public static string getSafeFileNameString(string stringToParse, bool prependBase64EncodedString) { var validCharsRegEx = @"[A-Z]|[a-z]|[0-9]|[\.]"; //|[\(\)\s]"; var safeString = new StringBuilder(stringToParse); for (int i = 0; i < safeString.Length; i++) { try { if (false == RegEx.findStringInString(safeString[i].str(), validCharsRegEx)) { //var cc = safeString[i]; safeString[i] = '_'; } } catch { safeString[i] = '_'; } } if (prependBase64EncodedString) { return("{1} - {0}".format(stringToParse.base64Encode(), safeString.ToString())); } return(safeString.ToString()); }
public List <TextSearchResult> executeSearch(List <String> lsRegExToSearch) { var lreSearchRegEx = new List <Regex>(); try { foreach (String sSearchCriteria in lsRegExToSearch) { lreSearchRegEx.Add(RegEx.createRegEx(sSearchCriteria)); } } catch (Exception ex) { PublicDI.log.ex(ex); } return(executeSearch(lreSearchRegEx)); }
public static List<IO2Finding> findWebControlSources(List<IO2Finding> o2Findings) { var methodsToFind = new RegEx("System.Web.UI.WebControls.*get_Text"); //var methodsToFind = new RegEx("HttpRequest"); var results = new List<IO2Finding>(); foreach (IO2Finding o2Finding in o2Findings) { IO2Trace source = ((O2Finding)o2Finding).getSource(); if (source != null && methodsToFind.find(source.ToString())) // && o2Finding.getSource.ToString() != "") { if (source.context.Contains("txt")) { // PublicDI.log.info(source + " -> " + (o2Finding.getSink != null ? o2Finding.getSink.ToString() : "")); string variableName = OzasmtContext.getVariableNameFromThisObject(source); // PublicDI.log.info(o2Finding.o2Trace + " ::: " + );// + " : " + source.context); foreach (IO2Trace o2Trace in o2Finding.o2Traces) { List<string> wordsFromSignature = OzasmtUtils.getListWithWordsFromSignature(o2Trace.signature); foreach (string word in wordsFromSignature) { // var sourceO2Trace = new O2Trace("OunceLabs: " + word); // var sinkO2Trace = new O2Trace("OunceLabs: " + variableName); // sinkO2Trace.childTraces.Add(o2Finding.o2Trace); // sourceO2Trace.childTraces.Add(sinkO2Trace); var newO2Finding = new O2Finding(); newO2Finding.o2Traces = o2Finding.o2Traces; newO2Finding.vulnName = word + "_" + variableName; newO2Finding.vulnType = "ASP.NET Attack Surface"; results.Add(newO2Finding); } } } // PublicDI.log.info(" " + o2Finding.getSource + " -> " + o2Finding.getSource.context + "\n\n"); } } return results; }