// PHASE 2 - TASKS public void task1_FilterFindings(List <IO2Finding> o2FindingsInFile, string fileName) { O2Cmd.log.write("TASK #1: Filter Findings"); XUtils_Analysis.copyFindings(o2FindingsInFile, fileName, folderWithArtifacts_Phase2, "FindingsWith_NoTraces", findingWith_NoTraces); //copyFindings(o2FindingsInFile, fileName, "FindingsWith_Traces", findingWith_Traces); XUtils_Analysis.copyFindings(o2FindingsInFile, fileName, folderWithArtifacts_Phase2, "FindingsWith_Traces_KnownSinks", findingWith_Traces_KnownSinks); XUtils_Analysis.copyFindings(o2FindingsInFile, fileName, folderWithArtifacts_Phase2, "FindingsWith_Traces_LostSinks", findingWith_Traces_LostSinks); }
public void task3_filter_FindingsWithNoTraces(List <IO2Finding> o2FindingsWithNoTraces) { // this will create a Dictionary with a List of IO2Finding mapped to its vulnType var mappedFindings = XUtils_Analysis.getDictionaryWithFindingsMappedBy_VulType(o2FindingsWithNoTraces); // which we will save each vulnType as an separate ozasmt file var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Findings with No Traces (by VulnType)"); XUtils_Analysis.saveDictionaryWithMappedFindingsToFolder(mappedFindings, targetFolder); }
// run sequence of filters on findings (note that (if 4th param == true) saveQuery will remove the matched // findings from tracesToFilter public void task2_filterFindings(KAnalysisArtifacts analysisArtifacts, List <IO2Finding> tracesToFilter, string targetFolder, string fileName) { foreach (var sourceSink in analysisArtifacts.phase_3.task2_sourceSink) { XUtils_Analysis.saveQuery(tracesToFilter, targetFolder, fileName, sourceSink.Source, sourceSink.Sink, sourceSink.RemoveMatches); } // save what was left (i.e. findings that didn't match the above filters) in a separate file if (tracesToFilter.Count > 0) { O2Cmd.log.write("After task2 filters there were {0} findings that matched no filter", tracesToFilter.Count); var targetFile = Path.Combine(targetFolder, "__NO FILTER__" + " - " + fileName + ".ozasmt"); XUtils_Findings_v0_1.saveFindings(tracesToFilter, targetFile); } }
public string runPhase3(IAnalysisArtifacts analysisArtifacts) { O2Cmd.log.write("\n\n***** PHASE 3 ***"); // setup expected target folders workflowFolder = analysisArtifacts.targetFolder; folderWithArtifacts_Phase2 = Path.Combine(workflowFolder, "Phase 2 - Artifacts"); folderWithArtifacts_Phase3 = Path.Combine(workflowFolder, "Phase 3 - Artifacts"); Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase3); // create Phase 2 folder (if required) // check if required folders exist Assert.That(Directory.Exists(folderWithArtifacts_Phase2), "folderWithArtifacts_forPhase2 could not be found"); Assert.That(Directory.Exists(folderWithArtifacts_Phase3), "folderWithArtifacts_forPhase3 could not be found"); if (analysisArtifacts.phase_3.task1_handleKnownSinks) { task1_handleKnownSinks(); } if (analysisArtifacts.phase_3.task2_filterFindings) { var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Filtered_Findings"); Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder); Files.deleteAllFilesFromDir(targetFolder); var allTraces_KnownSinks = XUtils_Analysis.getAllTraces_KnownSinks(folderWithArtifacts_Phase2); var allTraces_LostSinks = XUtils_Analysis.getAllTraces_LostSinks(folderWithArtifacts_Phase2); task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_KnownSinks, targetFolder, "Known Sinks"); task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_LostSinks, targetFolder, "Lost Sinks"); } if (analysisArtifacts.phase_3.task3_filter_FindingsWithNoTraces) { var allTraces_NoTraces = XUtils_Analysis.getAllTraces_NoTraces(folderWithArtifacts_Phase2); task3_filter_FindingsWithNoTraces(allTraces_NoTraces); } if (analysisArtifacts.phase_3.task4_CalculateStrutsFindings) { task4_CalculateStrutsFindings(); } O2Cmd.log.write("\n\n***** PHASE 3 COMPLETED ***"); return("Phase 3 completed"); }
// PHASE 3 : TASKS // since there are lot a lot of known sinks move them all into one file public void task1_handleKnownSinks() { // for now save these findings in the root of folderWithArtifacts_Phase3 var folderWithAssessmentFiles = Path.Combine(folderWithArtifacts_Phase2, "FindingsWith_Traces_KnownSinks"); Assert.That(Directory.Exists(folderWithAssessmentFiles), "Directory folderWithAssessmentFiles does not exist: " + folderWithAssessmentFiles); var o2Findings_WithKnownSinks = XUtils_Findings_v0_1.loadMultipleOzasmtFiles(folderWithAssessmentFiles); // save as 1 ozasmt file with all findings var targetFile = Path.Combine(folderWithArtifacts_Phase3, "Findings with Known Sinks.ozasmt"); XUtils_Findings_v0_1.saveFindings(o2Findings_WithKnownSinks, targetFile); // save as 1 ozasmt file per VulnType var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Findings with KnownSinks (by VulnType)"); var mappedFindings = XUtils_Analysis.getDictionaryWithFindingsMappedBy_VulType(o2Findings_WithKnownSinks); XUtils_Analysis.saveDictionaryWithMappedFindingsToFolder(mappedFindings, targetFolder); }
public void task2_createStrutsMappings() { O2Cmd.log.write("TASK #2: Create Struts Mappings"); foreach (var folder in Files.getListOfAllDirectoriesFromDirectory(folderWithArtifacts_Phase1, false)) { var splittedName = Path.GetFileName(folder).Split(new [] { " (-) " }, StringSplitOptions.None); if (splittedName.Length == 2) { var folderType = splittedName[0].Trim(); var value = splittedName[1].Trim(); O2Cmd.log.write("folderType: " + folderType); switch (folderType) { case "Config files": var targetFolder = Path.Combine(folderWithArtifacts_Phase2, "Struts Mappings"); Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder); Assert.That(Directory.Exists(targetFolder)); var targetFile = Path.Combine(targetFolder, value + ".O2StrutsMappings"); XUtils_Analysis.createStrutsMappingsFromFilesIn(folder, targetFile); break; } } } }
public void analyzeFindingsOfVulnType_SqlInjection(List <IO2Finding> o2Findings, bool removeFindingsFromSourceList) { // extract the Sql Injection ones var sqlInjectionFindings = XUtils_Analysis.getFindingsWithVulnType(o2Findings, "Vulnerability.Injection.SQL", removeFindingsFromSourceList); if (sqlInjectionFindings.Count == 0) { return; } // var fileWithSqlInjections = Path.Combine(folderWithArtifacts_Phase4, "Findings_with_SQL_Injection"); //XUtils_Findings_v0_1.saveFindings(sqlInjectionFindings, fileWithSqlInjections); //Assert.That(File.Exists(fileWithSqlInjections), "fileWithSqlInjections was not created"); var sqlInjectionValidators = new List <string> { "java.lang.Integer.<init>(int):void", "java.lang.Integer.valueOf(int):java.lang.Integer", "java.lang.String.valueOf(int):java.lang.String", ":java.util.DateTime" }; var nonExploitable = new List <IO2Finding>(); var maybeExploitable = new List <IO2Finding>(); foreach (O2Finding o2Finding in sqlInjectionFindings) { var validatorFound = ""; foreach (var validator in sqlInjectionValidators) { if (XUtils_Analysis.doesFindingHasTraceSignature(o2Finding, validator)) { validatorFound = validator; break; } } // modify finding if (validatorFound != "") { o2Finding.context = string.Format("found validator: {0} , {1}", validatorFound, o2Finding.context); nonExploitable.Add(o2Finding); o2Finding.vulnType += ".NotExploitable"; o2Finding.severity = 3; o2Finding.confidence = 1; } else { maybeExploitable.Add(o2Finding); o2Finding.vulnType += ".MaybeExploitable.InternalMethod"; o2Finding.severity = 0; o2Finding.confidence = 2; } } var fileWith_NonExploitable = Path.Combine(folderWithArtifacts_Phase4, "NonExploitable_Findings_with_SQL_Injection.ozasmt"); XUtils_Findings_v0_1.saveFindings(nonExploitable, fileWith_NonExploitable); var fileWith_MaybeExploitable = Path.Combine(folderWithArtifacts_Phase4, "MaybeExploitable_Findings_with_SQL_Injection.ozasmt"); XUtils_Findings_v0_1.saveFindings(maybeExploitable, fileWith_MaybeExploitable); //XUtils_Findings_v0_1.openFindingsInNewWindow(nonExploitable).Join(); //XUtils_Findings_v0_1.openFindingsInNewWindow(maybeExploitable).Join(); }