public void CFGCreator_RootAndExitIsClousure(string phpCode) { var extract = ParseAndExtract(phpCode); foreach (var closure in extract.Closures) { var ast = closure.AstNode; var traverser = new XmlTraverser(); var cfgcreator = new CFGCreator(); traverser.AddVisitor(cfgcreator); traverser.Traverse(ast); var graph = cfgcreator.Graph; //Root Assert.IsTrue(graph.Vertices.First().IsRoot, "the first vertix is not the root node"); Assert.IsTrue(graph.Vertices.First().IsSpecialBlock, "The first node was not marked with IsSpecialBlock"); graph.AssertInEdges(graph.Vertices.First(), 0, "Entry node contains in edges"); graph.AssertOutEdges(graph.Vertices.First(), 1, "Entry node did not have exactly one out edge"); Assert.AreEqual(AstConstants.Nodes.Expr_Closure, graph.Vertices.First().ToString(), "The root node was not a closure, and was expected to be a closure"); //Leaf Assert.IsTrue(graph.Vertices.ElementAt(1).IsLeaf, "The element at position one was not the exit block"); Assert.IsTrue(graph.Vertices.ElementAt(1).IsSpecialBlock, "The element at position one was not marked with IsSpecialBlock"); graph.AssertOutEdges(graph.Vertices.ElementAt(1), 0, "The exit block contained out edged"); Assert.AreEqual(AstConstants.Nodes.Expr_Closure, graph.Vertices.ElementAt(1).ToString()); } }
public void CFGCreator_RootAndExitIsStmtClassMethod(string phpcode) { var extract = ParseAndExtract(phpcode); foreach (var @class in extract.Classes) { foreach (var method in @class.Methods) { var ast = method.AstNode; var traverser = new XmlTraverser(); var cfgcreator = new CFGCreator(); traverser.AddVisitor(cfgcreator); traverser.Traverse(ast); var graph = cfgcreator.Graph; //Root assertions Assert.AreEqual(AstConstants.Nodes.Stmt_ClassMethod, graph.Vertices.First().ToString()); graph.AssertInEdges(graph.Vertices.First(), 0, "Entry node - in edges"); graph.AssertOutEdges(graph.Vertices.First(), 1, "Entry node - out edges"); Assert.AreEqual(true, graph.Vertices.First().IsRoot); //Leaf assertions graph.AssertOutEdges(graph.Vertices.ElementAt(1), 0, "Exit node - out edges"); Assert.AreEqual(true, graph.Vertices.ElementAt(1).IsLeaf); } } }
public void CFGCreator_RootAndExitIsStmtFunction(string phpcode) { var extract = ParseAndExtract(phpcode); foreach (var func in extract.Functions) { var ast = func.AstNode; var traverser = new XmlTraverser(); var cfgcreator = new CFGCreator(); traverser.AddVisitor(cfgcreator); traverser.Traverse(ast); var graph = cfgcreator.Graph; //Root assertions Assert.IsTrue(graph.Vertices.First().IsRoot, "first node was not the root node"); Assert.IsTrue(graph.Vertices.First().IsSpecialBlock, "first node was not marked as IsSpecialBlock"); graph.AssertInEdges(graph.Vertices.First(), 0, "Entry node - in edges"); graph.AssertOutEdges(graph.Vertices.First(), 1, "Entry node - out edges"); Assert.AreEqual(AstConstants.Nodes.Stmt_Function, graph.Vertices.First().ToString()); //Leaf assertions Assert.IsTrue(graph.Vertices.ElementAt(1).IsSpecialBlock, "The element at position 1 was not marked with IsSpecialBlock"); Assert.AreEqual(true, graph.Vertices.ElementAt(1).IsLeaf, "The element at position 1 was not marked with IsLeaf"); graph.AssertOutEdges(graph.Vertices.ElementAt(1), 0, "Exit node - out edges"); } }
private static File BuildFileCFGAndExtractFileInformation(KeyValuePair <string, XmlDocument> parsedFile) { var traverser = new XmlTraverser(); var metricAnalyzer = new MetricVisitor(); var extractor = new ClassAndFunctionExtractor(); var printer = new ASTPrinter(Console.Out); var cfgcreator = new CFGCreator(); traverser.AddVisitor(extractor); traverser.AddVisitor(metricAnalyzer); traverser.AddVisitor(cfgcreator); //traverser.AddVisitor(printer); traverser.AddVisitors(_components.AstVisitors.ToArray()); traverser.Traverse(parsedFile.Value.FirstChild.NextSibling); foreach (var function in extractor.Functions) { function.File = parsedFile.Key; } foreach (var closure in extractor.Closures) { closure.File = parsedFile.Key; } _funcHandler.CustomFunctions.AddRange(extractor.Functions); foreach (var @class in extractor.Classes) { @class.File = parsedFile.Key; foreach (var method in @class.Methods) { //HACK: This is not a good way to handle this! Should we add a new derived function class called method that includes the class name //-||-: and make a special list for them in the function handler, or is this okay? method.Name = @class.Name + "->" + method.Name; method.File = parsedFile.Key; _funcHandler.CustomFunctions.Add(method); } } //cfgcreator.Graph.VisualizeGraph("graph", Program.Configuration.GraphSettings); var cfgPruner = new CFGPruner(); cfgPruner.Prune(cfgcreator.Graph); //cfgcreator.Graph.VisualizeGraph("graph-pruned", Configuration.GraphSettings); File file = new File(parsedFile.Value) { CFG = cfgcreator.Graph, FullPath = parsedFile.Key, Interfaces = extractor.Interfaces.GroupBy(i => i.Name, i => i).ToDictionary(i => i.Key, i => i.ToList()), Classes = extractor.Classes.GroupBy(c => c.Name, c => c).ToDictionary(c => c.Key, c => c.ToList()), Closures = extractor.Closures.ToArray(), Functions = extractor.Functions.GroupBy(i => i.Name, i => i).ToDictionary(i => i.Key, i => i.ToList()) }; return(file); }
/// <summary> /// Analyses a custom function in for security issues, with the currenctly known taint for actual parameters. /// </summary> /// <returns>A TainSets for the custom function that is being analyzed</returns> /// <param name="customFunction">Custom function object to perform the analysis on</param> /// <param name="varStorage">The currently known variable storage (this is to included because of superglobals, globals etc.)</param> /// <param name="paramActualVals">Parameter actual values</param> /// <param name="resolver">File inclusion resolver</param> /// <param name="includeStack">Currently known includes</param> /// <param name="functionCalls">Currently known function calls</param> internal ExpressionInfo AnalyseCustomFunction(Function customFunction, ImmutableVariableStorage varStorage, IVulnerabilityStorage vulnerabilityStorage, IList <ExpressionInfo> paramActualVals, IIncludeResolver resolver, AnalysisStacks stacks) { var stmts = customFunction.AstNode.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Stmts).FirstChild; var traverser = new XmlTraverser(); var cfgcreator = new CFGCreator(); traverser.AddVisitor(cfgcreator); traverser.Traverse(stmts); var cfgPruner = new CFGPruner(); cfgPruner.Prune(cfgcreator.Graph); var initialTaint = varStorage.ToMutable(); initialTaint.SuperGlobals.Clear(); initialTaint.SuperGlobals.AddRange(varStorage.SuperGlobals); initialTaint.LocalVariables.Clear(); initialTaint.LocalAccessibleGlobals.Clear(); for (int i = 1; i <= paramActualVals.Count; i++) { var paramFormal = customFunction.Parameters.FirstOrDefault(x => x.Key.Item1 == i); if (paramFormal.Value == null) { continue; } var @var = new Variable(paramFormal.Value.Name, VariableScope.Function) { Info = paramActualVals[i - 1].ValueInfo }; initialTaint.LocalVariables.Add(paramFormal.Value.Name, @var); } var blockAnalyzer = new TaintBlockAnalyzer(vulnerabilityStorage, resolver, AnalysisScope.Function, fileAnalyzer, stacks, subroutineAnalyzerFactory, _funcHandler); blockAnalyzer.AnalysisExtensions.AddRange(AnalysisExtensions); var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.Function, resolver, stacks.IncludeStack, _funcHandler); var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, ImmutableVariableStorage.CreateFromMutable(initialTaint)); //var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist()); var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(cfgcreator.Graph)); taintAnalysis.Analyze(cfgcreator.Graph); var exprInfoAll = new ExpressionInfo(); foreach (ExpressionInfo exprInfo in blockAnalyzer.ReturnInfos) { exprInfoAll = exprInfoAll.Merge(exprInfo); } return(exprInfoAll); }
private void LoadGraphFromTemp() { var result = MessageBox.Show("New SEViz graph is available. Do you want to load it?", "SEViz notification", MessageBoxButton.YesNo, MessageBoxImage.Question); if (result == MessageBoxResult.Yes) { var dialogFactory = ViewerWindowCommand.Instance.ServiceProvider.GetService(typeof(SVsThreadedWaitDialogFactory)) as IVsThreadedWaitDialogFactory; IVsThreadedWaitDialog2 dialog = null; if (dialogFactory != null) { dialogFactory.CreateInstance(out dialog); } if (dialog != null) { bw = new BackgroundWorker(); bw.WorkerSupportsCancellation = true; bw.DoWork += (p1, p2) => { dialog.StartWaitDialog("SEViz", "SEViz is loading", "Please wait while SEViz loads the graph...", null, "Waiting status bar text", 0, false, true); while (true) { if (!bw.CancellationPending) { Thread.Sleep(500); } else { break; } } }; bw.RunWorkerCompleted += (p1, p2) => { int isCanceled = -1; dialog.EndWaitDialog(out isCanceled); }; bw.RunWorkerAsync(); // Loading the graph LoadGraph(CFGCreator.Deserialize(Path.GetTempPath() + "SEViz/" + "temp.graphml")); // Setting the caption of the tool window ViewerWindowCommand.Instance.FindToolWindow().Caption = Graph.Vertices.Where(v => !v.SourceCodeMappingString.Equals("")).FirstOrDefault().MethodName + " - SEViz"; // Showing the tool window ViewerWindowCommand.Instance.ShowToolWindow(null, null); } } fsw.EnableRaisingEvents = true; }
public void LoadGraphFromUri(string fileUri) { // Loading the graph LoadGraph(CFGCreator.Deserialize(fileUri)); // Setting the caption of the tool window (making sure with the loop that the node has a method) for (int i = 0; i < 10; i++) { var methodName = Graph.Vertices.Where(v => v.Id == i).FirstOrDefault().MethodName; if (methodName != "") { ViewerWindowCommand.Instance.FindToolWindow().Caption = methodName + " - SEViz"; break; } } }
public SEVizAttribute(string dllPath, string functionName) { MessageBox.Show("CTOR"); DllPath = dllPath; FunctionName = functionName; CFGCreator myCreator = new CFGCreator(); myCreator.Create(DllPath, functionName); MyCreator = myCreator; foreach (var item in MyCreator.edges) { MessageBox.Show(item.Id.ToString()); } }
public void AfterExploration(IPexExplorationComponent host, object data) { MessageBox.Show("AfterExploration"); foreach (var vertex in Vertices.Values) { // Modifying shape based on Z3 calls if (Z3CallLocations.Contains(vertex.MethodName + ":" + vertex.ILOffset)) { vertex.Shape = CFGNode.NodeShape.Ellipse; } // Adding the path condition var t = PrettyPathConditionTasks [vertex.Id]; t.Wait(); vertex.PathCondition = t.Result; } foreach (var vertex in Vertices.Values) { // Adding the incremental path condition if (ParentNodes.ContainsKey(vertex.Id)) { vertex.IncrementalPathCondition = CalculateIncrementalPathCondition(vertex.PathCondition, Vertices [ParentNodes [vertex.Id]].PathCondition); } else { // If the node is the first one (has no parents), then the incremental equals the full PC vertex.IncrementalPathCondition = vertex.PathCondition; } } // +++ // Adding vertices and edges to the graph Graph.AddVertexRange(Vertices.Values); foreach (var edgeDictionary in Edges.Values) { Graph.AddEdgeRange(edgeDictionary.Values); } //đ ////Graph.AddVertexRange(MyCreator.graph.Vertices); ////Graph.AddEdgeRange(MyCreator.graph.Edges); // Checking if temporary SEViz folder exists if (!Directory.Exists(Path.GetTempPath() + "SEViz")) { var dir = Directory.CreateDirectory(Path.GetTempPath() + "SEViz"); } //đ //[SEViz(typeof(string).)] // Getting the temporary folder var tempDir = Path.GetTempPath() + "SEViz\\"; // Serializing the graph into graphml CFGCreator.Serialize(Graph, tempDir); }