public static void createAssessmentFileWithVirtualTraces_fromTwoSourceAssessmentFiles(String sAssessmentFile1,
String sAssessmentFile2,
String sTargetFile)
{
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile1 = null;
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile2 = null;
// get list of traces with
List <AssessmentAssessmentFileFinding> lfFindingsWithTraces_sAssessmentFile2 =
AnalysisUtils.getListOfAllFindingsWithTraces(sAssessmentFile2, ref fadF1AssessmentData_sAssessmentFile2);
// calculate traces to join
var dTracesToAppend = new Dictionary <String, List <CallInvocation> >();
foreach (AssessmentAssessmentFileFinding fFinding in lfFindingsWithTraces_sAssessmentFile2)
{
if (fFinding.Trace != null && fFinding.Trace[0] != null && fFinding.Trace[0].CallInvocation1 != null &&
fFinding.Trace[0].CallInvocation1.Length > 1)
{
if (
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[0].sig_id,
fadF1AssessmentData_sAssessmentFile2).IndexOf(
sExternalSourceString) > -1)
{
String sSignatureOfCallbackFunction =
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[1].sig_id,
fadF1AssessmentData_sAssessmentFile2);
if (false == dTracesToAppend.ContainsKey(sSignatureOfCallbackFunction))
{
dTracesToAppend.Add(sSignatureOfCallbackFunction, new List <CallInvocation>());
}
dTracesToAppend[sSignatureOfCallbackFunction].Add(fFinding.Trace[0].CallInvocation1[1]);
}
}
}
// get sinks to append traces
List <String> lsSinks_sAssessmentFile1 = AnalysisAssessmentFile.getListOf_KnownSinks(sAssessmentFile1, ref fadF1AssessmentData_sAssessmentFile1);
Analysis.populateDictionariesWithXrefsToLoadedAssessment(Analysis.FindingFilter.SmartTraces, true, true,
fadF1AssessmentData_sAssessmentFile1);
var dNewStringIndex = new Dictionary <String, UInt32>();
foreach (
AssessmentRunStringIndex siStringIndex in
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces)
{
dNewStringIndex.Add(siStringIndex.value, siStringIndex.id);
}
var dNewFileIndex = new Dictionary <String, UInt32>();
foreach (AssessmentRunFileIndex siStringIndex in fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces)
{
dNewFileIndex.Add(siStringIndex.value, siStringIndex.id);
}
TraceType tTraceType = TraceType.Known_Sink;
foreach (String sSink in lsSinks_sAssessmentFile1)
{
if (dTracesToAppend.ContainsKey(sSink))
{
List <AssessmentAssessmentFileFinding> lfFindingsWithSink =
AnalysisUtils.getListOfFindingsWithTraceAndSignature(sSink, tTraceType,
fadF1AssessmentData_sAssessmentFile1);
foreach (AssessmentAssessmentFileFinding fFindingToJoin in lfFindingsWithSink)
{
var lfNewFindinds = new List <AssessmentAssessmentFileFinding>();
foreach (CallInvocation ciCallInvocationToAppend in dTracesToAppend[sSink])
{
// append trace
AssessmentAssessmentFileFinding fNewFinding = createNewFindingFromExistingOne(
fFindingToJoin, dNewStringIndex, dNewFileIndex, fadF1AssessmentData_sAssessmentFile1);
CallInvocation ciSinkNode =
AnalysisSearch.findTraceTypeAndSignatureInSmartTrace_Recursive_returnCallInvocation(
fNewFinding.Trace, tTraceType, sSink, fadF1AssessmentData_sAssessmentFile1);
ciSinkNode.trace_type = (int)TraceType.Source;
var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function
ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive(
lciTempNewCallInvocation,
//new CallInvocation[] { ciCallInvocationToAppend },
ciCallInvocationToAppend.CallInvocation1,
dNewStringIndex,
dNewFileIndex,
fadF1AssessmentData_sAssessmentFile2);
lfNewFindinds.Add(fNewFinding);
}
AssessmentAssessmentFile fFile = fadF1AssessmentData_sAssessmentFile1.dFindings[fFindingToJoin];
var lfFindingsInCurrentFile = new List <AssessmentAssessmentFileFinding>(fFile.Finding);
lfFindingsInCurrentFile.Remove(fFindingToJoin);
lfFindingsInCurrentFile.AddRange(lfNewFindinds);
fFile.Finding = lfFindingsInCurrentFile.ToArray();
}
}
}
// update indexes
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces =
OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces =
OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);
//String sTargetFile = config.getTempFileNameInF1TempDirectory();
OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun, sTargetFile);
DI.log.debug("Joined assesment saved to:{0}", sTargetFile);
}
public bool appendTrace_FindingSourceToFindingSink(AssessmentAssessmentFileFinding fJoinAtSink,
FindingViewItem fviJoinAtSource)
{
//Get the Sink of the first trace
CallInvocation ciSinkNode =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fJoinAtSink.Trace,
TraceType.Known_Sink);
if (ciSinkNode == null)
{
// DI.log.error("in appendTrace_FindingSourceToFindingSink, could not find the Sink of fviJoinAtSink");
return(false);
}
// get the source of the 2nd trace
// There are 3 possible Gluing Scenarios
// a source that has child nodes (when it is a callback)
// a source trace that has a compatible signature with the sink trace (when it was creted via a source of tainded data rule). For this one we will have to find the correct injection point
// a source trace that has nothing do with the source (interfaces gluing for example) and we have the same two cases above
// the strategy to find a gluing point (on the fviJoinAtSource is to find the first trace that has a sink
// try to get case 1 see if the current source has child nodes
CallInvocation ciSourceNode =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(
fviJoinAtSource.fFinding.Trace, TraceType.Source);
if (ciSourceNode == null)
{
DI.log.error(
"in appendTrace_FindingSourceToFindingSink, could not find the Source of fviJoinAtSource");
return(false);
}
if (ciSourceNode.CallInvocation1 == null) // means we are case 2 or 3
{
CallInvocation ciSourceNodeWithSink =
AnalysisSearch.fromSourceFindFirstTraceWithAChildSink(fviJoinAtSource.fFinding,
fviJoinAtSource.oadO2AssessmentDataOunceV6);
if (ciSourceNodeWithSink != null)
{
// if we found this it means that we are now on Trace that the first child node goes to the source and the 2nd goes to the Sink
ciSourceNode = ciSourceNodeWithSink.CallInvocation1[1];
}
}
// make the previous Sink that Type 4 that doesn't seem to be used (could make it sources but it is cleaner with using this extra trace type for the joins
ciSinkNode.trace_type = (int)TraceType.Type_4;
CallInvocation[] aciCallInvocation;
if (AnalysisUtils.getSink(fJoinAtSink, oadNewO2AssessmentDataOunceV6) ==
AnalysisUtils.getSource(fviJoinAtSource.fFinding, fviJoinAtSource.oadO2AssessmentDataOunceV6))
{
aciCallInvocation = ciSourceNode.CallInvocation1;
}
else
{
aciCallInvocation = new[] { ciSourceNode }
};
var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function
ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive(
lciTempNewCallInvocation,
aciCallInvocation,
dNewStringIndex,
dNewFileIndex,
fviJoinAtSource.oadO2AssessmentDataOunceV6);
return(true);
}
