public CallInvocation addCallToCall(String sNewCallName, CallInvocation ciTargetCallInvocation,
TraceType ttTraceType)
{
var ciNewCallInvocation = new CallInvocation();
UInt32 uCall = OzasmtUtils_OunceV6.addTextToStringIndexes(sNewCallName, oadNewO2AssessmentDataOunceV6.arAssessmentRun);
ciNewCallInvocation.sig_id = uCall;
ciNewCallInvocation.cxt_id = uCall;
// by default make these the same (the context is used to remove duplicate findings)
ciNewCallInvocation.fn_id = 1;
// add file mapping so that the viewer's can point to the vm file
ciNewCallInvocation.trace_type = (UInt32)ttTraceType;
if (ciTargetCallInvocation.CallInvocation1 == null)
{
ciTargetCallInvocation.CallInvocation1 = new[] { ciNewCallInvocation }
}
;
else
{
var lTargetCallTraces = new List <CallInvocation>(ciTargetCallInvocation.CallInvocation1);
lTargetCallTraces.Add(ciNewCallInvocation);
ciTargetCallInvocation.CallInvocation1 = lTargetCallTraces.ToArray();
}
return(ciNewCallInvocation);
}
public CallInvocation setRootTrace(string sRootTraceText)
{
var ciCallInvocation = new CallInvocation();
UInt32 uRootTraceText = OzasmtUtils_OunceV6.addTextToStringIndexes(sRootTraceText,
oadNewO2AssessmentDataOunceV6.arAssessmentRun);
ciCallInvocation.sig_id = uRootTraceText;
ciCallInvocation.fn_id = 1;
ciCallInvocation.trace_type = (UInt32)TraceType.Root_Call;
fFinding.Trace = new[] { ciCallInvocation };
return(ciCallInvocation);
}
public void setFinding_VulnType(String sVulnType)
{
fFinding.vuln_type_id =
OzasmtUtils_OunceV6.addTextToStringIndexes(sVulnType, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString();
}
public void setFinding_Context(String sContext)
{
fFinding.cxt_id =
OzasmtUtils_OunceV6.addTextToStringIndexes(sContext, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString();
}
public void setFinding_CallerName(String sCallerName)
{
fFinding.caller_name_id =
OzasmtUtils_OunceV6.addTextToStringIndexes(sCallerName, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString();
}
public void setFinding_fakeActionObjectId(String sFakeActionObject)
{
fFinding.actionobject_id = OzasmtUtils_OunceV6.addTextToStringIndexes(sFakeActionObject,
oadNewO2AssessmentDataOunceV6.arAssessmentRun);
}
public static void findSpringAttributes(TreeView tvRawData)
{
String sFunctionSignature = "ModelMap.addAttribute";
O2Timer tTimer = new O2Timer("Resolving attribute based function: {0} ").start();
Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dMatches =
analyzer.getSinksFindingsThatMatchRegEx(tvRawData, sFunctionSignature);
foreach (AssessmentAssessmentFileFinding fFinding in dMatches.Keys)
{
// resolve addAddtibute name
String sSinkContext = AnalysisUtils.getSinkContext(fFinding, dMatches[fFinding]);
var fsFilteredSignature = new FilteredSignature(sSinkContext);
String sParameters = fsFilteredSignature.sParameters.Replace("\"", "");
String sSpringParameter = sParameters.Substring(0, sParameters.IndexOf(',')).Trim();
// create a unique name for it:
String sSink = AnalysisUtils.getSink(fFinding, dMatches[fFinding]);
String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// make sure we have not added this already
if (sSink.IndexOf(sSpringParameter) == -1)
{
// String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "(");
// String sSinkWithAttributeName = sSpringParameter;
String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink,
dMatches[fFinding], true);
var otbO2TraceBlockOfThisFinding = (O2TraceBlock_OunceV6)tvRawData.Nodes[sUniqueSignature].Tag;
CallInvocation ciCallInvocation =
AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation(
fFinding.Trace, TraceType.Known_Sink);
UInt32 uNewId = OzasmtUtils_OunceV6.addTextToStringIndexes(sSinkWithAttributeName,
dMatches[fFinding].arAssessmentRun);
;
ciCallInvocation.sig_id = uNewId;
DI.log.debug(" Found spring attribute '{0}' on sinks and modified to {1}", sSpringParameter,
sSinkWithAttributeName);
//o2.analysis.Analysis.getSink(fFinding, dMatches[fFinding]));
otbO2TraceBlockOfThisFinding.sSignature = sSinkWithAttributeName;
otbO2TraceBlockOfThisFinding.sUniqueName = analyzer.getUniqueSignature(fFinding,
TraceType.
Known_Sink,
dMatches[fFinding], true);
List <O2TraceBlock_OunceV6> lotbO2TraceBlockWithVelocityMappings =
analyzer.getO2TraceBlocksThatMatchSignature(sSinkWithAttributeName, tvRawData);
/* String sVelocityMapping = String.Format("{0} 0", sSinkWithAttributeName);
* TreeNode tnVelocityNode = tvRawData.Nodes[sVelocityMapping];
* if (tnVelocityNode != null)
*/
foreach (
O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings in lotbO2TraceBlockWithVelocityMappings)
{
if (otbO2TraceBlockWithVelocityMappings.sFile.IndexOf(".vm") > -1)
{
//O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings = (O2TraceBlock_OunceV6)tnVelocityNode.Tag;
foreach (
AssessmentAssessmentFileFinding fVelocityFinding in
otbO2TraceBlockWithVelocityMappings.dSinks.Keys)
{
if (false == otbO2TraceBlockOfThisFinding.dGluedSinks.ContainsKey(fVelocityFinding))
{
otbO2TraceBlockOfThisFinding.dGluedSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings
.dSinks[fVelocityFinding]);
}
if (false == otbO2TraceBlockOfThisFinding.dSinks.ContainsKey(fVelocityFinding))
{
otbO2TraceBlockOfThisFinding.dSinks.Add(fVelocityFinding,
otbO2TraceBlockWithVelocityMappings.
dSinks[fVelocityFinding]);
}
}
}
}
}
}
tTimer.stop();
}