public static List <IO2Finding> glueClickButtonTraces(String ClickButtonMappingOzasmt, String webLayerOzasmt, String webServicesLayerOzasmt) { var results = new List <IO2Finding>(); var clickButton = new O2Assessment(new O2AssessmentLoad_OunceV6(), ClickButtonMappingOzasmt); var webLayer = new O2Assessment(new O2AssessmentLoad_OunceV6(), webLayerOzasmt); // var webServices = new O2Assessment(new O2AssessmentLoad_OunceV6(), webServicesLayerOzasmt); var webLayerAllTraces = OzasmtUtils.getDictionaryWithO2AllSubTraces(webLayer); var count = webLayerAllTraces.Count; foreach (var clickButtonFinding in clickButton.o2Findings) { var sinkToFind = OzasmtUtils.getKnownSink(clickButtonFinding.o2Traces).signature; if (webLayerAllTraces.ContainsKey(sinkToFind)) { foreach (var webLayerO2Trace in webLayerAllTraces[sinkToFind]) { results.Add(OzasmtGlue.createCopyAndGlueTraceSinkWithSource(clickButtonFinding, webLayerO2Trace)); } } } DI.log.debug(" {0} findings in result ", results.Count); return(results); }
public static List <IO2Trace> pathToSink(this IO2Finding o2Finding) { var pathToTraceType = new List <IO2Trace>(); OzasmtUtils.getPathToTraceType(o2Finding.o2Traces, TraceType.Known_Sink, pathToTraceType); return(pathToTraceType); }
public void task2_AdjustsStrutsFindings() { var validatorPatternIDText = "validator: patternid="; var validatorValidContentText = "validator: valid-content"; O2Cmd.log.write("TASK 2: AdjustsStrutsFindings"); var strutsFindingsFolder = Path.Combine(folderWithArtifacts_Phase3, "Struts Mappings"); if (false == Directory.Exists(strutsFindingsFolder)) { return; } //Assert.That(Directory.Exists(strutsFindingsFolder), "strutsFindingsFolder did not exists: " + strutsFindingsFolder); foreach (var strutsFindingFile in Files.getFilesFromDir_returnFullPath(strutsFindingsFolder)) { var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(strutsFindingFile); foreach (O2Finding o2Finding in o2Findings) { var allTraces = OzasmtUtils.getListWithAllTraces(o2Finding); foreach (var o2Trace in allTraces) { if (o2Trace.signature.StartsWith(validatorPatternIDText)) { var pattern = o2Trace.signature.Replace(validatorPatternIDText, ""); if (pattern == "FREE_TEXT") { o2Finding.vulnType = "Struts.CrossSiteScripting.NOT.Validated"; o2Finding.confidence = 1; o2Finding.severity = 0; } else { o2Finding.vulnType = "Struts.CrossSiteScripting.Validated"; o2Finding.confidence = 1; o2Finding.severity = 2; } o2Finding.vulnType += " : " + pattern; break; } else if (o2Trace.signature.StartsWith(validatorValidContentText)) { var pattern = o2Trace.signature.Replace(validatorValidContentText, ""); o2Finding.vulnType = "Struts.CrossSiteScripting.Validated.ValidContent"; o2Finding.confidence = 2; o2Finding.severity = 2; } } // validator: patternid= } //XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings); var targetFile = Path.Combine(folderWithArtifacts_Phase4, "Struts Mappings - " + Path.GetFileName(strutsFindingFile)); XUtils_Findings_v0_1.saveFindings(o2Findings, targetFile); O2Cmd.log.write("Struts Mappings saved to: {0}", targetFile); } //foreach(var }
private static IO2Finding getO2Finding(AssessmentAsmntFileFinding finding, AssessmentRun assessmentRunToImport) { var o2Finding = new O2Finding(); addFindingDataToO2Finding(finding, o2Finding, assessmentRunToImport); addTraceToO2Finding(finding.trace, o2Finding, assessmentRunToImport); OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding); // fix the 'ExternalSource Source' problem return(o2Finding); }
public static List <IO2Trace> allTraces(this List <IO2Finding> iO2Findings) { var allTraces = new List <IO2Trace>(); foreach (var iO2Finding in iO2Findings) { allTraces.AddRange(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding())); } return(allTraces); }
public static IO2Finding getO2Finding(AssessmentAssessmentFileFinding finding, AssessmentAssessmentFile assessmentFile, AssessmentRun assessmentRun) { var o2Finding = new O2Finding { actionObject = finding.actionobject_id, columnNumber = finding.column_number, confidence = finding.confidence, exclude = finding.exclude, file = assessmentFile.filename, lineNumber = finding.line_number, ordinal = finding.ordinal, propertyIds = finding.property_ids, recordId = finding.record_id, severity = finding.severity, o2Traces = getO2TraceFromCallInvocation(finding.Trace, assessmentRun), }; if (finding.cxt_id != null) { o2Finding.context = getStringIndexValue(UInt32.Parse(finding.cxt_id), assessmentRun); } o2Finding.callerName = finding.caller_name; if (o2Finding.callerName == null && finding.caller_name_id != null) { o2Finding.callerName = getStringIndexValue(UInt32.Parse(finding.caller_name_id), assessmentRun); } o2Finding.projectName = finding.project_name; if (o2Finding.projectName == null && finding.project_name_id != null) { o2Finding.projectName = getStringIndexValue(UInt32.Parse(finding.project_name_id), assessmentRun); } o2Finding.vulnName = finding.vuln_name; if (o2Finding.vulnName == null && finding.vuln_name_id != null) { o2Finding.vulnName = getStringIndexValue(UInt32.Parse(finding.vuln_name_id), assessmentRun); } o2Finding.vulnType = finding.vuln_type; if (o2Finding.vulnType == null && finding.vuln_type_id != null) { o2Finding.vulnType = getStringIndexValue(UInt32.Parse(finding.vuln_type_id), assessmentRun); } if (finding.Text != null) { o2Finding.text = new List <string>(finding.Text); } OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding); return(o2Finding); }
public string RemoveAll3nodeGetSetVulns() { // Dinis note, if I understand this request correctly, the query is: // for all vulns that start in a get and end in set // only show the ones that have more than 3 traces var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile); var thread = XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list of loaded files"); thread.Join(); // we have to do this to make sure we don't continue before the findings are loaded in the Findings Viewer // first lets see if this happens in the current list of loaded findings var getsAndSets = new List <IO2Finding>(); foreach (O2Finding o2Finding in o2Findings) // need to cast to O2Finding in order to have access to the prepopulated version of IO2Finding { if (o2Finding.Source.IndexOf("get") > -1 && o2Finding.Sink.IndexOf("set") > -1) { getsAndSets.Add(o2Finding); } } Assert.That(getsAndSets.Count > 0, "There are no Get->Set pairs in the current loaded findings"); // Dinis note: on the WebGoat 6.0.ozasmt file I'm using there are 54 matches // show in GUI getsAndSets XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSets, "Findings with GetsAndSets").Join(); // added .Join() to ensure the load thread is completed // now check if there are findings with 3 traces var getsAndSetsWith3Traces = new List <IO2Finding>(); foreach (O2Finding o2Finding in getsAndSets) { var allTracesFromFinding = OzasmtUtils.getListWithAllTraces(o2Finding); if (allTracesFromFinding.Count == 3) { getsAndSetsWith3Traces.Add(o2Finding); } } Assert.That(getsAndSetsWith3Traces.Count > 0, "There were no getsAndSetsWith3Traces"); // show in GUI getsAndSetsWith3Traces XUtils_Findings_v0_1.openFindingsInNewWindow(getsAndSetsWith3Traces, "Findings with getsAndSetsWith3Traces").Join(); // Dinis note: I get 4 findings that match this criteria // finally remove the getsAndSetsWith3Traces from the loaded findings foreach (var o2FindingToRemove in getsAndSetsWith3Traces) { o2Findings.Remove(o2FindingToRemove); } // and show the results (note how this window has less 3 findings than the first one that was loaded) XUtils_Findings_v0_1.openFindingsInNewWindow(o2Findings, "Original list without 3nodeGetSetVulns").Join(); return("Number of findings after filter: " + o2Findings.Count); } // this function could be greatly reduced by using LINQ (I'll do that later :) )
public List <IO2Finding> removeAllInfos_version_3() { // LINQ query var resultsLinq = from IO2Finding o2Finding in XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile) where OzasmtUtils.getSeverityFromId(o2Finding.severity) != "Info" // o2Finding.severity = 3 maps to "Info" select o2Finding; // since we are using List<IO2Fiding> below, lets covert the LINQ result which is IEnumerable<IO2Finding> to List<IO2Finding> var results = resultsLinq.ToList(); XUtils_Findings_v0_1.openFindingsInNewWindow(results); return(results); }
public static bool doesFindingHasTraceSignature(IO2Finding o2Finding, string signatureRegEx) { var allTraces = OzasmtUtils.getListWithAllTraces((O2Finding)o2Finding); foreach (var o2Trace in allTraces) { if (o2Trace.signature.IndexOf(signatureRegEx) > -1)// | //RegEx.findStringInString(o2Trace.signature,signatureRegEx)) { return(true); } } return(false); }
public static List <string> allTraces_SourceCode(this IO2Finding iO2Finding) { var sourceCodes = new List <string>(); foreach (O2Trace o2Trace in OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding())) { var sourceCode = o2Trace.SourceCode.trim(); if (sourceCode.valid() && sourceCodes.contains(sourceCode).isFalse()) { sourceCodes.Add(sourceCode); } } return(sourceCodes); }
public static Thread openInFloatWindow(string ozasmtFile, string controlName) { var o2AssessmentLoadEngine = OzasmtUtils.getO2AssessmentLoadEngine(ozasmtFile, o2AssessmentLoadEngines); if (o2AssessmentLoadEngine != null) { var o2Assessment = new O2Assessment(o2AssessmentLoadEngine, ozasmtFile); if (o2Assessment.o2Findings.Count > 0) { return(openInFloatWindow(o2Assessment.o2Findings, controlName)); } } return(null); }
public List <IO2Finding> removeAllInfos_version_2() { var o2Findings = XUtils_Findings_v0_1.loadFindingsFile(sampleOzamtFile); var results = new List <IO2Finding>(); foreach (O2Finding o2Finding in o2Findings) { if (OzasmtUtils.getSeverityFromId(o2Finding.severity) != "Info") { results.Add(o2Finding); } } XUtils_Findings_v0_1.openFindingsInNewWindow(results); return(results); }
public void loadO2TraceIntoTreeNodeCollection(IO2Trace o2TraceToLoad, TreeNodeCollection treeNodeCollection) { string nodeText = getNodeText(o2TraceToLoad); TreeNode newNode = O2Forms.newTreeNode(nodeText, nodeText, 0, o2TraceToLoad); newNode.ForeColor = OzasmtUtils.getTraceColorBasedOnTraceType(o2TraceToLoad); treeNodeCollection.Add(newNode); if (o2TraceToLoad == o2Trace) { tvSmartTrace.SelectedNode = newNode; } foreach (O2Trace childO2Trace in o2TraceToLoad.childTraces) { loadO2TraceIntoTreeNodeCollection(childO2Trace, newNode.Nodes); } }
public static List <IO2Finding> findWebControlSources(List <IO2Finding> o2Findings) { var methodsToFind = new RegEx("System.Web.UI.WebControls.*get_Text"); //var methodsToFind = new RegEx("HttpRequest"); var results = new List <IO2Finding>(); foreach (IO2Finding o2Finding in o2Findings) { IO2Trace source = ((O2Finding)o2Finding).getSource(); if (source != null && methodsToFind.find(source.ToString())) // && o2Finding.getSource.ToString() != "") { if (source.context.Contains("txt")) { // DI.log.info(source + " -> " + (o2Finding.getSink != null ? o2Finding.getSink.ToString() : "")); string variableName = OzasmtContext.getVariableNameFromThisObject(source); // DI.log.info(o2Finding.o2Trace + " ::: " + );// + " : " + source.context); foreach (IO2Trace o2Trace in o2Finding.o2Traces) { List <string> wordsFromSignature = OzasmtUtils.getListWithWordsFromSignature(o2Trace.signature); foreach (string word in wordsFromSignature) { // var sourceO2Trace = new O2Trace("OunceLabs: " + word); // var sinkO2Trace = new O2Trace("OunceLabs: " + variableName); // sinkO2Trace.childTraces.Add(o2Finding.o2Trace); // sourceO2Trace.childTraces.Add(sinkO2Trace); var newO2Finding = new O2Finding { vulnType = "ASP.NET Attack Surface", vulnName = word + "_" + variableName, //o2Trace = sourceO2Trace o2Traces = o2Finding.o2Traces }; results.Add(newO2Finding); } } } // DI.log.info(" " + o2Finding.getSource + " -> " + o2Finding.getSource.context + "\n\n"); } } return(results); }
public static void mapFunctionInUrlToAscx(List <IO2Finding> findingsToProcess) { foreach (var o2Finding in findingsToProcess) { var source = OzasmtUtils.getSource(o2Finding.o2Traces); var indexOfFunction = source.signature.IndexOf("function="); if (indexOfFunction > 0) { var functionCalled = source.signature.Substring(indexOfFunction + 9); functionCalled = functionCalled.ToLower(); var currentSink = OzasmtUtils.getKnownSink(o2Finding.o2Traces); currentSink.traceType = TraceType.Root_Call; string newSinkSignature = String.Format("ASP.ascx_{0}_ascx_{1}", functionCalled.Replace('\\', '_'), currentSink.signature); currentSink.childTraces.Add(new O2Trace(newSinkSignature, TraceType.Known_Sink)); } } }
public static List <IO2Finding> applySinkRuleToFindingAndTrace(IO2Finding o2Finding, string traceSignature, IDictionary <string, List <IO2Rule> > indexedRules) { var newFindings = new List <IO2Finding>(); if (traceSignature != "" && indexedRules.ContainsKey(traceSignature)) { // apply rules settings to it foreach (var o2Rule in indexedRules[traceSignature]) { // create copy of finding var newO2Finding = OzasmtCopy.createCopy(o2Finding); // apply rule newO2Finding.severity = OzasmtUtils.getSeverityFromString(o2Rule.Severity); newO2Finding.vulnName = o2Rule.Signature; newO2Finding.vulnType = o2Rule.VulnType; newFindings.Add(newO2Finding); } } return(newFindings); }
public void saveCurrentO2Trace() { DI.log.info("Saving changes made to CurrentO2Trace"); foreach (DataGridViewRow row in dgvTraceDetails.Rows) { object value = getValueFromCell(row.Cells["Value"]); if (value != null) { DI.reflection.setProperty(row.Cells["Name"].Value.ToString(), currentO2Trace, value); } //currentO2Trace.setField(row.Cells["Name"].Value.ToString(), value); } if (getCellWithCurrentO2TraceText("signature").Value.ToString() != "") { ascxTraceTreeView.selectedNode.Text = getCellWithCurrentO2TraceText("signature").Value.ToString(); } ascxTraceTreeView.selectedNode.ForeColor = OzasmtUtils.getTraceColorBasedOnTraceType(currentO2Trace); //showO2TraceTree(); //currentO2Finding }
private static string calculateTreeNodeText(IO2Finding o2Finding, string propertyToUse, string filterToUse) { string nodeText; try { switch (propertyToUse) { case "severity": return(OzasmtUtils.getSeverityFromId(o2Finding.severity)); case "confidence": return(OzasmtUtils.getConfidenceFromId(o2Finding.confidence)); case "o2Traces": var allO2Traces = OzasmtUtils.getAllTraces(o2Finding.o2Traces); return((allO2Traces.Keys.Count > 0) ? "# nodes: {0}".format(allO2Traces.Keys.Count) : ""); default: nodeText = PublicDI.reflection.getProperty(propertyToUse, o2Finding).ToString(); break; } if (nodeText != "") { if (RegEx.findStringInString(nodeText, filterToUse) || nodeText.index(filterToUse) > -1) { return(nodeText); } else { return(""); } } return(nodeText); } catch (Exception ex) { PublicDI.log.error("in calculateTreeNodeText: {0}", ex.Message); return("[O2 Error (check logs for details)]"); } }
public Thread loadO2Assessment(string pathToFileToLoad) { if (Path.GetExtension(pathToFileToLoad) == PublicDI.config.O2FindingsFileExtension) { var o2Assessment = (IO2Assessment)Serialize.getDeSerializedObjectFromBinaryFile(pathToFileToLoad, typeof(O2Assessment)); if (o2Assessment != null) { PublicDI.log.info("Sucessfuly created O2Findings object from file: {0}", pathToFileToLoad); loadO2Assessment(o2Assessment); } else { PublicDI.log.error("There was a problem deserializing O2Findings object saved to: {0}", pathToFileToLoad); } return(null); } else { var o2AssessmentLoad = OzasmtUtils.getO2AssessmentLoadEngine(pathToFileToLoad, o2AssessmentLoadEngines); return(loadO2Assessment(o2AssessmentLoad, pathToFileToLoad)); } }
public static List <IO2Finding> mapTextBoxWebControlsAsSinks(List <IO2Finding> findingsToMap) { var signatureToFind = "System.Web.UI.WebControls.TextBox.get_Text():string"; var results = new List <IO2Finding>(); foreach (var o2Finding in findingsToMap) { var o2Match = OzasmtSearch.findO2TraceSignature(o2Finding.o2Traces, signatureToFind); if (o2Match != null) { var variable = o2Match.context.Substring(0, o2Match.context.IndexOf(' ')); variable = variable.Replace("this->", ""); var source = OzasmtUtils.getSource(o2Finding.o2Traces); source.signature += "_" + variable; //var o2NewO2Trace = new O2Trace(variable); //o2NewO2Trace.childTraces.Add(o2Finding.o2Trace); //o2Finding.o2Trace = o2NewO2Trace; results.Add(o2Finding); } } return(results); }
public void createOneO2AssessmentPerUniqueTracesSignature() { Assert.IsTrue(File.Exists(testOzasmtFile), "testOzasmtFile didn't exist"); Directory.CreateDirectory(pathToSaveFilesCreated); Assert.IsTrue(Directory.Exists(pathToSaveFilesCreated), "pathToSaveFilesCreated could not be created"); Files.deleteFilesFromDirThatMatchPattern(pathToSaveFilesCreated, "*.ozasmt"); Dictionary <String, List <IO2Trace> > allTraces = OzasmtUtils.getDictionaryWithO2AllSubTraces(o2AssessmentLoad, testOzasmtFile); DI.log.info("there are {0} traces", allTraces.Count); DI.log.info("going to save traces here : {0}", pathToSaveFilesCreated); DI.log.info("before there are {0} *.ozasnt files ", Files.getFilesFromDir(pathToSaveFilesCreated, "*.ozasmt").Count); foreach (string signature in allTraces.Keys) { //var fileName = (signature != "") ? signature : "_EmptySignature"; string fileName = signature.Replace(':', '_').Replace('<', '_').Replace('>', '_'); o2AssessmentSave = new O2AssessmentSave_OunceV6(); OzasmtNew.createO2AssessmentFromTraces(o2AssessmentSave, Path.Combine(pathToSaveFilesCreated, fileName + ".ozasmt"), allTraces[signature]); } DI.log.info("after build there are {0} *.ozasnt files ", Files.getFilesFromDir(pathToSaveFilesCreated, "*.ozasmt").Count); // for now delete all files so that we don't keep them on disk Files.deleteFilesFromDirThatMatchPattern(pathToSaveFilesCreated, "*.ozasmt"); DI.log.info("after delete there are {0} *.ozasnt files ", Files.getFilesFromDir(pathToSaveFilesCreated, "*.ozasmt").Count); Files.deleteFolder(pathToSaveFilesCreated); Assert.That(!Directory.Exists(pathToSaveFilesCreated), " pathToSaveFilesCreated still exists"); //log.info("going to save traces here : {0}", pathToSaveFilesCreated); Assert.Ignore("Todo: reload all files again , " + "Compress them into 1 file , " + "Compare with original file and see if they match"); }
public void CreateFinding_WithTrace() { string sFileToCreate = DI.config.TempFileNameInTempDirectory; const uint line_number = 2; const uint column_number = 3; const uint ordinal = 1; const string context = "TraceContext"; const string signature = "TraceSignature"; const string clazz = "class.this.trace.is.in"; const string file = @"c:\o2\temp\file\trace\is\in.cs"; const string method = "methodExectuted"; const uint taintPropagation = 0; var text = new List <string> { "this is a text inside a trace" }; var o2Assessment = new O2Assessment(); // Finding #1 var o2Finding1 = new O2Finding("vulnName.Testing.TraceCreation", "vulnType.CustomType", "This is the Context", "This is the caller"); o2Finding1.o2Traces.Add(new O2Trace { clazz = clazz, columnNumber = column_number, context = context, file = file, lineNumber = line_number, method = method, ordinal = ordinal, signature = signature, taintPropagation = taintPropagation, text = text, }); o2Assessment.o2Findings.Add(o2Finding1); // Finding #1 const string sinkText = "this is a sink"; const string methodOnSinkPath = "method call on sink path"; const string methodOnSourcePath = "method call on source path"; const string sourceText = "this is a source"; var o2Finding2 = new O2Finding("Vulnerability.Name", "Vulnerability.Type"); var o2Trace = new O2Trace("Class.Signature", "Method executed"); var o2TraceOnSinkPath = new O2Trace(methodOnSinkPath, TraceType.Type_0); o2TraceOnSinkPath.childTraces.Add(new O2Trace(sinkText, TraceType.Known_Sink)); var o2TraceOnSourcePath = new O2Trace(methodOnSourcePath, TraceType.Type_0); o2TraceOnSourcePath.childTraces.Add(new O2Trace(sourceText, TraceType.Source)); o2Trace.childTraces.Add(o2TraceOnSourcePath); o2Trace.childTraces.Add(o2TraceOnSinkPath); o2Finding2.o2Traces = new List <IO2Trace> { o2Trace }; o2Assessment.o2Findings.Add(o2Finding2); // save assessment file o2Assessment.save(o2AssessmentSave, sFileToCreate); // check if data was saved correctly var loadedO2Assessment = new O2Assessment(o2AssessmentLoad, sFileToCreate); List <IO2Finding> loadedO2Findings = loadedO2Assessment.o2Findings; Assert.IsTrue(loadedO2Assessment.o2Findings.Count == 2, "There should be 2 findings in the Assessment File"); // in o2Findings1 Assert.IsTrue(loadedO2Assessment.o2Findings[0].o2Traces.Count == 1, "There should be 1 Trace in the Finding #1"); IO2Trace loadedO2Trace = loadedO2Findings[0].o2Traces[0]; Assert.IsTrue(loadedO2Trace.clazz == clazz, "clazz"); Assert.IsTrue(loadedO2Trace.columnNumber == column_number, "columnNumber"); Assert.IsTrue(loadedO2Trace.context == context, "context"); Assert.IsTrue(loadedO2Trace.file == file, "file"); Assert.IsTrue(loadedO2Trace.lineNumber == line_number, "lineNumber"); Assert.IsTrue(loadedO2Trace.method == method, "method"); Assert.IsTrue(loadedO2Trace.ordinal == ordinal, "ordinal"); Assert.IsTrue(loadedO2Trace.signature == signature, "signature"); Assert.IsTrue(loadedO2Trace.taintPropagation == taintPropagation, "taintPropagation"); Assert.IsTrue(loadedO2Trace.text[0] == text[0], "text"); // in o2Findings2 Assert.IsTrue(loadedO2Assessment.o2Findings[1].o2Traces.Count == 1, "There should be 1 Trace in the Finding #2"); Assert.IsTrue(loadedO2Assessment.o2Findings[1].o2Traces[0].childTraces.Count == 2, "There should be 2 child traces in this trace"); Assert.IsNotNull(OzasmtUtils.getKnownSink(loadedO2Assessment.o2Findings[1].o2Traces), "Could not find Sink"); Assert.IsTrue(OzasmtUtils.getKnownSink(loadedO2Assessment.o2Findings[1].o2Traces).clazz == sinkText, "Sink text didn't match"); Assert.IsTrue(OzasmtUtils.getSource(loadedO2Assessment.o2Findings[1].o2Traces).clazz == sourceText, "Source text didn't match"); }
/// <summary> /// This will populate the parent finding with all traces from the provided ICirFunction /// caution: use the createNewFindingOnExternalCall carefully since it can create a stupid amount of traces (and it is much slower) /// </summary> /// <param name="cirFunction"></param> /// <param name="lineNumber"></param> /// <param name="o2Traces"></param> /// <param name="parentTraces"></param> /// <param name="rootO2Finding"></param> /// <param name="o2FindingsCreated"></param> /// <param name="createNewFindingOnExternalCall"></param> /// <param name="fileName"></param> public static void createTracesAndFindingsFromCirFunction(ICirFunction cirFunction, string fileName, UInt32 lineNumber, List <IO2Trace> o2Traces, List <IO2Trace> parentTraces, IO2Finding rootO2Finding, List <IO2Finding> o2FindingsCreated, bool createNewFindingOnExternalCall) { int maxParentDepth = 10; //30; //10; var maxNumberOfTraces = 20; //50; //300; //50 var filteredSignature = new FilteredSignature(cirFunction); var functionSignature = filteredSignature.sSignature; var o2Trace = new O2Trace(functionSignature, cirFunction.ClassNameFunctionNameAndParameters) { file = fileName, lineNumber = lineNumber }; // add file references // handle the case where this is a recursive call or a call to a method already added in the current tree var recursiveCall = false; foreach (var o2ParentTrace in parentTraces) { if (o2ParentTrace.signature == functionSignature) { recursiveCall = true; break; } } parentTraces.Add(o2Trace); // add this trace to the current trace tree (since we might need to create a copy of it below o2Traces.Add(o2Trace); if (recursiveCall) { var nodeText = String.Format("{0} : {1} : {2}", cirFunction, "....(Recursive Call so not expanding child traces", functionSignature); o2Trace.childTraces.Add(new O2Trace(nodeText)); } else { if (parentTraces.Count > maxParentDepth) { o2Trace.childTraces.Add(new O2Trace(" ... {Max trace depth reached} (" + maxParentDepth + ")")); } else { // var numberOfTraces = OzasmtUtils.getAllTraces(rootO2Finding.o2Traces); if (numberOfTraces.Count > maxNumberOfTraces) { o2Trace.childTraces.Add(new O2Trace("**** Max number of traces reached(" + maxNumberOfTraces + ") aborting trace execution")); return; } if (cirFunction.FunctionsCalled.Count == 0) // means we don't have the code for this one, so { // let make it a lost sink var originalTraceTypeValue = o2Trace.traceType; // we might need this below o2Trace.traceType = TraceType.Lost_Sink; if (createNewFindingOnExternalCall) // and if createNewFindingOnExternalCall add it as finding { // create a copy of the parent finding (which incudes the above trace var newFinding = OzasmtCopy.createCopy(rootO2Finding); // make the first call a source (so that we have a source-> pair newFinding.o2Traces[0].traceType = TraceType.Source; // add it o2FindingsCreated.Add(newFinding); // since the crawl will continue we must restore the originalTraceTypeValue o2Trace.traceType = originalTraceTypeValue; } } else { foreach (var functionCalled in cirFunction.FunctionsCalled) { createTracesAndFindingsFromCirFunction(functionCalled.cirFunction, functionCalled.fileName, (UInt32)functionCalled.lineNumber, o2Trace.childTraces, parentTraces, rootO2Finding, o2FindingsCreated, createNewFindingOnExternalCall); } } } } // now remove the signature since we are only interrested in non repeats on the same parent parentTraces.Remove(o2Trace); }
public static List <IO2Trace> allTraces(this IO2Finding iO2Finding) { return(OzasmtUtils.getListWithAllTraces(iO2Finding.o2Finding())); }
public static DataTable getDataTableFromO2FindingsLinqQuery(List <object> dataToConvert, int maxNumberOfRecords, ref Dictionary <DataRow, object> mappingOfDataRowsToObjects) { mappingOfDataRowsToObjects = new Dictionary <DataRow, object>(); var dataTable = new DataTable(); try { // calculate Rows names // column names PropertyInfo[] properties = null; foreach (object firstItem in dataToConvert) { // only first time, others will follow //if (dataTable.Columns.Count == 0) { switch (firstItem.GetType().Name) { case "String": case "Byte": case "UInt32": case "Int32": dataTable.Columns.Add(new DataColumn(firstItem.GetType().Name, firstItem.GetType())); break; case "Variant": foreach (string key in ((Variant)firstItem).members.Keys) { switch (key) { case "finding": // this 'finding' is an hardcoded keyword that I am using to represent a complete finding (this way we can also have results to save on queries that result in Variant results break; // don't show these case "getSource": case "o2Traces": dataTable.Columns.Add(new DataColumn(key, typeof(string))); break; default: dataTable.Columns.Add(new DataColumn(key, ((Variant)firstItem).members[key]. GetType())); break; } // object keyValue = ((Variant)firstItem).members[key]; // if (keyValue is List<O2Trace>) // dataTable.Columns.Add(new DataColumn("o2Traces", keyType)); // else //dataTable.Columns.Add(new DataColumn(key, keyType)); //((Variant)firstItem).members[key].GetType())); } break; /* case "o2Trace": * dataTable.Columns.Add(new DataColumn("o2Trace",typeof(string))); * break;*/ default: properties = (firstItem.GetType()).GetProperties(); foreach (PropertyInfo pi in properties) { switch (pi.Name) { case "getSource": case "getSink": case "getLostSink": case "getKnownSink": break; // hide this ones case "confidence": case "severity": dataTable.Columns.Add(new DataColumn(pi.Name, typeof(string))); break; default: Type colType = pi.PropertyType; if ((colType.IsGenericType) && (colType.GetGenericTypeDefinition() == typeof(Nullable <>))) { colType = colType.GetGenericArguments()[0]; } dataTable.Columns.Add(new DataColumn(pi.Name, colType)); break; } } break; } } break; // we only want the first one } // Could add a check to verify that there is an element 0 foreach (object item in dataToConvert) { DataRow dataRow = dataTable.NewRow(); mappingOfDataRowsToObjects.Add(dataRow, item); // this will allow to save the data of the rows selected switch (item.GetType().Name) { case "String": case "Byte": case "UInt32": case "Int32": dataRow[item.GetType().Name] = item; break; case "Variant": foreach (string key in ((Variant)item).members.Keys) { switch (key) { case "finding": // this 'finding' is an hardcoded keyword that I am using to represent a complete finding (this way we can also have results to save on queries that result in Variant results break; // don't show these case "o2Traces": dataRow[key] = ((List <IO2Trace>)((Variant)item)[key]).Count > 0 ? "has smart trace" : "no trace"; break; case "getSource": if (((Variant)item)[key] is IO2Trace) { var o2Trace = (IO2Trace)((Variant)item)[key]; dataRow[key] = o2Trace.signature; } else { dataRow[key] = ".........."; } break; default: dataRow[key] = ((Variant)item)[key]; break; } } break; default: if (properties != null) { foreach (PropertyInfo pi in properties) { switch (pi.Name) { case "getSource": case "getSink": case "getLostSink": case "getKnownSink": break; // hide this ones case "severity": dataRow[pi.Name] = OzasmtUtils.getSeverityFromId((byte)pi.GetValue(item, null)); break; case "confidence": dataRow[pi.Name] = OzasmtUtils.getConfidenceFromId((byte)pi.GetValue(item, null)); break; case "o2Traces": dataRow[pi.Name] = ((List <IO2Trace>)pi.GetValue(item, null)).Count > 0 ? pi.GetValue(item, null) : DBNull.Value; break; default: dataRow[pi.Name] = pi.GetValue(item, null) ?? DBNull.Value; break; } } } /* * { * if (pi.GetValue(rec, null) == null) * dr[pi.Name] = DBNull.Value; * else * { * dr[pi.Name] = pi.GetValue(rec, null); * } * }*/ break; } // dataTable.Rows.Add(dataRow); if (dataTable.Rows.Count > maxNumberOfRecords) { break; } } } catch (Exception ex) { DI.log.ex(ex, " in getDataTableFromO2FindingsLinqQuery ", true); } return(dataTable); }
public void test_PopulateCirWithTraces() { // get Assessment Data var o2Assessment = new O2Assessment(new O2AssessmentLoad_OunceV6(), findingsFile); Assert.That(o2Assessment.o2Findings.Count > 0, "There were no findings in o2Assessment"); DI.log.info("There are {0} findings in the assessment loaded", o2Assessment.o2Findings.Count); var uniqueListOfSignatures = OzasmtUtils.getUniqueListOfSignatures(o2Assessment.o2Findings); Assert.That(uniqueListOfSignatures.Count() > 0, "uniqueListOfSignatures.Count ==0 "); DI.log.info("There are {0} unique signatures ", uniqueListOfSignatures.Count()); // get cir data var cirDataAnalysis = new CirDataAnalysis(); CirDataAnalysisUtils.loadFileIntoCirDataAnalysisObject(fileToCreateCirFrom, cirDataAnalysis); CirDataAnalysisUtils.remapIsCalledByXrefs(cirDataAnalysis); Assert.That(cirDataAnalysis.dCirFunction_bySignature.Count > 0, "cirDataAnalysis.dCirFunction_bySignature.Count == 0"); // need to convert to Ozasmt signature format var cirMappedFunctions = new Dictionary <string, ICirFunction>(); foreach (var cirFunction in cirDataAnalysis.dCirFunction_bySignature.Values) { if (cirFunction.FunctionSignature.IndexOf("O2AppDomainFactory>") > -1) { } var filteredSignature = new FilteredSignature(cirFunction); cirMappedFunctions.Add(filteredSignature.sSignature, cirFunction); } var matches = new List <String>(); foreach (var sig in cirMappedFunctions.Keys) { if (sig.IndexOf("IndexOf") > -1) { matches.Add(sig); } } //var matches = new List<String>(); /* foreach (var cirFunction in cirMappedFunctions.Values) * foreach (var called in cirFunction.FunctionsCalledUniqueList) * if (called.FunctionSignature.IndexOf("System.Object::.ctor") > -1) * { * matches.Add(called.FunctionSignature); * var asd = cirDataAnalysis.dCirFunction_bySignature.ContainsKey(called.FunctionSignature); * }*/ foreach (var signature in uniqueListOfSignatures) { if (false == cirMappedFunctions.ContainsKey(signature)) { DI.log.info("NO MATCH:" + signature); } } foreach (O2Finding o2Finding in o2Assessment.o2Findings) { var source = o2Finding.Sink; if (source != "" && false == cirMappedFunctions.ContainsKey(source)) { DI.log.info("NO MATCH for Source:" + source); } var sink = o2Finding.Sink; if (sink != "" && false == cirMappedFunctions.ContainsKey(sink)) { DI.log.info("NO MATCH for Sink:" + sink); } } /*foreach (var signature in uniqueListOfSignatures) * DI.log.info(signature); * return;*/ }