public static void copyAssessmentStats(string ozasmtSource)//, string ozasmtTarget) { IO2Assessment o2Assessment = new O2Assessment (new O2AssessmentLoad_OunceV6() ,ozasmtSource); O2Cmd.log.write("Assessment loaded had {0} findings", o2Assessment.o2Findings.Count); var newAssessmentName = "O2 v.5 - " + ozasmtSource; saveWithAssessmentSourceStats(ozasmtSource, o2Assessment, newAssessmentName); }
public static void populateTreeNodeWithAssessmentStats(TreeNode treeNode, O2Assessment o2Assessment, int imageIndex) { O2Forms.newTreeNode(treeNode, "# Findings:" + getNumberOf_Findings(o2Assessment), imageIndex, null); O2Forms.newTreeNode(treeNode, "# Smart Traces:" + getNumberOf_Findings_WithSmartTrace(o2Assessment), imageIndex, null); /* O2Forms.newTreeNode(treeNode, "File:" + Path.GetFileName(o2Assessment.lastOzasmtImportFile), imageIndex, null); O2Forms.newTreeNode(treeNode, "Size:" + o2Assessment.lastOzasmtImportFileSize, imageIndex, null); string importTimeString = ((o2Assessment.lastOzasmtImportTimeSpan.Hours > 0) ? o2Assessment.lastOzasmtImportTimeSpan.Hours + "h : " : "") + ((o2Assessment.lastOzasmtImportTimeSpan.Minutes > 0) ? o2Assessment.lastOzasmtImportTimeSpan.Minutes + "m : " : "") + ((o2Assessment.lastOzasmtImportTimeSpan.Seconds > 0) ? o2Assessment.lastOzasmtImportTimeSpan.Seconds + "s : " : "") + ((o2Assessment.lastOzasmtImportTimeSpan.Milliseconds > 0) ? o2Assessment.lastOzasmtImportTimeSpan.Milliseconds + "ms" : ""); O2Forms.newTreeNode(treeNode, "Imported in: " + importTimeString, imageIndex, null);*/ }
public static void populateTreeNodeWithAssessmentStats(TreeNode treeNode, O2Assessment o2Assessment, int imageIndex) { O2Forms.newTreeNode(treeNode, "# Findings:" + getNumberOf_Findings(o2Assessment), imageIndex, null); O2Forms.newTreeNode(treeNode, "# Smart Traces:" + getNumberOf_Findings_WithSmartTrace(o2Assessment), imageIndex, null); /* O2Forms.newTreeNode(treeNode, "File:" + Path.GetFileName(o2Assessment.lastOzasmtImportFile), imageIndex, * null); * O2Forms.newTreeNode(treeNode, "Size:" + o2Assessment.lastOzasmtImportFileSize, imageIndex, null); * string importTimeString = * ((o2Assessment.lastOzasmtImportTimeSpan.Hours > 0) * ? o2Assessment.lastOzasmtImportTimeSpan.Hours + "h : " * : "") + * ((o2Assessment.lastOzasmtImportTimeSpan.Minutes > 0) * ? o2Assessment.lastOzasmtImportTimeSpan.Minutes + "m : " * : "") + * ((o2Assessment.lastOzasmtImportTimeSpan.Seconds > 0) * ? o2Assessment.lastOzasmtImportTimeSpan.Seconds + "s : " * : "") + * ((o2Assessment.lastOzasmtImportTimeSpan.Milliseconds > 0) * ? o2Assessment.lastOzasmtImportTimeSpan.Milliseconds + "ms" * : ""); * O2Forms.newTreeNode(treeNode, "Imported in: " + importTimeString, imageIndex, null);*/ }
public IO2Assessment loadFile(string fileToLoad) { var o2Assessment = new O2Assessment(); if (importFile(fileToLoad, o2Assessment)) return o2Assessment; return null; }
//"Glue WebInspect -> Ounce Finding (Sql Injection)"; public static List <IO2Finding> glueOnTraceNames(IO2AssessmentLoad o2AssessmentLoad, String ozasmtWithSinks, String ozasmtWithSoures, string gluedFindingVulnType) { var o2AssessmentOfOzasmtWithSinks = new O2Assessment(o2AssessmentLoad, ozasmtWithSinks); var o2AssessmentOfOzasmtWithSources = new O2Assessment(o2AssessmentLoad, ozasmtWithSoures); return(glueOnTraceNames(o2AssessmentOfOzasmtWithSinks.o2Findings, o2AssessmentOfOzasmtWithSources.o2Findings, gluedFindingVulnType)); }
public override bool execute() { if (sourceObject == null) PublicDI.log.error("source object was null"); else if (sourceObject.GetType() != sourceType) PublicDI.log.error("source object type was not List<string> is was " + sourceObject.GetType().FullName); else { var filesToProcess = (List<string>) sourceObject; setProgressBarValue(filesToProcess.Count); var o2Assessment = new O2Assessment(); foreach (string file in filesToProcess) { PublicDI.log.info("Importing file {0}", file); if (false == o2AssessmentLoad.importFile(file, o2Assessment)) return false; PublicDI.log.info("There are {0} Findings loaded ", o2Assessment.o2Findings.Count); incProgressBarValue(); } resultsObject = o2Assessment; return true; } return false; }
public static void createO2AssessmentFromTraces(IO2AssessmentSave o2AssessmentSave, string fileToCreate, List <IO2Trace> traces) { var o2Assessment = new O2Assessment(); foreach (IO2Trace trace in traces) { o2Assessment.o2Findings.Add(createO2FindingFromTrace(trace)); } o2Assessment.save(o2AssessmentSave, fileToCreate); }
public static IO2Assessment loadOzasmt(string ozasmtFileToLoad) { if (File.Exists(ozasmtFileToLoad)) { var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtFileToLoad); O2Cmd.log.write("The Ozasmt file loaded has: {0} findings", o2Assessment.o2Findings.Count); return o2Assessment; } return null; }
public static int getNumberOf_Findings_WithSmartTrace(O2Assessment o2Assessment) { /* * query = new NLinqQuery( * @" from m in methods * where !m.IsStatic * orderby m.Name * group m by m.Name into g * select new { MethodName = g.Key, Overloads = g.Count() }"); */ try { //var O2Timer = new O2Timer("Calculating Findings with Native Linq").start(); return ((from O2Finding finding in o2Assessment.o2Findings where finding.o2Traces.Count > 0 select finding). Count()); //O2Timer.stop(); //if (findingsCountNative != null)// && findingsCountNlinqQuery is List<object>) //{ //PublicDI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count); // return (findingsCountNlinqQuery).Count; /*var timer2 = new O2Timer("Calculating Findings with NLinqQuery").start(); * var query = * new NLinqQuery( * //"from O2Finding finding in o2Findings where finding.o2Trace != null select finding).Count()"); * "from O2Finding finding in o2Findings select finding"); * var linq = new LinqToMemory(query); * linq.AddSource("o2Findings", o2Assessment.o2Findings); * var findingsCountNlinqQuery = (List<object>)linq.Evaluate(); * timer2.stop(); * if (findingsCountNlinqQuery != null)// && findingsCountNlinqQuery is List<object>) * { * PublicDI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count); * return (findingsCountNlinqQuery).Count; * } */ //foreach (object o in linq.Enumerate()) //{ // PublicDI.log.info(o.ToString()); //} } catch (Exception ex) { PublicDI.log.ex(ex, "error execution NLinqQuery"); } /* var O2Timer = new O2Timer("Calculating Findings with Smart Trace").start(); * var findingsCount = (from O2Finding finding in o2Assessment.o2Findings where finding.o2Trace != null select finding).Count(); * O2Timer.stop();*/ //return findingsCount; return(0); }
public static int getNumberOf_Findings_WithSmartTrace(O2Assessment o2Assessment) { /* * query = new NLinqQuery( @" from m in methods where !m.IsStatic orderby m.Name group m by m.Name into g select new { MethodName = g.Key, Overloads = g.Count() }"); */ try { //var O2Timer = new O2Timer("Calculating Findings with Native Linq").start(); return (from O2Finding finding in o2Assessment.o2Findings where finding.o2Traces.Count > 0 select finding). Count(); //O2Timer.stop(); //if (findingsCountNative != null)// && findingsCountNlinqQuery is List<object>) //{ //PublicDI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count); // return (findingsCountNlinqQuery).Count; /*var timer2 = new O2Timer("Calculating Findings with NLinqQuery").start(); var query = new NLinqQuery( //"from O2Finding finding in o2Findings where finding.o2Trace != null select finding).Count()"); "from O2Finding finding in o2Findings select finding"); var linq = new LinqToMemory(query); linq.AddSource("o2Findings", o2Assessment.o2Findings); var findingsCountNlinqQuery = (List<object>)linq.Evaluate(); timer2.stop(); if (findingsCountNlinqQuery != null)// && findingsCountNlinqQuery is List<object>) { PublicDI.log.debug("{0} == {1}", findingsCountNative, findingsCountNlinqQuery.Count); return (findingsCountNlinqQuery).Count; } */ //foreach (object o in linq.Enumerate()) //{ // PublicDI.log.info(o.ToString()); //} } catch (Exception ex) { PublicDI.log.ex(ex, "error execution NLinqQuery"); } /* var O2Timer = new O2Timer("Calculating Findings with Smart Trace").start(); var findingsCount = (from O2Finding finding in o2Assessment.o2Findings where finding.o2Trace != null select finding).Count(); O2Timer.stop();*/ //return findingsCount; return 0; }
public static string createO2AssessmentWithCallFlowTraces(ICirDataAnalysis cirDataAnalysis) { DI.log.info("Creating O2Assessment With Call Flow Traces"); var timer = new O2Timer("Created list of finding").start(); var cirFunctionsToProcess = cirDataAnalysis.dCirFunction_bySignature.Values; var o2Findings = createO2FindingsFromCirFunctions(cirFunctionsToProcess); timer.stop(); timer = new O2Timer("Saved Assessment").start(); var o2Assessment = new O2Assessment(); o2Assessment.o2Findings = o2Findings; var savedFile = o2Assessment.save(new O2AssessmentSave_OunceV6()); DI.log.info("Saved O2Asssessment file created: {0}", savedFile); timer.stop(); return savedFile; }
public static void findTracesToJoin(string ozasmtFileToLoad, string sinkMethodToFind, string sourceMethodToFind, List<IO2Finding> sinkFindings, List<IO2Finding> sourceFindings) { var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtFileToLoad); foreach (O2Finding o2Finding in o2Assessment.o2Findings) if (o2Finding.Sink.IndexOf(sinkMethodToFind) > -1) sinkFindings.Add(o2Finding); else if (o2Finding.SourceContext.IndexOf(sourceMethodToFind) > -1) sourceFindings.Add(o2Finding); DI.log.info("There are {0} sinkFindings ( sink ~= {1} )", sinkFindings.Count, sinkMethodToFind); DI.log.info("There are {0} sourceFindings ( source ~= {1})", sourceFindings.Count, sourceMethodToFind); //ascx_FindingsViewer.openInFloatWindow(results.ToList()); }
public static IO2Assessment createO2AssessmentFromWebScarabFile(string conversationFile) { O2Assessment o2Assessment = new O2Assessment(); try { o2Assessment.name = "Webscarab Import of: " + conversationFile; var webScarabConversations = new API_WebScarab().loadConversationsFile(conversationFile); List<IO2Finding> o2Findings = createFindingsFromConversation(webScarabConversations); o2Assessment.o2Findings = o2Findings; } catch (Exception ex) { ex.log("in createO2AssessmentFromWebScarabFile"); } return o2Assessment; }
private void applyFilter(MethodInfo filterToApply) { try { var tempO2Assessment = new O2Assessment { o2Findings = findingsViewer_SourceFindings.currentO2Findings }; var methodParams = new object[] {tempO2Assessment}; var filteredO2Findings = (IEnumerable<IO2Finding>) filterToApply.Invoke(null, methodParams); if (filteredO2Findings == null) filteredO2Findings = new List<IO2Finding>(); findingsViewer_Results.loadO2Findings(filteredO2Findings.ToList(), true); } catch (Exception ex) { DI.log.ex(ex, "in applyFilter", true); } }
public bool convert(String sTargetOzasmtFile) { try { if (catNetXml == null || catNetXml.InnerXml == "") return false; var o2Assessment = new O2Assessment(); addCatNetResultsAsFindings(o2Assessment, catNetXml); if (o2Assessment.o2Findings.Count > 0) { o2Assessment.save(new O2AssessmentSave_OunceV6(),sTargetOzasmtFile); PublicDI.log.info("Converted ozasmt file (with {0} findings) saved to {0}", sTargetOzasmtFile); return true; } PublicDI.log.info("There were no findings in converted file (from: {0})", sTargetOzasmtFile); } catch (Exception ex) { PublicDI.log.ex(ex, "in CatNetConverted.convert"); } return false; }
public static List<IO2Finding> loadFindingsFile(string fileToLoad) { var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), fileToLoad); log.info("there are {0} findings loaded in this file", o2Assessment.o2Findings.Count); return o2Assessment.o2Findings; }
//"Glue WebInspect -> Ounce Finding (Sql Injection)"; public static List<IO2Finding> glueOnTraceNames(IO2AssessmentLoad o2AssessmentLoad, String ozasmtWithSinks, String ozasmtWithSoures, string gluedFindingVulnType) { var o2AssessmentOfOzasmtWithSinks = new O2Assessment(o2AssessmentLoad,ozasmtWithSinks); var o2AssessmentOfOzasmtWithSources = new O2Assessment (o2AssessmentLoad,ozasmtWithSoures); return glueOnTraceNames(o2AssessmentOfOzasmtWithSinks.o2Findings, o2AssessmentOfOzasmtWithSources.o2Findings, gluedFindingVulnType); }
public static string saveFindings(this List<IO2Finding> o2Findings) { var savedFile = new O2Assessment(o2Findings).save(new O2AssessmentSave_OunceV6()); "Assessemnt File saved with {0} findings: {1}".info(o2Findings.Count, savedFile); return savedFile; }
public static List<IO2Finding> loadFindingsFile(this string fileToLoad) { var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), fileToLoad); if (o2Assessment.o2Findings.Count > 0) { "[using O2AssessmentLoad_OunceV6] there are {0} findings loaded in this file".info( o2Assessment.o2Findings.Count); return o2Assessment.o2Findings; } o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6_1(), fileToLoad); if (o2Assessment.o2Findings.Count > 0) { "[using O2AssessmentLoad_OunceV6_1] there are {0} findings loaded in this file".info( o2Assessment.o2Findings.Count); return o2Assessment.o2Findings; } o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV7_0(), fileToLoad); if (o2Assessment.o2Findings.Count > 0) { "[using O2AssessmentLoad_OunceV7_0] there are {0} findings loaded in this file".info( o2Assessment.o2Findings.Count); return o2Assessment.o2Findings; } "[There we no findings loaded from file: {0}".info(fileToLoad); return new List<IO2Finding>(); }
public static Dictionary <String, List <IO2Trace> > getDictionaryWithO2AllSubTraces(O2Assessment o2Assessment, bool uniqueList) { var allTracesInAssessmment = new Dictionary <String, List <IO2Trace> >(); foreach (IO2Finding o2Finding in o2Assessment.o2Findings) { getAllTraces(o2Finding.o2Traces, allTracesInAssessmment, uniqueList); } return(allTracesInAssessmment); }
public static Dictionary<String, List<IO2Trace>> getDictionaryWithO2AllSubTraces(O2Assessment o2Assessment, bool uniqueList) { var allTracesInAssessmment = new Dictionary<String, List<IO2Trace>>(); foreach (IO2Finding o2Finding in o2Assessment.o2Findings) { getAllTraces(o2Finding.o2Traces, allTracesInAssessmment, uniqueList); } return allTracesInAssessmment; }
public static int getNumberOf_Findings(O2Assessment o2Assessment) { return(o2Assessment.o2Findings.Count); }
public Thread loadO2Assessment(IO2AssessmentLoad o2AssessmentLoad, string pathToFileToLoad) { if (o2AssessmentLoad == null || false == File.Exists(pathToFileToLoad)) { this.invokeOnThread(() => laLoadingDroppedFile.Visible = false); return null; } return O2Thread.mtaThread(() => { this.invokeOnThread(() => laLoadingDroppedFile.Visible = true); var o2Assemment = new O2Assessment(o2AssessmentLoad, pathToFileToLoad); // load this on another thread var sync = new AutoResetEvent(false); this.invokeOnThread(() => // and then complete it on the controls thread { loadO2Assessment(o2Assemment); tbSavedFileName.Text = (cbClearOnOzasmtDrop.Checked) ? pathToFileToLoad : PublicDI.config.TempFileNameInTempDirectory + "_" + Path.GetFileName(pathToFileToLoad); laLoadingDroppedFile.Visible = false; sync.Set(); }); sync.WaitOne(); }); }
public static Thread openInFloatWindow(string ozasmtFile, string controlName) { var o2AssessmentLoadEngine = OzasmtUtils.getO2AssessmentLoadEngine(ozasmtFile, o2AssessmentLoadEngines); if (o2AssessmentLoadEngine != null) { var o2Assessment = new O2Assessment(o2AssessmentLoadEngine, ozasmtFile); if (o2Assessment.o2Findings.Count > 0) return openInFloatWindow(o2Assessment.o2Findings, controlName); } return null; }
private void saveFindings(IEnumerable<IO2Finding> o2FindingsToSave, bool saveIntoO2BinaryFormat) { btSaveFindings.Enabled = false; btSave.Enabled = false; if (o2AssessmentSave == null) //PublicDI.log.showMessageBox("Aborting save since there is no O2AssessmentSave Engine configured"); PublicDI.log.error("Aborting save since there is no O2AssessmentSave Engine configured"); { OzasmtCompatibility.makeCompatibleWithOunceV6(o2FindingsToSave); string targetFile = tbSavedFileName.Text; var o2Assessment = new O2Assessment(); o2Assessment.name = assessmentName; o2Assessment.o2Findings.AddRange(o2FindingsToSave); if (saveIntoO2BinaryFormat) { if (Path.GetExtension(targetFile) != PublicDI.config.O2FindingsFileExtension) { targetFile += PublicDI.config.O2FindingsFileExtension; tbSavedFileName.Text = targetFile; } if (o2Assessment.saveAsO2Format(targetFile)) lbFileSaved.Visible = true; } else if (o2Assessment.save(o2AssessmentSave, targetFile)) lbFileSaved.Visible = true; btSaveFindings.Enabled = true; btSave.Enabled = true; } }
public static void addCatNetResultsAsFindings(O2Assessment o2Assessment, XmlDocument catNetXml) { //var results = catNetXml.GetElementsByTagName("Resultsss"); PublicDI.log.info(" -------------------- "); foreach (XmlElement rule in catNetXml.GetElementsByTagName("Rule")) { try { XmlElement ruleNameXmlElement = rule["Name"]; string ruleName = (ruleNameXmlElement == null) ? "Unknown Rule Name" : ruleNameXmlElement.InnerText; foreach (XmlNode result in rule.GetElementsByTagName("Result")) { // ReSharper disable PossibleNullReferenceException string signature = getSignatureFromEntryPoint(result["EntryPoint"].InnerText); var o2Finding = new O2Finding(); o2Finding.context = (result["EntryPoint"] == null) ? "" : result["EntryPoint"].InnerText; o2Finding.confidence = (result["ConfidenceLevel"] == null) ? (byte) 0 : getConfidence(result["ConfidenceLevel"].InnerText); o2Finding.callerName = getMethodNameFromSignature(signature); o2Finding.lineNumber = (result["Transformations"] == null && result["Transformations"]["Origin"] != null) ? 0 : uint.Parse( result["Transformations"]["Origin"].GetAttribute("line")); o2Finding.file = (result["Transformations"] == null && result["Transformations"]["Origin"] != null) ? "" : result["Transformations"]["Origin"].GetAttribute("file"); o2Finding.severity = 2; o2Finding.vulnName = signature; o2Finding.vulnType = ruleName; // }; o2Finding.text.Add(result["Resolution"].InnerText); o2Finding.text.Add(result["ProblemDescription"].InnerText); addCatNetTransformationsAsO2Traces(o2Finding, result["Transformations"]); // ReSharper restore PossibleNullReferenceException o2Assessment.o2Findings.Add(o2Finding); } } catch (Exception ex) { PublicDI.log.ex(ex, "in addCatNetResultsAsFindings, while processing rule: " + rule.InnerXml); } } }
public static void saveFindingsAsNewOzasmtFile(string assessmentName, List<IO2Finding> o2Findings, string pathToNewOzasmtFile) { var o2Assessment = new O2Assessment { name = assessmentName, o2Findings = o2Findings }; if (o2Assessment.save(new O2AssessmentSave_OunceV6(), pathToNewOzasmtFile)) O2Cmd.log.write("Ozasmt file created with {0} findings: {1}", o2Findings.Count, pathToNewOzasmtFile); }
public static Dictionary<String, List<IO2Trace>> getDictionaryWithO2AllSubTraces(O2Assessment o2Assessment) { return getDictionaryWithO2AllSubTraces(o2Assessment, true); }
public static int getNumberOf_Findings(O2Assessment o2Assessment) { return o2Assessment.o2Findings.Count; }
private static void saveFindingsAsNewAssessment(List<IO2Finding> findingsToRemove) { var tempO2Assessment = new O2Assessment(findingsToRemove); var savedAssessmentFile = tempO2Assessment.save(new O2AssessmentSave_OunceV6()); O2Cmd.log.write("O2Assessment WITH duplicate findings saved to: {0}", savedAssessmentFile); }
public static Dictionary <String, List <IO2Trace> > getDictionaryWithO2AllSubTraces(O2Assessment o2Assessment) { return(getDictionaryWithO2AllSubTraces(o2Assessment, true)); }
public static void mapXmlFilesToFindings(string pathToClassFiles, string pathToRootClassFolder, string pathToOzasmtFile, IO2AssessmentLoad o2AssessmentLoad) { var attributeXmlFiles = getAttributeXmlFiles(pathToClassFiles, pathToRootClassFolder); var o2Assessment = new O2Assessment (o2AssessmentLoad,pathToOzasmtFile); mapJavaAttributesToTraces(o2Assessment, attributeXmlFiles); }
public static void copyAssessmentStats(string ozasmtWithStats, string ozasmtToUpdate) { O2Cmd.log.write("\n Adding stats from file {0} to file {1}", ozasmtWithStats, ozasmtToUpdate); IO2Assessment o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), ozasmtToUpdate); saveWithAssessmentSourceStats(ozasmtWithStats, o2Assessment, ozasmtToUpdate); }