public static List <IO2Finding> findWebControlSources(List <IO2Finding> o2Findings) { var methodsToFind = new RegEx("System.Web.UI.WebControls.*get_Text"); //var methodsToFind = new RegEx("HttpRequest"); var results = new List <IO2Finding>(); foreach (IO2Finding o2Finding in o2Findings) { IO2Trace source = ((O2Finding)o2Finding).getSource(); if (source != null && methodsToFind.find(source.ToString())) // && o2Finding.getSource.ToString() != "") { if (source.context.Contains("txt")) { // DI.log.info(source + " -> " + (o2Finding.getSink != null ? o2Finding.getSink.ToString() : "")); string variableName = OzasmtContext.getVariableNameFromThisObject(source); // DI.log.info(o2Finding.o2Trace + " ::: " + );// + " : " + source.context); foreach (IO2Trace o2Trace in o2Finding.o2Traces) { List <string> wordsFromSignature = OzasmtUtils.getListWithWordsFromSignature(o2Trace.signature); foreach (string word in wordsFromSignature) { // var sourceO2Trace = new O2Trace("OunceLabs: " + word); // var sinkO2Trace = new O2Trace("OunceLabs: " + variableName); // sinkO2Trace.childTraces.Add(o2Finding.o2Trace); // sourceO2Trace.childTraces.Add(sinkO2Trace); var newO2Finding = new O2Finding { vulnType = "ASP.NET Attack Surface", vulnName = word + "_" + variableName, //o2Trace = sourceO2Trace o2Traces = o2Finding.o2Traces }; results.Add(newO2Finding); } } } // DI.log.info(" " + o2Finding.getSource + " -> " + o2Finding.getSource.context + "\n\n"); } } return(results); }