public List <IO2Rule> getRules_VulnType(string vulnTypeInMySql, string addAsRuleOfType, string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSinks = "select rec.signature as recSignature, " + "actionobjects.severity, actionobjects.vuln_type " + "from actionobjects , rec " + "where actionobjects.vuln_id = rec.vuln_id and actionobjects.signature ='" + vulnTypeInMySql + "' and " + "actionobjects.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks); foreach (DbDataRecord dataRow in mySqlDataReader) { var recSignature = dataRow["recSignature"].ToString(); var severity = dataRow["severity"].ToString(); var vulnType = addAsRuleOfType + "." + dataRow["vuln_type"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Sink, Severity = severity, VulnType = vulnType, Signature = recSignature, }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_PropagateTaint(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sql = "select rec.signature, taint_info.from_args, taint_info.to_args, taint_info.return " + "from rec,taint_info where taint_info.vuln_id = rec.vuln_id and propagates=1 and " + "rec.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql); foreach (DbDataRecord dataRow in mySqlDataReader) { var recSignature = dataRow["signature"].ToString(); var fromArgs = dataRow["from_Args"].ToString(); var toArgs = dataRow["to_Args"].ToString(); var _return = dataRow["return"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.PropageTaint, Signature = recSignature, Return = _return, FromArgs = fromArgs, ToArgs = toArgs }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_DontPropagateTaint(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sql = "select rec.signature from rec,taint_info " + "where taint_info.vuln_id = rec.vuln_id and propagates=0 and " + "rec.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql); foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); var severity = ""; var vulnType = ""; var recSignature = dataRow["signature"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.DontPropagateTaint, Severity = severity, VulnType = vulnType, Signature = recSignature, }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_Callbacks(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSinks = "select rec.signature as recSignature from rec " + "where rec.callback = 1 and " + "rec.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks); foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); //var severity = dataRow["severity"].ToString(); //var vulnType = dataRow["vuln_type"].ToString(); var recSignature = dataRow["recSignature"].ToString(); //var param = dataRow["param"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Callback, // Severity = severity, // VulnType = vulnType, Signature = recSignature //Param = param }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_Sinks(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSinks = "select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " + "actionobjects.severity, actionobjects.vuln_type, sink_info.param " + "from sink_info , actionobjects , rec " + "where sink_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " + "actionobjects.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks); foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); var severity = dataRow["severity"].ToString(); var vulnType = dataRow["vuln_type"].ToString(); var recSignature = dataRow["recSignature"].ToString(); var param = dataRow["param"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Sink, Severity = severity, VulnType = vulnType, Signature = recSignature, Param = param }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_Sources(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSource = "select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " + "actionobjects.severity, actionobjects.vuln_type, source_info.param, source_info.return " + "from source_info , actionobjects , rec " + "where source_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " + "actionobjects.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSource); if (mySqlDataReader == null) { DI.log.error("in getRules_Sources, mySqlDataReader was null"); return(o2Rules); } foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); var severity = dataRow["severity"].ToString(); var vulnType = dataRow["vuln_type"].ToString(); var recSignature = dataRow["recSignature"].ToString(); var param = dataRow["param"].ToString(); var _return = dataRow["return"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Source, Severity = severity, VulnType = vulnType, Signature = recSignature, Param = param, Return = _return }); } mySqlDataReader.Close(); return(o2Rules); }