public CallInvocation addCallToCall(String sNewCallName, CallInvocation ciTargetCallInvocation, TraceType ttTraceType) { var ciNewCallInvocation = new CallInvocation(); UInt32 uCall = OzasmtUtils_OunceV6.addTextToStringIndexes(sNewCallName, oadNewO2AssessmentDataOunceV6.arAssessmentRun); ciNewCallInvocation.sig_id = uCall; ciNewCallInvocation.cxt_id = uCall; // by default make these the same (the context is used to remove duplicate findings) ciNewCallInvocation.fn_id = 1; // add file mapping so that the viewer's can point to the vm file ciNewCallInvocation.trace_type = (UInt32)ttTraceType; if (ciTargetCallInvocation.CallInvocation1 == null) { ciTargetCallInvocation.CallInvocation1 = new[] { ciNewCallInvocation } } ; else { var lTargetCallTraces = new List <CallInvocation>(ciTargetCallInvocation.CallInvocation1); lTargetCallTraces.Add(ciNewCallInvocation); ciTargetCallInvocation.CallInvocation1 = lTargetCallTraces.ToArray(); } return(ciNewCallInvocation); }
public CallInvocation setRootTrace(string sRootTraceText) { var ciCallInvocation = new CallInvocation(); UInt32 uRootTraceText = OzasmtUtils_OunceV6.addTextToStringIndexes(sRootTraceText, oadNewO2AssessmentDataOunceV6.arAssessmentRun); ciCallInvocation.sig_id = uRootTraceText; ciCallInvocation.fn_id = 1; ciCallInvocation.trace_type = (UInt32)TraceType.Root_Call; fFinding.Trace = new[] { ciCallInvocation }; return(ciCallInvocation); }
public void setFinding_VulnType(String sVulnType) { fFinding.vuln_type_id = OzasmtUtils_OunceV6.addTextToStringIndexes(sVulnType, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString(); }
public void setFinding_Context(String sContext) { fFinding.cxt_id = OzasmtUtils_OunceV6.addTextToStringIndexes(sContext, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString(); }
public void setFinding_CallerName(String sCallerName) { fFinding.caller_name_id = OzasmtUtils_OunceV6.addTextToStringIndexes(sCallerName, oadNewO2AssessmentDataOunceV6.arAssessmentRun).ToString(); }
public void setFinding_fakeActionObjectId(String sFakeActionObject) { fFinding.actionobject_id = OzasmtUtils_OunceV6.addTextToStringIndexes(sFakeActionObject, oadNewO2AssessmentDataOunceV6.arAssessmentRun); }
public static void findSpringAttributes(TreeView tvRawData) { String sFunctionSignature = "ModelMap.addAttribute"; O2Timer tTimer = new O2Timer("Resolving attribute based function: {0} ").start(); Dictionary <AssessmentAssessmentFileFinding, O2AssessmentData_OunceV6> dMatches = analyzer.getSinksFindingsThatMatchRegEx(tvRawData, sFunctionSignature); foreach (AssessmentAssessmentFileFinding fFinding in dMatches.Keys) { // resolve addAddtibute name String sSinkContext = AnalysisUtils.getSinkContext(fFinding, dMatches[fFinding]); var fsFilteredSignature = new FilteredSignature(sSinkContext); String sParameters = fsFilteredSignature.sParameters.Replace("\"", ""); String sSpringParameter = sParameters.Substring(0, sParameters.IndexOf(',')).Trim(); // create a unique name for it: String sSink = AnalysisUtils.getSink(fFinding, dMatches[fFinding]); String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "("); // make sure we have not added this already if (sSink.IndexOf(sSpringParameter) == -1) { // String sSinkWithAttributeName = sSink.Replace("(", "_" + sSpringParameter + "("); // String sSinkWithAttributeName = sSpringParameter; String sUniqueSignature = analyzer.getUniqueSignature(fFinding, TraceType.Known_Sink, dMatches[fFinding], true); var otbO2TraceBlockOfThisFinding = (O2TraceBlock_OunceV6)tvRawData.Nodes[sUniqueSignature].Tag; CallInvocation ciCallInvocation = AnalysisSearch.findTraceTypeInSmartTrace_Recursive_returnCallInvocation( fFinding.Trace, TraceType.Known_Sink); UInt32 uNewId = OzasmtUtils_OunceV6.addTextToStringIndexes(sSinkWithAttributeName, dMatches[fFinding].arAssessmentRun); ; ciCallInvocation.sig_id = uNewId; DI.log.debug(" Found spring attribute '{0}' on sinks and modified to {1}", sSpringParameter, sSinkWithAttributeName); //o2.analysis.Analysis.getSink(fFinding, dMatches[fFinding])); otbO2TraceBlockOfThisFinding.sSignature = sSinkWithAttributeName; otbO2TraceBlockOfThisFinding.sUniqueName = analyzer.getUniqueSignature(fFinding, TraceType. Known_Sink, dMatches[fFinding], true); List <O2TraceBlock_OunceV6> lotbO2TraceBlockWithVelocityMappings = analyzer.getO2TraceBlocksThatMatchSignature(sSinkWithAttributeName, tvRawData); /* String sVelocityMapping = String.Format("{0} 0", sSinkWithAttributeName); * TreeNode tnVelocityNode = tvRawData.Nodes[sVelocityMapping]; * if (tnVelocityNode != null) */ foreach ( O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings in lotbO2TraceBlockWithVelocityMappings) { if (otbO2TraceBlockWithVelocityMappings.sFile.IndexOf(".vm") > -1) { //O2TraceBlock_OunceV6 otbO2TraceBlockWithVelocityMappings = (O2TraceBlock_OunceV6)tnVelocityNode.Tag; foreach ( AssessmentAssessmentFileFinding fVelocityFinding in otbO2TraceBlockWithVelocityMappings.dSinks.Keys) { if (false == otbO2TraceBlockOfThisFinding.dGluedSinks.ContainsKey(fVelocityFinding)) { otbO2TraceBlockOfThisFinding.dGluedSinks.Add(fVelocityFinding, otbO2TraceBlockWithVelocityMappings .dSinks[fVelocityFinding]); } if (false == otbO2TraceBlockOfThisFinding.dSinks.ContainsKey(fVelocityFinding)) { otbO2TraceBlockOfThisFinding.dSinks.Add(fVelocityFinding, otbO2TraceBlockWithVelocityMappings. dSinks[fVelocityFinding]); } } } } } } tTimer.stop(); }