public void task2_AdjustsStrutsFindings()
{
var validatorPatternIDText = "validator: patternid=";
var validatorValidContentText = "validator: valid-content";
O2Cmd.log.write("TASK 2: AdjustsStrutsFindings");
var strutsFindingsFolder = Path.Combine(folderWithArtifacts_Phase3, "Struts Mappings");
if (false == Directory.Exists(strutsFindingsFolder))
{
return;
}
//Assert.That(Directory.Exists(strutsFindingsFolder), "strutsFindingsFolder did not exists: " + strutsFindingsFolder);
foreach (var strutsFindingFile in Files.getFilesFromDir_returnFullPath(strutsFindingsFolder))
{
var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(strutsFindingFile);
foreach (O2Finding o2Finding in o2Findings)
{
var allTraces = OzasmtUtils.getListWithAllTraces(o2Finding);
foreach (var o2Trace in allTraces)
{
if (o2Trace.signature.StartsWith(validatorPatternIDText))
{
var pattern = o2Trace.signature.Replace(validatorPatternIDText, "");
if (pattern == "FREE_TEXT")
{
o2Finding.vulnType = "Struts.CrossSiteScripting.NOT.Validated";
o2Finding.confidence = 1;
o2Finding.severity = 0;
}
else
{
o2Finding.vulnType = "Struts.CrossSiteScripting.Validated";
o2Finding.confidence = 1;
o2Finding.severity = 2;
}
o2Finding.vulnType += " : " + pattern;
break;
}
else if (o2Trace.signature.StartsWith(validatorValidContentText))
{
var pattern = o2Trace.signature.Replace(validatorValidContentText, "");
o2Finding.vulnType = "Struts.CrossSiteScripting.Validated.ValidContent";
o2Finding.confidence = 2;
o2Finding.severity = 2;
}
}
// validator: patternid=
}
//XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings);
var targetFile = Path.Combine(folderWithArtifacts_Phase4, "Struts Mappings - " + Path.GetFileName(strutsFindingFile));
XUtils_Findings_v0_1.saveFindings(o2Findings, targetFile);
O2Cmd.log.write("Struts Mappings saved to: {0}", targetFile);
}
//foreach(var
}
public static List <IO2Trace> allTraces(this List <IO2Finding> iO2Findings)
{
var allTraces = new List <IO2Trace>();
foreach (var iO2Finding in iO2Findings)
{
allTraces.AddRange(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding()));
}
return(allTraces);
}
public string RemoveAll3nodeGetSetVulns()
{
// Dinis note, if I understand this request correctly, the query is:
// for all vulns that start in a get and end in set
// only show the ones that have more than 3 traces
var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile);
var thread = XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list of loaded files");
thread.Join(); // we have to do this to make sure we don't continue before the findings are loaded in the Findings Viewer
// first lets see if this happens in the current list of loaded findings
var getsAndSets = new List <IO2Finding>();
foreach (O2Finding o2Finding in o2Findings) // need to cast to O2Finding in order to have access to the prepopulated version of IO2Finding
{
if (o2Finding.Source.IndexOf("get") > -1 && o2Finding.Sink.IndexOf("set") > -1)
{
getsAndSets.Add(o2Finding);
}
}
Assert.That(getsAndSets.Count > 0, "There are no Get->Set pairs in the current loaded findings"); // Dinis note: on the WebGoat 6.0.ozasmt file I'm using there are 54 matches
// show in GUI getsAndSets
XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSets, "Findings with GetsAndSets").Join(); // added .Join() to ensure the load thread is completed
// now check if there are findings with 3 traces
var getsAndSetsWith3Traces = new List <IO2Finding>();
foreach (O2Finding o2Finding in getsAndSets)
{
var allTracesFromFinding = OzasmtUtils.getListWithAllTraces(o2Finding);
if (allTracesFromFinding.Count == 3)
{
getsAndSetsWith3Traces.Add(o2Finding);
}
}
Assert.That(getsAndSetsWith3Traces.Count > 0, "There were no getsAndSetsWith3Traces");
// show in GUI getsAndSetsWith3Traces
XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSetsWith3Traces, "Findings with getsAndSetsWith3Traces").Join(); // Dinis note: I get 4 findings that match this criteria
// finally remove the getsAndSetsWith3Traces from the loaded findings
foreach (var o2FindingToRemove in getsAndSetsWith3Traces)
{
o2Findings.Remove(o2FindingToRemove);
}
// and show the results (note how this window has less 3 findings than the first one that was loaded)
XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list without 3nodeGetSetVulns").Join();
return("Number of findings after filter: " + o2Findings.Count);
} // this function could be greatly reduced by using LINQ (I'll do that later :) )
public static List <string> allTraces_SourceCode(this IO2Finding iO2Finding)
{
var sourceCodes = new List <string>();
foreach (O2Trace o2Trace in OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding()))
{
var sourceCode = o2Trace.SourceCode.trim();
if (sourceCode.valid() && sourceCodes.contains(sourceCode).isFalse())
{
sourceCodes.Add(sourceCode);
}
}
return(sourceCodes);
}
public static bool doesFindingHasTraceSignature(IO2Finding o2Finding, string signatureRegEx)
{
var allTraces = OzasmtUtils.getListWithAllTraces((O2Finding)o2Finding);
foreach (var o2Trace in allTraces)
{
if (o2Trace.signature.IndexOf(signatureRegEx) > -1)// |
//RegEx.findStringInString(o2Trace.signature,signatureRegEx))
{
return(true);
}
}
return(false);
}
public static List <IO2Trace> allTraces(this IO2Finding iO2Finding)
{
return(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding()));
}