public static List <IO2Finding> glueClickButtonTraces(String ClickButtonMappingOzasmt, String webLayerOzasmt, String webServicesLayerOzasmt) { var results = new List <IO2Finding>(); var clickButton = new O2Assessment(new O2AssessmentLoad_OunceV6(), ClickButtonMappingOzasmt); var webLayer = new O2Assessment(new O2AssessmentLoad_OunceV6(), webLayerOzasmt); // var webServices = new O2Assessment(new O2AssessmentLoad_OunceV6(), webServicesLayerOzasmt); var webLayerAllTraces = OzasmtUtils.getDictionaryWithO2AllSubTraces(webLayer); var count = webLayerAllTraces.Count; foreach (var clickButtonFinding in clickButton.o2Findings) { var sinkToFind = OzasmtUtils.getKnownSink(clickButtonFinding.o2Traces).signature; if (webLayerAllTraces.ContainsKey(sinkToFind)) { foreach (var webLayerO2Trace in webLayerAllTraces[sinkToFind]) { results.Add(OzasmtGlue.createCopyAndGlueTraceSinkWithSource(clickButtonFinding, webLayerO2Trace)); } } } DI.log.debug(" {0} findings in result ", results.Count); return(results); }
public static List <IO2Finding> join_WebLayer_traces_with_WebServices_traces(List <IO2Finding> sourceO2Findings, List <IO2Finding> webLayerFindingsWithUrl) { var bySink = webLayerFindingsWithUrl.indexBy_Sink(); var bySource = sourceO2Findings.indexBy_Source(); var jointFindings = new List <IO2Finding>(); foreach (var source in bySource) { var fixedSource = source.Key.replace("HacmeBank_v2_WS.WS_UserManagement", "WS_UserManagement"); fixedSource = fixedSource.replace("HacmeBank_v2_WS.WS_AccountManagement", "WS_AccountManagement"); fixedSource = fixedSource.replace("HacmeBank_v2_WS.WS_UsersCommunity", "WS_UsersCommunity"); if (fixedSource.contains("Login")) { fixedSource.info(); //source.Key.info(); } if (bySink.hasKey(fixedSource)) { foreach (var findingA in bySink[fixedSource]) { foreach (var findingB in source.Value) { var newFinding = OzasmtGlue.createCopyAndGlueTraceSinkWithTrace(findingA, findingB.o2Traces); jointFindings.add(newFinding); } } } } return(jointFindings); }
private void btDeleteTraceNode_Click(object sender, EventArgs e) { if (ascxTraceTreeView.selectedNodeTag != null) { OzasmtGlue.deleteO2Trace((List <IO2Trace>)currentO2Finding.o2Traces, ascxTraceTreeView.o2Trace); ascxTraceTreeView.showO2TraceTree(); } }
private void tvSmartTrace_KeyUp(object sender, KeyEventArgs e) { if (e.KeyCode == Keys.Delete && tvSmartTrace.SelectedNode != null) { OzasmtGlue.deleteO2Trace(o2Finding.o2Traces, (IO2Trace)tvSmartTrace.SelectedNode.Tag); showO2TraceTree(); } }
public void glueTrace() { if (fidingsViewer_WebInspectOzasmt.currentO2Findings.Count > 0 && fidingsViewer_OunceOzasmt.currentO2Findings.Count > 0) { fidingsViewer_MappedFile.loadO2Findings( OzasmtGlue.glueOnTraceNames(fidingsViewer_WebInspectOzasmt.currentO2Findings, fidingsViewer_OunceOzasmt.currentO2Findings, "Spring MVC Glue")); } }
public void createClickButtonTraces() { var o2Assessment = new O2Assessment { o2Findings = OzasmtGlue.glueTraceSinkWithSources(new O2AssessmentLoad_OunceV6(), clickButtonMappingOzasmt, bothLayersOzasmt) }; //o2Assessment.o2Findings = AspNetAnalysis.glueClickButtonTraces(clickButtonMappingOzasmt, webLayerOzasmt, webServicesLayerOzasmt); Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "no findings calculated"); o2Assessment.o2Findings = OzasmtFilter.getFindingsWithSink(o2Assessment.o2Findings, "System.Data"); Assert.IsTrue(o2Assessment.o2Findings.Count > 0, "no System.Data Sinks found"); o2Assessment.save(new O2AssessmentSave_OunceV6(), resultsFilefor_clickButtonSource_SystemDataSink); Assert.IsTrue(File.Exists(resultsFilefor_clickButtonSource_SystemDataSink), "resultsFilefor_clickButtonSource_SystemDataSink doesn't exist"); }
public void mapWebInspectMappingsToOzamstFindings() { // process Ounce Assessment file string workOzasmtFile = ozasmtHacmeBankScanWithDefaultRules; Assert.IsTrue(File.Exists(workOzasmtFile), "ozasmtHacmeBankScanWithDefaultRules could not be found"); var o2AssessmentOunceScan = new O2Assessment(new O2AssessmentLoad_OunceV6(), workOzasmtFile); o2AssessmentOunceScan.o2Findings = AspNetAnalysis.findWebControlSources(o2AssessmentOunceScan.o2Findings); Assert.IsTrue(o2AssessmentOunceScan.o2Findings.Count > 0, "There were no Findings calculated"); o2AssessmentOunceScan.save(new O2AssessmentSave_OunceV6(), ozasmtWithHacmeBankWebControlMappings); // process WebInspect file string workWebInspectFile = webInspectFileWithResults; Assert.IsTrue(File.Exists(workWebInspectFile), "webInspectFileWithResults does not exist"); var o2AssessmentWebInspectScan = new O2Assessment() { o2Findings = WebInspectConverter. loadWebInspectResultsAndReturnO2FindingsFor_SqlInjection_PoC2( workWebInspectFile) }; Assert.IsTrue(o2AssessmentWebInspectScan.o2Findings.Count > 0, "No O2 findings created"); o2AssessmentWebInspectScan.save(new O2AssessmentSave_OunceV6(), ozasmtFileWebInspectMappings); var o2AssessmentGluedOnTraceName = new O2Assessment() { o2Findings = OzasmtGlue.glueOnTraceNames(new O2AssessmentLoad_OunceV6(), ozasmtFileWebInspectMappings, ozasmtWithHacmeBankWebControlMappings, "Spring MVC Glue") }; Assert.IsTrue(o2AssessmentGluedOnTraceName.o2Findings.Count > 0, "No Glued Findings created"); o2AssessmentGluedOnTraceName.save(new O2AssessmentSave_OunceV6(), ozasmtWithWebInspectToOunceMappings); Analysis.createAssessmentFileWithAllTraces(true, false, ozasmtWithWebInspectToOunceMappings, // ozasmtWithWebInspectToOunceMappings); ozasmtWithWebInspectToOunceMappings_UniqueTraces); // }
public static List <IO2Finding> calculate_WebLayer_tracesInto_WebServices_with_URL_as_Source(List <IO2Finding> sourceO2Findings, List <IO2Finding> urlMappings) { var webLayerFindingsWithUrl = new List <IO2Finding>(); var mappedFindings = sourceO2Findings.getFindingsWith_WebServicesInvoke() .makeSinks_WebServicesInvokeTarget(); var indexedByRootMethod = mappedFindings.indexBy( (o2Finding) => { if (o2Finding.o2Traces[0].childTraces.size() > 1) { return(o2Finding.o2Traces[0].childTraces[1].context); } else { return("no root method"); } }); foreach (var sinkValue in urlMappings.indexBy_Sink()) { if (indexedByRootMethod.hasKey(sinkValue.Key)) { foreach (var findingA in sinkValue.Value) { foreach (var findingB in indexedByRootMethod[sinkValue.Key]) { //var newFinding = findingA.copy(); var newFinding = OzasmtGlue.createCopyAndGlueTraceSinkWithTrace(findingA, findingB.o2Traces); webLayerFindingsWithUrl.add(newFinding); } } } // sinkValue.Key.info(); } webLayerFindingsWithUrl.removeFirstSource(); return(webLayerFindingsWithUrl); }
public static List <IO2Finding> joinTraces(List <IO2Finding> findingsToJoinOnSinks, List <IO2Finding> findingsToJoinOnSources) { var gluedFindingVulnName = "Spring Mvc Glued finding"; return(OzasmtGlue.glueOnSinkToAproximateSourceNameMatch(findingsToJoinOnSinks, findingsToJoinOnSources, gluedFindingVulnName)); }
private void handleDragDrop(DragEventArgs e) { var droppedObject = Dnd.tryToGetObjectFromDroppedObject(e); switch (droppedObject.GetType().Name) { case "O2Trace": var droppedTrace = (IO2Trace)droppedObject; var selectedO2Trace = o2Trace; if (selectedO2Trace == droppedTrace) { DI.log.error("on tvSmartTrace_DragDrop: It is not possible to drop a trace on it seft"); } else if (bMoveTraces && (OzasmtSearch.isO2TraceAChildTraceOfO2Trace(selectedO2Trace, droppedTrace))) { // if we draged into a parent, we need to make a copy first, then copy it then delete the original IO2Trace copiedO2Trace = OzasmtCopy.createCopy(droppedTrace); OzasmtGlue.deleteO2Trace(o2Finding.o2Traces, droppedTrace); selectedO2Trace.childTraces.Add(copiedO2Trace); } else if (bMoveTraces && OzasmtSearch.isO2TraceAChildTraceOfO2Trace(droppedTrace, selectedO2Trace)) { DI.log.error( "on tvSmartTrace_DragDrop: Could not move trace since it is not possible to drop a trace into its own child node"); } else { IO2Trace copiedO2Trace = OzasmtCopy.createCopy(droppedTrace); if (bMoveTraces) { OzasmtGlue.deleteO2Trace(o2Finding.o2Traces, droppedTrace); } selectedO2Trace.childTraces.Add(copiedO2Trace); } showO2TraceTree(); break; case "O2Finding": loadO2Finding((O2Finding)droppedObject); break; case "TreeNode": var tagObject = ((TreeNode)droppedObject).Tag; if (tagObject != null) { if (tagObject is O2Finding) { loadO2Finding((O2Finding)tagObject); } } break; } /* var droppedTrace2 = (O2Trace)Dnd.tryToGetObjectFromDroppedObject(e, typeof(O2Trace)); * if (droppedTrace2 != null) * { * * } * else * { * var droppedO2Finding = (O2Finding)Dnd.tryToGetObjectFromDroppedObject(e, typeof(O2Finding)); * if (droppedO2Finding != null) * loadO2Finding(droppedO2Finding); * else * { * droppedO2Finding = (O2Finding)Dnd.tryToGetObjectFromDroppedObject(e, typeof(TreeNode)); * * } * }*/ }