private static int RunAnalysis(AnalyzeOptions options)
{
var indexDb = new IndexDb(options.Directory);
indexDb.Build();
indexDb.ShowStatistic();
var callGraphBuilder = new CallGraphBuilder(indexDb);
CreateCleanDirectory(options.Output);
foreach (var group in Loader.GetPatternGroups())
{
var callGraph = callGraphBuilder.CreateGraph(group.Patterns);
callGraphBuilder.ShowStatistic();
if (callGraph.IsEmpty)
{
continue;
}
callGraph.RemoveDuplicatePaths();
var groupDirectory = Path.Combine(options.Output, group.Name);
Directory.CreateDirectory(groupDirectory);
callGraph.Dump(Path.Combine(groupDirectory, "full.png"));
callGraph.RemoveNonPublicEntryNodes();
callGraph.Dump(Path.Combine(groupDirectory, "public.png"));
}
return(0);
}
private static void RunDataFlowAnalysis(IndexDb indexDb, CallGraph graph,
string entryPoint, List <TypeDef> requiredArgumentTypes,
SymbolicEngine symbolicEngine, string output)
{
try
{
if (!entryPoint.EndsWith(")"))
{
entryPoint += "()";
}
var entryIndex = 0;
foreach (var entry in /*graph.EntryNodes.Values) //*/ graph.Nodes.Values)
{
if (entry.MethodSignature.ToString() != entryPoint &&
entry.MethodSignature.ToString() != $"{typeof(Deserializers).Namespace}.{entryPoint}")
{
continue;
}
Console.WriteLine($"{entry.MethodSignature} analyzing...");
var references = indexDb.AssemblyReferences[entry.AssemblyName];
Console.WriteLine($" Assembly: {entry.AssemblyName}, References: {references.Count}");
var timer = Stopwatch.StartNew();
var result = symbolicEngine.ExecuteForward(entry.MethodDef, requiredArgumentTypes);
if (result == null)
{
Console.WriteLine("FATAL ERROR: DFA result is empty.");
break;
}
timer.Stop();
Console.WriteLine($"{entry.MethodSignature}: {timer.ElapsedMilliseconds} ms");
if (result.HasPattern)
{
}
Console.WriteLine($"DFA: {entry.MethodSignature} {result.ExternalCallCount} calls of {result.PatternCount} tainted object");
result.Stat.DumpConsole();
Console.WriteLine($"All method calls/instructions: {result.Summary.MethodCallCount} / {result.Summary.InstructionCount}");
Console.WriteLine("============");
//result.Stat.DumpTxt(output, $"dfa_stat_{entryIndex++}_{entry.MethodDef.Name}.txt");
//result.Stat.DumpCsv(output, $"dfa_stat_{entryIndex}_{entry.MethodDef.Name}.csv");
var p = result.Dump(output, $"patterns_{entryIndex}_{entry.MethodDef.Name}");
result.DumpAllStat(output, $"dfa_stat_{entryIndex}_{entry.MethodDef.Name}.txt", p);
Console.WriteLine();
entryIndex++;
break;
}
Console.WriteLine("Analysis is competed!");
}
catch (ThreadAbortException)
{
Thread.ResetAbort();
}
}
public SymbolicEngineBase()
: base("MethodBody")
{
// Load all assemblies from single directory!!!
// copy .NET FW assemblies to GetType().Assembly.Location
index = new IndexDb(GetType().Assembly.Location);
index.LoadAssembly(new Uri(typeof(StringBuilder).Assembly.CodeBase).LocalPath);
index.Build();
index.ShowStatistic();
}
public SymbolicEngine(IndexDb indexDb,
MethodUniqueSignature taintedCall,
uint virtualCallsLimit,
bool enableStaticFields,
bool inputTaintedMode)
{
this.indexDb = indexDb;
this.taintedCall = taintedCall;
this.virtualCallsLimit = virtualCallsLimit;
this.enableStaticFields = enableStaticFields;
this.inputTaintedMode = inputTaintedMode;
firstExecutionContextCreating = inputTaintedMode;
}
private static int RunAnalysis(AnalyzeOptions options)
{
var timer = Stopwatch.StartNew();
var indexDb = new IndexDb(options.Directory);
indexDb.Build();
indexDb.ShowStatistic();
var callGraphBuilder = new CallGraphBuilder(indexDb);
CreateCleanDirectory(options.Output);
foreach (var group in Loader.GetTemplateGroups())
{
var callGraph = callGraphBuilder.CreateGraph(group.Templates);
callGraphBuilder.ShowStatistic();
if (callGraph.IsEmpty)
{
continue;
}
callGraph.RemoveDuplicatePaths();
var groupDirectory = Path.Combine(options.Output, group.Name);
Directory.CreateDirectory(groupDirectory);
callGraph.Dump(Path.Combine(groupDirectory, "full.png"));
callGraph.DumpSeparateUsages(Path.Combine(groupDirectory, "usages"));
callGraph.RemoveSameClasses();
//callGraph.RemoveMiddleNodes();
callGraph.Dump(Path.Combine(groupDirectory, "classes.png"));
//callGraph.RemoveNonPublicEntryNodes();
//callGraph.Dump(Path.Combine(groupDirectory, "public.png"));
}
timer.Stop();
Console.WriteLine($"{timer.ElapsedMilliseconds}");
Console.WriteLine($"{timer}");
return(0);
}
public KnowledgeBasePatternTests()
{
index = new IndexDb(typeof(Context).Assembly.Location);
index.Build();
}
public void MethodImplementationsTest()
{
var result = new Dictionary <string, string[]>();
var index = new IndexDb(GetType().Assembly.Location);
index.Build();
foreach (var typeDef in EnumerateTypes())
{
foreach (var methodDef in typeDef.Methods)
{
if (methodDef.Name == ".ctor")
{
continue;
}
result.Add(
methodDef.FullName,
index.GetImplementations(methodDef.CreateMethodUniqueSignature(), (string)null)
.Select(md => md.FullName)
.ToArray());
}
}
/*
* foreach (var item in result)
* {
* Console.WriteLine(item.Key);
* foreach (var value in item.Value)
* {
* Console.WriteLine($" {value}");
* }
* }
*/
Assert.That(result, Is.EquivalentTo(new Dictionary <string, string[]>
{
{
"System.Void SerialDetector.Tests.Model.Inheritance.AbstractClass::Foo()",
new []
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Foo()",
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::Foo()"
}
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.AbstractClass::Bar()",
new []
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Bar()",
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::Bar()"
}
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.AbstractClass2::Bar()",
new []
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Bar()",
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::Bar()"
}
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.AbstractClass2::BarAC2()",
new []
{
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::BarAC2()"
}
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Foo()",
new string[0]
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Bar()",
new string[0]
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::JustVirtual()",
new string[0]
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::SerialDetector.Tests.Model.Inheritance.IInterface2.Explicit()",
new string[0]
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.IInterface::Foo()",
new []
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Foo()",
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::Foo()"
}
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.IInterface2::Explicit()",
new []
{
"System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::SerialDetector.Tests.Model.Inheritance.IInterface2.Explicit()"
}
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::JustVirtual()",
new [] { "System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::JustVirtual()" }
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::Bar()",
new [] { "System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Bar()" }
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::BarAC2()",
new string [0]
},
{
"System.Void SerialDetector.Tests.Model.Inheritance.SpecificClass::Foo()",
new [] { "System.Void SerialDetector.Tests.Model.Inheritance.DerivedClass::Foo()" }
},
}));
}
private static int RunAnalysis(string input, string entryPoint, string output)
{
Console.WriteLine("Copying SerialDetector.Experiments...");
File.Copy(
typeof(Deserializers).Assembly.Location,
Path.Combine(input, Path.GetFileName(typeof(Deserializers).Assembly.Location)),
true);
Console.WriteLine($"[{DateTime.Now:T}]");
var indexDb = new IndexDb(input);
var v = new Version();
var methods = indexDb.Assemblies.FindSensitiveSinkCalls().ToList();
Console.WriteLine($"[{DateTime.Now:T}] {methods.Count} methods!");
var sensitiveSinks = methods
.Select(method => method.CreateMethodUniqueSignature())
.Distinct()
.Select(name => new TemplateInfo(name, v))
.ToList();
CreateCleanDirectory(output);
File.WriteAllLines(
Path.Combine(output, "sensitive-sinks.txt"),
sensitiveSinks.Select(info => info.Method.ToString()));
var setUp = GetEntryPointSetUp(entryPoint);
sensitiveSinks = new List <TemplateInfo>
{
new TemplateInfo(new MethodUniqueSignature(setUp.SensitiveSink), v)
};
Console.WriteLine($"[{DateTime.Now:T}] {sensitiveSinks.Count} patterns!");
foreach (var method in sensitiveSinks)
{
Console.WriteLine($" {method.Method}");
}
Console.WriteLine();
// TODO: remove convertedArgumentTypes
var convertedArgumentTypes = indexDb.Build();
indexDb.ShowStatistic();
Console.WriteLine($"[{DateTime.Now:T}]");
var callGraphBuilder = new CallGraphBuilder(indexDb);
var i = 0;
foreach (var sensitiveSink in sensitiveSinks)
{
var g = callGraphBuilder.CreateGraph(new List <TemplateInfo> {
sensitiveSink
});
Console.WriteLine();
Console.WriteLine($"[{DateTime.Now:T}] #{++i} {sensitiveSink.Method}");
callGraphBuilder.ShowStatistic();
if (g.IsEmpty)
{
Console.WriteLine("CFA: Not found!");
continue;
}
StoreEntryPoints(Path.Combine(output, $"{i}_ep_all.txt"), g);
Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}");
g.RemoveDuplicatePaths();
Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}");
g.RemoveNonPublicEntryNodes();
Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}");
g.RemoveNonPublicMiddleNodes();
Console.WriteLine($"Graph: nodes = {g.Nodes.Count}, entry nodes = {g.EntryNodes.Count}");
//ShowEntryPoints(currentPatterns, g);
StoreEntryPoints(Path.Combine(output, $"{i}_ep_public.txt"), g);
if (g.Nodes.Count > 1 && g.Nodes.Count < 1000)
{
g.Dump(Path.Combine(output, $"{i}_po.png"));
}
else
{
Console.WriteLine($"{i}_ep_public graph contains {g.Nodes.Count} nodes!");
}
// DFA
var symbolicEngine = new SymbolicEngine(indexDb, sensitiveSink.Method,
setUp.VirtualCallsLimit, setUp.EnableStaticFields, false);
var workingThread = new Thread(() =>
{
RunDataFlowAnalysis(indexDb, g, entryPoint, convertedArgumentTypes, symbolicEngine, output);
});
var timer = Stopwatch.StartNew();
workingThread.Start();
Console.WriteLine();
Console.WriteLine("Press q and <Enter> to exit...");
while (Console.ReadLine() != "q")
{
}
if (workingThread.IsAlive)
{
workingThread.Abort();
workingThread.Join();
timer.Stop();
symbolicEngine.CurrentStat?.DumpConsole();
symbolicEngine.CurrentStat?.DumpTxt(output, "dfa_stat.txt");
//symbolicEngine.CurrentStat?.DumpCsv(output, "dfa_stat.csv");
Console.WriteLine($"Analysis is aborted ({timer.ElapsedMilliseconds} ms)");
}
}
return(0);
}
