validatorValidContentText)) { var pattern = o2Trace.signature.Replace(validatorValidContentText, ""); o2Finding.vulnType = "Struts.CrossSiteScripting.Validated.ValidContent"; o2Finding.confidence = 2; o2Finding.severity = 2; } } // validator: patternid= } //XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings); var targetFile = Path.Combine(folderWithArtifacts_Phase4, "Struts Mappings - " + Path.GetFileName(strutsFindingFile)); XUtils_Findings_v0_1.saveFindings(o2Findings, targetFile); O2Cmd.log.write("Struts Mappings saved to: {0}", targetFile); } //foreach(var }
public static List <IO2Trace> allTraces(this List <IO2Finding> iO2Findings) { var allTraces = new List <IO2Trace>(); foreach (var iO2Finding in iO2Findings) { allTraces.AddRange(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding())); } return(allTraces); }
public string RemoveAll3nodeGetSetVulns() { // Dinis note, if I understand this request correctly, the query is: // for all vulns that start in a get and end in set // only show the ones that have more than 3 traces var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile); var thread = XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list of loaded files"); thread.Join(); // we have to do this to make sure we don't continue before the findings are loaded in the Findings Viewer // first lets see if this happens in the current list of loaded findings var getsAndSets = new List <IO2Finding>(); foreach (O2Finding o2Finding in o2Findings) // need to cast to O2Finding in order to have access to the prepopulated version of IO2Finding { if (o2Finding.Source.IndexOf("get") > -1 && o2Finding.Sink.IndexOf("set") > -1) { getsAndSets.Add(o2Finding); } } Assert.That(getsAndSets.Count > 0, "There are no Get->Set pairs in the current loaded findings"); // Dinis note: on the WebGoat 6.0.ozasmt file I'm using there are 54 matches // show in GUI getsAndSets XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSets, "Findings with GetsAndSets").Join(); // added .Join() to ensure the load thread is completed // now check if there are findings with 3 traces var getsAndSetsWith3Traces = new List <IO2Finding>(); foreach (O2Finding o2Finding in getsAndSets) { var allTracesFromFinding = OzasmtUtils.getListWithAllTraces(o2Finding); if (allTracesFromFinding.Count == 3) { getsAndSetsWith3Traces.Add(o2Finding); } } Assert.That(getsAndSetsWith3Traces.Count > 0, "There were no getsAndSetsWith3Traces"); // show in GUI getsAndSetsWith3Traces XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSetsWith3Traces, "Findings with getsAndSetsWith3Traces").Join(); // Dinis note: I get 4 findings that match this criteria // finally remove the getsAndSetsWith3Traces from the loaded findings foreach (var o2FindingToRemove in getsAndSetsWith3Traces) { o2Findings.Remove(o2FindingToRemove); } // and show the results (note how this window has less 3 findings than the first one that was loaded) XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list without 3nodeGetSetVulns").Join(); return("Number of findings after filter: " + o2Findings.Count); } // this function could be greatly reduced by using LINQ (I'll do that later :) )
public static List <string> allTraces_SourceCode(this IO2Finding iO2Finding) { var sourceCodes = new List <string>(); foreach (O2Trace o2Trace in OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding())) { var sourceCode = o2Trace.SourceCode.trim(); if (sourceCode.valid() && sourceCodes.contains(sourceCode).isFalse()) { sourceCodes.Add(sourceCode); } } return(sourceCodes); }
public static bool doesFindingHasTraceSignature(IO2Finding o2Finding, string signatureRegEx) { var allTraces = OzasmtUtils.getListWithAllTraces((O2Finding)o2Finding); foreach (var o2Trace in allTraces) { if (o2Trace.signature.IndexOf(signatureRegEx) > -1)// | //RegEx.findStringInString(o2Trace.signature,signatureRegEx)) { return(true); } } return(false); }
public static List <IO2Trace> allTraces(this IO2Finding iO2Finding) { return(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding())); }