public static List<String> getListOf_LostSinks_Unique(String sPathToSavedXmlFile, ref O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6) { var lMatches = new List<string>(); bool bChangeFindingData = false; Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType; var ffulsFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData); List<AssessmentAssessmentFileFinding> laaffFindings = getListOfFindingsUsingFilter(sPathToSavedXmlFile, ffulsFilter, ref fadO2AssessmentDataOunceV6); foreach (AssessmentAssessmentFileFinding aaffFinding in laaffFindings) lMatches.Add(Analysis.getSmartTraceNameOfTraceType(aaffFinding.Trace, TraceType.Lost_Sink, fadO2AssessmentDataOunceV6)); return lMatches; }
public static List <String> getListOf_LostSinks_Unique(String sPathToSavedXmlFile, ref O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6) { var lMatches = new List <string>(); bool bChangeFindingData = false; Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType; var ffulsFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData); List <AssessmentAssessmentFileFinding> laaffFindings = getListOfFindingsUsingFilter(sPathToSavedXmlFile, ffulsFilter, ref fadO2AssessmentDataOunceV6); foreach (AssessmentAssessmentFileFinding aaffFinding in laaffFindings) { lMatches.Add(Analysis.getSmartTraceNameOfTraceType(aaffFinding.Trace, TraceType.Lost_Sink, fadO2AssessmentDataOunceV6)); } return(lMatches); }
// this is used for quick queries (these dictionaries act like pointers to interresting stuff public static void populateDictionariesWithXrefsToLoadedAssessment(FindingFilter ffFindingFilter, bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation, O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6) { try { DateTime dtStart = DateTime.Now; // reset Dictionary objects oadO2AssessmentDataOunceV6.dAssessmentFiles = new Dictionary<AssessmentAssessmentFile, List<AssessmentAssessmentFileFinding>>(); oadO2AssessmentDataOunceV6.dVulnerabilityType = new Dictionary<string, List<AssessmentAssessmentFileFinding>>(); oadO2AssessmentDataOunceV6.dFindings = new Dictionary<AssessmentAssessmentFileFinding, AssessmentAssessmentFile>(); oadO2AssessmentDataOunceV6.dActionObjects = new Dictionary<uint, List<AssessmentAssessmentFileFinding>>(); oadO2AssessmentDataOunceV6.dFindings_CallInvocation = new Dictionary<AssessmentAssessmentFileFinding, List<CallInvocation>>(); // make no changes to the finding's data FindingNameFormat ffnFindingNameFormat = FindingNameFormat.FindingType; bool bChangeFindingData = false; // create filter var fFilter = new AnalysisFilters.filter(); if (ffFindingFilter == FindingFilter.SmartTraces) //AnalysisFilters.filter_FindSmartTraces ffsmSmartTraces = fFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces, bIgnoreRootCallInvocation, ffnFindingNameFormat, bChangeFindingData); else if (ffFindingFilter == FindingFilter.SmartTraces_LostSink) fFilter = new AnalysisFilters.filter_FindLostSinks(bDropDuplicateSmartTraces, bIgnoreRootCallInvocation, ffnFindingNameFormat, bChangeFindingData); else if (ffFindingFilter == FindingFilter.SmartTraces_LostSink_Unique) fFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData); // create list to contain all findings that match criteria oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria = new List<AssessmentAssessmentFileFinding>(); var lsAssessmentFiles = new List<String>(); if (StringsAndLists.notNull(oadO2AssessmentDataOunceV6.arAssessmentRun, typeof (AssessmentRun).Name)) if (null != oadO2AssessmentDataOunceV6.arAssessmentRun.Assessment.Assessment) foreach (Assessment aAssessment in oadO2AssessmentDataOunceV6.arAssessmentRun.Assessment.Assessment) if (null != aAssessment.AssessmentFile) foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile) { if (afAssessmentFile.Finding != null) { // create list to contain findings (from the current file) that match criteria var lfFindingsThatMatchCriteria = new List<AssessmentAssessmentFileFinding>(); foreach (AssessmentAssessmentFileFinding fFinding in afAssessmentFile.Finding) { // populate Findings Dictionary (dFindings) oadO2AssessmentDataOunceV6.dFindings.Add(fFinding, afAssessmentFile); // create list for dictionary with finding CallList oadO2AssessmentDataOunceV6.dFindings_CallInvocation.Add(fFinding, new List<CallInvocation>()); // calculate CallList if (fFinding.Trace != null) AnalysisUtils.getListWithMethodsCalled_Recursive(fFinding.Trace, oadO2AssessmentDataOunceV6. dFindings_CallInvocation [fFinding], oadO2AssessmentDataOunceV6, SmartTraceFilter. MethodName); /* Analysis.addCallsToNode_Recursive(fFinding.Trace, tnTempNode, fadO2AssessmentData, stfSmartTraceFilter); List<TreeNode> tnAllNodes = forms.getListWithAllNodesFromTreeView(tnTempNode.Nodes); foreach (TreeNode tnNode in tnAllNodes) tnFinding.Nodes.Add((TreeNode)tnNode.Clone());*/ // process filtered Findings if (ffFindingFilter == FindingFilter.AllFindings || ffFindingFilter == FindingFilter.NoSmartTraces && fFinding.Trace == null) { lfFindingsThatMatchCriteria.Add(fFinding); oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria.Add(fFinding); } else // which is this case { // run filter for the findings that have a trace if ((ffFindingFilter == FindingFilter.SmartTraces || ffFindingFilter == FindingFilter.SmartTraces_LostSink || ffFindingFilter == FindingFilter.SmartTraces_LostSink_Unique) && fFinding.Trace != null) //applyFilter(fFilter, lfFindingsThatMatchCriteria, fFinding, fadO2AssessmentData.arAssessmentRun); if (applyFilter(fFilter, oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria, fFinding, oadO2AssessmentDataOunceV6.arAssessmentRun)) lfFindingsThatMatchCriteria.Add(fFinding); else { } } } // populate Assessment Files Dictionary (dAssessmentFiles) if (lfFindingsThatMatchCriteria.Count > 0) { oadO2AssessmentDataOunceV6.dAssessmentFiles.Add(afAssessmentFile, lfFindingsThatMatchCriteria); // fadO2AssessmentData.lfAllFindingsThatMatchCriteria.AddRange(lfFindingsThatMatchCriteria); } } } // populate lfAllFindingsThatMatchCriteria foreach (AssessmentAssessmentFileFinding fFinding in oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria) { String sVulnType = (fFinding.vuln_type != null) ? fFinding.vuln_type : OzasmtUtils_OunceV6.getStringIndexValue(UInt32.Parse(fFinding.vuln_type_id), oadO2AssessmentDataOunceV6); //if (sVulnType != "Vulnerability.Sink.O2" && sVulnType != "Vulnerability.Source.O2") // { // } // VulnerabilityTypes if (false == oadO2AssessmentDataOunceV6.dVulnerabilityType.ContainsKey(sVulnType)) // means this is the first Finding of this type oadO2AssessmentDataOunceV6.dVulnerabilityType[sVulnType] = new List<AssessmentAssessmentFileFinding>(); oadO2AssessmentDataOunceV6.dVulnerabilityType[sVulnType].Add(fFinding); // ActionObjects if (false == oadO2AssessmentDataOunceV6.dActionObjects.ContainsKey(fFinding.actionobject_id)) // means this is the first Finding of this type oadO2AssessmentDataOunceV6.dActionObjects[fFinding.actionobject_id] = new List<AssessmentAssessmentFileFinding>(); oadO2AssessmentDataOunceV6.dActionObjects[fFinding.actionobject_id].Add(fFinding); } // fix externalSource source mapping issue fixExternalSourceMappingIssue(ref oadO2AssessmentDataOunceV6); TimeSpan spTimeSpan = DateTime.Now - dtStart; DI.log.info("Populated Dictionaries With Xrefs To Loaded Assessment in {0}.{1} seconds", spTimeSpan.Minutes.ToString(), spTimeSpan.Milliseconds.ToString()); } catch (Exception e) { DI.log.error("In populateDictionariesWithXrefsToLoadedAssessment: {0}", e.Message); } }
public static String createAssessmentFileWithLostSinks_OneExampleEach(String sTargetFilename, FindingNameFormat ffnFindingNameFormat, bool bChangeFindingData, O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6) { var ffulsFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData); AssessmentRun arFilteredAssessmentRun = createFilteredAssessmentRunObjectBasedOnCriteria(ffulsFilter, fadO2AssessmentDataOunceV6); saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename, fadO2AssessmentDataOunceV6); DI.log.debug("Custom Assessment File (with only one example per Lost Sinks) created: {0}", sTargetFilename); restoreChangedData(bChangeFindingData, fadO2AssessmentDataOunceV6); return sTargetFilename; }
public static List <AssessmentAssessmentFileFinding> getListOfFindingsUsingFilter(String sPathToSavedXmlFile, AnalysisFilters. filter_FindUniqueLostSinks ffulsFilter, ref O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6) { var laaffFinding = new List <AssessmentAssessmentFileFinding>(); try { bool bVerbose = false; var lsMatches = new List <string>(); Analysis.loadAssessmentFile(sPathToSavedXmlFile, bVerbose, ref fadO2AssessmentDataOunceV6); AssessmentRun arFilteredAssessmentRun = Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffulsFilter, fadO2AssessmentDataOunceV6); if (null != arFilteredAssessmentRun.Assessment.Assessment) { foreach (Assessment aAssessment in arFilteredAssessmentRun.Assessment.Assessment) { foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile) { if (null != afAssessmentFile.Finding) { foreach (AssessmentAssessmentFileFinding aaffFinding in afAssessmentFile.Finding) { laaffFinding.Add(aaffFinding); } } } } } } catch (Exception ex) { DI.log.error("getListOfFindingsUsingFilter: {0}", ex.Message); } return(laaffFinding); }