public string start(string analysisArtifactsFile)
{
var analysisArtifacts = KAnalysisArtifacts.load(analysisArtifactsFile);
start(analysisArtifacts);
return("execution completed");
}
public string setWebGoatPhaseSettings_example1()
{
var analysisArtifacts = KAnalysisArtifacts.load(webGoatAnalysisArtifactsFile);
analysisArtifacts.phase_1.run = true;
analysisArtifacts.phase_1.task1_copyAssessmentFiles = true;
analysisArtifacts.phase_1.task2_copyProjectConfigFiles = true;
analysisArtifacts.phase_2.run = true;
analysisArtifacts.phase_2.task1_SplitFindingsOnTrace = true;
analysisArtifacts.phase_2.task2_createStrutsMappings = true;
analysisArtifacts.phase_3.run = true;
analysisArtifacts.phase_3.task1_handleKnownSinks = true;
analysisArtifacts.phase_3.task2_filterFindings = true;
analysisArtifacts.phase_3.task3_filter_FindingsWithNoTraces = true;
analysisArtifacts.phase_3.task4_CalculateStrutsFindings = true;
analysisArtifacts.phase_4.run = true;
analysisArtifacts.phase_4.task1_analyseFindingsWithKnownSinks = true;
analysisArtifacts.phase_4.task2_AdjustsStrutsFindings = true;
analysisArtifacts.phase_5.run = true;
analysisArtifacts.phase_5.task1_createFinalAssessmentFile = true;
// save the results in the end
KAnalysisArtifacts.save((KAnalysisArtifacts)analysisArtifacts, webGoatAnalysisArtifactsFile);
return(webGoatAnalysisArtifactsFile);
}
public string setWebGoatPhaseSettings_example2()
{
var analysisArtifacts = KAnalysisArtifacts.load(webGoatAnalysisArtifactsFile); // loads AnalysisArtifact xml file
XUtils_AnalysisWorkflow.setAllPhasesAndTasksValue(analysisArtifacts, false); // disables all phases and tasks
analysisArtifacts.phase_3.run = true; // enable phase #3
analysisArtifacts.phase_3.task2_filterFindings = true; // enable phase #3's tasks #2
analysisArtifacts.phase_3.task2_sourceSink.Clear(); // remove previous entries
// note: the SourceSink object should be created with 3 parameters:
// - Source
// - Sink
// - RemoveMatches : when set will remove the findings that matched the Source/Sink pair from the next queries
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("getParameter", "", false)); // add new mappings
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "org.apache", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("getAttribute", "", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "setAttribute", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "setProperty", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "sql", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "print", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "io", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "Cookie", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "exec", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "log", true));
//analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("get","set",true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "external_caller", true));
KAnalysisArtifacts.save((KAnalysisArtifacts)analysisArtifacts, webGoatAnalysisArtifactsFile);
return(webGoatAnalysisArtifactsFile);
}
// creates a new Artifacts Object file and saves it
public static bool createAnalysisArtifactFile(string workflowName, string assessmentFile, string targetFolder, string targetAnalysisArtifactsFile)
{
var analysisArtifacts = (KAnalysisArtifacts)createAnalysisArtifact(workflowName, assessmentFile, targetFolder);
setAllPropertiesValue(analysisArtifacts, true);
KAnalysisArtifacts.save(analysisArtifacts, targetAnalysisArtifactsFile);
return(File.Exists(targetAnalysisArtifactsFile));
}
// creates a new Artifacts Object file
public static IAnalysisArtifacts createAnalysisArtifact(string workflowName, string assessmentFile, string targetFolder)
{
var analysisArtifacts = new KAnalysisArtifacts(workflowName);
analysisArtifacts.assessmentFilesOrFolderToLoad.Add(assessmentFile);
analysisArtifacts.targetFolder = targetFolder;
return(analysisArtifacts);
}
public string startAnalysis(string artifactsFile)
{
var analysisArtifacts = KAnalysisArtifacts.load(artifactsFile);
var analysisWorkflow = new Analysis_Workflow();
return(analysisWorkflow.start(analysisArtifacts));
}
public string runPhase5()
{
var testAnalysisArtifacts = KAnalysisArtifacts.load(testAnalysisArtifactsFile);
var result = runPhase5(testAnalysisArtifacts);
var finalO2Findings = XUtils_Findings_v0_1.loadFindingsFile(finalAssessmentFile);
XUtils_Findings_v0_1.openFindingsInNewWindow(finalO2Findings);
return(result);
}
public string start(string folderWithAssessments, string folderWithProjectFiles, string targetFolder)
{
var projectName = Path.GetFileName(folderWithAssessments); // get the project name from the name of the folderWithAssessments
var analysisArtifacts = new KAnalysisArtifacts(projectName);
analysisArtifacts.assessmentFilesOrFolderToLoad.Add(folderWithAssessments);
if (false == string.IsNullOrEmpty(folderWithProjectFiles))
{
analysisArtifacts.projectFilesOrFolder.Add(folderWithProjectFiles);
}
analysisArtifacts.targetFolder = targetFolder;
return(start(analysisArtifacts));
}
// run sequence of filters on findings (note that (if 4th param == true) saveQuery will remove the matched
// findings from tracesToFilter
public void task2_filterFindings(KAnalysisArtifacts analysisArtifacts, List <IO2Finding> tracesToFilter, string targetFolder, string fileName)
{
foreach (var sourceSink in analysisArtifacts.phase_3.task2_sourceSink)
{
XUtils_Analysis.saveQuery(tracesToFilter, targetFolder, fileName, sourceSink.Source, sourceSink.Sink, sourceSink.RemoveMatches);
}
// save what was left (i.e. findings that didn't match the above filters) in a separate file
if (tracesToFilter.Count > 0)
{
O2Cmd.log.write("After task2 filters there were {0} findings that matched no filter", tracesToFilter.Count);
var targetFile = Path.Combine(targetFolder, "__NO FILTER__" + " - " + fileName + ".ozasmt");
XUtils_Findings_v0_1.saveFindings(tracesToFilter, targetFile);
}
}
public string createWebgoatArtifactsFile()
{
File.Delete(webGoatAnalysisArtifactsFile);
Assert.That(false == File.Exists(webGoatAnalysisArtifactsFile), "webGoatAnalysisArtifactsFile should not exists at this stage: " + webGoatAnalysisArtifactsFile);
string workflowName = "webgoat (from O2 Unit test)";
string assessmentFile = webGoatAssessmentFile;
string targetFolder = Path.Combine(demoDataFolder, workflowName);
string targetAnalysisArtifactsFile = webGoatAnalysisArtifactsFile;
// create it
var analysisArtifacts = (KAnalysisArtifacts)XUtils_AnalysisWorkflow.createAnalysisArtifact(workflowName, assessmentFile, targetFolder);
// save it
KAnalysisArtifacts.save(analysisArtifacts, targetAnalysisArtifactsFile);
// make sure it exists
Assert.That(File.Exists(webGoatAnalysisArtifactsFile), "webGoatAnalysisArtifactsFile was not created: " + webGoatAnalysisArtifactsFile);
return(webGoatAnalysisArtifactsFile);
}
public string manual_phases(string analysisArtifactsFile, string phase)
{
O2Cmd.log.write("\n\n********* O2 Analysis Workflow : Manual Phase execution **********\n\n");
O2Cmd.log.write("\n: analysisArtifactsFile = {0}", analysisArtifactsFile);
O2Cmd.log.write("\n: phase = {0}", phase);
var analysisArtifacts = KAnalysisArtifacts.load(analysisArtifactsFile);
O2Cmd.log.write(analysisArtifacts.getAnalysisDetails());
if (phase.IndexOf("1") > -1)
{
new Analysis_Workflow_Phase_1().runPhase1(analysisArtifacts);
}
if (phase.IndexOf("2") > -1)
{
new Analysis_Workflow_Phase_2().runPhase2(analysisArtifacts);
}
if (phase.IndexOf("3") > -1)
{
new Analysis_Workflow_Phase_3().runPhase3(analysisArtifacts);
}
if (phase.IndexOf("4") > -1)
{
new Analysis_Workflow_Phase_4().runPhase4(analysisArtifacts);
}
if (phase.IndexOf("5") > -1)
{
new Analysis_Workflow_Phase_5().runPhase5(analysisArtifacts);
}
return("manual phase execution completed");
}
public string runPhase4()
{
var testAnalysisArtifacts = KAnalysisArtifacts.load(testAnalysisArtifactsFile);
return(runPhase4(testAnalysisArtifacts));
}
