public static O2RulePack createRules_SourcesAndSinks(String sCirDataFile)
{
var rpRulePack = new O2RulePack();
if (false == File.Exists(sCirDataFile))
{
DI.log.error("in createRules_SourcesAndSinks, provide CirData file not found: {0}", sCirDataFile);
}
else
{
List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile);
// in this type of scan, there are two rules
// if functions make no calls then they are maked as both Sources and Sinks
// other cases receive no marking
// sinks have preference (for the cases there there are no calls into and from
CirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile);
foreach (string sFunction in lsFunctions)
{
ICirFunction cfCirFunction = fcdCirData.dFunctions_bySignature[sFunction];
if (cfCirFunction.FunctionsCalledUniqueList.Count == 0)
{
addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack);
addRule(createRule(O2RuleType.Source, sFunction, fcdCirData.sDbId), rpRulePack);
}
}
}
return(rpRulePack);
}
public void test_SaveAndLoadAllO2Modules()
{
var directoryToSaveCidDataFiles = Path.Combine(DI.config.O2TempDir, "_O2_CirData_Files");
Files.checkIfDirectoryExistsAndCreateIfNot(directoryToSaveCidDataFiles);
List <string> targetAssemblies = Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.exe");
targetAssemblies.AddRange(Files.getFilesFromDir_returnFullPath(DI.config.hardCodedO2LocalBuildDir, "*.dll"));
foreach (var assemblyToProcess in targetAssemblies)
{
DI.log.info("Processing file: {0}", Path.GetFileName(assemblyToProcess));
ICirData cirData = new CirData();
cirFactory.processAssemblyDefinition(cirData, assemblyToProcess);
Assert.That(cirData.dClasses_bySignature.Count > 0 && cirData.dFunctions_bySignature.Count > 0,
"There we no CirData results for :" + assemblyToProcess);
var savedCirDataFile = Path.Combine(directoryToSaveCidDataFiles,
Path.GetFileName(assemblyToProcess) + ".CirData");
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, savedCirDataFile);
Assert.That(File.Exists(savedCirDataFile), "Saved CirData file Didn't exist: " + savedCirDataFile);
ICirData cirData2 = CirLoad.loadFile(savedCirDataFile);
Assert.That(cirData2 != null, "cirData2 was null");
Assert.That(cirData.dClasses_bySignature.Count == cirData2.dClasses_bySignature.Count,
"dClasses_bySignature Count didnt match");
Assert.That(cirData.dFunctions_bySignature.Count == cirData2.dFunctions_bySignature.Count,
"dFunctions_bySignature Count didnt match");
// comment this to delete created files
//File.Delete(savedCirDataFile);
}
}
public static O2RulePack createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks(String sCirDataFile)
{
var rpRulePack = new O2RulePack();
if (false == File.Exists(sCirDataFile))
{
DI.log.error(
"in createRules_CallBacksOnControlFlowGraphs_And_ExternalSinks, provide CirData file not found: {0}",
sCirDataFile);
}
else
{
List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile);
// in this type of scan, there are two rules
// if functions have a ControlFlowGraph they are Callbacks
// everything else is a sink
ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile);
Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs =
CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData);
foreach (string sFunction in lsFunctions)
{
if (dFunctionsWithControlFlowGraphs.ContainsKey(sFunction))
{
addRule(createRule(O2RuleType.Callback, sFunction, fcdCirData.sDbId), rpRulePack);
}
else
{
addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack);
}
}
}
return(rpRulePack);
}
private void handleDrop(string fileOrFolderToProcess)
{
if (File.Exists(fileOrFolderToProcess))
{
var springMvcMappings = (SpringMvcMappings)Serialize.getDeSerializedObjectFromXmlFile(fileOrFolderToProcess, typeof(SpringMvcMappings));
if (springMvcMappings == null)
{
DI.log.error("in handleDrop: Could not create SpringMvcMappings object from :{0}", fileOrFolderToProcess);
return;
}
var cirDataFileToLoad = Path.Combine(Path.GetDirectoryName(fileOrFolderToProcess), springMvcMappings.cirDataFile);
if (false == File.Exists(cirDataFileToLoad))
{
DI.log.error("in handleDrop: Could not find cirData object to load :{0}", cirDataFileToLoad);
return;
}
cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFileToLoad);
if (cirData == null)
{
DI.log.error("in handleDrop: Could not create CirData object from :{0}", cirDataFileToLoad);
return;
}
loadedSpringMvcControllers = springMvcMappings.controllers;
createTreeNodesForLoadedSpringMvcControllers();
showLoadedControllers();
}
}
public void LoadFile(String sFileToLoad)
{
if (Path.GetExtension(sFileToLoad).ToLower() == ".cirdata")
{
cdCirData = CirLoad.loadSerializedO2CirDataObject(sFileToLoad);
lbCirFileLoaded.Text = Path.GetFileName(sFileToLoad);
}
else
{
if (Path.GetExtension(sFileToLoad).ToLower() == ".xml" ||
Path.GetExtension(sFileToLoad).ToLower() == ".ozasmt")
{
var oadO2AssessmentDataOunceV6 = loadAssessmentRunFileAndAddItToList(sFileToLoad);
if (oadO2AssessmentDataOunceV6 != null)
{
foreach (object oItem in lbTargetSavedAssessmentFiles.Items)
{
if (oItem.ToString() == oadO2AssessmentDataOunceV6.ToString())
{
DI.log.error(
"in loadAssessmentRunFileAndAddItToList, file is already in the list of F1AssessmentRun objects");
return;
}
}
lbTargetSavedAssessmentFiles.Items.Add(oadO2AssessmentDataOunceV6);
}
}
else
{
DI.log.debug("Skipping loading file (since it is one of type: .cirdata, .xml or .ozasmt: {0}",
sFileToLoad);
}
}
}
public static void calculateJarsForJSP(string cirDataFile, string folderWithMappedJars, List <string> jarSearchPaths, List <string> logFilesToParse)
{
DI.log.info("in calculateJarsForJSP");
var missingClasses = new List <string>();
// Load the CirData file
var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile);
if (cirData == null)
{
DI.log.error("Could not load CirData file");
return;
}
//log.debug("There are {0} classes loaded from the cirData file", cirData.dClasses_bySignature.Count);
missingClasses.AddRange(cirData.dClasses_bySignature.Keys);
// get the list of mapped clases (to Jars)
var mappedClasses = mapAvailableJars(jarSearchPaths);
// get some extra dependencies form the log file:
foreach (var logFileToParse in logFilesToParse)
{
missingClasses.AddRange(getMissingClassesFromLogFile(logFileToParse));
}
//
// calculate dependencies
var dependencies = getDependencies(missingClasses, mappedClasses);
copyDependenciesJarsIntoJarsFolder(dependencies, folderWithMappedJars);
DI.log.info("Dependencies files mapped to folder: {0}", folderWithMappedJars);
}
public CirData getO2CirData()
{
String sO2CirDataFile = tbO2CirDataOfProject.Text;
CirData fadCirData = CirLoad.loadSerializedO2CirDataObject(sO2CirDataFile);
return(fadCirData);
}
public void findParameterStaticValueInMethodX()
{
var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile_BigOne);
var result = AspNetAnalysis.findParameterStaticValueInMethodX(cirData);
var createdAssessment = new O2Assessment();
createdAssessment.o2Findings = result;
createdAssessment.save(new O2AssessmentSave_OunceV6(), clickButtonMappingOzasmt);
Assert.IsNotNull(result, "Result was null");
}
public static String createOunceProjectForAllReferencesOf_Class(String sNewProjectName, String sSourceProject,
String sTargetFolder,
String sSourcePathToJavaFiles,
String sSourcePathToJspFiles,
List <String> lsStartClasses,
String sFunctionFilter, String sSourceF1CirData)
{
Files.checkIfDirectoryExistsAndCreateIfNot(sTargetFolder);
String sTargetProject = Path.Combine(sTargetFolder, Path.GetFileName(sSourceProject));
if (sSourceProject == sTargetProject) // make sure we don't override the Source project
{
DI.log.debug("Error: sTargetF1CirDataFile == sSourceProject - {0} ", sTargetProject);
return("");
}
var fcdCirData = new CirData();
fcdCirData = CirLoad.loadSerializedO2CirDataObject(sSourceF1CirData);
List <ICirClass> lccTargetCompilationClasses = null; // = new List<CirClass>();
List <String> lsFunctionsCalled = null; // = new List<string>();
// this might not be needed
// need to do this since the SymbolDef are not automatically mapped in the Symbols table
//var dFunctionsNames = new Dictionary<string, string>();
//foreach (ICirFunction cfCirFunction in fcdCirData.dFunctions_bySignature.Values)
// if (cfCirFunction != null && false == dFunctionsNames.ContainsKey(cfCirFunction.FunctionSignature))
// dFunctionsNames.Add(cfCirFunction.FunctionSignature, cfCirFunction.SymbolDef);
// calculate Target classes
foreach (String sStartClass in lsStartClasses)
{
calculateTargetComplilationClassFromStartClassSignature(sStartClass, ref lccTargetCompilationClasses,
ref lsFunctionsCalled, sFunctionFilter,
/*dFunctionsNames, */ fcdCirData);
}
// calculate full paths to class files to include in custom project
List <String> lsPathsToClassFilesSourceCode =
getListOfFilesToScanFromListOfClasses_J2EE(sSourcePathToJavaFiles, sSourcePathToJspFiles,
lccTargetCompilationClasses, fcdCirData);
DI.log.debug(
"Completed calculation of class files to include: there where {0} classes with {1} functions called",
lccTargetCompilationClasses.Count, lsFunctionsCalled.Count);
createCustomProject(sNewProjectName, lsPathsToClassFilesSourceCode, sSourceProject, sTargetFolder,
sTargetProject, sSourcePathToJavaFiles, sSourcePathToJspFiles);
return(sTargetProject);
}
private void onCirDataCompletion(object pProcess)
{
setControlsEnableState(true);
var currentScanTarget = (IScanTarget)lbScanTargets.SelectedItem;
var cirDataFile = currentScanTarget.ApplicationFile + ".CirData";
if (File.Exists(cirDataFile))
{
var cirData = CirLoad.loadFile(cirDataFile);
//var cirData = CirLoad.loadSerializedO2CirDataObject(cirDataFile);
O2Messages.setCirData(cirData);
}
}
public static void mapXmlFilesToCirData(string pathCirDataFile, string pathToClassFiles, string pathToRootClassFolder)
{
var cirData = CirLoad.loadFile(pathCirDataFile);
DI.log.info("There are {0} functions loaded", cirData.dFunctions_bySignature.Keys.Count);
var attributeXmlFiles = getAttributeXmlFiles(pathToClassFiles, pathToRootClassFolder);
var numberOfControllersMapped = 0;
foreach (var attributeXmlFile in attributeXmlFiles.Keys)
{
var resolvedParentClass = attributeXmlFile.Replace("\\", ".").Replace(".class.JavaAttributes.xml", "");
if (cirData.dClasses_bySignature.ContainsKey(resolvedParentClass))
{
//DI.log.info(" we have a match : {0} -> {1}", resolvedParentClass , attributeXmlFiles[attributeXmlFile]);
XDocument xDoc = XDocument.Load(attributeXmlFiles[attributeXmlFile]);
foreach (var cirFunction in cirData.dClasses_bySignature[resolvedParentClass].dFunctions.Values)
{
var xmlMethodElements = from xElement
in xDoc.Elements("JavaAttributeMappings").Elements("class").Elements("method")
where xElement.Attribute("name").Value == cirFunction.FunctionName
select xElement;
// for now map all xmlMethods to the same CirData (this could create a false positive if there are controllers with the same name (but diferent signature
foreach (var xMethodElement in xmlMethodElements)
{
if (SpringMVCAttributes.addTaintedInfoToCirFunction(xMethodElement, cirFunction))
{
numberOfControllersMapped++;
}
}
if (cirFunction.IsTainted && xmlMethodElements.Count() > 1)
{
DI.log.error("DOUBLE MAPPING since cirFunction.IsTained && xmlMethodElements.Count() >1 : {0} -> {1}", resolvedParentClass, cirFunction.FunctionName);
}
}
}
else
if (resolvedParentClass.IndexOf('$') == -1)
{
DI.log.error(" we DONT have a match : {0}", resolvedParentClass);
}
}
DI.log.info("There were {0} controllers mappings added", numberOfControllersMapped);
var newCirDataFile = pathCirDataFile + ".WithSpringMvcControllersAsCallbacks.CirData";
CirDataUtils.saveSerializedO2CirDataObjectToFile(cirData, newCirDataFile);
}
public void loadO2CirDataFile(String sFileToLoad, bool useCachedVersionIfAvailable)
{
if (sFileToLoad.IndexOf(".CirData") > -1 || CirLoad.isFileACirDumpFile(sFileToLoad))
{
//CirDataAnalysis fdaO2CirDataAnalysis;
if (cbClearPreviousO2CirData.Checked)
{
cdaO2CirDataAnalysis = new CirDataAnalysis();
}
CirDataAnalysisUtils.addO2CirDataFile(cdaO2CirDataAnalysis, sFileToLoad, useCachedVersionIfAvailable);
lbCirFileLoaded.Text = "";
foreach (String sLoadedO2CirData in cdaO2CirDataAnalysis.dCirDataFilesLoaded.Keys)
{
lbCirFileLoaded.Text += Path.GetFileName(sLoadedO2CirData);
}
btFindClassesWithNoControlFlowGraphs_Click(null, null);
}
}
public static List <String> getFunctionsSignaturesFrom02CirData(String sCirDataFile)
{
DI.log.debug("sCirDataFile = {0}", sCirDataFile);
var lsFunctions = new List <string>();
if (false == File.Exists(sCirDataFile))
{
DI.log.error("Provided CirData file does not exist:{0}", sCirDataFile);
return(lsFunctions);
}
ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile);
//var lsResolvedWebMethods = new List<string>();
Dictionary <String, ICirFunction> dFunctionsWithControlFlowGraphs =
CirDataUtils.getFunctionsWithControlFlowGraph(fcdCirData);
// start with all functions that we have a control flow graph for
foreach (ICirFunction cfCirFunction in dFunctionsWithControlFlowGraphs.Values)
{
// first add the current function
if (false == lsFunctions.Contains(cfCirFunction.FunctionSignature))
{
lsFunctions.Add(cfCirFunction.FunctionSignature);
}
// then add all function's called
foreach (ICirFunction cirFunction in cfCirFunction.FunctionsCalledUniqueList)
{
//if ((false == bOnlyAddSinksIfExternalToCurrentCirDataFile || false == dFunctionsWithControlFlowGraphs.ContainsKey(sCalledFunction)) && false == lsSinksToAdd.Contains(sCalledFunction))
if (false == lsFunctions.Contains(cirFunction.FunctionSignature))
{
// if (sCalledFunction.IndexOf("()") == -1) // don't add methods that receive no parameters
lsFunctions.Add(cirFunction.FunctionSignature);
}
}
}
return(lsFunctions);
}
public static O2RulePack createRules_CallBacksOnEdges_And_ExternalSinks(String sCirDataFile)
{
var rpRulePack = new O2RulePack();
if (false == File.Exists(sCirDataFile))
{
DI.log.error(
"in createRules_CallBacksOnEdges_And_ExternalSinks, provide CirData file not found: {0}",
sCirDataFile);
}
else
{
List <String> lsFunctions = MiscUtils.getFunctionsSignaturesFrom02CirData(sCirDataFile);
// in this type of scan, there are two rules
// if functions make no calls it is a Sink
// if nobody calls the function it is a callback
// sinks have preference (for the cases there there are no calls into and from
ICirData fcdCirData = CirLoad.loadSerializedO2CirDataObject(sCirDataFile);
foreach (string sFunction in lsFunctions)
{
ICirFunction cfCirFunction = fcdCirData.dFunctions_bySignature[sFunction];
if (cfCirFunction.FunctionsCalledUniqueList.Count == 0)
{
addRule(createRule(O2RuleType.Sink, sFunction, fcdCirData.sDbId), rpRulePack);
}
// DI.log.error(" Make no Calls (make sink): {0}" , cfCirFunction.sSignature);
else if (cfCirFunction.FunctionIsCalledBy.Count == 0)
{
addRule(createRule(O2RuleType.Callback, sFunction, fcdCirData.sDbId), rpRulePack);
}
}
}
return(rpRulePack);
}
