public void LoadJsonSpecifications() { var jsonFiles = new List <string>(); foreach (var filePath in FunctionSpecification.PHPSpecs) { try { jsonFiles.AddRange(Directory.GetFiles(filePath, "*.json").ToList()); } catch (DirectoryNotFoundException) { //TODO: Should we stop analysis here, or should we let the exception be thrown or something else? Console.WriteLine("Could not find the given specification path! Stopping analysis"); Environment.Exit(100); } } foreach (var filePath in FunctionSpecification.ExtensionSpecs) { jsonFiles.AddRange(Directory.GetFiles(filePath, "*.json").ToList()); } foreach (var file in jsonFiles) { JToken parsedJson; try { var sr = new StreamReader(file); parsedJson = JToken.Parse(sr.ReadToEnd()); } catch (JsonReaderException e) { Console.WriteLine("Specification found in {0} was not formatted correctly.. Skipping! {1}", file, Environment.NewLine); continue; } var condSanitizers = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.CondSinks); var sources = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.Sources); var sqlSantizers = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.SqlSanitizer); var sqlSinks = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.SqlSinks); var xssSanitizers = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.XssSanitizer); var xssSinks = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.XssSinks); var storedProviders = parsedJson.SelectToken(Keys.PHPDefinitionJSONKeys.FunctionSpecificationArrays.StoredVulnProviders); if (condSanitizers != null) { foreach (JToken spec in condSanitizers) { CondSanitizers.Add(new CondSanitizer(spec)); } } if (sources != null) { foreach (JToken spec in sources) { Sources.Add(new Source(spec)); } } if (sqlSantizers != null) { foreach (JToken spec in sqlSantizers) { SQLSanitizers.Add(new SQLSanitizer(spec)); } } if (sqlSinks != null) { foreach (JToken spec in sqlSinks) { SQLSinks.Add(new SQLSink(spec)); } } if (xssSanitizers != null) { foreach (JToken spec in xssSanitizers) { XSSSanitizers.Add(new XSSSanitizer(spec)); } } if (xssSinks != null) { foreach (JToken spec in xssSinks) { XSSSinks.Add(new XSSSink(spec)); } } if (storedProviders != null) { foreach (JToken spec in storedProviders) { StoredProviders.Add(new Function(spec)); } } } Console.WriteLine("Loaded {0} Conditional sanitizers", CondSanitizers.Count()); Console.WriteLine("Loaded {0} sources", Sources.Count()); Console.WriteLine("Loaded {0} SQL Sanitizers", SQLSanitizers.Count()); Console.WriteLine("Loaded {0} SQL sinks", SQLSinks.Count()); Console.WriteLine("Loaded {0} XSS Sanitizers", XSSSanitizers.Count()); Console.WriteLine("Loaded {0} XSS Sinks", XSSSinks.Count()); Console.WriteLine("Loaded {0} Stored Vulnerability Providers", StoredProviders.Count()); }
/// <summary> /// Function to find SQLSanitizer by it's name, including any known alias. /// </summary> /// <param name="name">The name of the SQLsanitizer to find</param> /// <returns>The SQL sanitizer or null if none was found</returns> public SQLSanitizer FindSQLSanitizerByName(string name) { return(SQLSanitizers.FirstOrDefault(x => x.Name == name) ?? SQLSanitizers.FirstOrDefault(x => x.Aliases.Any(y => y == name))); }