public string start(string analysisArtifactsFile)
{
var analysisArtifacts = KAnalysisArtifacts.load(analysisArtifactsFile);
start(analysisArtifacts);
return("execution completed");
}
public string setWebGoatPhaseSettings_example1()
{
var analysisArtifacts = KAnalysisArtifacts.load(webGoatAnalysisArtifactsFile);
analysisArtifacts.phase_1.run = true;
analysisArtifacts.phase_1.task1_copyAssessmentFiles = true;
analysisArtifacts.phase_1.task2_copyProjectConfigFiles = true;
analysisArtifacts.phase_2.run = true;
analysisArtifacts.phase_2.task1_SplitFindingsOnTrace = true;
analysisArtifacts.phase_2.task2_createStrutsMappings = true;
analysisArtifacts.phase_3.run = true;
analysisArtifacts.phase_3.task1_handleKnownSinks = true;
analysisArtifacts.phase_3.task2_filterFindings = true;
analysisArtifacts.phase_3.task3_filter_FindingsWithNoTraces = true;
analysisArtifacts.phase_3.task4_CalculateStrutsFindings = true;
analysisArtifacts.phase_4.run = true;
analysisArtifacts.phase_4.task1_analyseFindingsWithKnownSinks = true;
analysisArtifacts.phase_4.task2_AdjustsStrutsFindings = true;
analysisArtifacts.phase_5.run = true;
analysisArtifacts.phase_5.task1_createFinalAssessmentFile = true;
// save the results in the end
KAnalysisArtifacts.save((KAnalysisArtifacts)analysisArtifacts, webGoatAnalysisArtifactsFile);
return(webGoatAnalysisArtifactsFile);
}
public string setWebGoatPhaseSettings_example2()
{
var analysisArtifacts = KAnalysisArtifacts.load(webGoatAnalysisArtifactsFile); // loads AnalysisArtifact xml file
XUtils_AnalysisWorkflow.setAllPhasesAndTasksValue(analysisArtifacts, false); // disables all phases and tasks
analysisArtifacts.phase_3.run = true; // enable phase #3
analysisArtifacts.phase_3.task2_filterFindings = true; // enable phase #3's tasks #2
analysisArtifacts.phase_3.task2_sourceSink.Clear(); // remove previous entries
// note: the SourceSink object should be created with 3 parameters:
// - Source
// - Sink
// - RemoveMatches : when set will remove the findings that matched the Source/Sink pair from the next queries
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("getParameter", "", false)); // add new mappings
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "org.apache", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("getAttribute", "", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "setAttribute", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "setProperty", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "sql", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "print", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "io", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "Cookie", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "exec", true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "log", true));
//analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("get","set",true));
analysisArtifacts.phase_3.task2_sourceSink.Add(new SourceSink("", "external_caller", true));
KAnalysisArtifacts.save((KAnalysisArtifacts)analysisArtifacts, webGoatAnalysisArtifactsFile);
return(webGoatAnalysisArtifactsFile);
}
public string startAnalysis(string artifactsFile)
{
var analysisArtifacts = KAnalysisArtifacts.load(artifactsFile);
var analysisWorkflow = new Analysis_Workflow();
return(analysisWorkflow.start(analysisArtifacts));
}
public string runPhase5()
{
var testAnalysisArtifacts = KAnalysisArtifacts.load(testAnalysisArtifactsFile);
var result = runPhase5(testAnalysisArtifacts);
var finalO2Findings = XUtils_Findings_v0_1.loadFindingsFile(finalAssessmentFile);
XUtils_Findings_v0_1.openFindingsInNewWindow(finalO2Findings);
return(result);
}
public string manual_phases(string analysisArtifactsFile, string phase)
{
O2Cmd.log.write("\n\n********* O2 Analysis Workflow : Manual Phase execution **********\n\n");
O2Cmd.log.write("\n: analysisArtifactsFile = {0}", analysisArtifactsFile);
O2Cmd.log.write("\n: phase = {0}", phase);
var analysisArtifacts = KAnalysisArtifacts.load(analysisArtifactsFile);
O2Cmd.log.write(analysisArtifacts.getAnalysisDetails());
if (phase.IndexOf("1") > -1)
{
new Analysis_Workflow_Phase_1().runPhase1(analysisArtifacts);
}
if (phase.IndexOf("2") > -1)
{
new Analysis_Workflow_Phase_2().runPhase2(analysisArtifacts);
}
if (phase.IndexOf("3") > -1)
{
new Analysis_Workflow_Phase_3().runPhase3(analysisArtifacts);
}
if (phase.IndexOf("4") > -1)
{
new Analysis_Workflow_Phase_4().runPhase4(analysisArtifacts);
}
if (phase.IndexOf("5") > -1)
{
new Analysis_Workflow_Phase_5().runPhase5(analysisArtifacts);
}
return("manual phase execution completed");
}
public string runPhase4()
{
var testAnalysisArtifacts = KAnalysisArtifacts.load(testAnalysisArtifactsFile);
return(runPhase4(testAnalysisArtifacts));
}