public static O2RulePack createRules_SourcesAndSinks(String sCirDataFile) { var rpRulePack = new O2RulePack(); if (false == File.Exists(sCirDataFile)) { DI.log.error("in createRules_SourcesAndSinks, provide CirData file not found: {0}", sCirDataFile); } else { List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile); // in this type of scan, there are two rules // if functions make no calls then they are maked as both Sources and Sinks // other cases receive no marking // sinks have preference (for the cases there there are no calls into and from CirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile); foreach (string sFunction in lsFunctions) { ICirFunction cfCirFunction = fcdCirData.dFunctions_bySignature[sFunction]; if (cfCirFunction.FunctionsCalledUniqueList.Count == 0) { addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack); addRule(createRule(O2RuleType.Source, sFunction, fcdCirData.sDbId), rpRulePack); } } } return(rpRulePack); }
public void test_SaveAndLoadAllO2Modules() { var directoryToSaveCidDataFiles = Path.Combine(DI.config.O2TempDir, "_O2_CirData_Files"); Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCidDataFiles); List <string> targetAssemblies = Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.exe"); targetAssemblies.AddRange(Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.dll")); foreach (var assemblyToProcess in targetAssemblies) { DI.log.info("Processing file: {0}", Path.GetFileName(assemblyToProcess)); ICirData cirData = new CirData(); cirFactory.processAssemblyDefinition(cirData, assemblyToProcess); Assert.That(cirData.dClasses_bySignature.Count > 0 && cirData.dFunctions_bySignature.Count > 0, "There we no CirData results for :" + assemblyToProcess); var savedCirDataFile = Path.Combine(directoryToSaveCidDataFiles, Path.GetFileName(assemblyToProcess) + ".CirData"); CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile); Assert.That(File.Exists(savedCirDataFile), "Saved CirData file Didn't exist: " + savedCirDataFile); ICirData cirData2 = CirLoad.loadFile(savedCirDataFile); Assert.That(cirData2 != null, "cirData2 was null"); Assert.That(cirData.dClasses_bySignature.Count == cirData2.dClasses_bySignature.Count, "dClasses_bySignature Count didnt match"); Assert.That(cirData.dFunctions_bySignature.Count == cirData2.dFunctions_bySignature.Count, "dFunctions_bySignature Count didnt match"); // comment this to delete created files //File.Delete(savedCirDataFile); } }
public static O2RulePack createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(String sCirDataFile) { var rpRulePack = new O2RulePack(); if (false == File.Exists(sCirDataFile)) { DI.log.error( "in createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks, provide CirData file not found: {0}", sCirDataFile); } else { List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile); // in this type of scan, there are two rules // if functions have a ControlFlowGraph they are Callbacks // everything else is a sink ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile); Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs = CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData); foreach (string sFunction in lsFunctions) { if (dFunctionsWithControlFlowGraphs.ContainsKey(sFunction)) { addRule(createRule(O2RuleType.Callback, sFunction, fcdCirData.sDbId), rpRulePack); } else { addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack); } } } return(rpRulePack); }
private void handleDrop(string fileOrFolderToProcess) { if (File.Exists(fileOrFolderToProcess)) { var springMvcMappings = (SpringMvcMappings)Serialize.getDeSerializedObjectFromXmlFile(fileOrFolderToProcess, typeof(SpringMvcMappings)); if (springMvcMappings == null) { DI.log.error("in handleDrop: Could not create SpringMvcMappings object from :{0}", fileOrFolderToProcess); return; } var cirDataFileToLoad = Path.Combine(Path.GetDirectoryName(fileOrFolderToProcess), springMvcMappings.cirDataFile); if (false == File.Exists(cirDataFileToLoad)) { DI.log.error("in handleDrop: Could not find cirData object to load :{0}", cirDataFileToLoad); return; } cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFileToLoad); if (cirData == null) { DI.log.error("in handleDrop: Could not create CirData object from :{0}", cirDataFileToLoad); return; } loadedSpringMvcControllers = springMvcMappings.controllers; createTreeNodesForLoadedSpringMvcControllers(); showLoadedControllers(); } }
public void LoadFile(String sFileToLoad) { if (Path.GetExtension(sFileToLoad).ToLower() == ".cirdata") { cdCirData = CirLoad.loadSerializedO2CirDataObject(sFileToLoad); lbCirFileLoaded.Text = Path.GetFileName(sFileToLoad); } else { if (Path.GetExtension(sFileToLoad).ToLower() == ".xml" || Path.GetExtension(sFileToLoad).ToLower() == ".ozasmt") { var oadO2AssessmentDataOunceV6 = loadAssessmentRunFileAndAddItToList(sFileToLoad); if (oadO2AssessmentDataOunceV6 != null) { foreach (object oItem in lbTargetSavedAssessmentFiles.Items) { if (oItem.ToString() == oadO2AssessmentDataOunceV6.ToString()) { DI.log.error( "in loadAssessmentRunFileAndAddItToList, file is already in the list of F1AssessmentRun objects"); return; } } lbTargetSavedAssessmentFiles.Items.Add(oadO2AssessmentDataOunceV6); } } else { DI.log.debug("Skipping loading file (since it is one of type: .cirdata, .xml or .ozasmt: {0}", sFileToLoad); } } }
public static void calculateJarsForJSP(string cirDataFile, string folderWithMappedJars, List <string> jarSearchPaths, List <string> logFilesToParse) { DI.log.info("in calculateJarsForJSP"); var missingClasses = new List <string>(); // Load the CirData file var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile); if (cirData == null) { DI.log.error("Could not load CirData file"); return; } //log.debug("There are {0} classes loaded from the cirData file", cirData.dClasses_bySignature.Count); missingClasses.AddRange(cirData.dClasses_bySignature.Keys); // get the list of mapped clases (to Jars) var mappedClasses = mapAvailableJars(jarSearchPaths); // get some extra dependencies form the log file: foreach (var logFileToParse in logFilesToParse) { missingClasses.AddRange(getMissingClassesFromLogFile(logFileToParse)); } // // calculate dependencies var dependencies = getDependencies(missingClasses, mappedClasses); copyDependenciesJarsIntoJarsFolder(dependencies, folderWithMappedJars); DI.log.info("Dependencies files mapped to folder: {0}", folderWithMappedJars); }
public CirData getO2CirData() { String sO2CirDataFile = tbO2CirDataOfProject.Text; CirData fadCirData = CirLoad.loadSerializedO2CirDataObject(sO2CirDataFile); return(fadCirData); }
public void findParameterStaticValueInMethodX() { var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile_BigOne); var result = AspNetAnalysis.findParameterStaticValueInMethodX(cirData); var createdAssessment = new O2Assessment(); createdAssessment.o2Findings = result; createdAssessment.save(new O2AssessmentSave_OunceV6(), clickButtonMappingOzasmt); Assert.IsNotNull(result, "Result was null"); }
public static String createOunceProjectForAllReferencesOf_Class(String sNewProjectName, String sSourceProject, String sTargetFolder, String sSourcePathToJavaFiles, String sSourcePathToJspFiles, List <String> lsStartClasses, String sFunctionFilter, String sSourceF1CirData) { Files.checkIfDirectoryExistsAndCreateIfNot(sTargetFolder); String sTargetProject = Path.Combine(sTargetFolder, Path.GetFileName(sSourceProject)); if (sSourceProject == sTargetProject) // make sure we don't override the Source project { DI.log.debug("Error: sTargetF1CirDataFile == sSourceProject - {0} ", sTargetProject); return(""); } var fcdCirData = new CirData(); fcdCirData = CirLoad.loadSerializedO2CirDataObject(sSourceF1CirData); List <ICirClass> lccTargetCompilationClasses = null; // = new List<CirClass>(); List <String> lsFunctionsCalled = null; // = new List<string>(); // this might not be needed // need to do this since the SymbolDef are not automatically mapped in the Symbols table //var dFunctionsNames = new Dictionary<string, string>(); //foreach (ICirFunction cfCirFunction in fcdCirData.dFunctions_bySignature.Values) // if (cfCirFunction != null && false == dFunctionsNames.ContainsKey(cfCirFunction.FunctionSignature)) // dFunctionsNames.Add(cfCirFunction.FunctionSignature, cfCirFunction.SymbolDef); // calculate Target classes foreach (String sStartClass in lsStartClasses) { calculateTargetComplilationClassFromStartClassSignature(sStartClass, ref lccTargetCompilationClasses, ref lsFunctionsCalled, sFunctionFilter, /*dFunctionsNames, */ fcdCirData); } // calculate full paths to class files to include in custom project List <String> lsPathsToClassFilesSourceCode = getListOfFilesToScanFromListOfClasses_J2EE(sSourcePathToJavaFiles, sSourcePathToJspFiles, lccTargetCompilationClasses, fcdCirData); DI.log.debug( "Completed calculation of class files to include: there where {0} classes with {1} functions called", lccTargetCompilationClasses.Count, lsFunctionsCalled.Count); createCustomProject(sNewProjectName, lsPathsToClassFilesSourceCode, sSourceProject, sTargetFolder, sTargetProject, sSourcePathToJavaFiles, sSourcePathToJspFiles); return(sTargetProject); }
private void onCirDataCompletion(object pProcess) { setControlsEnableState(true); var currentScanTarget = (IScanTarget)lbScanTargets.SelectedItem; var cirDataFile = currentScanTarget.ApplicationFile + ".CirData"; if (File.Exists(cirDataFile)) { var cirData = CirLoad.loadFile(cirDataFile); //var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile); O2Messages.setCirData(cirData); } }
public static void mapXmlFilesToCirData(string pathCirDataFile, string pathToClassFiles, string pathToRootClassFolder) { var cirData = CirLoad.loadFile(pathCirDataFile); DI.log.info("There are {0} functions loaded", cirData.dFunctions_bySignature.Keys.Count); var attributeXmlFiles = getAttributeXmlFiles(pathToClassFiles, pathToRootClassFolder); var numberOfControllersMapped = 0; foreach (var attributeXmlFile in attributeXmlFiles.Keys) { var resolvedParentClass = attributeXmlFile.Replace("\\", ".").Replace(".class.JavaAttributes.xml", ""); if (cirData.dClasses_bySignature.ContainsKey(resolvedParentClass)) { //DI.log.info(" we have a match : {0} -> {1}", resolvedParentClass , attributeXmlFiles[attributeXmlFile]); XDocument xDoc = XDocument.Load(attributeXmlFiles[attributeXmlFile]); foreach (var cirFunction in cirData.dClasses_bySignature[resolvedParentClass].dFunctions.Values) { var xmlMethodElements = from xElement in xDoc.Elements("JavaAttributeMappings").Elements("class").Elements("method") where xElement.Attribute("name").Value == cirFunction.FunctionName select xElement; // for now map all xmlMethods to the same CirData (this could create a false positive if there are controllers with the same name (but diferent signature foreach (var xMethodElement in xmlMethodElements) { if (SpringMVCAttributes.addTaintedInfoToCirFunction(xMethodElement, cirFunction)) { numberOfControllersMapped++; } } if (cirFunction.IsTainted && xmlMethodElements.Count() > 1) { DI.log.error("DOUBLE MAPPING since cirFunction.IsTained && xmlMethodElements.Count() >1 : {0} -> {1}", resolvedParentClass, cirFunction.FunctionName); } } } else if (resolvedParentClass.IndexOf('$') == -1) { DI.log.error(" we DONT have a match : {0}", resolvedParentClass); } } DI.log.info("There were {0} controllers mappings added", numberOfControllersMapped); var newCirDataFile = pathCirDataFile + ".WithSpringMvcControllersAsCallbacks.CirData"; CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, newCirDataFile); }
public void loadO2CirDataFile(String sFileToLoad, bool useCachedVersionIfAvailable) { if (sFileToLoad.IndexOf(".CirData") > -1 || CirLoad.isFileACirDumpFile(sFileToLoad)) { //CirDataAnalysis fdaO2CirDataAnalysis; if (cbClearPreviousO2CirData.Checked) { cdaO2CirDataAnalysis = new CirDataAnalysis(); } CirDataAnalysisUtils.addO2CirDataFile(cdaO2CirDataAnalysis, sFileToLoad, useCachedVersionIfAvailable); lbCirFileLoaded.Text = ""; foreach (String sLoadedO2CirData in cdaO2CirDataAnalysis.dCirDataFilesLoaded.Keys) { lbCirFileLoaded.Text += Path.GetFileName(sLoadedO2CirData); } btFindClassesWithNoControlFlowGraphs_Click(null, null); } }
public static List <String> getFunctionsSignaturesFrom02CirData(String sCirDataFile) { DI.log.debug("sCirDataFile = {0}", sCirDataFile); var lsFunctions = new List <string>(); if (false == File.Exists(sCirDataFile)) { DI.log.error("Provided CirData file does not exist:{0}", sCirDataFile); return(lsFunctions); } ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile); //var lsResolvedWebMethods = new List<string>(); Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs = CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData); // start with all functions that we have a control flow graph for foreach (ICirFunction cfCirFunction in dFunctionsWithControlFlowGraphs.Values) { // first add the current function if (false == lsFunctions.Contains(cfCirFunction.FunctionSignature)) { lsFunctions.Add(cfCirFunction.FunctionSignature); } // then add all function's called foreach (ICirFunction cirFunction in cfCirFunction.FunctionsCalledUniqueList) { //if ((false == bOnlyAddSinksIfExternalToCurrentCirDataFile || false == dFunctionsWithControlFlowGraphs.ContainsKey(sCalledFunction)) && false == lsSinksToAdd.Contains(sCalledFunction)) if (false == lsFunctions.Contains(cirFunction.FunctionSignature)) { // if (sCalledFunction.IndexOf("()") == -1) // don't add methods that receive no parameters lsFunctions.Add(cirFunction.FunctionSignature); } } } return(lsFunctions); }
public static O2RulePack createRules_CallBacksOnEdges_And_ExternalSinks(String sCirDataFile) { var rpRulePack = new O2RulePack(); if (false == File.Exists(sCirDataFile)) { DI.log.error( "in createRules_CallBacksOnEdges_And_ExternalSinks, provide CirData file not found: {0}", sCirDataFile); } else { List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile); // in this type of scan, there are two rules // if functions make no calls it is a Sink // if nobody calls the function it is a callback // sinks have preference (for the cases there there are no calls into and from ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile); foreach (string sFunction in lsFunctions) { ICirFunction cfCirFunction = fcdCirData.dFunctions_bySignature[sFunction]; if (cfCirFunction.FunctionsCalledUniqueList.Count == 0) { addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack); } // DI.log.error(" Make no Calls (make sink): {0}" , cfCirFunction.sSignature); else if (cfCirFunction.FunctionIsCalledBy.Count == 0) { addRule(createRule(O2RuleType.Callback, sFunction, fcdCirData.sDbId), rpRulePack); } } } return(rpRulePack); }