public static IO2Finding createCopy(IO2Finding o2Finding, bool processChildTraces) { var newO2Finding = new O2Finding { actionObject = o2Finding.actionObject, callerName = o2Finding.callerName, context = o2Finding.context, columnNumber = o2Finding.actionObject, confidence = o2Finding.confidence, exclude = o2Finding.exclude, file = o2Finding.file, lineNumber = o2Finding.lineNumber, ordinal = o2Finding.ordinal, projectName = o2Finding.projectName, propertyIds = o2Finding.propertyIds, recordId = o2Finding.recordId, severity = o2Finding.severity, text = createCopy(o2Finding.text), vulnName = o2Finding.vulnName, vulnType = o2Finding.vulnType }; if (processChildTraces) newO2Finding.o2Traces = createCopy(o2Finding.o2Traces); return newO2Finding; }
public static List<IO2Finding> findParameterStaticValueInMethodX(CirData cirData) { string functionToFind = "System.Web.UI.WebControls.Button.add_Click(System.EventHandler):void"; var createdO2Findings = new List<IO2Finding>(); try { if (cirData.dFunctions_bySignature.ContainsKey(functionToFind)) { var function = cirData.dFunctions_bySignature[functionToFind]; foreach (CirFunction functionXRef in function.FunctionIsCalledBy) { //var functionXRef = cirData.dFunctions_bySignature[functionXRefName]; foreach (var basicBlock in functionXRef.lcfgBasicBlocks) { if (basicBlock != null && basicBlock.Items != null) for (var i = 0; i < basicBlock.Items.Length; i++) { var item = basicBlock.Items[i]; if (item.GetType().Name == "ControlFlowGraphBasicBlockEvalExprStmt") { var evalExprStmt = (ControlFlowGraphBasicBlockEvalExprStmt)item; if (evalExprStmt.NaryCallVirtual != null && evalExprStmt.NaryCallVirtual.FunctionName == functionToFind) { // go to the previous block var evalExprStmtWithStaticParameterValue = (ControlFlowGraphBasicBlockEvalExprStmt)basicBlock.Items[i - 1]; if (evalExprStmtWithStaticParameterValue.NaryCall != null && evalExprStmtWithStaticParameterValue.NaryCall.UnaryOprCast != null && evalExprStmtWithStaticParameterValue.NaryCall.UnaryOprCast.Length == 2) { string staticParameterValue = evalExprStmtWithStaticParameterValue.NaryCall.UnaryOprCast[1]. ConstFunctionAddress.FunctionName; var o2Finding = new O2Finding(staticParameterValue, "Asp.NET Event Mapping") { o2Traces = new List<IO2Trace>{ new O2Trace(functionXRef.FunctionSignature, TraceType.Root_Call)} }; var sourceTrace = new O2Trace(functionXRef.ParentClass.Signature, functionXRef.FunctionSignature, TraceType.Source); var sinkTrace = new O2Trace(staticParameterValue, TraceType.Known_Sink) { context = "this . HacmeBank_v2_Website.ascx.PostMessageForm.btnPostMessage_Click ( sender, e )" }; sourceTrace.childTraces.Add(sinkTrace); o2Finding.o2Traces[0].childTraces.Add(sourceTrace); createdO2Findings.Add(o2Finding); DI.log.debug("{0} -- > {1}", functionXRef.FunctionSignature, staticParameterValue); } } } } } } return createdO2Findings; } } catch (Exception ex) { DI.log.debug("in findParameterStaticValueInMethodX :{0}:", ex.Message); } return null; }
public static List<IO2Finding> createFindingsFromConversation(List<IWebscarabConversation> webScarabConversations) { List<IO2Finding> o2Findings = new List<IO2Finding>(); foreach (IWebscarabConversation conversation in webScarabConversations) { O2Finding o2Finding = new O2Finding(); if ((conversation.TAG != null) && (conversation.TAG != "")) { o2Finding.vulnType = conversation.TAG; } else { o2Finding.vulnType = "Tag not defined"; } o2Finding.vulnName = conversation.METHOD + ": " + conversation.URL; addTrace(o2Finding, conversation.COOKIE, "COOKIE"); addTrace(o2Finding, conversation.STATUS, "STATUS"); addTrace(o2Finding, conversation.ORIGIN, "ORIGIN"); addTrace(o2Finding, conversation.URL, "URL"); addTrace(o2Finding, conversation.XSS_GET, "XSS_GET"); addTrace(o2Finding, conversation.CRLF_GET, "CRLF_GET"); addTrace(o2Finding, conversation.SET_COOKIE, "SET_COOKIE"); addTrace(o2Finding, conversation.XSS_POST, "XSS_POST"); var traceRequest = new O2Trace("request: " + conversation.request); traceRequest.file = conversation.request; var traceResponse = new O2Trace("response: " + conversation.response); traceResponse.file = conversation.response; o2Finding.file = conversation.response; o2Finding.o2Traces.Add(traceRequest); o2Finding.o2Traces.Add(traceResponse); o2Findings.Add(o2Finding); } return o2Findings; }
public static IO2Finding createCopy(IO2Finding o2Finding, bool processChildTraces) { var newO2Finding = new O2Finding { actionObject = o2Finding.actionObject, callerName = o2Finding.callerName, context = o2Finding.context, columnNumber = o2Finding.actionObject, confidence = o2Finding.confidence, exclude = o2Finding.exclude, file = o2Finding.file, lineNumber = o2Finding.lineNumber, ordinal = o2Finding.ordinal, projectName = o2Finding.projectName, propertyIds = o2Finding.propertyIds, recordId = o2Finding.recordId, severity = o2Finding.severity, text = createCopy(o2Finding.text), vulnName = o2Finding.vulnName, vulnType = o2Finding.vulnType }; if (processChildTraces) { newO2Finding.o2Traces = createCopy(o2Finding.o2Traces); } return(newO2Finding); }
public static List<IO2Finding> createFindingsFromConversation(List<IWebscarabConversation> webScarabConversations) { var o2Findings = new List<IO2Finding>(); foreach (var conversation in webScarabConversations) { var o2Finding = new O2Finding(); if (conversation.TAG != null && conversation.TAG != "") o2Finding.vulnType = conversation.TAG; else o2Finding.vulnType = "Tag not defined"; o2Finding.vulnName = conversation.METHOD + ": " + conversation.URL; addTrace(o2Finding, conversation.COOKIE, "COOKIE"); addTrace(o2Finding, conversation.STATUS, "STATUS"); addTrace(o2Finding, conversation.ORIGIN, "ORIGIN"); addTrace(o2Finding, conversation.URL, "URL"); addTrace(o2Finding, conversation.XSS_GET, "XSS_GET"); addTrace(o2Finding, conversation.CRLF_GET, "CRLF_GET"); addTrace(o2Finding, conversation.SET_COOKIE, "SET_COOKIE"); addTrace(o2Finding, conversation.XSS_POST, "XSS_POST"); // add request and response var requestTrace = new O2Trace("request: " + conversation.request) {file = conversation.request}; // requestTrace.context = Files.getFileContents(requestTrace.file); var responseTrace = new O2Trace("response: " + conversation.response) {file = conversation.response}; // responseTrace.context = Files.getFileContents(responseTrace.file); o2Finding.o2Traces.Add(requestTrace); o2Finding.o2Traces.Add(responseTrace); o2Findings.Add(o2Finding); } return o2Findings; }
private static IO2Finding getO2Finding(AssessmentAsmntFileFinding finding, AssessmentRun assessmentRunToImport) { var o2Finding = new O2Finding(); addFindingDataToO2Finding(finding, o2Finding, assessmentRunToImport); addTraceToO2Finding(finding.trace, o2Finding, assessmentRunToImport); OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding); // fix the 'ExternalSource Source' problem return o2Finding; }
public static O2Finding CreateFinding_WithTrace() { const uint line_number = 2; const uint column_number = 3; const uint ordinal = 1; const string context = "TraceContext"; const string signature = "TraceSignature"; const string clazz = "class.this.trace.is.in"; const string file = @"c:\o2\temp\file\trace\is\in.cs"; const string method = "methodExectuted"; const uint taintPropagation = 0; var text = new List<string> {"this is a text inside a trace"}; var o2Finding = new O2Finding("Vulnerability.Name", "Vulnerability.Type"); o2Finding.o2Traces.Add(new O2Trace { clazz = clazz, columnNumber = column_number, context = context, file = file, lineNumber = line_number, method = method, ordinal = ordinal, signature = signature, taintPropagation = taintPropagation, text = text, }); const string sinkText = "this is a sink"; const string methodOnSinkPath = "method call on sink path"; const string methodOnSourcePath = "method call on source path"; const string sourceText = "this is a source"; var o2Trace = new O2Trace("Class.Signature", "Method executed"); var o2TraceOnSinkPath = new O2Trace(methodOnSinkPath, TraceType.Type_0); o2TraceOnSinkPath.childTraces.Add(new O2Trace(sinkText, TraceType.Known_Sink)); var o2TraceOnSourcePath = new O2Trace(methodOnSourcePath, TraceType.Type_0); o2TraceOnSourcePath.childTraces.Add(new O2Trace(sourceText, TraceType.Source)); o2Trace.childTraces.Add(o2TraceOnSourcePath); o2Trace.childTraces.Add(o2TraceOnSinkPath); o2Finding.o2Traces = new List<IO2Trace> {o2Trace}; return o2Finding; }
public static List <IO2Trace> getListWithAllTraces(O2Finding o2Finding) { var allTraces = new List <IO2Trace>(); try { getListWithAllTraces(o2Finding.o2Traces, allTraces); } catch (Exception ex) { DI.log.error("in getListWithAllTraces: {0}", ex.Message); } return(allTraces); }
public static void fixExternalSourceSourceMappingProblem(O2Finding o2Finding) { try { // fix the external_source callback generated finding problem since the source should be the callback back methods and not the <external_source>(...) rule if (o2Finding.Source.IndexOf("<external_source>") > -1) { o2Finding.getSource().traceType = TraceType.Root_Call; o2Finding.o2Traces[0].childTraces[1].traceType = TraceType.Source; } } catch (Exception ex) { DI.log.ex(ex, "in getO2Finding, while trying to fix the external_source callback generated finding problem"); } }
public static IO2Finding createO2FindingFromTrace(IO2Trace o2Trace) { var o2Finding = new O2Finding { callerName = o2Trace.signature, context = o2Trace.context, columnNumber = o2Trace.columnNumber, file = o2Trace.file, lineNumber = o2Trace.lineNumber, o2Traces = new List<IO2Trace> {OzasmtCopy.createCopy(o2Trace)}, ordinal = o2Trace.ordinal, text = OzasmtCopy.createCopy(o2Trace.text), vulnName = o2Trace.signature, vulnType = "FindingFromTrace" }; return o2Finding; }
public static List<IO2Finding> loadWebInspectResultsAndReturnO2FindingsFor_SqlInjection_PoC1( string webInspectResultsFile) { var results = new List<IO2Finding>(); var webInspectResults = new XmlDocument(); webInspectResults.Load(webInspectResultsFile); List<XmlNode> sessionsCheckFoundWithEngineId = getSessionsCheckFoundWithEngineId(webInspectResults, sqlInjectionEngineId); foreach (XmlNode sessionCheckFound in sessionsCheckFoundWithEngineId) { // ReSharper disable PossibleNullReferenceException string sessionId = sessionCheckFound["VulnerableSessionID"].InnerText; List<XmlNode> sessionsFoundWithSessionId = getSessionsWithSessionID(webInspectResults, sessionId); foreach (XmlNode session in sessionsFoundWithSessionId) { string fullURL = session["FullURL"].InnerText; string attackParamDescriptor = session["AttackParamDescriptor"].InnerText; if (attackParamDescriptor.IndexOf(':') > -1) attackParamDescriptor = attackParamDescriptor.Split(new[] {':'})[1]; string attackDescriptor = session["AttackDescriptor"].InnerText; var o2Finding = new O2Finding { o2Traces = new List<IO2Trace> { new O2Trace("WebInspect -> Ounce Mapping")}, context = attackDescriptor, vulnName = fullURL, vulnType = "WebInspect Vulnerability" }; var source = new O2Trace(fullURL, TraceType.Source); source.childTraces.Add(new O2Trace(attackDescriptor)); var Sink = new O2Trace(attackParamDescriptor) { traceType = TraceType.Known_Sink, }; source.childTraces.Add(Sink); o2Finding.o2Traces[0].childTraces.Add(source); results.Add(o2Finding); } // ReSharper restore PossibleNullReferenceException } return results; }
public static List<IO2Finding> createFindingsFromStrutsMappings(IStrutsMappings iStrutsMappings) { var newO2Findings = new List<IO2Finding>(); foreach (var actionServlet in iStrutsMappings.actionServlets) foreach (var controler in actionServlet.controllers.Values) { var o2Finding = new O2Finding { vulnType = "Struts.Finding : " + controler.type, vulnName = controler.type ?? "" }; var o2RootTrace = (O2Trace)o2Finding.addTrace("Struts Mapping", TraceType.O2JoinSource); o2RootTrace.addTrace("Controller Type: " + controler.type, TraceType.O2JoinSink); // add formbean if (controler.formBean != null) { var beanTrace = (O2Trace)o2RootTrace.addTrace("Form Bean : " + controler.formBean.name, TraceType.O2Info); beanTrace.addTrace("has validation mapping" + controler.formBean.hasValidationMapping); foreach (var field in controler.formBean.fields) beanTrace.addTrace(field.Value.name); } var pathsTrace = (O2Trace)o2RootTrace.addTrace("paths:", TraceType.O2Info); foreach (var path in controler.paths) { var pathTrace = (O2Trace)pathsTrace.addTrace("url: " + path.path); pathTrace.addTrace("controller: " + controler.type + " <- "); pathTrace.addTraces("view: ", TraceType.O2JoinSink, path.resolvedViews.ToArray()); } //o2Finding.o2Traces.Add(o2RootTrace); newO2Findings.Add(o2Finding); } return newO2Findings; }
public static IO2Finding createO2FindingFromTrace(IO2Trace o2Trace) { var o2Finding = new O2Finding { callerName = o2Trace.signature, context = o2Trace.context, columnNumber = o2Trace.columnNumber, file = o2Trace.file, lineNumber = o2Trace.lineNumber, o2Traces = new List <IO2Trace> { OzasmtCopy.createCopy(o2Trace) }, ordinal = o2Trace.ordinal, text = OzasmtCopy.createCopy(o2Trace.text), vulnName = o2Trace.signature, vulnType = "FindingFromTrace" }; return(o2Finding); }
private IO2Assessment createO2AssessmentFromCodeCrawlerObject(Xsd.DocumentElement codeCrawlerObject, String fileName) { var o2Assessment = new O2Assessment(); o2Assessment.name = "CodeCrawler Import of: " + fileName; foreach(var threat in codeCrawlerObject.ThreatList) { var o2Finding = new O2Finding { vulnName = threat.Threat, vulnType = threat.Threat, context = threat.Description, severity = threat.Level, confidence = 2, lineNumber = threat.Line, file = fileName }; o2Finding.text.Add(threat.Description); o2Assessment.o2Findings.Add(o2Finding); } return o2Assessment; }
public void calculateResults() /*ascx_StrutsMappings strutsMappingsControl, ascx_FilteredFindings filteredFindings_TaintSources, ascx_FilteredFindings filteredFindings_FinalSinks, ascx_FindingsViewer findingsViewer_FinalFindings )*/ { //const string controlTypePrefixString = "Controller Type: "; //const string viewPrefixString = "view: "; var results = new List<IO2Finding>(); // need to build 4 dictionaries PublicDI.log.debug("building 4 dictionaries with sources,sinks and Join points"); // JoinSink in taintSources var taintSourcesJoinSinks = new Dictionary<string, List<IO2Finding>>(); //foreach (O2Finding o2Finding in filteredFindings_TaintSources.getResults()) foreach (O2Finding o2Finding in findingsWith_FindingsFromTaintSources) { var joinSinks = o2Finding.JoinSinks(); if (joinSinks.Count == 1) { var joinSink = joinSinks[0]; // we currenty only support the case where there is one JoinSink if (false == taintSourcesJoinSinks.ContainsKey(joinSink)) taintSourcesJoinSinks.Add(joinSink, new List<IO2Finding>()); taintSourcesJoinSinks[joinSink].Add(o2Finding); } } // var taintSourcesJoinLocations var taintSourcesJoinLocations = new Dictionary<string, List<IO2Finding>>(); //foreach (O2Finding o2Finding in filteredFindings_TaintSources.getResults()) foreach (O2Finding o2Finding in findingsWith_FindingsFromTaintSources) { var joinLocations = o2Finding.getJoinLocations(); if (joinLocations.Count == 1) { var joinLocation = joinLocations[0].signature; // we currenty only support the case where there is one JoinLocation if (false == taintSourcesJoinLocations.ContainsKey(joinLocation)) taintSourcesJoinLocations.Add(joinLocation, new List<IO2Finding>()); taintSourcesJoinLocations[joinLocation].Add(o2Finding); } } // JoinSources in final Sinks var finalSinksTaintSources = new Dictionary<string, List<IO2Finding>>(); //foreach (O2Finding o2Finding in filteredFindings_FinalSinks.getResults()) foreach (O2Finding o2Finding in findingsWith_FindingsToFinalSinks) { var joinSources = o2Finding.JoinSources(); if (joinSources.Count == 1) { var joinSource = joinSources[0]; // we currenty only support the case where there is one JoinSource if (false == finalSinksTaintSources.ContainsKey(joinSource)) finalSinksTaintSources.Add(joinSource, new List<IO2Finding>()); finalSinksTaintSources[joinSource].Add(o2Finding); } } // var finalSinksJoinLocations var finalSinksJoinLocations = new Dictionary<string, List<IO2Finding>>(); //foreach (O2Finding o2Finding in filteredFindings_FinalSinks.getResults()) foreach (O2Finding o2Finding in findingsWith_FindingsToFinalSinks) { var joinLocations = o2Finding.getJoinLocations(); if (joinLocations.Count == 1) { var joinLocation = joinLocations[0].signature; // we currenty only support the case where there is one JoinLocation if (false == finalSinksJoinLocations.ContainsKey(joinLocation)) finalSinksJoinLocations.Add(joinLocation, new List<IO2Finding>()); finalSinksJoinLocations[joinLocation].Add(o2Finding); } } PublicDI.log.debug("mapping all data"); //foreach (var actionServlet in strutsMappingsControl.getStrutsMappingObject().actionServlets) foreach (var actionServlet in StrutsMappings.actionServlets) { var controllersToAdd = actionServlet.controllers.Values.Count; var controllersAdded = 0; foreach (var controler in actionServlet.controllers.Values) { if (controllersAdded++ % 10 == 0) PublicDI.log.debug(" Added [{0}/{1}] controllers ({2} findings so far)", controllersAdded, controllersToAdd , results.Count ); foreach (var path in controler.paths) foreach (var view in path.resolvedViews) { //DI.log.info("{0} - {1}", controler.type, view); // now search on the Join Locations foreach (var taintSourcesJoinLocation in taintSourcesJoinLocations) foreach (var finalSinksJoinLocation in finalSinksJoinLocations) { var filteredController = controler.type ?? ""; var filteredView = JoinPointFilter(view); //.Replace("\\", ".").Replace('/', '.'); var filteredTaintSource = JoinPointFilter(taintSourcesJoinLocation.Key); //.Replace('\\', '.').Replace('/', '.'); var filteredFinalSink = JoinPointFilter(finalSinksJoinLocation.Key); //.Replace('\\', '.').Replace('/', '.'); ; if (filteredTaintSource.Contains(filteredController) && filteredFinalSink.Contains(filteredView)) { foreach (O2Finding taintSourceFinding in taintSourcesJoinLocation.Value) foreach (O2Finding finalSinkFinding in finalSinksJoinLocation.Value) { if (taintSourceFinding.JoinSinks().Count == 1 && finalSinkFinding.JoinSources().Count == 1) { if (taintSourceFinding.JoinSinks()[0] == finalSinkFinding.JoinSources()[0]) { // if we have a match , create the finding var o2Finding = new O2Finding { vulnType = "Struts.Finding : " + controler.type, vulnName = controler.type ?? "" }; var o2RootTrace = (O2Trace) o2Finding.addTrace("Struts Mapping", TraceType.Root_Call); var controllerTrace = o2RootTrace.addTrace("Controller: " + controler.type, TraceType.O2JoinSink); if (controler.formBean != null) { var beanTrace = (O2Trace) o2RootTrace.addTrace( "Form Bean : " + controler.formBean.name, TraceType.O2Info); beanTrace.addTrace("has validation mapping" + controler.formBean.hasValidationMapping); // only add the field that matches the current join var currentJoinPoint = JoinOnAttributes.extractNameFromContext(taintSourceFinding.SourceContext, "\"", "\""); foreach (var field in controler.formBean.fields) if (field.Key == currentJoinPoint) { var joinPoint = (O2Trace) beanTrace.addTrace(field.Value.name); joinPoint.addTrace("hasValidationMapping: " + field.Value.hasValidationMapping); joinPoint.addTrace_IfNotEmpty("depends: ", field.Value.depends); joinPoint.addTrace_IfNotEmpty("initial", field.Value.initial); joinPoint.addTrace_IfNotEmpty("type", field.Value.type); foreach (var validator in field.Value.validators) joinPoint.addTrace( string.Format("validator: {0}={1}", validator.Key, validator.Value)); } //var formBeanTrace = o2RootTrace.addTrace( "Form Bean: " + controler.formBean.type ?? "",TraceType.O2Info); } controllerTrace.childTraces.AddRange(taintSourceFinding.o2Traces); var pathsTrace = (O2Trace) o2RootTrace.addTrace("paths:", TraceType.O2Info); var pathTrace = (O2Trace) pathsTrace.addTrace("url: " + path.path); pathTrace.addTrace("controller: " + controler.type + " <- "); var viewTrace = pathTrace.addTrace("view: " + filteredView, TraceType.O2JoinSink); viewTrace.childTraces.AddRange(finalSinkFinding.o2Traces); results.Add(o2Finding); } } } /* o2Finding.addTraces(new[] { filteredController, filteredView, filteredTaintSource, filteredFinalSink });*/ } //DI.log.info(" {0} = {1}", filteredController, filteredTaintSource); //DI.log.info(" {0} = {1}", filteredView, filteredFinalSink); } } } } findingsWith_Results = results; PublicDI.log.debug("mapping complete"); //findingsViewer_FinalFindings.loadO2Findings(results, true); }
public void CreateFinding_WithTrace() { string sFileToCreate = DI.config.TempFileNameInTempDirectory; const uint line_number = 2; const uint column_number = 3; const uint ordinal = 1; const string context = "TraceContext"; const string signature = "TraceSignature"; const string clazz = "class.this.trace.is.in"; const string file = @"c:\o2\temp\file\trace\is\in.cs"; const string method = "methodExectuted"; const uint taintPropagation = 0; var text = new List<string> {"this is a text inside a trace"}; var o2Assessment = new O2Assessment(); // Finding #1 var o2Finding1 = new O2Finding("vulnName.Testing.TraceCreation", "vulnType.CustomType", "This is the Context", "This is the caller"); o2Finding1.o2Traces.Add(new O2Trace { clazz = clazz, columnNumber = column_number, context = context, file = file, lineNumber = line_number, method = method, ordinal = ordinal, signature = signature, taintPropagation = taintPropagation, text = text, }); o2Assessment.o2Findings.Add(o2Finding1); // Finding #1 const string sinkText = "this is a sink"; const string methodOnSinkPath = "method call on sink path"; const string methodOnSourcePath = "method call on source path"; const string sourceText = "this is a source"; var o2Finding2 = new O2Finding("Vulnerability.Name", "Vulnerability.Type"); var o2Trace = new O2Trace("Class.Signature", "Method executed"); var o2TraceOnSinkPath = new O2Trace(methodOnSinkPath, TraceType.Type_0); o2TraceOnSinkPath.childTraces.Add(new O2Trace(sinkText, TraceType.Known_Sink)); var o2TraceOnSourcePath = new O2Trace(methodOnSourcePath, TraceType.Type_0); o2TraceOnSourcePath.childTraces.Add(new O2Trace(sourceText, TraceType.Source)); o2Trace.childTraces.Add(o2TraceOnSourcePath); o2Trace.childTraces.Add(o2TraceOnSinkPath); o2Finding2.o2Traces = new List<IO2Trace> {o2Trace}; o2Assessment.o2Findings.Add(o2Finding2); // save assessment file o2Assessment.save(o2AssessmentSave, sFileToCreate); // check if data was saved correctly var loadedO2Assessment = new O2Assessment(o2AssessmentLoad, sFileToCreate); List<IO2Finding> loadedO2Findings = loadedO2Assessment.o2Findings; Assert.IsTrue(loadedO2Assessment.o2Findings.Count == 2, "There should be 2 findings in the Assessment File"); // in o2Findings1 Assert.IsTrue(loadedO2Assessment.o2Findings[0].o2Traces.Count == 1, "There should be 1 Trace in the Finding #1"); IO2Trace loadedO2Trace = loadedO2Findings[0].o2Traces[0]; Assert.IsTrue(loadedO2Trace.clazz == clazz, "clazz"); Assert.IsTrue(loadedO2Trace.columnNumber == column_number, "columnNumber"); Assert.IsTrue(loadedO2Trace.context == context, "context"); Assert.IsTrue(loadedO2Trace.file == file, "file"); Assert.IsTrue(loadedO2Trace.lineNumber == line_number, "lineNumber"); Assert.IsTrue(loadedO2Trace.method == method, "method"); Assert.IsTrue(loadedO2Trace.ordinal == ordinal, "ordinal"); Assert.IsTrue(loadedO2Trace.signature == signature, "signature"); Assert.IsTrue(loadedO2Trace.taintPropagation == taintPropagation, "taintPropagation"); Assert.IsTrue(loadedO2Trace.text[0] == text[0], "text"); // in o2Findings2 Assert.IsTrue(loadedO2Assessment.o2Findings[1].o2Traces.Count == 1, "There should be 1 Trace in the Finding #2"); Assert.IsTrue(loadedO2Assessment.o2Findings[1].o2Traces[0].childTraces.Count == 2, "There should be 2 child traces in this trace"); Assert.IsNotNull(OzasmtUtils.getKnownSink(loadedO2Assessment.o2Findings[1].o2Traces), "Could not find Sink"); Assert.IsTrue(OzasmtUtils.getKnownSink(loadedO2Assessment.o2Findings[1].o2Traces).clazz == sinkText, "Sink text didn't match"); Assert.IsTrue(OzasmtUtils.getSource(loadedO2Assessment.o2Findings[1].o2Traces).clazz == sourceText, "Source text didn't match"); }
public void FindingConstructors() { var o2Finding1 = new O2Finding(); Assert.That(o2Finding1.vulnName == "", "vulnName was not empty"); Assert.That(o2Finding1.vulnType == "", "vulnType was not empty"); Assert.That(o2Finding1.context == "", "context was not empty"); Assert.That(o2Finding1.callerName == "", "callerName was not empty"); Assert.That(o2Finding1.exclude == false, "exclude was not false"); var vulnName2 = "test vulnName2"; var vulnType2 = "test vulnType2"; var o2Finding2 = new O2Finding(vulnName2, vulnType2); Assert.That(o2Finding2.vulnName == vulnName2, "vulnName2 was not assigned value"); Assert.That(o2Finding2.vulnType == vulnType2, "vulnType2 was not assigned value"); Assert.That(o2Finding1.callerName == "", "callerName was not empty"); Assert.That(o2Finding2.context == "", "context was not empty"); Assert.That(o2Finding2.exclude == false, "exclude was not false"); var vulnName3 = "test vulnName3"; var vulnType3 = "test vulnType3"; var context3 = "test context3"; var callerName3 = "test vulnType3"; var o2Finding3 = new O2Finding(vulnName3, vulnType3, context3, callerName3); Assert.That(o2Finding3.vulnName == vulnName3, "vulnName3 was not assigned value"); Assert.That(o2Finding3.vulnType == vulnType3, "vulnType3 was not assigned value"); Assert.That(o2Finding3.context == context3, "context3 was not assigned value"); Assert.That(o2Finding3.callerName == callerName3, "callerName3 was not assigned value"); Assert.That(o2Finding3.exclude == false, "exclude was not false"); }
public void CreateFinding() { string sFileToCreate = DI.config.TempFileNameInTempDirectory; const string file = @"c:\O2\Temp\testFile.cs"; const uint record_id = 1; const uint line_number = 2; const uint column_number = 3; const uint actionobject_id = 4; const byte severity = 3; const byte confidence = 2; const bool exclude = false; const uint ordinal = 1; const string context = "context"; const string vuln_name = "vuln_name"; const string caller_name = "caller_name"; const string vuln_type = "vuln_type"; const string project_name = "project_name"; const string property_ids = "property_ids"; var o2Assessment = new O2Assessment(); // create test O2Finding objects var o2Finding1 = new O2Finding { actionObject = actionobject_id, confidence = confidence, file = file, columnNumber = column_number, exclude = exclude, lineNumber = line_number, ordinal = ordinal, recordId = record_id, severity = severity, context = context, vulnName = vuln_name, callerName = caller_name, vulnType = vuln_type, projectName = project_name, propertyIds = property_ids }; var o2Finding2 = new O2Finding(vuln_name, vuln_type, context, caller_name); // add O2Findings and saved assessment run o2Assessment.o2Findings.Add(o2Finding1); o2Assessment.o2Findings.Add(o2Finding2); o2Assessment.save(o2AssessmentSave, sFileToCreate); // check that file created is ok var loadedO2Assessment = new O2Assessment(o2AssessmentLoad, sFileToCreate); Assert.IsTrue(loadedO2Assessment.o2Findings.Count == 2, "There should be 2 findings saved"); IO2Finding loadedO2Fiding = loadedO2Assessment.o2Findings[0]; Assert.IsTrue(loadedO2Fiding.actionObject == actionobject_id, "actionobject_id"); Assert.IsTrue(loadedO2Fiding.confidence == confidence, "confidence"); Assert.IsTrue(loadedO2Fiding.file == file, "file"); Assert.IsTrue(loadedO2Fiding.columnNumber == column_number, "column_number"); Assert.IsTrue(loadedO2Fiding.exclude == exclude, "exclude"); Assert.IsTrue(loadedO2Fiding.lineNumber == line_number, "line_number"); Assert.IsTrue(loadedO2Fiding.ordinal == ordinal, "ordinal"); Assert.IsTrue(loadedO2Fiding.recordId == record_id, "record_id"); Assert.IsTrue(loadedO2Fiding.severity == severity, "severity"); Assert.IsTrue(loadedO2Fiding.context == context, "context"); Assert.IsTrue(loadedO2Fiding.vulnName == vuln_name, "vuln_name"); Assert.IsTrue(loadedO2Fiding.callerName == caller_name, "caller_name"); Assert.IsTrue(loadedO2Fiding.vulnType == vuln_type, "vuln_type"); Assert.IsTrue(loadedO2Fiding.projectName == project_name, "project_name"); Assert.IsTrue(loadedO2Fiding.propertyIds == property_ids, "property_ids"); }
public static void addClassAttributesToFinding(XElement xClassElement, O2Finding o2Finding) { //var pathToSource = o2Finding.getPathToSource(); //var numberOfTraces = pathToSource.Count; //if (pathToSource.Count >1) //{ // var rootTrace = pathToSource[numberOfTraces-1]; var classAnnotations = from xelement in xClassElement.Elements("attribute").Elements("annotation") select xelement; if (classAnnotations.Count() > 0) { var annotationsTrace = new O2Trace("Annotations for class: " + xClassElement.Attribute("name").Value); o2Finding.o2Traces.Insert(0, annotationsTrace); foreach (var annotation in classAnnotations) annotationsTrace.childTraces.Add(new O2Trace(annotation.Attribute("toString").Value, TraceType.Type_4)); } //} }
public static void addCatNetResultsAsFindings(O2Assessment o2Assessment, XmlDocument catNetXml) { //var results = catNetXml.GetElementsByTagName("Resultsss"); DI.log.info(" -------------------- "); foreach (XmlElement rule in catNetXml.GetElementsByTagName("Rule")) { try { XmlElement ruleNameXmlElement = rule["Name"]; string ruleName = (ruleNameXmlElement == null) ? "Unknown Rule Name" : ruleNameXmlElement.InnerText; foreach (XmlNode result in rule.GetElementsByTagName("Result")) { // ReSharper disable PossibleNullReferenceException string signature = getSignatureFromEntryPoint(result["EntryPoint"].InnerText); var o2Finding = new O2Finding(); o2Finding.context = (result["EntryPoint"] == null) ? "" : result["EntryPoint"].InnerText; o2Finding.confidence = (result["ConfidenceLevel"] == null) ? (byte) 0 : getConfidence(result["ConfidenceLevel"].InnerText); o2Finding.callerName = getMethodNameFromSignature(signature); o2Finding.lineNumber = (result["Transformations"] == null && result["Transformations"]["Origin"] != null) ? 0 : uint.Parse( result["Transformations"]["Origin"].GetAttribute("line")); o2Finding.file = (result["Transformations"] == null && result["Transformations"]["Origin"] != null) ? "" : result["Transformations"]["Origin"].GetAttribute("file"); o2Finding.severity = 2; o2Finding.vulnName = signature; o2Finding.vulnType = ruleName; // }; o2Finding.text.Add(result["Resolution"].InnerText); o2Finding.text.Add(result["ProblemDescription"].InnerText); addCatNetTransformationsAsO2Traces(o2Finding, result["Transformations"]); // ReSharper restore PossibleNullReferenceException o2Assessment.o2Findings.Add(o2Finding); } } catch (Exception ex) { DI.log.ex(ex, "in addCatNetResultsAsFindings, while processing rule: " + rule.InnerXml); } } }
public static void addMethodAttributesToFinding(XElement xMethodElement, O2Finding o2Finding) { var pathToSource = o2Finding.getPathToSource(); var numberOfTraces = pathToSource.Count; if (pathToSource.Count > 1) { var rootTrace = pathToSource[numberOfTraces - 1]; // add annotations in Method's Parameters var methodParametersAnnotations = from xelement in xMethodElement.Elements("methodParameterAnnotation") select xelement; if (methodParametersAnnotations.Count() > 0) { var methodParametersAttributes = new O2Trace("Spring MVC - Method Parameters Attributes"); foreach (var annotation in methodParametersAnnotations) { if (annotation.Attribute("toString") == null) methodParametersAttributes.childTraces.Add(new O2Trace("no attribute")); else { //var annotationTrace1 = new O2Trace(annotation.Attribute("toString").Value, TraceType.Type_4); var annotationTrace = new O2Trace(annotation.Attribute("typeName").Value, TraceType.Type_4); foreach (var member in annotation.Elements("member")) { //annotationTrace.childTraces.Add(new O2Trace(annotation.Attribute("typeName").Value, TraceType.Type_6)); var memberTraceText = string.Format("{0}={1}", member.Attribute("memberName").Value, member.Attribute("memberValue").Value); annotationTrace.childTraces.Add(new O2Trace(memberTraceText, TraceType.Type_6)); } methodParametersAttributes.childTraces.Add(annotationTrace); } } rootTrace.childTraces.Insert(0, methodParametersAttributes); } // add annotations in Method var methodAnnotations = from xelement in xMethodElement.Elements("methodAttribute").Elements("methodAnnotation") select xelement; if (methodAnnotations.Count() > 0) { var methodAttributes = new O2Trace("Spring MVC - Method Attributes"); foreach (var annotation in methodAnnotations) { var annotationTrace = new O2Trace(annotation.Attribute("typeName").Value, TraceType.Type_4); foreach (var member in annotation.Elements("member")) { var memberTraceText = string.Format("{0}={1}", member.Attribute("memberName").Value, member.Attribute("memberValue").Value); annotationTrace.childTraces.Add(new O2Trace(memberTraceText, TraceType.Type_6)); } methodAttributes.childTraces.Insert(0, annotationTrace); // handle special case of org.springframework.web.bind.annotation.RequestMapping (which we want to make the source) if (annotation.Attribute("typeName").Value == "org.springframework.web.bind.annotation.RequestMapping") { //annotationTrace.traceType = TraceType.Source; o2Finding.vulnType = "O2.SpringMvc.Controller"; o2Finding.vulnName = o2Finding.Sink; } } rootTrace.childTraces.Insert(0, methodAttributes); } //else // log.error("There are no method Attributes for method: " + xMethodElement.ToString()); } }
public static IO2Finding createO2FindingForXElement(XElement xElement, string currentFile) { var createFinding = false; var xElementSignature = xElement.Name.LocalName; var sourceTrace1 = new O2Trace(); var sourceTrace2 = new O2Trace(); foreach (var attribute in xElement.Attributes()) { if (attribute.Name == "value" && attribute.Value.IndexOf("#{") > -1) { createFinding = true; sourceTrace1.signature = attribute.Value; sourceTrace2.signature = getFilteredValue(attribute.Value); sourceTrace2.traceType = TraceType.Source; // set source file and line number var attributeLineInfo = (IXmlLineInfo)attribute; sourceTrace2.file = currentFile; sourceTrace2.lineNumber = (uint)attributeLineInfo.LineNumber; } // xElementSignature += String.Format(" {0}=\"{1}\" ", attribute.Name, attribute.Value); } if (createFinding == false) return null; var newFinding = new O2Finding(); newFinding.vulnType = "JSF.AutoMapping"; newFinding.vulnName = xElementSignature; // add traces // root trace var rootTrace = new O2Trace(currentFile); newFinding.o2Traces.Add(rootTrace); // traceWithFileName var traceWithFileName = new O2Trace(Path.GetFileName(currentFile)); rootTrace.childTraces.Add(traceWithFileName); // sourceTrace traceWithFileName.childTraces.Add(sourceTrace1); sourceTrace1.childTraces.Add(sourceTrace2); // traceWithNamespaceAndElementName var traceWithNamespaceAndElementName = new O2Trace(xElement.Name.ToString()); sourceTrace2.childTraces.Add(traceWithNamespaceAndElementName); // Sink trace (with xElementSignature contents) var sinkTrace = new O2Trace(xElementSignature); sinkTrace.traceType = TraceType.Known_Sink; traceWithNamespaceAndElementName.childTraces.Add(sinkTrace); // set file and line number for sink & finding var elementLineInfo = (IXmlLineInfo)xElement; newFinding.file = sourceTrace2.file = currentFile; newFinding.lineNumber = sourceTrace2.lineNumber = (uint)elementLineInfo.LineNumber; return newFinding; }
public static void showO2FindingInDataGridView(O2Finding o2Finding, DataGridView dataGridView) { }
public static List<IO2Trace> getListWithAllTraces(O2Finding o2Finding) { var allTraces = new List<IO2Trace>(); try { getListWithAllTraces(o2Finding.o2Traces, allTraces); } catch (Exception ex) { DI.log.error("in getListWithAllTraces: {0}", ex.Message); } return allTraces; }
public static IO2Finding getO2Finding(AssessmentAssessmentFileFinding finding, AssessmentAssessmentFile assessmentFile, AssessmentRun assessmentRun) { var o2Finding = new O2Finding { actionObject = finding.actionobject_id, columnNumber = finding.column_number, confidence = finding.confidence, exclude = finding.exclude, file = assessmentFile.filename, lineNumber = finding.line_number, ordinal = finding.ordinal, propertyIds = finding.property_ids, recordId = finding.record_id, severity = finding.severity, o2Traces = getO2TraceFromCallInvocation(finding.Trace, assessmentRun), }; if (finding.cxt_id != null) o2Finding.context = getStringIndexValue(UInt32.Parse(finding.cxt_id), assessmentRun); o2Finding.callerName = finding.caller_name; if (o2Finding.callerName == null && finding.caller_name_id != null) o2Finding.callerName = getStringIndexValue(UInt32.Parse(finding.caller_name_id), assessmentRun); o2Finding.projectName = finding.project_name; if (o2Finding.projectName == null && finding.project_name_id != null) o2Finding.projectName = getStringIndexValue(UInt32.Parse(finding.project_name_id), assessmentRun); o2Finding.vulnName = finding.vuln_name; if (o2Finding.vulnName == null && finding.vuln_name_id != null) o2Finding.vulnName = getStringIndexValue(UInt32.Parse(finding.vuln_name_id), assessmentRun); o2Finding.vulnType = finding.vuln_type; if (o2Finding.vulnType == null && finding.vuln_type_id != null) o2Finding.vulnType = getStringIndexValue(UInt32.Parse(finding.vuln_type_id), assessmentRun); if (finding.Text != null) o2Finding.text = new List<string>(finding.Text); OzasmtUtils.fixExternalSourceSourceMappingProblem(o2Finding); return o2Finding; }
public static List<IO2Finding> loadWebInspectResultsAndReturnO2FindingsFor_SqlInjection_PoC2( string webInspectResultsFile) { var results = new List<IO2Finding>(); var webInspectResults = new XmlDocument(); webInspectResults.Load(webInspectResultsFile); List<XmlNode> sessionsCheckFoundWithEngineId = getSessionsCheckFoundWithEngineId(webInspectResults, sqlInjectionEngineId); foreach (XmlNode sessionCheckFound in sessionsCheckFoundWithEngineId) { // ReSharper disable PossibleNullReferenceException string sessionId = sessionCheckFound["VulnerableSessionID"].InnerText; List<XmlNode> sessionsFoundWithSessionId = getSessionsWithSessionID(webInspectResults, sessionId); foreach (XmlNode session in sessionsFoundWithSessionId) { string attackParam = session["AttackParamDescriptor"].InnerText; // Hack to handle crl#: form parameter names in ASP.NET if (attackParam.IndexOf(':') > -1) attackParam = attackParam.Split(new[] {':'})[1]; string attackPayload = session["AttackDescriptor"].InnerText; var filteredUrl = new FilteredUrl(session["FullURL"].InnerText); foreach (var word in filteredUrl.words) { var sink = new O2Trace("WebInspect: " + filteredUrl.pathAndPageAndParameters, TraceType.Known_Sink) { context = attackPayload, method = attackParam }; //var sink = new O2Trace("WebInspect: " + attackParam, TraceType.Known_Sink); //source.childTraces.Add(sink); var o2Trace = new O2Trace("WebInspect -> Ounce Mapping (Sql Injection)"); //o2Trace.childTraces.Add(source); o2Trace.childTraces.Add(sink); //source.context = "This is the context of the Source"; //sink.context = attackPayload; var o2Finding = new O2Finding { o2Traces = new List<IO2Trace> { o2Trace}, context = attackPayload, vulnName = word + "_" + attackParam, vulnType = "Sql Injection (from WebInspect)" }; results.Add(o2Finding); } /* var o2Finding = new O2Finding { o2Trace = new O2Trace("WebInspect -> Ounce Mapping"), context = attackDescriptor, vulnName = fullURL, vulnType = "WebInspect Vulnerability" }; var source = new O2Trace(fullURL, TraceType.Source); source.childTraces.Add(new O2Trace(attackDescriptor)); var Sink = new O2Trace(attackParamDescriptor) { traceType = TraceType.Known_Sink }; source.childTraces.Add(Sink); o2Finding.o2Trace.childTraces.Add(source); results.Add(o2Finding);*/ } // ReSharper restore PossibleNullReferenceException } return results; }
public static void createFindingsFromSpringMvcMappings(bool createFindingForUsesOfModelAttribute, bool createFindingForUsesOfGetParameter, ascx_FindingsViewer findingsViewer, Dictionary<SpringMvcController, TreeNode> treeNodesForloadedSpringMvcControllers, ICirData cirData) //IEnumerable<SpringMvcController> springMvcControllers) { var findingsCreated = new List<IO2Finding>(); if (createFindingForUsesOfModelAttribute) { foreach (SpringMvcController springMvcController in treeNodesForloadedSpringMvcControllers.Keys) { var modelAttributeParameter = SpringMvcUtils.getMethodUsedInController(springMvcController, "ModelAttribute"); if (modelAttributeParameter != null) { var findingType = "SpringMvc.Use of ModelAttribute"; var findingText = string.Format("{0} {1} {2}", springMvcController.HttpRequestMethod, springMvcController.HttpRequestUrl, springMvcController.HttpMappingParameter); var o2Finding = new O2Finding(findingText, findingType) { file = springMvcController.FileName, lineNumber = springMvcController.LineNumber }; var rootTrace = new O2Trace(findingType); var sourceTrace = new O2Trace(springMvcController.HttpRequestUrl) { traceType = TraceType.Source }; var modelAttribute = new O2Trace("ModelAttribute Class: " + modelAttributeParameter.className); var sinkTrace = new O2Trace(springMvcController.JavaClass) { traceType = TraceType.Known_Sink }; var postTrace = new O2Trace(springMvcController.JavaClassAndFunction); rootTrace.childTraces.Add(sourceTrace); sourceTrace.childTraces.Add(modelAttribute); modelAttribute.childTraces.Add(sinkTrace); sinkTrace.childTraces.Add(postTrace); o2Finding.o2Traces.Add(rootTrace); rootTrace.file = sourceTrace.file = sinkTrace.file = o2Finding.file; rootTrace.lineNumber = sourceTrace.lineNumber = sinkTrace.lineNumber = o2Finding.lineNumber; findingsCreated.Add(o2Finding); //tvControllers.Nodes.Add( // O2Forms.cloneTreeNode(treeNodesForloadedSpingMvcControllers[springMcvController])); } } } if (createFindingForUsesOfGetParameter) { try { var nodesWithGetParameter = getNodes_ThatUseGetParameter_RecursiveSearch(cirData, treeNodesForloadedSpringMvcControllers); foreach (var treeNode in nodesWithGetParameter) { var springMvcController = (SpringMvcController)treeNode.Tag; /*var o2Finding = new O2Finding(springMvcController.JavaFunction, "SpringMvc.Use of GetParameter") { file = springMvcController.FileName, lineNumber = springMvcController.LineNumber }; findingsCreated.Add(o2Finding);*/ var findingType = "SpringMvc.Use of GetParameter"; var findingText = string.Format("{0} {1} {2}", springMvcController.HttpRequestMethod, springMvcController.HttpRequestUrl, springMvcController.HttpMappingParameter); var o2Finding = new O2Finding(findingText, findingType) { file = springMvcController.FileName, lineNumber = springMvcController.LineNumber }; var rootTrace = new O2Trace(findingType); var sourceTrace = new O2Trace(springMvcController.HttpRequestUrl) { traceType = TraceType.Source }; var sinkTrace = new O2Trace(springMvcController.JavaClass) { traceType = TraceType.Known_Sink }; var postTrace = new O2Trace(springMvcController.JavaClassAndFunction); rootTrace.childTraces.Add(sourceTrace); sourceTrace.childTraces.Add(sinkTrace); sinkTrace.childTraces.Add(postTrace); o2Finding.o2Traces.Add(rootTrace); rootTrace.file = sourceTrace.file = sinkTrace.file = o2Finding.file; rootTrace.lineNumber = sourceTrace.lineNumber = sinkTrace.lineNumber = o2Finding.lineNumber; findingsCreated.Add(o2Finding); } } catch (Exception ex) { DI.log.ex(ex, "in createFindingForUsesOfGetParameter"); } } // findingsCreated.Add(o2Finding); findingsViewer.clearO2Findings(); findingsViewer.loadO2Findings(findingsCreated); }
public static void addCatNetTransformationsAsO2Traces(O2Finding o2Finding, XmlElement transformations) { // ReSharper disable PossibleNullReferenceException //var o2Trace = new O2Trace(); //o2Finding.o2Traces.Add(o2Trace); foreach (XmlNode transformation in transformations.ChildNodes) { var o2Trace = new O2Trace { context = (transformation["Statement"] == null) ? "" : transformation["Statement"].InnerText, lineNumber = (transformation.Attributes["line"] == null) ? 0 : uint.Parse(transformation.Attributes["line"].Value), file = (transformation.Attributes["file"] == null) ? "" : transformation.Attributes["file"].Value }; switch (transformation.Name) { case "Origin": o2Finding.o2Traces.Add(new O2Trace { clazz = "Origin", traceType = TraceType.Source, method = transformation["StatementMethod"].InnerText, signature = transformation["StatementMethod"].InnerText, context = o2Trace.context, lineNumber = o2Trace.lineNumber, file = o2Trace.file }); o2Finding.o2Traces.Add(o2Trace); break; case "MethodBoundary": case "CallResult": o2Trace.clazz = transformation.Name; o2Trace.method = transformation["Method"].InnerText; o2Trace.signature = o2Trace.method; if (o2Finding.o2Traces.Count > 0) { o2Finding.o2Traces[0].childTraces.Add(o2Trace); o2Trace.traceType = o2Finding.o2Traces[0].childTraces.Count == (transformations.ChildNodes.Count - 1) ? TraceType.Known_Sink : TraceType.Root_Call; } else o2Finding.o2Traces.Add(o2Trace); break; default: break; } } // ReSharper restore PossibleNullReferenceException }
public static bool mapJavaAttributesToFinding(O2Finding o2Finding, string xmlAttributeFile) { var source = o2Finding.Source; var filteredSignature = new FilteredSignature(source); //DI.log.info(filteredSignature.sFunctionClass + " - " + filteredSignature.sFunctionName); var xClassElement = getClassDataFromXmlAttributeFile(xmlAttributeFile, filteredSignature.sFunctionClass); if (xClassElement != null) { SpringMVCAttributes.addClassAttributesToFinding(xClassElement, o2Finding); var xMethodElement = getMethodDataFromXmlAttributeFile(xClassElement, filteredSignature.sFunctionName); if (xMethodElement != null) { SpringMVCAttributes.addMethodAttributesToFinding(xMethodElement, o2Finding); return true; // DI.log.info("have xElement"); } } return false; //DI.log.info("mapping finding {0} with xml file {1}", o2Finding.ToString(), xmlAttributeFile); }
private IO2Assessment createO2AssessmentFromFindBugsObject(Xsd.BugCollection findBugsObject, String fileName) { var o2Assessment = new O2Assessment(); o2Assessment.name = "FindBugs Import of: " + fileName; foreach (var bug in findBugsObject.BugInstance) { var o2Finding = new O2Finding { vulnName = bug.type, vulnType = bug.category + "." + bug.abbrev, severity = bug.priority, confidence = 2 }; // o2Finding.text.Add(threat.Description); foreach (var item in bug.Items) { var o2Trace = new O2Trace(); switch (item.GetType().Name) { case "BugCollectionBugInstanceClass": var clazz = (BugCollectionBugInstanceClass) item; o2Trace.signature = "Class: " + clazz.classname; o2Trace.context = "Class: " + clazz.role; o2Trace.file = tryToResolveFullFilePath(clazz.SourceLine.sourcepath, findBugsObject); o2Trace.lineNumber = 0; break; case "BugCollectionBugInstanceSourceLine": var sourceLine = (BugCollectionBugInstanceSourceLine)item; o2Trace.signature = "SourceLine: " + sourceLine.sourcefile + " on line " + sourceLine.start; o2Trace.file = tryToResolveFullFilePath(sourceLine.sourcepath , findBugsObject); o2Trace.lineNumber = sourceLine.start; break; case "BugCollectionBugInstanceMethod": var method = (BugCollectionBugInstanceMethod)item; o2Trace.signature = "Method: + " + method.signature; o2Trace.file = tryToResolveFullFilePath(method.SourceLine.sourcepath, findBugsObject); o2Trace.lineNumber = method.SourceLine.start; break; case "BugCollectionBugInstanceClassSourceLine": o2Trace.signature = "ClassSourceLine"; break; case "BugCollectionBugInstanceField": o2Trace.signature = "Field"; break; case "BugCollectionBugInstanceFieldSourceLine": o2Trace.signature = "FieldSourceLine"; break; case "BugCollectionBugInstanceMethodSourceLine": o2Trace.signature = "MethodSourceLine"; break; case "BugCollectionBugInstanceInt": o2Trace.signature = "Int"; break; case "BugCollectionBugInstanceLocalVariable": o2Trace.signature = "LocalVariable"; break; case "BugCollectionBugInstanceString": o2Trace.signature = "String"; break; case "BugCollectionBugInstanceProperty": o2Trace.signature = "Property"; break; case "BugCollectionBugInstanceType": o2Trace.signature = "Type"; break; case "BugCollectionBugInstanceTypeSourceLine": o2Trace.signature = "TypeSourceLine"; break; case "Object": // ignore it break; default: o2Trace.signature = item.GetType().Name; break; } o2Finding.o2Traces.Add(o2Trace); } o2Assessment.o2Findings.Add(o2Finding); } return o2Assessment; }
public static List<IO2Finding> createO2FindingsFromCirFunction(ICirFunction cirFunction, bool createNewFindingOnExternalCall) { var o2FindingsCreated = new List<IO2Finding>(); var filteredSignature = new FilteredSignature(cirFunction); var functionSignature = filteredSignature.sSignature; var rootO2Finding = new O2Finding { method = cirFunction.ClassNameFunctionNameAndParameters, vulnName = functionSignature, vulnType = "O2.CirGeneratedTrace", severity = 2, confidence = 2, file= cirFunction.File }; if (cirFunction.File != null) { UInt32 lineNumber; if (UInt32.TryParse(cirFunction.FileLine, out lineNumber)) rootO2Finding.lineNumber = lineNumber; } createTracesAndFindingsFromCirFunction(cirFunction, rootO2Finding.file, rootO2Finding.lineNumber, rootO2Finding.o2Traces, new List<IO2Trace>(), rootO2Finding, o2FindingsCreated, createNewFindingOnExternalCall); // make the first trace a Source rootO2Finding.o2Traces[0].traceType = TraceType.Source; // and add it to the list of Findings Created o2FindingsCreated.Add(rootO2Finding); return o2FindingsCreated; }
private IO2Assessment createO2AssessmentFromCodeCrawlerObject(taintResultSet appScanDEResultsFile, String fileName) { var o2Assessment = new O2Assessment(); o2Assessment.name = "AppScan Import of: " + fileName; var o2Findings = new List<IO2Finding>(); foreach (taintResultSetTaintResult resultSet in appScanDEResultsFile.TaintResult) { //log.info(" id: {0} {1} {2}", resultSet.id, resultSet.issueID, resultSet.userSeverity); var o2Finding = new O2Finding(); o2Finding.vulnName = resultSet.issueID; o2Finding.vulnType = resultSet.issueID; //o2Finding.severity = resultSet.userSeverity; var sourceNode = new O2Trace(resultSet.taintSource.className + "." + resultSet.taintSource.methodName + resultSet.taintSource.methodSignature); sourceNode.traceType = TraceType.Source; //sourceNode.file = resultSet.taintSource.fileName; var lastNode = sourceNode; foreach (var taintStep in resultSet.taintStep) { var stepNode = new O2Trace(taintStep.className + "." + taintStep.methodName + taintStep.methodSignature); // set filename and line number for step trace: stepNode.file = taintStep.fileName; stepNode.lineNumber = taintStep.highlight.lineNumber; if (taintStep.snippetText != null) { var splittedText = taintStep.snippetText.Split(new[] { '\n' }); var lineIndex = taintStep.highlight.lineNumber - taintStep.snippetStartLine; if (taintStep.snippetText != "") { stepNode.context = (lineIndex > -1) ? splittedText[lineIndex - 1] : taintStep.snippetText; stepNode.context = "> " + stepNode.context.Replace("\t", " ").Trim() + " \n\n -------- \n\n" + taintStep.snippetText; } } // make the finding have the values of the last taitstep o2Finding.file = taintStep.fileName; o2Finding.lineNumber = taintStep.highlight.lineNumber; // set childnodes lastNode.childTraces.Add(stepNode); lastNode = stepNode; } var sinkNode = new O2Trace(resultSet.taintSink.className + "." + resultSet.taintSink.methodName + resultSet.taintSink.methodSignature); sinkNode.traceType = TraceType.Known_Sink; //sinkNode.file = resultSet.taintSink.fileName; lastNode.childTraces.Add(sinkNode); o2Finding.o2Traces.Add(sourceNode); o2Findings.Add(o2Finding); o2Assessment.o2Findings.Add(o2Finding); } return o2Assessment; }
public static List<IO2Finding> calculate_Url_to_EntryMethod_Mappings(string pathWithSourceFiles, string urlBase, string port, ProgressBar progressBar) { var o2Findings = new List<IO2Finding>(); var filesToAnalyze = pathWithSourceFiles.files("*.cs",true); progressBar.maximum(filesToAnalyze.size()); foreach(var file in filesToAnalyze) { "Processing file:{0}".info(file); var url = urlBase.format(port, file.replace(pathWithSourceFiles,"").replace(".ascx.cs","")); foreach(var type in file.csharpAst().types(true)) foreach(var baseType in type.BaseTypes) if (baseType.str() == "System.Web.UI.UserControl") { var astData = new O2MappedAstData(); astData.loadFile(file); foreach(var iMethod in astData.iMethods()) { var o2Finding = new O2Finding(); o2Finding.vulnName = url; o2Finding.vulnType = "Web EntryPoint"; var source = new O2Trace(url); var sink = new O2Trace(iMethod.fullName()); source.traceType = TraceType.Source; sink.traceType = TraceType.Known_Sink; source.childTraces.Add(sink); o2Finding.o2Traces.Add(source); o2Findings.Add(o2Finding); } } progressBar.increment(1); } return o2Findings; }