// PHASE 2 - TASKS
public void task1_FilterFindings(List <IO2Finding> o2FindingsInFile, string fileName)
{
O2Cmd.log.write("TASK #1: Filter Findings");
XUtils_Analysis.copyFindings(o2FindingsInFile, fileName, folderWithArtifacts_Phase2, "FindingsWith_NoTraces", findingWith_NoTraces);
//copyFindings(o2FindingsInFile, fileName, "FindingsWith_Traces", findingWith_Traces);
XUtils_Analysis.copyFindings(o2FindingsInFile, fileName, folderWithArtifacts_Phase2, "FindingsWith_Traces_KnownSinks", findingWith_Traces_KnownSinks);
XUtils_Analysis.copyFindings(o2FindingsInFile, fileName, folderWithArtifacts_Phase2, "FindingsWith_Traces_LostSinks", findingWith_Traces_LostSinks);
}
public void task3_filter_FindingsWithNoTraces(List <IO2Finding> o2FindingsWithNoTraces)
{
// this will create a Dictionary with a List of IO2Finding mapped to its vulnType
var mappedFindings = XUtils_Analysis.getDictionaryWithFindingsMappedBy_VulType(o2FindingsWithNoTraces);
// which we will save each vulnType as an separate ozasmt file
var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Findings with No Traces (by VulnType)");
XUtils_Analysis.saveDictionaryWithMappedFindingsToFolder(mappedFindings, targetFolder);
}
// run sequence of filters on findings (note that (if 4th param == true) saveQuery will remove the matched
// findings from tracesToFilter
public void task2_filterFindings(KAnalysisArtifacts analysisArtifacts, List <IO2Finding> tracesToFilter, string targetFolder, string fileName)
{
foreach (var sourceSink in analysisArtifacts.phase_3.task2_sourceSink)
{
XUtils_Analysis.saveQuery(tracesToFilter, targetFolder, fileName, sourceSink.Source, sourceSink.Sink, sourceSink.RemoveMatches);
}
// save what was left (i.e. findings that didn't match the above filters) in a separate file
if (tracesToFilter.Count > 0)
{
O2Cmd.log.write("After task2 filters there were {0} findings that matched no filter", tracesToFilter.Count);
var targetFile = Path.Combine(targetFolder, "__NO FILTER__" + " - " + fileName + ".ozasmt");
XUtils_Findings_v0_1.saveFindings(tracesToFilter, targetFile);
}
}
public string runPhase3(IAnalysisArtifacts analysisArtifacts)
{
O2Cmd.log.write("\n\n***** PHASE 3 ***");
// setup expected target folders
workflowFolder = analysisArtifacts.targetFolder;
folderWithArtifacts_Phase2 = Path.Combine(workflowFolder, "Phase 2 - Artifacts");
folderWithArtifacts_Phase3 = Path.Combine(workflowFolder, "Phase 3 - Artifacts");
Files.checkIfDirectoryExistsAndCreateIfNot(folderWithArtifacts_Phase3); // create Phase 2 folder (if required)
// check if required folders exist
Assert.That(Directory.Exists(folderWithArtifacts_Phase2), "folderWithArtifacts_forPhase2 could not be found");
Assert.That(Directory.Exists(folderWithArtifacts_Phase3), "folderWithArtifacts_forPhase3 could not be found");
if (analysisArtifacts.phase_3.task1_handleKnownSinks)
{
task1_handleKnownSinks();
}
if (analysisArtifacts.phase_3.task2_filterFindings)
{
var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Filtered_Findings");
Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder);
Files.deleteAllFilesFromDir(targetFolder);
var allTraces_KnownSinks = XUtils_Analysis.getAllTraces_KnownSinks(folderWithArtifacts_Phase2);
var allTraces_LostSinks = XUtils_Analysis.getAllTraces_LostSinks(folderWithArtifacts_Phase2);
task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_KnownSinks, targetFolder, "Known Sinks");
task2_filterFindings((KAnalysisArtifacts)analysisArtifacts, allTraces_LostSinks, targetFolder, "Lost Sinks");
}
if (analysisArtifacts.phase_3.task3_filter_FindingsWithNoTraces)
{
var allTraces_NoTraces = XUtils_Analysis.getAllTraces_NoTraces(folderWithArtifacts_Phase2);
task3_filter_FindingsWithNoTraces(allTraces_NoTraces);
}
if (analysisArtifacts.phase_3.task4_CalculateStrutsFindings)
{
task4_CalculateStrutsFindings();
}
O2Cmd.log.write("\n\n***** PHASE 3 COMPLETED ***");
return("Phase 3 completed");
}
// PHASE 3 : TASKS
// since there are lot a lot of known sinks move them all into one file
public void task1_handleKnownSinks()
{
// for now save these findings in the root of folderWithArtifacts_Phase3
var folderWithAssessmentFiles = Path.Combine(folderWithArtifacts_Phase2, "FindingsWith_Traces_KnownSinks");
Assert.That(Directory.Exists(folderWithAssessmentFiles), "Directory folderWithAssessmentFiles does not exist: " + folderWithAssessmentFiles);
var o2Findings_WithKnownSinks = XUtils_Findings_v0_1.loadMultipleOzasmtFiles(folderWithAssessmentFiles);
// save as 1 ozasmt file with all findings
var targetFile = Path.Combine(folderWithArtifacts_Phase3, "Findings with Known Sinks.ozasmt");
XUtils_Findings_v0_1.saveFindings(o2Findings_WithKnownSinks, targetFile);
// save as 1 ozasmt file per VulnType
var targetFolder = Path.Combine(folderWithArtifacts_Phase3, "Findings with KnownSinks (by VulnType)");
var mappedFindings = XUtils_Analysis.getDictionaryWithFindingsMappedBy_VulType(o2Findings_WithKnownSinks);
XUtils_Analysis.saveDictionaryWithMappedFindingsToFolder(mappedFindings, targetFolder);
}
public void task2_createStrutsMappings()
{
O2Cmd.log.write("TASK #2: Create Struts Mappings");
foreach (var folder in Files.getListOfAllDirectoriesFromDirectory(folderWithArtifacts_Phase1, false))
{
var splittedName = Path.GetFileName(folder).Split(new [] { " (-) " }, StringSplitOptions.None);
if (splittedName.Length == 2)
{
var folderType = splittedName[0].Trim();
var value = splittedName[1].Trim();
O2Cmd.log.write("folderType: " + folderType);
switch (folderType)
{
case "Config files":
var targetFolder = Path.Combine(folderWithArtifacts_Phase2, "Struts Mappings");
Files.checkIfDirectoryExistsAndCreateIfNot(targetFolder);
Assert.That(Directory.Exists(targetFolder));
var targetFile = Path.Combine(targetFolder, value + ".O2StrutsMappings");
XUtils_Analysis.createStrutsMappingsFromFilesIn(folder, targetFile);
break;
}
}
}
}
public void analyzeFindingsOfVulnType_SqlInjection(List <IO2Finding> o2Findings, bool removeFindingsFromSourceList)
{
// extract the Sql Injection ones
var sqlInjectionFindings = XUtils_Analysis.getFindingsWithVulnType(o2Findings, "Vulnerability.Injection.SQL", removeFindingsFromSourceList);
if (sqlInjectionFindings.Count == 0)
{
return;
}
// var fileWithSqlInjections = Path.Combine(folderWithArtifacts_Phase4, "Findings_with_SQL_Injection");
//XUtils_Findings_v0_1.saveFindings(sqlInjectionFindings, fileWithSqlInjections);
//Assert.That(File.Exists(fileWithSqlInjections), "fileWithSqlInjections was not created");
var sqlInjectionValidators = new List <string> {
"java.lang.Integer.<init>(int):void",
"java.lang.Integer.valueOf(int):java.lang.Integer",
"java.lang.String.valueOf(int):java.lang.String",
":java.util.DateTime"
};
var nonExploitable = new List <IO2Finding>();
var maybeExploitable = new List <IO2Finding>();
foreach (O2Finding o2Finding in sqlInjectionFindings)
{
var validatorFound = "";
foreach (var validator in sqlInjectionValidators)
{
if (XUtils_Analysis.doesFindingHasTraceSignature(o2Finding, validator))
{
validatorFound = validator;
break;
}
}
// modify finding
if (validatorFound != "")
{
o2Finding.context = string.Format("found validator: {0} , {1}", validatorFound, o2Finding.context);
nonExploitable.Add(o2Finding);
o2Finding.vulnType += ".NotExploitable";
o2Finding.severity = 3;
o2Finding.confidence = 1;
}
else
{
maybeExploitable.Add(o2Finding);
o2Finding.vulnType += ".MaybeExploitable.InternalMethod";
o2Finding.severity = 0;
o2Finding.confidence = 2;
}
}
var fileWith_NonExploitable = Path.Combine(folderWithArtifacts_Phase4, "NonExploitable_Findings_with_SQL_Injection.ozasmt");
XUtils_Findings_v0_1.saveFindings(nonExploitable, fileWith_NonExploitable);
var fileWith_MaybeExploitable = Path.Combine(folderWithArtifacts_Phase4, "MaybeExploitable_Findings_with_SQL_Injection.ozasmt");
XUtils_Findings_v0_1.saveFindings(maybeExploitable, fileWith_MaybeExploitable);
//XUtils_Findings_v0_1.openFindingsInNewWindow(nonExploitable).Join();
//XUtils_Findings_v0_1.openFindingsInNewWindow(maybeExploitable).Join();
}
