public static void getListWithMethodsCalled_Recursive(CallInvocation[] cCallInvocations,
List<CallInvocation> lciMethodsCalled,
O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6,
Analysis.SmartTraceFilter stfSmartTraceFilter)
{
if (cCallInvocations != null)
foreach (CallInvocation cCall in cCallInvocations)
{
lciMethodsCalled.Add(cCall);
//lsMethodsCalled.Add(getTextFromFindingBySmartTraceFilter(cCall,fadO2AssessmentDataOunceV6,stfSmartTraceFilter));
getListWithMethodsCalled_Recursive(cCall.CallInvocation1, lciMethodsCalled, fadO2AssessmentDataOunceV6,
stfSmartTraceFilter);
}
}
public filter_FindUniqueLostSinks(Analysis.FindingNameFormat ffnFindingNameFormat, bool bChangeFindingData)
{
this.ffnFindingNameFormat = ffnFindingNameFormat;
this.bChangeFindingData = bChangeFindingData;
}
public filter_FindSmartTraces(bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation,
Analysis.FindingNameFormat ffnFindingNameFormat, bool bChangeFindingData)
{
this.bDropDuplicateSmartTraces = bDropDuplicateSmartTraces;
this.bIgnoreRootCallInvocation = bIgnoreRootCallInvocation;
this.ffnFindingNameFormat = ffnFindingNameFormat;
this.bChangeFindingData = bChangeFindingData;
}
public filter_FindSmartTrace_byID(UInt32 uSmartTraceCallID, TraceType tTraceType,
bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation,
Analysis.FindingNameFormat ffnFindingNameFormat, bool bChangeFindingData)
{
this.uSmartTraceCallID = uSmartTraceCallID;
this.bDropDuplicateSmartTraces = bDropDuplicateSmartTraces;
this.bIgnoreRootCallInvocation = bIgnoreRootCallInvocation;
this.ffnFindingNameFormat = ffnFindingNameFormat;
this.bChangeFindingData = bChangeFindingData;
this.tTraceType = tTraceType;
}
public filter_FindActionObject(String sActionObjectIdToFind, bool bDropFindingsWithNoTraces,
bool bFilterDuplicateFindings, bool bIgnoreRootCallInvocation,
Analysis.FindingNameFormat ffnFindingNameFormat, bool bChangeFindingData)
{
this.sActionObjectIdToFind = sActionObjectIdToFind;
this.bDropFindingsWithNoTraces = bDropFindingsWithNoTraces;
this.bFilterDuplicateFindings = bFilterDuplicateFindings;
this.bIgnoreRootCallInvocation = bIgnoreRootCallInvocation;
this.ffnFindingNameFormat = ffnFindingNameFormat;
this.bChangeFindingData = bChangeFindingData;
}
public void applyFindingNameFormat(AssessmentRun arAssessmentRun, AssessmentAssessmentFileFinding fFinding,
Analysis.FindingNameFormat ffnFindingNameFormat)
{
switch (ffnFindingNameFormat)
{
case Analysis.FindingNameFormat.FindingType: // do nothing in these cases
break;
case Analysis.FindingNameFormat.FindingType_Sink:
fFinding.vuln_type += " " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.FindingType_Source:
fFinding.vuln_type += " " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Sink:
fFinding.vuln_type = " " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Source:
fFinding.vuln_type = " " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Sink_Source:
fFinding.vuln_type = resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
" " +
resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
case Analysis.FindingNameFormat.Source_Sink:
fFinding.vuln_type = resolveSource(arAssessmentRun, fFinding.Trace[0].CallInvocation1) +
" " +
resolveSink(arAssessmentRun, fFinding.Trace[0].CallInvocation1);
break;
}
}
public static String getTextFromFindingBySmartTraceFilter(CallInvocation cCall,
O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6,
Analysis.SmartTraceFilter stfSmartTraceFilter)
{
String sText = "";
//case Analysis.SmartTraceFilter.MethodName: // Use this as the default (since it will cover for the cases where the context or source are empty
if (cCall.sig_id == 0 && cCall.fn_id > 0)
sText = fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces[cCall.fn_id - 1].value;
else if (cCall.sig_id == 0)
sText = "...";
else
sText = fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces[cCall.sig_id - 1].value;
switch (stfSmartTraceFilter)
{
case Analysis.SmartTraceFilter.Context:
if (0 != cCall.cxt_id)
sText = fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces[cCall.cxt_id - 1].value;
break;
case Analysis.SmartTraceFilter.SourceCode:
List<String> lsSourceCode =
Files.loadSourceFileIntoList(
fadO2AssessmentDataOunceV6.arAssessmentRun.FileIndeces[cCall.fn_id - 1].value);
String sSounceCodeLine = Files.getLineFromSourceCode(cCall.line_number, lsSourceCode);
if ("" != sSounceCodeLine)
{
sText = sSounceCodeLine;
sText = sText.Replace("\t", "");
}
break;
}
return sText;
}
public static void addCallsToNode_Recursive(CallInvocation[] cCallInvocations, TreeNode tnTargetNode,
O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6,
Analysis.SmartTraceFilter stfSmartTraceFilter)
{
if (cCallInvocations != null)
foreach (CallInvocation cCall in cCallInvocations)
{
String sNodeText = "";
if (cCall.mn_id > fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces.Length ||
cCall.sig_id > fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces.Length)
DI.log.error(
"In addCallsToNode_Recursive cCall.sig_id or cCall.cxt_id or fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces.Length ");
else
{
sNodeText =
getTextFromFindingBySmartTraceFilter(cCall, fadO2AssessmentDataOunceV6, stfSmartTraceFilter).Trim();
/*switch (stfSmartTraceFilter)
{
case Analysis.SmartTraceFilter.MethodName:
sNodeText = (cCall.sig_id == 0) ? "" : fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces[cCall.sig_id - 1].value;
break;
case Analysis.SmartTraceFilter.Context:
sNodeText = (cCall.cxt_id == 0) ? "" : fadO2AssessmentDataOunceV6.arAssessmentRun.StringIndeces[cCall.cxt_id - 1].value;
break;
case Analysis.SmartTraceFilter.SourceCode:
List<String> lsSourceCode = forms.loadSourceFileIntoList(fadO2AssessmentDataOunceV6.arAssessmentRun.FileIndeces[cCall.fn_id - 1].value);
sNodeText = getLineFromSourceCode(cCall.line_number, lsSourceCode);
sNodeText = sNodeText.Replace("\t", "");
break;
}*/
}
var tnCallNode = new TreeNode(sNodeText) {Tag = cCall};
switch (cCall.trace_type)
{
case 1: // Analysis.TraceType.Root_Call:
tnCallNode.ForeColor = Color.DarkBlue;
break;
case 5: // Analysis.TraceType.Lost_Sink:
tnCallNode.ForeColor = Color.DarkOrange;
break;
case 2: // Analysis.TraceType.Source:
tnCallNode.ForeColor = Color.DarkRed;
break;
case 3: // Analysis.TraceType.Known_Sink:
tnCallNode.ForeColor = Color.Red;
break;
case 4: // Analysis.TraceType.Type_4:
tnCallNode.ForeColor = Color.Green;
break;
default:
break;
}
addCallsToNode_Recursive(cCall.CallInvocation1, tnCallNode, fadO2AssessmentDataOunceV6, stfSmartTraceFilter);
tnTargetNode.Nodes.Add(tnCallNode);
}
}