private static string fromAssessmentRunFileCreateNewFileWithUniqueTraces(string sPathToNewAssessmentFile, bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation)
{
string sTargetFilename;
DI.log.debug("Create file with unique traces");
//
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6NewFile = null;
Analysis.loadAssessmentFile(sPathToNewAssessmentFile, false, ref oadO2AssessmentDataOunceV6NewFile);
Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType;
bool bChangeFindingData = false;
var ffsmFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation,
ffnFindingNameFormat, bChangeFindingData);
AssessmentRun arFilteredAssessmentRun =
Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffsmFilter, oadO2AssessmentDataOunceV6NewFile);
DI.log.debug("Completed process of filtering to remove duplicate findings");
sTargetFilename = sPathToNewAssessmentFile + "_UniqueTraces.ozasmt";
Analysis.saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename,
oadO2AssessmentDataOunceV6NewFile);
return(sTargetFilename);
}
private static string fromAssessmentRunFileCreateNewFileWithUniqueTraces(string sPathToNewAssessmentFile, bool bDropDuplicateSmartTraces, bool bIgnoreRootCallInvocation)
{
string sTargetFilename;
DI.log.debug("Create file with unique traces");
//
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6NewFile = null;
Analysis.loadAssessmentFile(sPathToNewAssessmentFile, false, ref oadO2AssessmentDataOunceV6NewFile);
Analysis.FindingNameFormat ffnFindingNameFormat = Analysis.FindingNameFormat.FindingType;
bool bChangeFindingData = false;
var ffsmFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation,
ffnFindingNameFormat, bChangeFindingData);
AssessmentRun arFilteredAssessmentRun =
Analysis.createFilteredAssessmentRunObjectBasedOnCriteria(ffsmFilter, oadO2AssessmentDataOunceV6NewFile);
DI.log.debug("Completed process of filtering to remove duplicate findings");
sTargetFilename = sPathToNewAssessmentFile + "_UniqueTraces.ozasmt";
Analysis.saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename,
oadO2AssessmentDataOunceV6NewFile);
return sTargetFilename;
}
public static void calculateFindingsStatistics(AssessmentRun arAssessmentRunToAnalyze, UInt32 iActionObjectId,
bool bMatchActionObjectId,
ref int iFindings, ref int iAssessmentFiles,
ref int iSmartTraces, ref int iLostSinks,
ref int iSmartTraces_NotDuplicate,
ref int iSmartTraces_NotDuplicate_IgnoreRoot,
ref int iLostSinks_NotDuplicate,
ref int iLostSinks_NotDuplicate_IgnoreRoot)
{
try
{
if (arAssessmentRunToAnalyze == null)
return;
FindingNameFormat ffnFindingNameFormat = FindingNameFormat.FindingType;
// using default value (we are not going to need this value here (since we are only calculating statistics))
bool bChangeFindingData = false; // this is the value that prevents changes
bool bIgnoreRootCallInvocation = false;
bool bDropDuplicateSmartTraces = false;
// filters to find all SmartTraces and Lost Sinks
var ffsmSmartTraces = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation,
ffnFindingNameFormat,
bChangeFindingData);
var fflLostSinks = new AnalysisFilters.filter_FindLostSinks(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation,
ffnFindingNameFormat, bChangeFindingData);
//filters to find SmartTraces and Lost Sinks when droping duplicate smart traces (bDropDuplicateSmartTraces = true;)
bDropDuplicateSmartTraces = true;
var ffsmSmartTraces_NotDuplicated = new AnalysisFilters.filter_FindSmartTraces(
bDropDuplicateSmartTraces, bIgnoreRootCallInvocation, ffnFindingNameFormat, bChangeFindingData);
var fflLostSinks_NotDuplicated = new AnalysisFilters.filter_FindLostSinks(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation,
ffnFindingNameFormat,
bChangeFindingData);
//filters to find SmartTraces and Lost Sinks when droping duplicate smart traces AND Ignoring the root call invocation (bIgnoreRootCallInvocation = true;)
bIgnoreRootCallInvocation = true;
var ffsmSmartTraces_NotDuplicated_IgnoreRoot =
new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces, bIgnoreRootCallInvocation,
ffnFindingNameFormat, bChangeFindingData);
var fflLostSinks_NotDuplicated_IgnoreRoot =
new AnalysisFilters.filter_FindLostSinks(bDropDuplicateSmartTraces, bIgnoreRootCallInvocation,
ffnFindingNameFormat, bChangeFindingData);
// create lists to hold results
var lfFindingsThatMatchCriteria_SmartTraces = new List<AssessmentAssessmentFileFinding>();
var lfFindingsThatMatchCriteria_SmartTraces_NotDuplicated = new List<AssessmentAssessmentFileFinding>();
var lfFindingsThatMatchCriteria_SmartTraces_NotDuplicated_IgnoreRoot =
new List<AssessmentAssessmentFileFinding>();
var lfFindingsThatMatchCriteria_LostSinks = new List<AssessmentAssessmentFileFinding>();
var lfFindingsThatMatchCriteria_LostSinks_NotDuplicated = new List<AssessmentAssessmentFileFinding>();
var lfFindingsThatMatchCriteria_LostSinks_NotDuplicated_IgnoreRoot =
new List<AssessmentAssessmentFileFinding>();
if (StringsAndLists.notNull(arAssessmentRunToAnalyze, typeof (AssessmentRun).Name) &&
null != arAssessmentRunToAnalyze.Assessment.Assessment)
foreach (Assessment aAssessment in arAssessmentRunToAnalyze.Assessment.Assessment)
{
foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile)
{
iAssessmentFiles++;
if (null != afAssessmentFile.Finding)
foreach (AssessmentAssessmentFileFinding fFinding in afAssessmentFile.Finding)
{
if (false == bMatchActionObjectId || fFinding.actionobject_id == iActionObjectId)
// bMatchActionObjectId decides if we filter the results by actionObjectID
{
iFindings++;
if (null != fFinding.Trace)
{
applyFilter(ffsmSmartTraces, lfFindingsThatMatchCriteria_SmartTraces,
fFinding, arAssessmentRunToAnalyze);
applyFilter(ffsmSmartTraces_NotDuplicated,
lfFindingsThatMatchCriteria_SmartTraces_NotDuplicated, fFinding,
arAssessmentRunToAnalyze);
applyFilter(ffsmSmartTraces_NotDuplicated_IgnoreRoot,
lfFindingsThatMatchCriteria_SmartTraces_NotDuplicated_IgnoreRoot,
fFinding, arAssessmentRunToAnalyze);
applyFilter(fflLostSinks, lfFindingsThatMatchCriteria_LostSinks, fFinding,
arAssessmentRunToAnalyze);
applyFilter(fflLostSinks_NotDuplicated,
lfFindingsThatMatchCriteria_LostSinks_NotDuplicated, fFinding,
arAssessmentRunToAnalyze);
applyFilter(fflLostSinks_NotDuplicated_IgnoreRoot,
lfFindingsThatMatchCriteria_LostSinks_NotDuplicated_IgnoreRoot,
fFinding, arAssessmentRunToAnalyze);
}
}
}
}
}
iSmartTraces = lfFindingsThatMatchCriteria_SmartTraces.Count;
iSmartTraces_NotDuplicate = lfFindingsThatMatchCriteria_SmartTraces_NotDuplicated.Count;
iSmartTraces_NotDuplicate_IgnoreRoot =
lfFindingsThatMatchCriteria_SmartTraces_NotDuplicated_IgnoreRoot.Count;
iLostSinks = lfFindingsThatMatchCriteria_LostSinks.Count;
iLostSinks_NotDuplicate = lfFindingsThatMatchCriteria_LostSinks_NotDuplicated.Count;
iLostSinks_NotDuplicate_IgnoreRoot =
lfFindingsThatMatchCriteria_LostSinks_NotDuplicated_IgnoreRoot.Count;
}
catch (Exception e)
{
DI.log.error("In calculateFindingsStatistics: {0}", e.Message);
}
}
// this is used for quick queries (these dictionaries act like pointers to interresting stuff
public static void populateDictionariesWithXrefsToLoadedAssessment(FindingFilter ffFindingFilter,
bool bDropDuplicateSmartTraces,
bool bIgnoreRootCallInvocation,
O2AssessmentData_OunceV6 oadO2AssessmentDataOunceV6)
{
try
{
DateTime dtStart = DateTime.Now;
// reset Dictionary objects
oadO2AssessmentDataOunceV6.dAssessmentFiles =
new Dictionary<AssessmentAssessmentFile, List<AssessmentAssessmentFileFinding>>();
oadO2AssessmentDataOunceV6.dVulnerabilityType = new Dictionary<string, List<AssessmentAssessmentFileFinding>>();
oadO2AssessmentDataOunceV6.dFindings =
new Dictionary<AssessmentAssessmentFileFinding, AssessmentAssessmentFile>();
oadO2AssessmentDataOunceV6.dActionObjects = new Dictionary<uint, List<AssessmentAssessmentFileFinding>>();
oadO2AssessmentDataOunceV6.dFindings_CallInvocation =
new Dictionary<AssessmentAssessmentFileFinding, List<CallInvocation>>();
// make no changes to the finding's data
FindingNameFormat ffnFindingNameFormat = FindingNameFormat.FindingType;
bool bChangeFindingData = false;
// create filter
var fFilter = new AnalysisFilters.filter();
if (ffFindingFilter == FindingFilter.SmartTraces)
//AnalysisFilters.filter_FindSmartTraces ffsmSmartTraces =
fFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation, ffnFindingNameFormat,
bChangeFindingData);
else if (ffFindingFilter == FindingFilter.SmartTraces_LostSink)
fFilter = new AnalysisFilters.filter_FindLostSinks(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation, ffnFindingNameFormat,
bChangeFindingData);
else if (ffFindingFilter == FindingFilter.SmartTraces_LostSink_Unique)
fFilter = new AnalysisFilters.filter_FindUniqueLostSinks(ffnFindingNameFormat, bChangeFindingData);
// create list to contain all findings that match criteria
oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria = new List<AssessmentAssessmentFileFinding>();
var lsAssessmentFiles = new List<String>();
if (StringsAndLists.notNull(oadO2AssessmentDataOunceV6.arAssessmentRun, typeof (AssessmentRun).Name))
if (null != oadO2AssessmentDataOunceV6.arAssessmentRun.Assessment.Assessment)
foreach (Assessment aAssessment in oadO2AssessmentDataOunceV6.arAssessmentRun.Assessment.Assessment)
if (null != aAssessment.AssessmentFile)
foreach (AssessmentAssessmentFile afAssessmentFile in aAssessment.AssessmentFile)
{
if (afAssessmentFile.Finding != null)
{
// create list to contain findings (from the current file) that match criteria
var lfFindingsThatMatchCriteria = new List<AssessmentAssessmentFileFinding>();
foreach (AssessmentAssessmentFileFinding fFinding in afAssessmentFile.Finding)
{
// populate Findings Dictionary (dFindings)
oadO2AssessmentDataOunceV6.dFindings.Add(fFinding, afAssessmentFile);
// create list for dictionary with finding CallList
oadO2AssessmentDataOunceV6.dFindings_CallInvocation.Add(fFinding,
new List<CallInvocation>());
// calculate CallList
if (fFinding.Trace != null)
AnalysisUtils.getListWithMethodsCalled_Recursive(fFinding.Trace,
oadO2AssessmentDataOunceV6.
dFindings_CallInvocation
[fFinding],
oadO2AssessmentDataOunceV6,
SmartTraceFilter.
MethodName);
/* Analysis.addCallsToNode_Recursive(fFinding.Trace, tnTempNode, fadO2AssessmentData, stfSmartTraceFilter);
List<TreeNode> tnAllNodes = forms.getListWithAllNodesFromTreeView(tnTempNode.Nodes);
foreach (TreeNode tnNode in tnAllNodes)
tnFinding.Nodes.Add((TreeNode)tnNode.Clone());*/
// process filtered Findings
if (ffFindingFilter == FindingFilter.AllFindings ||
ffFindingFilter == FindingFilter.NoSmartTraces && fFinding.Trace == null)
{
lfFindingsThatMatchCriteria.Add(fFinding);
oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria.Add(fFinding);
}
else // which is this case
{
// run filter for the findings that have a trace
if ((ffFindingFilter == FindingFilter.SmartTraces ||
ffFindingFilter == FindingFilter.SmartTraces_LostSink ||
ffFindingFilter == FindingFilter.SmartTraces_LostSink_Unique)
&& fFinding.Trace != null)
//applyFilter(fFilter, lfFindingsThatMatchCriteria, fFinding, fadO2AssessmentData.arAssessmentRun);
if (applyFilter(fFilter,
oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria,
fFinding, oadO2AssessmentDataOunceV6.arAssessmentRun))
lfFindingsThatMatchCriteria.Add(fFinding);
else
{
}
}
}
// populate Assessment Files Dictionary (dAssessmentFiles)
if (lfFindingsThatMatchCriteria.Count > 0)
{
oadO2AssessmentDataOunceV6.dAssessmentFiles.Add(afAssessmentFile,
lfFindingsThatMatchCriteria);
// fadO2AssessmentData.lfAllFindingsThatMatchCriteria.AddRange(lfFindingsThatMatchCriteria);
}
}
}
// populate lfAllFindingsThatMatchCriteria
foreach (AssessmentAssessmentFileFinding fFinding in oadO2AssessmentDataOunceV6.lfAllFindingsThatMatchCriteria)
{
String sVulnType = (fFinding.vuln_type != null)
? fFinding.vuln_type
: OzasmtUtils_OunceV6.getStringIndexValue(UInt32.Parse(fFinding.vuln_type_id),
oadO2AssessmentDataOunceV6);
//if (sVulnType != "Vulnerability.Sink.O2" && sVulnType != "Vulnerability.Source.O2")
// {
// }
// VulnerabilityTypes
if (false == oadO2AssessmentDataOunceV6.dVulnerabilityType.ContainsKey(sVulnType))
// means this is the first Finding of this type
oadO2AssessmentDataOunceV6.dVulnerabilityType[sVulnType] = new List<AssessmentAssessmentFileFinding>();
oadO2AssessmentDataOunceV6.dVulnerabilityType[sVulnType].Add(fFinding);
// ActionObjects
if (false == oadO2AssessmentDataOunceV6.dActionObjects.ContainsKey(fFinding.actionobject_id))
// means this is the first Finding of this type
oadO2AssessmentDataOunceV6.dActionObjects[fFinding.actionobject_id] =
new List<AssessmentAssessmentFileFinding>();
oadO2AssessmentDataOunceV6.dActionObjects[fFinding.actionobject_id].Add(fFinding);
}
// fix externalSource source mapping issue
fixExternalSourceMappingIssue(ref oadO2AssessmentDataOunceV6);
TimeSpan spTimeSpan = DateTime.Now - dtStart;
DI.log.info("Populated Dictionaries With Xrefs To Loaded Assessment in {0}.{1} seconds",
spTimeSpan.Minutes.ToString(), spTimeSpan.Milliseconds.ToString());
}
catch (Exception e)
{
DI.log.error("In populateDictionariesWithXrefsToLoadedAssessment: {0}", e.Message);
}
}
public static String createAssessmentFileWithAllTraces(bool bDropDuplicateSmartTraces,
bool bIgnoreRootCallInvocation,
FindingNameFormat ffnFindingNameFormat,
bool bChangeFindingData,
O2AssessmentData_OunceV6 fadO2AssessmentDataOunceV6,
string sTargetFilename)
{
var ffsmFilter = new AnalysisFilters.filter_FindSmartTraces(bDropDuplicateSmartTraces,
bIgnoreRootCallInvocation, ffnFindingNameFormat,
bChangeFindingData);
AssessmentRun arFilteredAssessmentRun = createFilteredAssessmentRunObjectBasedOnCriteria(ffsmFilter,
fadO2AssessmentDataOunceV6);
saveFilteredAssessmentRun(arFilteredAssessmentRun, sTargetFilename, fadO2AssessmentDataOunceV6);
DI.log.debug("Custom Assessment File with All Traces created: {0}", sTargetFilename);
restoreChangedData(bChangeFindingData, fadO2AssessmentDataOunceV6);
return sTargetFilename;
}