public List <IO2Rule> getRules_VulnType(string vulnTypeInMySql, string addAsRuleOfType, string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSinks = "select rec.signature as recSignature, " + "actionobjects.severity, actionobjects.vuln_type " + "from actionobjects , rec " + "where actionobjects.vuln_id = rec.vuln_id and actionobjects.signature ='" + vulnTypeInMySql + "' and " + "actionobjects.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks); foreach (DbDataRecord dataRow in mySqlDataReader) { var recSignature = dataRow["recSignature"].ToString(); var severity = dataRow["severity"].ToString(); var vulnType = addAsRuleOfType + "." + dataRow["vuln_type"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Sink, Severity = severity, VulnType = vulnType, Signature = recSignature, }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_DontPropagateTaint(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sql = "select rec.signature from rec,taint_info " + "where taint_info.vuln_id = rec.vuln_id and propagates=0 and " + "rec.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql); foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); var severity = ""; var vulnType = ""; var recSignature = dataRow["signature"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.DontPropagateTaint, Severity = severity, VulnType = vulnType, Signature = recSignature, }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_PropagateTaint(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sql = "select rec.signature, taint_info.from_args, taint_info.to_args, taint_info.return " + "from rec,taint_info where taint_info.vuln_id = rec.vuln_id and propagates=1 and " + "rec.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sql); foreach (DbDataRecord dataRow in mySqlDataReader) { var recSignature = dataRow["signature"].ToString(); var fromArgs = dataRow["from_Args"].ToString(); var toArgs = dataRow["to_Args"].ToString(); var _return = dataRow["return"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.PropageTaint, Signature = recSignature, Return = _return, FromArgs = fromArgs, ToArgs = toArgs }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_Callbacks(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSinks = "select rec.signature as recSignature from rec " + "where rec.callback = 1 and " + "rec.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks); foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); //var severity = dataRow["severity"].ToString(); //var vulnType = dataRow["vuln_type"].ToString(); var recSignature = dataRow["recSignature"].ToString(); //var param = dataRow["param"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Callback, // Severity = severity, // VulnType = vulnType, Signature = recSignature //Param = param }); } mySqlDataReader.Close(); return(o2Rules); }
public List <IO2Rule> getRules_Sinks(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSinks = "select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " + "actionobjects.severity, actionobjects.vuln_type, sink_info.param " + "from sink_info , actionobjects , rec " + "where sink_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " + "actionobjects.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSinks); foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); var severity = dataRow["severity"].ToString(); var vulnType = dataRow["vuln_type"].ToString(); var recSignature = dataRow["recSignature"].ToString(); var param = dataRow["param"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Sink, Severity = severity, VulnType = vulnType, Signature = recSignature, Param = param }); } mySqlDataReader.Close(); return(o2Rules); }
public static String getProjectFilePath(String sProjectName) { //o2.datalayer.mysql.OunceMySql. DataTable dtResults = OunceMySql.getDataTableFromSqlQuery(getSqlQueryForRetrivingProjectFilePath(sProjectName), false); if (dtResults.Rows.Count == 1) { var sProjectFile = (String)dtResults.Rows[0].ItemArray[0]; return(Path.GetDirectoryName(sProjectFile)); } return(""); }
public static String[] getApplications() { String sSql = "SELECT File_Path FROM prexis.application"; DataTable dtResult = OunceMySql.getDataTableFromSqlQuery(sSql, false); if (dtResult != null) { var lsApplications = new List <string>(); foreach (DataRow drRow in dtResult.Rows) { lsApplications.Add(drRow["File_Path"].ToString()); } return(lsApplications.ToArray()); } return(new String[] {}); }
// ounce 6.0 dependent public List <Rules> getListOfCustomRules(bool bMapActionObjects) { var sSqlForRule = "Select * from rec WHERE (rec.added=true OR rec.modified=true)"; //DataTable dtResults_forRule = o2.ounce.datalayer.mysql.OunceMySql.getDataTableFromSqlQuery(sSqlForRule); var lrCustomRules = new List <Rules>(); OunceMySql.populateListWithDataTable(sSqlForRule, lrCustomRules); foreach (Rules rRule in lrCustomRules) { rRule.lActionObjects = new List <ActionObject>(); if (bMapActionObjects) { String sSqlForActionObject = String.Format("Select * from actionobjects WHERE actionobjects.vuln_id = {0}", rRule.vuln_id); OunceMySql.populateListWithDataTable(sSqlForActionObject, rRule.lActionObjects); } } return(lrCustomRules); }
public List <IO2Rule> getRules_Sources(string ruleDbId) { var o2Rules = new List <IO2Rule>(); var sqlForSource = "select rec.signature as recSignature, actionobjects.signature as actionObjectSignature, " + "actionobjects.severity, actionobjects.vuln_type, source_info.param, source_info.return " + "from source_info , actionobjects , rec " + "where source_info.ao_id = actionobjects.id and actionobjects.vuln_id = rec.vuln_id and " + "actionobjects.db_id=" + ruleDbId; var mySqlDataReader = OunceMySql.executeSqlQueryReturnSqlDataReader(sqlForSource); if (mySqlDataReader == null) { DI.log.error("in getRules_Sources, mySqlDataReader was null"); return(o2Rules); } foreach (DbDataRecord dataRow in mySqlDataReader) { //var vulnID = dataRow["vuln_id"].ToString(); var severity = dataRow["severity"].ToString(); var vulnType = dataRow["vuln_type"].ToString(); var recSignature = dataRow["recSignature"].ToString(); var param = dataRow["param"].ToString(); var _return = dataRow["return"].ToString(); o2Rules.Add(new O2Rule { DbId = ruleDbId, RuleType = O2RuleType.Source, Severity = severity, VulnType = vulnType, Signature = recSignature, Param = param, Return = _return }); } mySqlDataReader.Close(); return(o2Rules); }