public void FixtureSetUp()
{
Config = Config.ReadConfiguration(TestSettings.ConfigFile);
// ARGH!!!!
FunctionsHandler.Instance.FunctionSpecification = Config.FuncSpecSettings;
FunctionsHandler.Instance.LoadJsonSpecifications();
}
public static void CTLLTLMain(Arguments args, Config conf)
{
Arguments arguments = args;
if (arguments.Result == null || arguments.Main == null)
{
Console.WriteLine("Result dir and Main file must be specified");
Environment.Exit(1);
}
Configuration = conf;
Config configuration = Configuration;
Analyze (arguments, configuration);
}
private static void Analyze(Arguments arguments, Config configuration)
{
Console.WriteLine ("Parsing project at: " + arguments.Target);
Console.WriteLine ();
var stopwatch = Stopwatch.StartNew ();
Console.WriteLine ("Building ASTs..");
ParseResult parseResult = ParseTarget (arguments, configuration);
Console.WriteLine (" - AST build for " + parseResult.ParsedFiles.Count + " files (" + parseResult.FilesThatFailedToParse.Count + " failed)..");
Console.WriteLine ("Traversing ASTs..");
var filesCollection = new List<File> ();
foreach (var parsedFile in parseResult.ParsedFiles) {
ExtractFunctions (parsedFile);
}
/*Parallel.ForEach(parseResult.ParsedFiles,parsedFile =>
{
ExtractFunctions(parsedFile);
});*/
var bag = new ConcurrentBag<File> ();
Parallel.ForEach (parseResult.ParsedFiles, parsedFile => {
Console.WriteLine ("File: " + parsedFile.Key);
var file = BuildFileCFGAndExtractFileInformation (parsedFile);
bag.Add (file);
});
filesCollection.AddRange (bag);
Console.WriteLine ("Creating CTLLTL Model...");
File mainfile = filesCollection.Find (x => x.Name == arguments.Main);
IncludeResolver ir = new IncludeResolver (filesCollection);
var c = new CTLLTL ();
string p = Path.Combine (arguments.Result, "graph-ctl");
mainfile.CFG.VisualizeGraph (p, Configuration.GraphSettings);
c.makeModel ((QuickGraph.BidirectionalGraph<CFGBlock, QuickGraph.TaggedEdge<CFGBlock, EdgeTag>>)mainfile.CFG, ir, Path.Combine (arguments.Result, "model.smv"));
stopwatch.Stop ();
Console.WriteLine ("Time spent: " + stopwatch.Elapsed);
}
public void FixtureTearDown()
{
Config = null;
}
private static ParseResult ParseFile(Config configuration, Arguments arguments)
{
var fileParser = new FileParser (configuration.PHPSettings.PHPParserPath);
var result = fileParser.ParsePHPFile (arguments.Target);
var parseResult = new ParseResult ();
parseResult.ParsedFiles.Add (arguments.Target, result);
return parseResult;
}
private static ParseResult ParseTarget(Arguments arguments, Config configuration)
{
if (Directory.Exists (arguments.Target)) {
return ParseDirectoryFiles (configuration, arguments);
}
if (System.IO.File.Exists (arguments.Target)) {
return ParseFile (configuration, arguments);
}
Console.WriteLine ("Target does not seem to be a valid directory or file.");
Environment.Exit (1);
return null;
}
private static ParseResult ParseDirectoryFiles(Config configuration, Arguments arguments)
{
var projectParser = new ProjectParser (arguments.Target, configuration.PHPSettings);
ParseResult parseResult = projectParser.ParseProjectFiles ();
return parseResult;
}
public AnalysisStartingEventArgs(Config config, Arguments arguments)
{
this.Configuration = config;
this.Arguments = arguments;
}
private static void Analyze(Arguments arguments, Config configuration)
{
Console.WriteLine("Parsing project at: " + arguments.Target);
Console.WriteLine();
foreach (var analysisStartingListener in _components.AnalysisStartingListeners)
{
// TODO - This should probably be a proper event - same goes for EndingEvent (this will also remove the loop(s)).
analysisStartingListener.AnalysisStarting(null, new AnalysisStartingEventArgs(configuration, arguments));
}
var stopwatch = Stopwatch.StartNew();
Console.WriteLine("Building ASTs..");
ParseResult parseResult = ParseTarget(arguments, configuration);
Console.WriteLine(" - AST build for {0} files ({1} failed)..", parseResult.ParsedFiles.Count, parseResult.FilesThatFailedToParse.Count);
Console.WriteLine("Traversing ASTs..");
var filesCollection = new List<File>();
var runningVulnReporter = new CompositeVulneribilityReporter(_components.VulnerabilityReporters);
var vulnerabilityStorage = new ReportingVulnerabilityStorage(runningVulnReporter);
var progrssIndicator = ProgressIndicatorFactory.CreateProgressIndicator(parseResult.ParsedFiles.Count());
foreach (var parsedFile in parseResult.ParsedFiles)
{
progrssIndicator.Step();
var file = BuildFileCFGAndExtractFileInformation(parsedFile);
filesCollection.Add(file);
}
var subroutineAnalyzerFactory = new FunctionAndMethodAnalyzerFactory { UseSummaries = arguments.UseFunctionSummaries };
Func<ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks,
ImmutableVariableStorage> fileTaintAnalyzer = null;
fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) =>
{
Preconditions.NotNull(varStorage, "varStorage");
Preconditions.NotNull(inclResolver, "inclResolver");
var blockAnalyzer = new TaintBlockAnalyzer(vulnerabilityStorage, inclResolver, scope, fileTaintAnalyzer, stacks, subroutineAnalyzerFactory);
blockAnalyzer.AnalysisExtensions.AddRange(_components.BlockAnalyzers);
var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack);
var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, varStorage);
var fileToAnalyze = stacks.IncludeStack.Peek();
var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG));
//var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist());
analyzer.Analyze(fileToAnalyze.CFG);
return cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal];
};
foreach (var file in filesCollection)
{
Console.WriteLine(Environment.NewLine + "=============================");
Console.WriteLine("Analyzing {0}..", file.FullPath);
var initialTaint = GetDefaultTaint();
var inclusionResolver = new IncludeResolver(filesCollection);
var stacks = new AnalysisStacks(file);
fileTaintAnalyzer(initialTaint, inclusionResolver, AnalysisScope.File, stacks);
}
Console.WriteLine("Scanned {0}/{1} subroutines. ", FunctionsHandler.Instance.ScannedFunctions.Count, FunctionsHandler.Instance.CustomFunctions.Count);
if (arguments.ScanAllSubroutines)
{
Console.WriteLine("Scanning remaining subroutines..");
ScanUnscannedSubroutines(filesCollection, fileTaintAnalyzer, subroutineAnalyzerFactory, vulnerabilityStorage);
}
vulnerabilityStorage.CheckForStoredVulnerabilities();
//parseResult.ParsedFiles.Values.First().Save(@"C:\Users\Kenneth\Documents\Uni\TestScript\current\parsedFile");
stopwatch.Stop();
foreach (var analysisEndedListener in _components.AnalysisEndedListeners)
{
analysisEndedListener.AnalysisEnding(null, new AnalysisEndedEventArgs(stopwatch.Elapsed));
}
Console.WriteLine("Time spent: " + stopwatch.Elapsed);
Console.WriteLine("Found {0} vulnerabilities.", runningVulnReporter.NumberOfReportedVulnerabilities);
}
private static void WPGotoAnalysis(Arguments arguments, Config configuration)
{
var v = Stopwatch.StartNew();
var folders = Directory.GetDirectories(@"G:\WP");
int counter = 0;
var progress = new BikeGuyRidingAnimation(folders.Count());
var locker = new object();
Parallel.ForEach(folders, new ParallelOptions() { MaxDegreeOfParallelism = 7 },
folder =>
{
int myNumber = Interlocked.Increment(ref counter);
arguments.Target = Path.Combine(arguments.Target, folder);
if (!Directory.Exists(arguments.Target))
return;
var projectParser = new ProjectParser(arguments.Target, configuration.PHPSettings);
ParseResult parseResult = projectParser.ParseProjectFiles();
foreach (var parsedFile in parseResult.ParsedFiles)
{
//Console.WriteLine("File: " + parsedFile.Key);
var traverser = new XmlTraverser();
var metricVisitor = new MetricVisitor();
traverser.AddVisitor(metricVisitor);
traverser.Traverse(parsedFile.Value);
if (metricVisitor.Gotos > 0)
{
lock (locker)
{
System.IO.File.AppendAllLines(@"C:/pluginDLMessages.txt", new [] { "Goto found in " + parsedFile.Key});
}
}
}
//Console.WriteLine(folder);
if ((myNumber % 250) == 0)
{
Console.WriteLine(myNumber + " plugins scanned..");
}
});
Console.WriteLine(v.Elapsed);
Environment.Exit(1);
}
static void Main(string[] args)
{
Arguments arguments = ParseArguments(args);
Configuration = GetConfiguration(arguments.ConfigLocation);
Config configuration = Configuration;
if (arguments.CTLLTL)
{
Console.WriteLine("Got here!");
CTLLTLProgram.CTLLTLMain(arguments, configuration);
Environment.Exit(0);
}
FunctionsHandler.Instance.FunctionSpecification = configuration.FuncSpecSettings;
FunctionsHandler.Instance.LoadJsonSpecifications();
_components = ImportExternalComponents(configuration.ComponentSettings);
Analyze(arguments, configuration);
}
