public CallInvocation addCallToCall(String sNewCallName, CallInvocation ciTargetCallInvocation,
TraceType ttTraceType)
{
var ciNewCallInvocation = new CallInvocation();
UInt32 uCall = OzasmtUtils_OunceV6.addTextToStringIndexes(sNewCallName, oadNewO2AssessmentDataOunceV6.arAssessmentRun);
ciNewCallInvocation.sig_id = uCall;
ciNewCallInvocation.cxt_id = uCall;
// by default make these the same (the context is used to remove duplicate findings)
ciNewCallInvocation.fn_id = 1;
// add file mapping so that the viewer's can point to the vm file
ciNewCallInvocation.trace_type = (UInt32)ttTraceType;
if (ciTargetCallInvocation.CallInvocation1 == null)
{
ciTargetCallInvocation.CallInvocation1 = new[] { ciNewCallInvocation }
}
;
else
{
var lTargetCallTraces = new List <CallInvocation>(ciTargetCallInvocation.CallInvocation1);
lTargetCallTraces.Add(ciNewCallInvocation);
ciTargetCallInvocation.CallInvocation1 = lTargetCallTraces.ToArray();
}
return(ciNewCallInvocation);
}
public static O2TraceBlock_OunceV6 getTraceBlockToGlueFinding(AssessmentAssessmentFileFinding fFinding,
TraceType ttTraceType,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6,
Dictionary <String, O2TraceBlock_OunceV6> dO2TraceBlock)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType);
if (ciCallInvocation == null)
{
return(null);
}
String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6);
String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6);
String sLineNumber = ciCallInvocation.line_number.ToString();
String sTraceRootText = OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].sig_id, oadO2AssessmentDataOunceV6);
String sUniqueName = String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber);
// need to find a better way to clue the final sinks since at the moment I am getting a couple sinks trown by the cases when a sink also become a source of tainted data
//String sUniqueName = String.Format("{0} {1} {2} {3}", sSourceSignature, sFile, sLineNumber, sTraceRootText);
if (false == dO2TraceBlock.ContainsKey(sUniqueName))
{
dO2TraceBlock.Add(sUniqueName, new O2TraceBlock_OunceV6());
dO2TraceBlock[sUniqueName].sSignature = sSourceSignature;
dO2TraceBlock[sUniqueName].sFile = sFile;
dO2TraceBlock[sUniqueName].sLineNumber = sLineNumber;
dO2TraceBlock[sUniqueName].sTraceRootText = sTraceRootText;
dO2TraceBlock[sUniqueName].sUniqueName = sUniqueName;
}
return(dO2TraceBlock[sUniqueName]);
}
public void updateOadStringLists()
{
oadNewO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces =
OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
oadNewO2AssessmentDataOunceV6.arAssessmentRun.FileIndeces =
OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);
}
public CallInvocation setRootTrace(string sRootTraceText)
{
var ciCallInvocation = new CallInvocation();
UInt32 uRootTraceText = OzasmtUtils_OunceV6.addTextToStringIndexes(sRootTraceText,
oadNewO2AssessmentDataOunceV6.arAssessmentRun);
ciCallInvocation.sig_id = uRootTraceText;
ciCallInvocation.fn_id = 1;
ciCallInvocation.trace_type = (UInt32)TraceType.Root_Call;
fFinding.Trace = new[] { ciCallInvocation };
return(ciCallInvocation);
}
public NewFinding()
{
oadNewO2AssessmentDataOunceV6.arAssessmentRun = OzasmtUtils_OunceV6.getDefaultAssessmentRunObject();
oadNewO2AssessmentDataOunceV6.dFindings =
new Dictionary <AssessmentAssessmentFileFinding, AssessmentAssessmentFile>();
oadNewO2AssessmentDataOunceV6.dFindings.Add(fFinding, fFile);
fFinding.actionobject_id = 0;
fFinding.caller_name_id = "0";
fFinding.cxt_id = "0";
fFinding.vuln_name_id = "0";
fFinding.vuln_type_id = "0";
}
public static void create_CustomSavedAssessmentRunFile_From_FindingsResult_List(
List <AnalysisSearch.FindingsResult> lfrFindingsResults, String sPathToNewAssessmentFile)
{
O2Timer tTimer =
new O2Timer("Creating new AssessmentRun File " + sPathToNewAssessmentFile).start();
if (lfrFindingsResults.Count == 0)
{
DI.log.error("Aborting, no findings to save");
}
else
{
AssessmentRun arNewAssessmentRun = OzasmtUtils_OunceV6.getDefaultAssessmentRunObject();
arNewAssessmentRun.name = "Search Results Project";
var lFilesAndFindingsToAdd =
new Dictionary <AssessmentAssessmentFile, List <AssessmentAssessmentFileFinding> >();
var dNewStringIndex = new Dictionary <String, UInt32>();
var dNewFileIndex = new Dictionary <String, UInt32>();
foreach (AnalysisSearch.FindingsResult frFindingsResult in lfrFindingsResults)
{
if (false == lFilesAndFindingsToAdd.ContainsKey(frFindingsResult.fFile))
// doesn't exist so we need to add it
{
lFilesAndFindingsToAdd.Add(frFindingsResult.fFile, new List <AssessmentAssessmentFileFinding>());
}
lFilesAndFindingsToAdd[frFindingsResult.fFile].Add(
VirtualTraces.createNewFindingFromExistingOne(frFindingsResult.fFinding, dNewStringIndex,
dNewFileIndex,
frFindingsResult.oadO2AssessmentDataOunceV6));
}
arNewAssessmentRun.StringIndeces = OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
arNewAssessmentRun.FileIndeces = OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);
var lafNewAssessmentFilesToAdd = new List <AssessmentAssessmentFile>();
foreach (AssessmentAssessmentFile afOriginalFile in lFilesAndFindingsToAdd.Keys)
{
AssessmentAssessmentFile afNewFile =
VirtualTraces.createNewAssessmentFileFromExistingOne(afOriginalFile);
afNewFile.Finding = lFilesAndFindingsToAdd[afOriginalFile].ToArray();
lafNewAssessmentFilesToAdd.Add(afNewFile);
}
arNewAssessmentRun.Assessment.Assessment[0].AssessmentFile = lafNewAssessmentFilesToAdd.ToArray();
DI.log.info("New assessmentRun file created in memory, now saving it");
// and save the serialized object as an Xml file
OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(arNewAssessmentRun, sPathToNewAssessmentFile);
tTimer.stop();
}
// if (false)
// o2Messages.sendMessage("open ViewAssessmentRun," + sPathToNewAssessmentFile);
}
public static String getSource(AssessmentAssessmentFileFinding fFinding, O2AssessmentData_OunceV6 oadF1AssessmentDataOunceV6)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace,
TraceType.Source);
if (ciCallInvocation != null)
{
return(OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadF1AssessmentDataOunceV6));
}
return("");
}
public static void showCallInvocationDetailsInDataGridView(DataGridView dgvDataGridView,
CallInvocation ciCallInvocation,
O2AssessmentData_OunceV6 oadAssessmentDataOunceV6)
{
if (ciCallInvocation != null)
{
try
{
dgvDataGridView.Columns.Clear();
O2Forms.addToDataGridView_Column(dgvDataGridView, "Name", 90);
O2Forms.addToDataGridView_Column(dgvDataGridView, "Value", -1);
dgvDataGridView.Rows.Add("sig_id",
OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("cxt_id",
OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.cxt_id, oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("fn_id",
OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("cn id",
OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.cn_id, oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("trace_type", ciCallInvocation.trace_type.ToString());
dgvDataGridView.Rows.Add("column_number", ciCallInvocation.column_number.ToString());
dgvDataGridView.Rows.Add("line_number", ciCallInvocation.line_number.ToString());
dgvDataGridView.Rows.Add("mn_id",
OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.mn_id, oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("ordinal", ciCallInvocation.ordinal.ToString());
dgvDataGridView.Rows.Add("taint_propagation", ciCallInvocation.taint_propagation);
if (ciCallInvocation.Text != null)
{
var sbText = new StringBuilder();
foreach (String sLine in ciCallInvocation.Text)
{
sbText.AppendLine(sLine);
}
dgvDataGridView.Rows.Add("Text", sbText.ToString());
}
//ciCallInvocation.Text;
}
catch (Exception ex)
{
DI.log.error("in showCallInvocationDetailsInDataGridView :{0}", ex.Message);
}
}
}
public static void addSuportForDynamicMethodsOnSinks(TreeView tvRawData, ICirData cdCirData,
bool bAddGluedTracesAsRealTraces)
{
O2Timer tTimer = new O2Timer("Adding Support for Dynamic Methods on Sinks").start();
// first get a unique list of Sink Traces
Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dAllSinkFindings =
analyzer.getUniqueListOfSinks(tvRawData);
//List<String> lsMatches = new List<string>();
foreach (AssessmentAssessmentFileFinding fFinding in dAllSinkFindings.Keys)
{
CallInvocation ciSink =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace,
TraceType.
Known_Sink);
if (ciSink != null)
{
String sContext = OzasmtUtils_OunceV6.getStringIndexValue(ciSink.cxt_id, dAllSinkFindings[fFinding]);
// var fsFilteredSignature = new FilteredSignature(sContext);
if (sContext.IndexOf("java.lang.Object.getClass()") > -1 && sContext.IndexOf("new") > -1 &&
sContext.IndexOf("$") > -1)
{
// we have a match lets get the class out
String sClass = sContext.Substring(sContext.IndexOf("new") + 4);
sClass = sClass.Substring(0, sClass.IndexOf(' '));
// Find traces that match the found class and add them as GluedSinks
foreach (TreeNode tnMatchNode in tvRawData.Nodes)
{
if (tnMatchNode.Text.IndexOf(sClass) > -1)
{
addFindingAsGlueTrace((O2TraceBlock_OunceV6)tnMatchNode.Tag, fFinding,
dAllSinkFindings[fFinding], tvRawData,
bAddGluedTracesAsRealTraces);
}
}
}
}
}
tTimer.stop();
}
public static UInt32 updateNewAssessmentRunWithStringID(UInt32 uIdToUpdate,
Dictionary <String, UInt32> dNewStringIndex,
O2AssessmentData_OunceV6 fadOriginalO2AssessmentDataOunceV6)
{
if (uIdToUpdate == 0)
{
return(0);
}
String sTextToUpdate = OzasmtUtils_OunceV6.getStringIndexValue(uIdToUpdate, fadOriginalO2AssessmentDataOunceV6);
if (dNewStringIndex.ContainsKey(sTextToUpdate))
{
return(dNewStringIndex[sTextToUpdate]);
}
UInt32 uNewId = (UInt32)dNewStringIndex.Count + 1;
dNewStringIndex.Add(sTextToUpdate, uNewId);
return(uNewId);
}
private void tvSmartTrace_AfterSelect(object sender, TreeViewEventArgs e)
{
var fviFindingViewItem = (FindingViewItem)tvSmartTrace.Tag;
O2AssessmentData_OunceV6 fadAssessmentDataOunceV6 = fviFindingViewItem.oadO2AssessmentDataOunceV6;
switch (e.Node.Tag.GetType().Name)
{
case "CallInvocation":
var cCall = (CallInvocation)e.Node.Tag;
if (fadAssessmentDataOunceV6.arAssessmentRun.FileIndeces.Length < cCall.fn_id)
{
break;
}
String sSourceCodeFile = OzasmtUtils_OunceV6.getFileIndexValue(cCall.fn_id,
fviFindingViewItem.oadO2AssessmentDataOunceV6); //
// fadAssessmentDataOunceV6.arAssessmentRun.FileIndeces[cCall.fn_id - 1].value;
ascx_SourceCodeEditor1.gotoLine(sSourceCodeFile, (int)cCall.line_number);
ascx_Glee1.showCallInGlee(e.Node.Text);
FindingsView.showCallInvocationDetailsInDataGridView(dgvCallInvocationDetails, cCall,
fviFindingViewItem.oadO2AssessmentDataOunceV6);
//String sSignature = o2.analysis.Analysis.getStringIndexValue(cCall.sig_id, fadAssessmentDataOunceV6);
// ascx_RulesCreator1.addMethodToTargetsList(fadAssessmentDataOunceV6.sDb_id, sSignature, true);
// o2.ounce.datalayer.mysql.MySqlEvents.raiseEvent_ShowCustomRulesDetails_MethodSignature(fadAssessmentDataOunceV6.sDb_id, sSignature);
break;
//case "AssessmentAssessmentFileFinding":
// break;
default:
DI.log.error("in tvSmartTrace_AfterSelect: not supported type: {0}", e.Node.Tag.GetType().Name);
break;
}
tvSmartTrace.Focus();
}
public static String getUniqueSignature(AssessmentAssessmentFileFinding fFinding, TraceType ttTraceType,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6, bool bShowFullPathForFileName)
{
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(fFinding.Trace, ttTraceType);
if (ciCallInvocation == null)
{
return(null);
}
String sSourceSignature = OzasmtUtils_OunceV6.getStringIndexValue(ciCallInvocation.sig_id, oadO2AssessmentDataOunceV6);
String sFile = OzasmtUtils_OunceV6.getFileIndexValue(ciCallInvocation.fn_id, oadO2AssessmentDataOunceV6);
String sLineNumber = ciCallInvocation.line_number.ToString();
if (bShowFullPathForFileName)
{
return(String.Format("{0} {1} {2}", sSourceSignature, sFile, sLineNumber));
}
else
{
return(String.Format("{0} {1} {2}", sSourceSignature, Path.GetFileName(sFile), sLineNumber));
}
}
public void setFinding_VulnType(String sVulnType)
{
fFinding.vuln_type_id =
OzasmtUtils_OunceV6.addTextToStringIndexes(sVulnType, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString();
}
public void setFinding_fakeActionObjectId(String sFakeActionObject)
{
fFinding.actionobject_id = OzasmtUtils_OunceV6.addTextToStringIndexes(sFakeActionObject,
oadNewO2AssessmentDataOunceV6.arAssessmentRun);
}
public static bool ResolveInterfacesOnTreeView_recursive(TreeNode tnStartNode, ICirData cdCirData,
Dictionary <String, O2TraceBlock_OunceV6> dO2TraceBlock,
Dictionary <String, O2TraceBlock_OunceV6> dRawData,
//TreeView tvRawData_,
String sHardCodedInterfaceKeywork)
{
var stStackTrace = new StackTrace();
if (stStackTrace.FrameCount > 50)
{
String sMsg =
String.Format(
"on ResolveInterfacesOnTreeView_recursive, max StackTrace reached, aborting this leaf:{0}",
tnStartNode.Text);
DI.log.error(sMsg);
return(false);
}
if (tnStartNode != null)
{
foreach (TreeNode tnNode in tnStartNode.Nodes)
{
if (tnNode.Text.IndexOf(sHardCodedInterfaceKeywork) > -1)
{
if (tnNode.Tag != null)
{
var fviFindingViewItem = (FindingViewItem)tnNode.Tag;
String sSink = AnalysisUtils.getSink(fviFindingViewItem.fFinding,
fviFindingViewItem.oadO2AssessmentDataOunceV6);
if (cdCirData.dFunctions_bySignature.ContainsKey(sSink))
{
ICirFunction cfCirFunction = cdCirData.dFunctions_bySignature[sSink];
ICirClass ccCirClass = cfCirFunction.ParentClass;
foreach (ICirClass ccIsSuperClassedBy in ccCirClass.dIsSuperClassedBy.Values)
{
String sMappedMethodName =
cfCirFunction.FunctionSignature.Replace(ccCirClass.Signature,
ccIsSuperClassedBy.Signature);
List <O2TraceBlock_OunceV6> lotdMatches =
analyzer.getO2TraceBlocksThatMatchSignature(sMappedMethodName, dO2TraceBlock);
foreach (O2TraceBlock_OunceV6 otbO2TraceBlock in lotdMatches)
{
TreeNode tnNewNode_forImplementation =
O2Forms.newTreeNode(otbO2TraceBlock.sUniqueName,
otbO2TraceBlock.sUniqueName, 0, null);
tnNode.ForeColor = Color.CadetBlue;
tnNewNode_forImplementation.ForeColor = Color.DarkBlue;
foreach (
AssessmentAssessmentFileFinding fFinding in otbO2TraceBlock.dSinks.Keys)
{
var fviFindingViewItem_ForSink = new FindingViewItem(fFinding,
fFinding.vuln_name ?? OzasmtUtils_OunceV6.
getStringIndexValue
(UInt32.Parse
(fFinding
.
vuln_name_id),
otbO2TraceBlock.dSinks[fFinding]),
null,
otbO2TraceBlock.
dSinks[fFinding
]);
String sUniqueName_ForSink =
analyzer.getUniqueSignature(fviFindingViewItem_ForSink.fFinding,
TraceType.Known_Sink,
fviFindingViewItem_ForSink.
oadO2AssessmentDataOunceV6, true);
TreeNode tnImplementation_Sink = O2Forms.newTreeNode(
sUniqueName_ForSink, sUniqueName_ForSink, 0,
fviFindingViewItem_ForSink);
tnNewNode_forImplementation.Nodes.Add(tnImplementation_Sink);
if (tnImplementation_Sink.Text != "")
{
if (false ==
analyzer.addCompatibleTracesToNode_recursive(
tnImplementation_Sink, fviFindingViewItem_ForSink,
dRawData[tnImplementation_Sink.Text], "Sinks", dRawData))
{
// (O2TraceBlock_OunceV6)
// tvRawData.Nodes[tnImplementation_Sink.Text].Tag, "Sinks",
// tvRawData))
return(false);
}
}
// need to see any posible side effects of this (false check was not there on small projects)
}
tnNode.Nodes.Add(tnNewNode_forImplementation);
}
}
}
}
}
foreach (TreeNode tnChildNode in tnNode.Nodes)
{
if (false ==
ResolveInterfacesOnTreeView_recursive(tnChildNode, cdCirData, dO2TraceBlock, dRawData, //tvRawData,
sHardCodedInterfaceKeywork))
{
return(false);
}
}
}
}
return(true);
}
public void setFinding_CallerName(String sCallerName)
{
fFinding.caller_name_id =
OzasmtUtils_OunceV6.addTextToStringIndexes(sCallerName, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString();
}
public static void showFindingDetailsInDataGridView(DataGridView dgvDataGridView,
AssessmentAssessmentFileFinding fSelectedFinding,
O2AssessmentData_OunceV6 oadAssessmentDataOunceV6)
{
try
{
dgvDataGridView.Columns.Clear();
O2Forms.addToDataGridView_Column(dgvDataGridView, "Name", 90);
O2Forms.addToDataGridView_Column(dgvDataGridView, "Value", -1);
dgvDataGridView.Rows.Add("vuln Name",
fSelectedFinding.vuln_name ??
OzasmtUtils_OunceV6.getStringIndexValue(UInt32.Parse(fSelectedFinding.vuln_name_id),
oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("Vuln Type",
fSelectedFinding.vuln_type ??
OzasmtUtils_OunceV6.getStringIndexValue(UInt32.Parse(fSelectedFinding.vuln_type_id),
oadAssessmentDataOunceV6));
dgvDataGridView.Rows.Add("Caller Name",
fSelectedFinding.caller_name ?? ((fSelectedFinding.caller_name_id != null)
? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(fSelectedFinding.caller_name_id),
oadAssessmentDataOunceV6)
: ""));
dgvDataGridView.Rows.Add("Context",
fSelectedFinding.context ?? ((fSelectedFinding.cxt_id != null)
? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(fSelectedFinding.cxt_id), oadAssessmentDataOunceV6)
: ""));
dgvDataGridView.Rows.Add("Severity", fSelectedFinding.severity.ToString());
dgvDataGridView.Rows.Add("Confidence", fSelectedFinding.confidence.ToString());
dgvDataGridView.Rows.Add("Action Object Id", fSelectedFinding.actionobject_id.ToString());
dgvDataGridView.Rows.Add("Project",
(fSelectedFinding.project_name != null)
? fSelectedFinding.project_name
: (fSelectedFinding.project_name_id != null)
? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(fSelectedFinding.project_name_id),
oadAssessmentDataOunceV6)
: "");
dgvDataGridView.Rows.Add("Column Number", fSelectedFinding.column_number.ToString());
dgvDataGridView.Rows.Add("Line Number", fSelectedFinding.line_number.ToString());
dgvDataGridView.Rows.Add("Ordinal", fSelectedFinding.ordinal.ToString());
dgvDataGridView.Rows.Add("Exclude", fSelectedFinding.exclude.ToString());
dgvDataGridView.Rows.Add("Property IDs", fSelectedFinding.property_ids);
dgvDataGridView.Rows.Add("Record ID", fSelectedFinding.record_id.ToString());
if (fSelectedFinding.Text != null)
{
var sbText = new StringBuilder();
foreach (String sLine in fSelectedFinding.Text)
{
sbText.AppendLine(sLine);
}
dgvDataGridView.Rows.Add("Text", sbText.ToString());
}
if (fSelectedFinding.Trace != null)
{
dgvDataGridView.Rows.Add("Trace", "Yes");
}
else
{
dgvDataGridView.Rows.Add("Trace", "No");
}
// dgvFindingData.Rows.Add("Action Object", Lddb.getActionObjectName(fSelectedFinding.actionobject_id.ToString()));
}
catch (Exception ex)
{
DI.log.error("in showFindingDetailsInDataGridView :{0}", ex.Message);
}
}
public void setFinding_Context(String sContext)
{
fFinding.cxt_id =
OzasmtUtils_OunceV6.addTextToStringIndexes(sContext, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString();
}
public static bool addCompatibleTracesToNode_recursive(TreeNode tnTargetNode, FindingViewItem fviFindingViewItem,
O2TraceBlock_OunceV6 otbO2TraceBlockOunceV6OfToProcess,
String sMode,
Dictionary <String, O2TraceBlock_OunceV6> dRawData)
//TreeView tvRawData)
{
//TreeNode tnParentNode = O2Forms.getRootNode(tnTargetNode);
//int iNumberOfNodes = tnParentNode.GetNodeCount(true);
var iNumberOfNodes = O2Forms.getRootNode(tnTargetNode).GetNodeCount(true);
if (O2Forms.getRootNode(tnTargetNode).GetNodeCount(true) > 1500)
{
DI.log.info(String.Format("Max number of subnodes reached (250), aborting this root node: {0}",
O2Forms.getRootNode(tnTargetNode).Text));
return(false);
}
if (new StackTrace().FrameCount > 50)
{
DI.log.info(String.Format("Max StackTrace reached (50), aborting this leaf:{0}", tnTargetNode.Text));
return(false);
}
var tnTreeFor_Root = new TreeNode();
AnalysisUtils.addCallsToNode_Recursive(fviFindingViewItem.fFinding.Trace, tnTreeFor_Root,
fviFindingViewItem.oadO2AssessmentDataOunceV6,
Analysis.SmartTraceFilter.MethodName);
if (sMode == "Sinks")
{
// first add the normal sinks
foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlockOunceV6OfToProcess.dSinks.Keys)
{
var tnTreeFor_ChildTrace = new TreeNode();
var fviFindingViewItemForChildTrace = new FindingViewItem(fFinding,
fFinding.vuln_name ?? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(
fFinding.vuln_name_id),
otbO2TraceBlockOunceV6OfToProcess.
dSinks[fFinding]), null,
otbO2TraceBlockOunceV6OfToProcess.dSinks[fFinding
]);
AnalysisUtils.addCallsToNode_Recursive(fviFindingViewItemForChildTrace.fFinding.Trace,
tnTreeFor_ChildTrace,
fviFindingViewItemForChildTrace.oadO2AssessmentDataOunceV6,
Analysis.SmartTraceFilter.MethodName);
TreeNode tnRootNode_Sink = getTreeNodeOfTraceType_recursive(tnTreeFor_Root,
TraceType.Known_Sink);
TreeNode tnRootNode_Source = getTreeNodeOfTraceType_recursive(tnTreeFor_ChildTrace,
TraceType.Source);
if (AreNodesCompatible(tnRootNode_Sink, tnRootNode_Source))
{
String sNodeText = getUniqueSignature(fFinding, TraceType.Known_Sink,
otbO2TraceBlockOunceV6OfToProcess.dSinks[fFinding], true);
// ensures we don't add the same source more that once per line (needs to be more optimized
List <String> ltnAllNodesAddedSofar = O2Forms.getStringListWithAllParentNodesText(tnTargetNode);
if (false == ltnAllNodesAddedSofar.Contains(sNodeText))
{
if (sNodeText != tnTargetNode.Text) // don't add if the child call is the same as the parent
{
tnTargetNode.Nodes.Add(O2Forms.newTreeNode(sNodeText, sNodeText, 0,
fviFindingViewItemForChildTrace));
}
if (sNodeText == null)
{
return(false);
}
}
}
}
// then add the Glued Sinks
foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlockOunceV6OfToProcess.dGluedSinks.Keys)
{
var fviFindingViewItemForChildTrace = new FindingViewItem(fFinding,
fFinding.vuln_name ?? OzasmtUtils_OunceV6.getStringIndexValue(
UInt32.Parse(
fFinding.vuln_name_id),
otbO2TraceBlockOunceV6OfToProcess.
dGluedSinks[fFinding]), null,
otbO2TraceBlockOunceV6OfToProcess.dGluedSinks[
fFinding]);
String sNodeText = getUniqueSignature(fFinding, TraceType.Known_Sink,
otbO2TraceBlockOunceV6OfToProcess.dGluedSinks[fFinding], true);
tnTargetNode.Nodes.Add(O2Forms.newTreeNode(sNodeText, sNodeText, 0, fviFindingViewItemForChildTrace));
}
}
foreach (TreeNode tnChildNode in tnTargetNode.Nodes)
{
// int iNodeCount = tnChildNode.GetNodeCount(true);
// DI.log.info(iNodeCount + " " + tnChildNode.Text);
//if (tvRawData.Nodes[tnChildNode.Text] != null)
if (dRawData.ContainsKey(tnChildNode.Text))
{
// (now back to false) was true (check side effects)
if (false ==
addCompatibleTracesToNode_recursive(tnChildNode, (FindingViewItem)tnChildNode.Tag,
dRawData[tnChildNode.Text],
// (O2TraceBlock_OunceV6) tvRawData.Nodes[tnChildNode.Text].Tag,
"Sinks", dRawData))
{
//tvRawData))
return(false);
}
}
}
return(true);
}
public static void createAssessmentFileWithVirtualTraces_fromTwoSourceAssessmentFiles(String sAssessmentFile1,
String sAssessmentFile2,
String sTargetFile)
{
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile1 = null;
O2AssessmentData_OunceV6 fadF1AssessmentData_sAssessmentFile2 = null;
// get list of traces with
List <AssessmentAssessmentFileFinding> lfFindingsWithTraces_sAssessmentFile2 =
AnalysisUtils.getListOfAllFindingsWithTraces(sAssessmentFile2, ref fadF1AssessmentData_sAssessmentFile2);
// calculate traces to join
var dTracesToAppend = new Dictionary <String, List <CallInvocation> >();
foreach (AssessmentAssessmentFileFinding fFinding in lfFindingsWithTraces_sAssessmentFile2)
{
if (fFinding.Trace != null && fFinding.Trace[0] != null && fFinding.Trace[0].CallInvocation1 != null &&
fFinding.Trace[0].CallInvocation1.Length > 1)
{
if (
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[0].sig_id,
fadF1AssessmentData_sAssessmentFile2).IndexOf(
sExternalSourceString) > -1)
{
String sSignatureOfCallbackFunction =
OzasmtUtils_OunceV6.getStringIndexValue(fFinding.Trace[0].CallInvocation1[1].sig_id,
fadF1AssessmentData_sAssessmentFile2);
if (false == dTracesToAppend.ContainsKey(sSignatureOfCallbackFunction))
{
dTracesToAppend.Add(sSignatureOfCallbackFunction, new List <CallInvocation>());
}
dTracesToAppend[sSignatureOfCallbackFunction].Add(fFinding.Trace[0].CallInvocation1[1]);
}
}
}
// get sinks to append traces
List <String> lsSinks_sAssessmentFile1 = AnalysisAssessmentFile.getListOf_KnownSinks(sAssessmentFile1, ref fadF1AssessmentData_sAssessmentFile1);
Analysis.populateDictionariesWithXrefsToLoadedAssessment(Analysis.FindingFilter.SmartTraces, true, true,
fadF1AssessmentData_sAssessmentFile1);
var dNewStringIndex = new Dictionary <String, UInt32>();
foreach (
AssessmentRunStringIndex siStringIndex in
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces)
{
dNewStringIndex.Add(siStringIndex.value, siStringIndex.id);
}
var dNewFileIndex = new Dictionary <String, UInt32>();
foreach (AssessmentRunFileIndex siStringIndex in fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces)
{
dNewFileIndex.Add(siStringIndex.value, siStringIndex.id);
}
TraceType tTraceType = TraceType.Known_Sink;
foreach (String sSink in lsSinks_sAssessmentFile1)
{
if (dTracesToAppend.ContainsKey(sSink))
{
List <AssessmentAssessmentFileFinding> lfFindingsWithSink =
AnalysisUtils.getListOfFindingsWithTraceAndSignature(sSink, tTraceType,
fadF1AssessmentData_sAssessmentFile1);
foreach (AssessmentAssessmentFileFinding fFindingToJoin in lfFindingsWithSink)
{
var lfNewFindinds = new List <AssessmentAssessmentFileFinding>();
foreach (CallInvocation ciCallInvocationToAppend in dTracesToAppend[sSink])
{
// append trace
AssessmentAssessmentFileFinding fNewFinding = createNewFindingFromExistingOne(
fFindingToJoin, dNewStringIndex, dNewFileIndex, fadF1AssessmentData_sAssessmentFile1);
CallInvocation ciSinkNode =
AnalysisSearch.findTraceTypeAndSignatureInSmartTrace_Recursive_returnCallInvocation(
fNewFinding.Trace, tTraceType, sSink, fadF1AssessmentData_sAssessmentFile1);
ciSinkNode.trace_type = (int)TraceType.Source;
var lciTempNewCallInvocation = new List <CallInvocation>(); // used by the recursive function
ciSinkNode.CallInvocation1 = updateAssessmentRunWithTraceReferences_recursive(
lciTempNewCallInvocation,
//new CallInvocation[] { ciCallInvocationToAppend },
ciCallInvocationToAppend.CallInvocation1,
dNewStringIndex,
dNewFileIndex,
fadF1AssessmentData_sAssessmentFile2);
lfNewFindinds.Add(fNewFinding);
}
AssessmentAssessmentFile fFile = fadF1AssessmentData_sAssessmentFile1.dFindings[fFindingToJoin];
var lfFindingsInCurrentFile = new List <AssessmentAssessmentFileFinding>(fFile.Finding);
lfFindingsInCurrentFile.Remove(fFindingToJoin);
lfFindingsInCurrentFile.AddRange(lfNewFindinds);
fFile.Finding = lfFindingsInCurrentFile.ToArray();
}
}
}
// update indexes
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.StringIndeces =
OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dNewStringIndex);
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun.FileIndeces =
OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dNewFileIndex);
//String sTargetFile = config.getTempFileNameInF1TempDirectory();
OzasmtUtils_OunceV6.createSerializedXmlFileFromAssessmentRunObject(
fadF1AssessmentData_sAssessmentFile1.arAssessmentRun, sTargetFile);
DI.log.debug("Joined assesment saved to:{0}", sTargetFile);
}
public NewFindingViewItem()
{
oadNewO2AssessmentDataOunceV6.arAssessmentRun = OzasmtUtils_OunceV6.getDefaultAssessmentRunObject();
//oadNewO2AssessmentDataOunceV6.arAssessmentRun = new AssessmentRun();
oadNewO2AssessmentDataOunceV6.arAssessmentRun.name = "O2 genereated trace";
}
public static void mapDotNetWebServices(TreeView tvRawData)
{
String sDotNetWebServicesSinkToFind =
"System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(string;object[]):object[]";
var ltnNodesWithSink = new List <TreeNode>();
analyzer.calculateListOfNodesWithSink_recursive(tvRawData.Nodes, sDotNetWebServicesSinkToFind,
ltnNodesWithSink);
foreach (TreeNode tnTreeNodeWithInvokeSink in ltnNodesWithSink)
{
var otbO2TraceBlockWithSink = (O2TraceBlock_OunceV6)tnTreeNodeWithInvokeSink.Tag;
foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlockWithSink.dSources.Keys)
{
//FindingViewItem fviFindingViewItem
//String sSink = o2.analysis.Analysis.getSink(fFinding,otbO2TraceBlockWithSink.dSources[fFinding]);
//String sSource = o2.analysis.Analysis.getSource(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
var lcaReverseListOfCallInvocation = new List <CallInvocation>();
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnReverseListOfCallInvocation(
fFinding.Trace, TraceType.Known_Sink, lcaReverseListOfCallInvocation);
if (lcaReverseListOfCallInvocation.Count > 1)
{
var fsFilteredSignature =
new FilteredSignature(
OzasmtUtils_OunceV6.getStringIndexValue(lcaReverseListOfCallInvocation[1].sig_id,
otbO2TraceBlockWithSink.dSources[fFinding]));
String sSignatureToMatch = fsFilteredSignature.getFilteredSignature(true, false, false, -1);
// we really should also check the return class, but there are some diferences in the ways the objects are mapped (object[] on the client and ArrayList() on the server)
bool bFoundWebServiceSink = false;
foreach (TreeNode tnRawNode in tvRawData.Nodes)
{
var otbO2TraceBlock = (O2TraceBlock_OunceV6)tnRawNode.Tag;
String sRawTraceSignature =
new FilteredSignature(otbO2TraceBlock.sSignature).getFilteredSignature(true, false,
false, -1);
if (sRawTraceSignature == sSignatureToMatch)
{
if (otbO2TraceBlock.dSources.Count == 0)
{
bFoundWebServiceSink = true;
foreach (
AssessmentAssessmentFileFinding fFindingInMappedSink in
otbO2TraceBlock.dSinks.Keys)
{
String sSource = AnalysisUtils.getSource(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
String sSink = AnalysisUtils.getSink(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
DI.log.info("Adding {0} to {1}", sSource,
otbO2TraceBlockWithSink.sUniqueName);
// add to dGluedSinks
if (false ==
otbO2TraceBlockWithSink.dGluedSinks.ContainsKey(fFindingInMappedSink))
{
otbO2TraceBlockWithSink.dGluedSinks.Add(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
otbO2TraceBlockWithSink.dSinks.Add(fFindingInMappedSink,
otbO2TraceBlock.dSinks[
fFindingInMappedSink]);
}
// add to dGluedSinks
if (false == otbO2TraceBlock.dGluedSinks.ContainsKey(fFinding))
{
//otbO2TraceBlock.dGluedSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
//otbO2TraceBlock.dSinks.Add(fFinding, otbO2TraceBlockWithSink.dSources[fFinding]);
}
}
/* foreach (AssessmentAssessmentFileFinding fFinding in otbO2TraceBlock.dSinks.Keys)
* {
* DI.log.info("Adding trace to : {0} on Root node: {1}", tnTreeNodeWithInvokeSink.Text, O2Forms.getRootNode(tnTreeNodeWithInvokeSink).Text);
* TreeNode tnTreeNodeToAdd = tnTreeNodeWithInvokeSink;
* if (tnTreeNodeToAdd.Nodes.Count >0)
* tnTreeNodeToAdd = tnTreeNodeToAdd.Nodes[0];
* tnTreeNodeToAdd.Nodes.Add(O2Forms.newTreeNode("TEST", "TEST", 0, new FindingViewItem(fFinding, otbO2TraceBlock.dSinks[fFinding])));
* }
* */
//tnTreeNodeWithInvokeSink
// DI.log.debug(" Found Possible match : {0}", otbO2TraceBlock.sSignature);
}
else
{
DI.log.debug(" Found FALSE POSITIVE match : {0}", otbO2TraceBlock.sSignature);
}
}
}
if (false == bFoundWebServiceSink)
{
DI.log.error("in mapDotNetWebServices, could not find a match for: {0}",
sSignatureToMatch);
}
}
}
}
}
public void setFinding_FileName(String sFilename)
{
uFileNameId = OzasmtUtils_OunceV6.addTextToFileIndexes(sFilename, oadNewO2AssessmentDataOunceV6.arAssessmentRun);
fFile.filename = sFilename;
}
public static void findSpringAttributes(TreeView tvRawData)
{
String sFunctionSignature = "ModelMap.addAttribute";
O2Timer tTimer = new O2Timer("Resolving attribute based function: {0} ").start();
Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dMatches =
analyzer.getSinksFindingsThatMatchRegEx(tvRawData, sFunctionSignature);
foreach (AssessmentAssessmentFileFinding fFinding in dMatches.Keys)
{
// resolve addAddtibute name
String sSinkContext = AnalysisUtils.getSinkContext(fFinding, dMatches[fFinding]);
var fsFilteredSignature = new FilteredSignature(sSinkContext);
String sParameters = fsFilteredSignature.sParameters.Replace("\"", "");
String sSpringParameter = sParameters.Substring(0, sParameters.IndexOf(',')).Trim();
// create a unique name for it:
String sSink = AnalysisUtils.getSink(fFinding, dMatches[fFinding]);
String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// make sure we have not added this already
if (sSink.IndexOf(sSpringParameter) == -1)
{
// String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// String sSinkWithAttributeName = sSpringParameter;
String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink,
dMatches[fFinding], true);
var otbO2TraceBlockOfThisFinding = (O2TraceBlock_OunceV6)tvRawData.Nodes[sUniqueSignature].Tag;
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(
fFinding.Trace, TraceType.Known_Sink);
UInt32 uNewId = OzasmtUtils_OunceV6.addTextToStringIndexes(sSinkWithAttributeName,
dMatches[fFinding].arAssessmentRun);
;
ciCallInvocation.sig_id = uNewId;
DI.log.debug(" Found spring attribute '{0}' on sinks and modified to {1}", sSpringParameter,
sSinkWithAttributeName);
//o2.analysis.Analysis.getSink(fFinding, dMatches[fFinding]));
otbO2TraceBlockOfThisFinding.sSignature = sSinkWithAttributeName;
otbO2TraceBlockOfThisFinding.sUniqueName = analyzer.getUniqueSignature(fFinding,
TraceType.
Known_Sink,
dMatches[fFinding], true);
List <O2TraceBlock_OunceV6> lotbO2TraceBlockWithVelocityMappings =
analyzer.getO2TraceBlocksThatMatchSignature(sSinkWithAttributeName, tvRawData);
/* String sVelocityMapping = String.Format("{0} 0", sSinkWithAttributeName);
* TreeNode tnVelocityNode = tvRawData.Nodes[sVelocityMapping];
* if (tnVelocityNode != null)
*/
foreach (
O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings in lotbO2TraceBlockWithVelocityMappings)
{
if (otbO2TraceBlockWithVelocityMappings.sFile.IndexOf(".vm") > -1)
{
//O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings = (O2TraceBlock_OunceV6)tnVelocityNode.Tag;
foreach (
AssessmentAssessmentFileFinding fVelocityFinding in
otbO2TraceBlockWithVelocityMappings.dSinks.Keys)
{
if (false == otbO2TraceBlockOfThisFinding.dGluedSinks.ContainsKey(fVelocityFinding))
{
otbO2TraceBlockOfThisFinding.dGluedSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings
.dSinks[fVelocityFinding]);
}
if (false == otbO2TraceBlockOfThisFinding.dSinks.ContainsKey(fVelocityFinding))
{
otbO2TraceBlockOfThisFinding.dSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings.
dSinks[fVelocityFinding]);
}
}
}
}
}
}
tTimer.stop();
}