/// <summary>
/// recursive mapping of traces tracetype (required since there could be multiple sources
/// </summary>
/// <param name="o2RulePack"></param>
/// <param name="indexedO2Rules"></param>
/// <param name="o2Traces"></param>
/// <param name="languageDBId"></param>
/// <param name="o2NewRuleType"></param>
private static void updateO2RulePackWithFindingsTraceTypes (O2RulePack o2RulePack,IDictionary<string, List<IO2Rule>> indexedO2Rules, List<IO2Trace> o2Traces, string languageDBId, O2RuleType o2NewRuleType)
{
foreach (var o2Trace in o2Traces)
{
updateSourceOrSinkRule(o2RulePack, indexedO2Rules, o2Trace.signature, languageDBId, o2Trace.traceType);
updateO2RulePackWithFindingsTraceTypes(o2RulePack, indexedO2Rules, o2Trace.childTraces, languageDBId, o2NewRuleType);
}
}
public static O2Rule createRule(O2RuleType rtRuleType, String sSignature, String sDbID)
{
var rRule = new O2Rule
{
Severity = "Medium",
DbId = sDbID,
Signature = sSignature,
RuleType = rtRuleType,
VulnType = String.Format("_O2.{0}", rtRuleType)
};
return(rRule);
}
public O2Rule(O2RuleType ruleType, string vulnType, string signature, string dbId, bool tagged)
: this(ruleType, vulnType, signature, dbId)
{
Tagged = tagged;
}
public O2Rule(O2RuleType ruleType, string vulnType, string signature, string dbId)
: this(vulnType, signature, dbId)
{
RuleType = ruleType;
}
public static O2Rule createRule(O2RuleType rtRuleType, String sSignature, String sDbID)
{
var rRule = new O2Rule
{
Severity = "Medium",
DbId = sDbID,
Signature = sSignature,
RuleType = rtRuleType,
VulnType = String.Format("_O2.{0}", rtRuleType)
};
return rRule;
}
public O2Rule(O2RuleType ruleType, string vulnType, string signature, string dbId)
: this(vulnType, signature, dbId)
{
RuleType = ruleType;
}
public O2Rule(O2RuleType ruleType, string vulnType, string signature, string dbId, bool tagged)
: this(ruleType, vulnType, signature, dbId)
{
Tagged = tagged;
}
//rename this method since we do more than just Source or Sinks here
private static void updateSourceOrSinkRule(O2RulePack o2RulePack, IDictionary <string, List <IO2Rule> > indexedO2Rules, string ruleSignature, string languageDBId, TraceType traceType)
{
if (indexedO2Rules != null && ruleSignature != null)
{
//bool createNotMappedRule = false;
var createRuleWithType = O2RuleType.NotMapped;
// only proccess Sources, Sinks and Lost Sinks
if (traceType == TraceType.Source || traceType == TraceType.Known_Sink || traceType == TraceType.Lost_Sink)
{
O2RuleType o2NewRuleType = O2RulePackUtils.getO2RuleTypeFromRuleType(traceType);
createRuleWithType = o2NewRuleType;
/* if (indexedO2Rules != null && false == string.IsNullOrEmpty(ruleSignature))
* if (indexedO2Rules.ContainsKey(ruleSignature))
* {
* bool thereIsAlreadyARuleWithTheSameRuleType = false;
* foreach (var o2Rule in indexedO2Rules[ruleSignature])
* {
* if (o2Rule.RuleType == O2RuleType.NotMapped)
* // if it is not mapped change it to o2NewRuleType
* {
* o2Rule.RuleType = o2NewRuleType;
* return;
* }
* if (o2Rule.RuleType == o2NewRuleType)
* // if it is already a rule of type o2NewRuleType, mark it so we can ignore it below
* thereIsAlreadyARuleWithTheSameRuleType = true;
* }
* if (false == thereIsAlreadyARuleWithTheSameRuleType)
* // if we got this far, create a new rule of o2NewRuleType
* {
* var newRule = O2RulePackUtils.createRule(o2NewRuleType, ruleSignature, languageDBId);
* indexedO2Rules[ruleSignature].Add(newRule);
* // add it to the index so that we don't have to calculate it again
* o2RulePack.o2Rules.Add(newRule);
* }
* }
*/
}
bool createNewRule = true;
IO2Rule notMappedRule = null;
if (indexedO2Rules.ContainsKey(ruleSignature))
{
foreach (var o2Rule in indexedO2Rules[ruleSignature])
{
if (o2Rule.RuleType == createRuleWithType) // dont create if there is already a rule of this type
{
o2Rule.Tagged = true;
createNewRule = false;
}
if (o2Rule.RuleType == O2RuleType.NotMapped)
{
notMappedRule = o2Rule;
}
}
}
// handle the case where we have already added a signature but it is not a NotMapped one
if (createRuleWithType == O2RuleType.NotMapped && createNewRule && notMappedRule == null && indexedO2Rules.ContainsKey(ruleSignature))
{
createNewRule = false;
}
// if required, Create rule
if (createNewRule)
{
var vulnType = "O2.FindingRule." + createRuleWithType.ToString();
var newRule = new O2Rule(createRuleWithType, vulnType, ruleSignature, languageDBId, true);
o2RulePack.o2Rules.Add(newRule);
if (false == indexedO2Rules.ContainsKey(ruleSignature))
{
indexedO2Rules.Add(ruleSignature, new List <IO2Rule>());
}
indexedO2Rules[ruleSignature].Add(newRule);
if (notMappedRule != null)
{
indexedO2Rules[ruleSignature].Remove(notMappedRule);
}
}
}
}
/// <summary>
/// recursive mapping of traces tracetype (required since there could be multiple sources
/// </summary>
/// <param name="o2RulePack"></param>
/// <param name="indexedO2Rules"></param>
/// <param name="o2Traces"></param>
/// <param name="languageDBId"></param>
/// <param name="o2NewRuleType"></param>
private static void updateO2RulePackWithFindingsTraceTypes(O2RulePack o2RulePack, IDictionary <string, List <IO2Rule> > indexedO2Rules, List <IO2Trace> o2Traces, string languageDBId, O2RuleType o2NewRuleType)
{
foreach (var o2Trace in o2Traces)
{
updateSourceOrSinkRule(o2RulePack, indexedO2Rules, o2Trace.signature, languageDBId, o2Trace.traceType);
updateO2RulePackWithFindingsTraceTypes(o2RulePack, indexedO2Rules, o2Trace.childTraces, languageDBId, o2NewRuleType);
}
}
private static bool doesO2RuleMatchTypeAndFilter(IO2Rule o2Rule, O2RuleType o2RuleType, string signatureFilter)
{
if (o2RuleType == O2RuleType.All || o2Rule.RuleType == o2RuleType)
if (signatureFilter == "" || RegEx.findStringInString(o2Rule.Signature, signatureFilter) || o2Rule.Signature.IndexOf(signatureFilter) > -1)
return true;
return false;
}
// ReSharper restore PossibleNullReferenceException
public List<IO2Rule> filterO2RulesByTypeAndFilter(List<IO2Rule> o2RulesToFilter, string signatureFilter, O2RuleType o2RuleType)
{
// apply Rule View Mode
switch (viewMode)
{
case RulesViewMode.AllRules:
break; // don't do anything
case RulesViewMode.OnlyNotInDb:
o2RulesToFilter = (from IO2Rule o2Rule in o2RulesToFilter where o2Rule.FromDb == false select o2Rule).ToList();
break;
case RulesViewMode.OnlyNotInDbAndMapped:
o2RulesToFilter = (from IO2Rule o2Rule in o2RulesToFilter
where (o2Rule.FromDb == false && o2Rule.RuleType!=O2RuleType.NotMapped)
select o2Rule).ToList();
break;
case RulesViewMode.OnlyTagged:
o2RulesToFilter = (from IO2Rule o2Rule in o2RulesToFilter where o2Rule.Tagged select o2Rule).ToList();
break;
case RulesViewMode.OnlyTaggedAndInDb:
o2RulesToFilter = (from IO2Rule o2Rule in o2RulesToFilter where (o2Rule.Tagged && o2Rule.FromDb) select o2Rule).ToList();
break;
}
var o2RulesThatMatchTheFilter = new List<IO2Rule>();
foreach (var o2Rule in o2RulesToFilter)
if (doesO2RuleMatchTypeAndFilter(o2Rule, o2RuleType, signatureFilter))
o2RulesThatMatchTheFilter.Add(o2Rule);
return o2RulesThatMatchTheFilter;
}
// to be removed once the addFindingsAsRules is completed
/*private void reloadCurrentRulePackWithOnlyRulesThatMatchDroppedFindings(List<IO2Finding> o2Findings)
{
O2Thread.mtaThread(
() =>
{
DI.log.info("Reloading Current RulePack With Only Rules That Match Dropped Findings");
// first create rulepack with a rule for every unique signature in a trace
var newRulePack = RulesAndFindingsUtils.createRulePackThatMatchFindings(currentO2RulePack, o2Findings, MiscUtils_OunceV6.getIdForSuportedLanguage(currentLanguage).ToString());
// set the current rule and reindex it
setCurrentRulePack(newRulePack);
// now make sure that all sources and sinks in the loaded o2Findings are mapped as such in the rules
RulesAndFindingsUtils.mapInRulePack_FindingsSourcesAndSinks(newRulePack, indexedCurrentO2Rules, o2Findings, MiscUtils_OunceV6.getIdForSuportedLanguage(currentLanguage).ToString());
DI.log.info("New rule pack calculated (with {0} rules, reloading it now", newRulePack.o2Rules.Count);
refreshRulesViewer();
}
);
}*/
private void changeSelectedRulesTo(O2RuleType newRuleType, string newVulnType)
{
this.invokeOnThread(
() =>
{
foreach(DataGridViewRow selectedRow in dgvRules.SelectedRows)
{
if (selectedRow.Tag is IO2Rule)
{
var o2RuleToModify = (IO2Rule) selectedRow.Tag;
// if required, delete the current rule
if (o2RuleToModify.FromDb && o2RuleToModify.RuleType != O2RuleType.NotMapped && newRuleType != O2RuleType.ToBeDeleted && cbOnChangeDeletePreviewRule.Checked)
{
var clonedRule = O2RulePackUtils.cloneRule(o2RuleToModify);
clonedRule.RuleType = O2RuleType.ToBeDeleted;
addRuleToChangedRulesList(clonedRule);
}
o2RuleToModify.RuleType = newRuleType;
o2RuleToModify.VulnType = newVulnType;
switch (o2RuleToModify.RuleType)
{
case O2RuleType.PropageTaint:
o2RuleToModify.FromArgs = "all";
o2RuleToModify.ToArgs = "all";
o2RuleToModify.Return = "1";
break;
case O2RuleType.DontPropagateTaint:
o2RuleToModify.FromArgs = "none";
o2RuleToModify.ToArgs = "none";
o2RuleToModify.Return = "0";
break;
default:
o2RuleToModify.FromArgs = "";
o2RuleToModify.ToArgs = "";
o2RuleToModify.Return = "";
break;
}
selectedRow.SetValues(getRowDataFromO2Fule(o2RuleToModify));
addRuleToChangedRulesList(o2RuleToModify);
}
}
refreshChangedRulesList();
});
}