public void buildGui(O2MappedAstData astData)
{
//HostPanel = hostPanel;
AstData = astData;
buildGui();
//loadDataInGui();
}
public void buildGui(O2MappedAstData astData)
{
AstData = astData;
buildGui();
loadDataInGui();
}
public void buildGui(O2MappedAstData astData)
{
AstData = astData;
INodeTypeFilter = "";
INodeValueFilter = "";
buildGui();
loadDataInGui();
}
public O2CodeStream(O2MappedAstData o2MappedAstData , O2CodeStreamTaintRules taintRules , string sourceFile )
{
O2MappedAstData = o2MappedAstData;
TaintRules = taintRules;
O2CodeStreamNodes = new Dictionary<INode,O2CodeStreamNode>();
StreamNode_First = new List<O2CodeStreamNode>();
INodeStack = new Stack<INode>();
SourceFile = sourceFile;
}
public O2CodeStream(O2MappedAstData o2MappedAstData, O2CodeStreamTaintRules taintRules, string sourceFile)
{
O2MappedAstData = o2MappedAstData;
TaintRules = taintRules;
O2CodeStreamNodes = new Dictionary <INode, O2CodeStreamNode>();
StreamNode_First = new List <O2CodeStreamNode>();
INodeStack = new Stack <INode>();
SourceFile = sourceFile;
}
public O2MethodStream(O2MappedAstData o2MappedAstData)
{
O2MappedAstData = o2MappedAstData;
MappedIMethods = new Dictionary <string, IMethod>();
ExternalIMethods = new Dictionary <string, IMethod>();
ExternalClasses = new Dictionary <string, IReturnType>();
Fields = new Dictionary <string, IField>();
Properties = new Dictionary <string, IProperty>();
NamespaceReferences = new List <String>();
}
public void launchGui()
{
var astData = new O2MappedAstData();
astData.loadFiles(@"C:\O2\DemoData\HacmeBank_v2.0 (Dinis version - 7 Dec 08)\HacmeBank_v2_WS\classes".files());
var control = O2Gui.open<Panel>("test ascx_WriteRule",700,500);
var writeRule = control.add_Control<ascx_WriteRule>();
writeRule.buildGui(astData);
}
public O2MethodStream(O2MappedAstData o2MappedAstData)
{
O2MappedAstData = o2MappedAstData;
MappedIMethods = new Dictionary<string,IMethod>();
ExternalIMethods = new Dictionary<string,IMethod>();
ExternalClasses = new Dictionary<string, IReturnType>();
Fields = new Dictionary<string,IField>();
Properties = new Dictionary<string, IProperty>();
NamespaceReferences = new List<String>();
}
public Saved_MethodStream(O2MappedAstData astData, IMethod iMethod, bool createCodeStreams) : this()
{
this.RootMethod = this.methodStreamItem(astData, iMethod);
this.createMethodStream(astData, iMethod);
this.map_MethodStreamItems(astData);
if (createCodeStreams)
this.createCodeStreams();
}
public void launchGui()
{
var astData = new O2MappedAstData();
//astData.loadFile("HacmeBank_v2_Website.ascx.PostMessageForm.btnPostMessage_Click.cs".local());
var control = O2Gui.open<Panel>("AST Search (.NET Static Analysis)",1000,600);
var searchAST = control.add_Control<ascx_SearchAST>();
searchAST.buildGui(astData);
}
public ascx_GraphAst_MethodCalls setData(O2MappedAstData astData,
Dictionary<string,List<String>> methodsCalledMappings,
Dictionary<string,List<String>> methodIsCalledByMappings,
List<string> allMethods )
{
AstData = astData;
MethodsCalledMappings = methodsCalledMappings;
MethodIsCalledByMappings = methodIsCalledByMappings;
AllMethods = allMethods;
return this;
}
public void launchGui()
{
var astData = new O2MappedAstData();
astData.loadFile("HacmeBank_v2_Website.ascx.PostMessageForm.btnPostMessage_Click.cs".local());
var control = O2Gui.open<Panel>("test ascx_ViewAST",1000,600);
var viewAST = control.add_Control<ascx_ViewAST>();
viewAST.buildGui(astData);
}
public static O2MappedAstData get(string file)
{
if (CacheEnabled && Cached_O2MappedAstData.hasKey(file))
{
// "[Ast_Engine_Cache] using O2MappedAstData cached version of file: {0}".debug(file);
return Cached_O2MappedAstData[file];
}
// "[Ast_Engine_Cache] creating O2MappedAstData for file: {0}".debug(file);
var astData = new O2MappedAstData();
astData.loadFile(file);
if (CacheEnabled)
Cached_O2MappedAstData.add(file, astData);
return astData;
}
public ascx_GraphAst_MethodCalls()
{
AstData = new O2MappedAstData();
GraphNodes = new Dictionary<string, WPF.Control>();
}
public static Saved_MethodStream Create(O2MappedAstData astData, IMethod iMethod, string methodStreams_CacheLocation, bool forceCreate)
{
if (methodStreams_CacheLocation.isNull())
methodStreams_CacheLocation = "_methodStreams_CacheLocation".tempDir();
var safeFileName = iMethod.fullName().safeFileName();//240 - methodStreams_CacheLocation.size());
var pathToSaveSerializedObject = methodStreams_CacheLocation.pathCombine_MaxSize(safeFileName + ".methodStream.xml");
if (forceCreate.isFalse() && pathToSaveSerializedObject.fileExists())
{
"Skipping iMethod '{0}' since serialized object already exists ".debug(iMethod.Name);
var loaded_SavedMethodStream = pathToSaveSerializedObject.load<Saved_MethodStream>();
if (loaded_SavedMethodStream.notNull())
return loaded_SavedMethodStream;
}
var savedMethodStream = new Saved_MethodStream(astData, iMethod);
if (savedMethodStream.isNull())
return null;
else
{
savedMethodStream.Serialized_Saved_MethodStream_FileCache = pathToSaveSerializedObject;
savedMethodStream.saveAs(pathToSaveSerializedObject);
"Serialized method stream object saved to: {0}".debug(pathToSaveSerializedObject);
return savedMethodStream;
}
}
public static Saved_MethodStream Create(O2MappedAstData astData, IMethod iMethod)
{
return Create(astData, iMethod, null, false);
}
public Saved_MethodStream(O2MappedAstData astData, IMethod iMethod) : this(astData, iMethod, false)
{
}
public ascx_WriteRule(O2MappedAstData astData) //O2_DotNet_Ast_Engine astEngine)
{
buildGui(astData);
}
public static Saved_MethodStream map_CodeStreams(this Saved_MethodStream savedMethodStream, O2MappedAstData astData , String file, INode iNode)
{
var o2CodeStream = astData.createO2CodeStream( file,iNode);
//var uniqueStreamPaths = o2CodeStream.getUniqueStreamPaths(100);
Func<O2CodeStreamNode, CodeStreamPath> map_O2CodeStreamNode = null;
map_O2CodeStreamNode = (o2CodeStreamNode) =>
{
var codeStreamPath = new CodeStreamPath();
codeStreamPath.Text = o2CodeStreamNode.Text;
codeStreamPath.Line = o2CodeStreamNode.INode.StartLocation.Line;
codeStreamPath.Column = o2CodeStreamNode.INode.StartLocation.Column;
codeStreamPath.Line_End = o2CodeStreamNode.INode.EndLocation.Line;
codeStreamPath.Column_End = o2CodeStreamNode.INode.EndLocation.Column;
foreach(var childNode in o2CodeStreamNode.ChildNodes)
codeStreamPath.CodeStreamPaths.add(map_O2CodeStreamNode(childNode));
return codeStreamPath;
};
foreach(var streamNode in o2CodeStream.StreamNode_First)
savedMethodStream.CodeStreams.add(map_O2CodeStreamNode(streamNode));
return savedMethodStream;
}
public void build_CreateAllMethodStreamsTab(Control hostControl)
{
var allMethodStreamsPanel = hostControl.add_1x1("Options","All Method Streams",false,50);
var sourceCode = allMethodStreamsPanel[1].add_SourceCodeViewer();//add_MethodStreamViewer();
var treeView = sourceCode.insert_Left<TreeView>(300)
.showSelection()
.sort()
.afterSelect<string>(
(filePath)=>sourceCode.open(filePath));
var targerFolder = PublicDI.config.getTempFolderInTempDirectory("_AllMethodStreams");
allMethodStreamsPanel[0].parent<SplitContainer>().borderNone();
var optionsPanel = allMethodStreamsPanel[0].parent().clear();
var progressBar = optionsPanel.add_ProgressBar(25,0).align_Right(optionsPanel);
optionsPanel.add_LabelAndTextAndButton("Target Directory", targerFolder,"Create",
(text)=>{
AstData.createAllMethodsStreams(text, progressBar, null);
foreach(var file in targerFolder.files())
treeView.add_Node(file.fileName(), file);
treeView.selectFirst();
});
progressBar.onDrop(
(fileOrFolder)=>{
if (fileOrFolder.fileExists())
AstData.loadFile(fileOrFolder);
else
{
AstData.dispose();
AstData = new O2MappedAstData();
AstData.loadFiles(fileOrFolder.files("*.cs",true));
}
});
//tabPages.Add(tabControl.add_Tab("Step 2: Create Code Streams"));
//tabPages.Add(tabControl.add_Tab("Step 1: Create Final Findings"));
//Create all Method Streams
//var controls = tabPages;
//var MethodStreamPanel = controls[0].add_1x1("Current ","MethodStreams", false);
/*
var CodeStreamPanel = controls[1].add_1x1("Create CodeStreams", "CodeStreams", false);
var FindingsPanel = controls[2].add_1x1("Create Findings", "Final Findings",false);
// MethodStreamPanel
MethodStreamScript = MethodStreamPanel[0].add_Script(false);
MethodStreamViewer = MethodStreamPanel[1].add_MethodStreamViewer();
//CodeStreamPanel
CodeStreamScript = CodeStreamPanel[0].add_Script(false);
var CodeStreamScriptResult = CodeStreamPanel[1].add_1x1("Code Streams", "Raw Findings", true, CodeStreamScript.width()/2);
CodeStreamViewer = CodeStreamScriptResult[0].add_CodeStreamViewer();
RawFindingsViewer = CodeStreamScriptResult[1].add_FindingsViewer();
//RawFindingsViewer = FindingsPanel[1].add_FindingsViewer();
//CodeStreamViewer = MethodStreamPanel[1].add_CodeStreamViewer();
// FindingsPanel
FindingsScript = FindingsPanel[0].add_Script(false);
FinalFindingsViewer = FindingsPanel[1].add_FindingsViewer();
//var controls2 = host[1].add_1x1x1(true);
// extra vars
// script parameters
var scriptParameters = new Dictionary<string,object>();
scriptParameters.Add("methodStreamViewer", MethodStreamViewer);
scriptParameters.Add("codeStreamViewer", CodeStreamViewer);
scriptParameters.Add("rawFindingsViewer", RawFindingsViewer);
scriptParameters.Add("finalFindingsViewer", FinalFindingsViewer);
scriptParameters.Add("astData", AstData);
MethodStreamScript.InvocationParameters.AddRange(scriptParameters);
CodeStreamScript.InvocationParameters.AddRange(scriptParameters);
FindingsScript.InvocationParameters.AddRange(scriptParameters);
*/
}
public void buildGui()
{
var topPanel = this;
CodeViewer = topPanel.add_SourceCodeViewer();
DataTreeView = CodeViewer.insert_Left<TreeView>(200).showSelection().sort();
Options = DataTreeView.insert_Below<Panel>(40);
Options.add_CheckBox("View AST",0,0,(value)=> { this.Show_Ast = value;}).check();
Options.add_CheckBox("View CodeDom",0,95,(value)=> {this.Show_CodeDom = value; }).front();
Options.add_CheckBox("View NRefactory",20,0,(value)=> {this.Show_NRefactory = value;}).front().autoSize();
DataTreeView.showSelection();
DataTreeView.configureTreeViewForCodeDomViewAndNRefactoryDom();
AstData.afterSelect_ShowInSourceCodeEditor(DataTreeView, CodeViewer.editor());
DataTreeView.onDrop(
(fileOrFolder)=>{
DataTreeView.backColor(Color.LightPink);
O2Thread.mtaThread(
()=>{
AstData.dispose();
AstData = new O2MappedAstData();
if (fileOrFolder.fileExists())
AstData.loadFile(fileOrFolder);
else
AstData.loadFiles(fileOrFolder.files("*.cs",true));
loadDataInGui();
DataTreeView.backColor(Color.White);
});
});
DataTreeView.afterSelect<string>(
(file)=>{
if (file.fileExists())
CodeViewer.open(file);
});
DataTreeView.beforeExpand<CompilationUnit>(
(compilationUnit)=>{
var treeNode = DataTreeView.selected();
treeNode.clear();
if (Show_Ast)
{
if (compilationUnit!=null)
treeNode.add_Node("AST",null)
.show_Ast(compilationUnit)
.show_Asts(compilationUnit.types(true))
.show_Asts(compilationUnit.methods());
//treeNode.show_Ast(compilationUnit);
}
if (Show_CodeDom)
{
var codeNamespace = AstData.MapAstToDom.CompilationUnitToNameSpaces[compilationUnit];
var domNode = treeNode.add_Node("CodeDom");
domNode.add_Node("CodeNamespaces").show_CodeDom(codeNamespace);
domNode.add_Node("CodeTypeDeclarations").show_CodeDom(AstData.codeTypeDeclarations());
domNode.add_Node("CodeMemberMethods").show_CodeDom(AstData.codeMemberMethods());
//domNode.add_Node("CodeMemberMethods").show_CodeDom(o2MappedAstData.codeMemberMethods());
}
if (Show_NRefactory)
{
var iCompilationUnit = AstData.MapAstToNRefactory.CompilationUnitToICompilationUnit[compilationUnit];
treeNode.add_Node("NRefactory")
.add_Nodes_WithPropertiesAsChildNodes<ICompilationUnit>(iCompilationUnit);
//.show_NRefactoryDom(o2MappedAstData.iClasses())
//.show_NRefactoryDom(o2MappedAstData.iMethods());
}
});
}
public Assembly compileCSSharpFile()
{
Assembly compiledAssembly = null;
var compileEngine = new CompileEngine();
if (getSourceCode() != "")
{
saveSourceCode();
// always save before compiling
compileEngine.compileSourceFile(sPathToFileLoaded);
compiledAssembly = compileEngine.compiledAssembly ?? null;
if (compiledAssembly.notNull() &&
o2CodeCompletion.notNull() &&
compileEngine.cpCompilerParameters.notNull())
o2CodeCompletion.addReferences(compileEngine.cpCompilerParameters.ReferencedAssemblies.toList());
}
var state = compiledAssembly == null && compileEngine.sbErrorMessage != null;
//btShowHideCompilationErrors.visible(state);
btShowHideCompilationErrors.prop("Visible",state);
tvCompilationErrors.visible(state);
lbCompilationErrors.prop("Visible", state);
clearBookmarksAndMarkers();
// if there isn't a compiledAssembly, show errors
if (compiledAssembly == null)
{
compileEngine.addErrorsListToTreeView(tvCompilationErrors);
showErrorsInSourceCodeEditor(compileEngine.sbErrorMessage.str());
}
else
{
if (compiledFileAstData.notNull())
compiledFileAstData.Dispose();
compiledFileAstData = new O2MappedAstData(sPathToFileLoaded);
}
return compiledAssembly;
}
public static Saved_MethodStream map_MethodStreamItems(this Saved_MethodStream savedMethodStream, O2MappedAstData astData)
{
var methodStreamItems = savedMethodStream.MethodStreamItems;
foreach(var externalClass in savedMethodStream.o2MethodStream.ExternalClasses.Values)
methodStreamItems.add(savedMethodStream.methodStreamItem(externalClass));
foreach(var externalIMethod in savedMethodStream.o2MethodStream.ExternalIMethods.Values)
methodStreamItems.add(savedMethodStream.methodStreamItem(astData,externalIMethod, MethodStream_ItemType.ExternalMethod));
foreach(var externalIMethod in savedMethodStream.o2MethodStream.MappedIMethods.Values)
methodStreamItems.add(savedMethodStream.methodStreamItem(astData,externalIMethod, MethodStream_ItemType.MappedMethod));
foreach(var iField in savedMethodStream.o2MethodStream.Fields.Values)
methodStreamItems.add(savedMethodStream.methodStreamItem(astData,iField));
foreach(var iProperty in savedMethodStream.o2MethodStream.Properties.Values)
methodStreamItems.add(savedMethodStream.methodStreamItem(astData,iProperty));
//break;
return savedMethodStream;
}
public static Saved_MethodStream createMethodStream(this Saved_MethodStream savedMethodStream, O2MappedAstData astData, IMethod iMethod)
{
savedMethodStream.o2MethodStream = astData.createO2MethodStream(iMethod);
savedMethodStream.MethodStream = savedMethodStream.o2MethodStream.csharpCode();
var fileCachePath = "_methodStreams".tempDir(false).pathCombine_MaxSize(savedMethodStream.RootMethod.Signature.safeFileName() + ".cs");
savedMethodStream.MethodStream_FileCache = savedMethodStream.MethodStream.saveAs(fileCachePath);
return savedMethodStream;
}
public Location(O2MappedAstData astData, IMethod iMethod)
{
File = astData.file(iMethod);
var methodDeclaration = astData.methodDeclaration(iMethod);
if (methodDeclaration.notNull())
{
Line = methodDeclaration.StartLocation.Line;
Column = methodDeclaration.StartLocation.Column;
Line_End = methodDeclaration.EndLocation.Line;
Column_End = methodDeclaration.EndLocation.Column;
}
}
public static MethodStream_Item methodStreamItem(this Saved_MethodStream savedMethodStream, O2MappedAstData astData, IMethod iMethod, MethodStream_ItemType itemType)
{
var methodStreamItem = new MethodStream_Item();
methodStreamItem.ItemType = itemType;
if (iMethod.Parameters.Count > 0)
{
methodStreamItem.Parameters = new NameValueItems();
foreach(var parameter in iMethod.Parameters)
methodStreamItem.Parameters.add(parameter.Name.str(), parameter.ReturnType.FullyQualifiedName);
}
if (iMethod.Attributes.Count > 0)
{
methodStreamItem.Attributes = new NameValueItems();
foreach(var attribute in iMethod.Attributes)
methodStreamItem.Attributes.add(attribute.AttributeTarget.str(), attribute.AttributeType.FullyQualifiedName);
}
methodStreamItem.Name = iMethod.name();
methodStreamItem.Class = iMethod.DeclaringType.Name;
if (astData.file(iMethod).notNull())
methodStreamItem.Location = new Location(astData, iMethod);
methodStreamItem.Namespace = iMethod.DeclaringType.Namespace;
methodStreamItem.Signature = iMethod.fullName();
methodStreamItem.ReturnType = iMethod.ReturnType.FullyQualifiedName;
methodStreamItem.DotNetName = iMethod.DotNetName;
return methodStreamItem;
}
public static List<IO2Finding> calculate_Url_to_EntryMethod_Mappings(string pathWithSourceFiles, string urlBase, string port, ProgressBar progressBar)
{
var o2Findings = new List<IO2Finding>();
var filesToAnalyze = pathWithSourceFiles.files("*.cs",true);
progressBar.maximum(filesToAnalyze.size());
foreach(var file in filesToAnalyze)
{
"Processing file:{0}".info(file);
var url = urlBase.format(port, file.replace(pathWithSourceFiles,"").replace(".ascx.cs",""));
foreach(var type in file.csharpAst().types(true))
foreach(var baseType in type.BaseTypes)
if (baseType.str() == "System.Web.UI.UserControl")
{
var astData = new O2MappedAstData();
astData.loadFile(file);
foreach(var iMethod in astData.iMethods())
{
var o2Finding = new O2Finding();
o2Finding.vulnName = url;
o2Finding.vulnType = "Web EntryPoint";
var source = new O2Trace(url);
var sink = new O2Trace(iMethod.fullName());
source.traceType = TraceType.Source;
sink.traceType = TraceType.Known_Sink;
source.childTraces.Add(sink);
o2Finding.o2Traces.Add(source);
o2Findings.Add(o2Finding);
}
}
progressBar.increment(1);
}
return o2Findings;
}
public static MethodStream_Item methodStreamItem(this Saved_MethodStream savedMethodStream, O2MappedAstData astData, IField iField)
{
var methodStreamItem = savedMethodStream.methodStreamItem(iField);
methodStreamItem.ItemType = MethodStream_ItemType.Field;
var fieldDeclaration = astData.fieldDeclaration(iField);
if (fieldDeclaration.notNull())
methodStreamItem.Location = new Location(fieldDeclaration);
return methodStreamItem;
}
public static MethodStream_Item methodStreamItem(this Saved_MethodStream savedMethodStream, O2MappedAstData astData, IProperty iProperty)
{
var methodStreamItem = savedMethodStream.methodStreamItem(iProperty);
methodStreamItem.ItemType = MethodStream_ItemType.Property;
var propertyDeclaration = astData.propertyDeclaration(iProperty);
if (propertyDeclaration.notNull())
methodStreamItem.Location = new Location(propertyDeclaration);
//fieldDeclaration.details();
return methodStreamItem;
}
public static MethodStream_Item methodStreamItem(this Saved_MethodStream savedMethodStream, O2MappedAstData astData, IMethod iMethod)
{
return savedMethodStream.methodStreamItem(astData,iMethod, MethodStream_ItemType.Method);
}
public ascx_Interactive_MethodCalls()
{
AstData = new O2MappedAstData();
//GraphNodes = new Dictionary<string, WPF.Control>();
}
