Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: acaa081edd
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 291 lines (247 sloc) 13.672 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290
// This file is part of the OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) and is released under the Apache 2.0 License (http://www.apache.org/licenses/LICENSE-2.0)
using System;
using System.Linq;
using System.Collections.Generic;
using O2.DotNetWrappers.DotNet;
using O2.Interfaces.O2Findings;
using O2.DotNetWrappers.ExtensionMethods;
using O2.Kernel;
using O2.XRules.ThirdPary.IBM;
using O2.XRules.Database.Findings;
//O2File:xsd_Ozasmt_OunceV7_0.cs
//O2File:Findings_ExtensionMethods.cs

using O2.XRules.Database.APIs;
//O2File:_Extra_methods_To_Add_to_Main_CodeBase.cs

namespace O2.XRules.ThirdPary.IBM
{
public class O2AssessmentSave_OunceV7_test
{
public static void test()
{
var testFile = @"E:\_Work\IBM\8.6_files\8.6_files\AltoroJ_2.5 _Callbacks.ozasmt";

var findings = "cachedFindings".o2Cache(()=>testFile.loadO2Findings());
var assessmentSave = new O2AssessmentSave_OunceV7();

var savedFile = assessmentSave.save(findings);
}

}
    public class O2AssessmentSave_OunceV7 : IO2AssessmentSave
    {
        public AssessmentRun assessmentRun {get;set;}

        public O2AssessmentSave_OunceV7()
        {
            engineName = "O2AssessmentSave_OunceV7";
            assessmentRun = O2Assessment_OunceV7_Utils.getDefaultAssessmentRunObject();
        }

        public string engineName {get; set;}
        

        public string save(List<IO2Finding> o2Findings)
        {
            string tempOzasmtFile = PublicDI.config.getTempFileInTempDirectory("ozasmt");

            return (save(o2Findings,tempOzasmtFile)) ? tempOzasmtFile : "";
        }

        public bool save(List<IO2Finding> o2Findings, string sPathToSaveAssessment)
        {
            return save(assessmentRun.name, o2Findings, sPathToSaveAssessment);
        }

        public bool save(string assessmentName, IEnumerable<IO2Finding> o2Findings, string sPathToSaveAssessment)
        {
            createAssessmentRunObject(assessmentName, o2Findings.toList());
            return assessmentRun.saveAs(sPathToSaveAssessment);
        }
public void createAssessmentRunObject(List<IO2Finding> o2Findings)
{
createAssessmentRunObject(assessmentRun.name, o2Findings);
}
        public void createAssessmentRunObject(string assessmentName, List<IO2Finding> o2Findings)
        {
            assessmentRun.name = assessmentName ?? "";
            assessmentRun.Assessment.assessee_file = "";
            assessmentRun.Assessment.assessee_name = assessmentRun.name;
            assessmentRun.Assessment.assessee_type = "Application";
            addO2FindingsToAssessmentRunObject(o2Findings);
        }

        public AssessmentRun createAssessmentRunObject(IO2Assessment o2Assessment)
        {
            createAssessmentRunObject(o2Assessment.name, o2Assessment.o2Findings);
            return assessmentRun;
        }

        public void addO2FindingsToAssessmentRunObject(List<IO2Finding> o2Findings)
        {
         assessmentRun.FilePool = getFilePool(o2Findings);
         assessmentRun.StringPool = getStringPool(o2Findings);
        
            //Dictionary<string, List<AssessmentRunFile>> filesMappedToO2Findings = getFilePool(o2Findings);
            
            /*
var assessmentFiles = new List<AssessmentAssessmentFile>();
foreach (string file in filesMappedToO2Findings.Keys)
{
var assessmentFile = new AssessmentAssessmentFile
{
filename = file,
Finding = filesMappedToO2Findings[file].ToArray()
};
assessmentFiles.Add(assessmentFile);
}
assessmentRun.Assessment.Assessment[0].AssessmentFile = assessmentFiles.ToArray();
*/
        }
        
        public AssessmentRunFile[] getFilePool(List<IO2Finding> o2Findings)
        {
            var uniqueFiles = ( from o2Finding in o2Findings
             where o2Finding.file.notNull()
             select o2Finding.file).distinct();
            
var filesFromTraces = ( from trace in o2Findings.withTraces().allTraces()
where trace.file.notNull()
select trace.file).distinct();

uniqueFiles.add_If_Not_There(filesFromTraces);

var filePool = new List<AssessmentRunFile>();

filePool.add(new AssessmentRunFile() { id=1});
UInt32 id = 2;
foreach(var uniqueFile in uniqueFiles)
filePool.add(new AssessmentRunFile() { id = id++ , value = uniqueFile});



return filePool.ToArray();
        }
        
        public AssessmentRunString[] getStringPool(List<IO2Finding> o2Findings)
        {
var strings = new List<string>();
foreach(var finding in o2Findings)
{
strings.addRange(finding.callerName, finding.context, finding.method,
finding.projectName,finding.vulnName,finding.vulnType);
foreach(var trace in finding.allTraces())
strings.addRange( trace.caller, trace.context ,trace.method ,trace.signature);
}
var filePool = new List<AssessmentRunFile>();

var uniqueStrings = strings.distinct();

var stringPool = new List<AssessmentRunString>();
//stringPool.add(new AssessmentRunString() { id=1});
UInt32 id = 1;
foreach(var uniqueString in uniqueStrings)
stringPool.add(new AssessmentRunString() { id = id++ , value = uniqueString});

return stringPool.ToArray();
        }
/*
public Dictionary<String, List<AssessmentAssessmentFileFinding>> getFilesToO2FindingMappings(IEnumerable<IO2Finding> o2Findings)
{
var filesMappedToO2Findings = new Dictionary<string, List<AssessmentAssessmentFileFinding>>();
// create var to hold string and file Indexes and populate it with the current string indexes
var dStringIndexes = new Dictionary<string, uint>();
var dFilesIndexes = new Dictionary<string, uint>();
foreach (AssessmentRunStringIndex stringIndex in assessmentRun.StringIndeces)
dStringIndexes.Add(stringIndex.value, stringIndex.id);
foreach (AssessmentRunFileIndex siFileIndexes in assessmentRun.FileIndeces)
dFilesIndexes.Add(siFileIndexes.value, siFileIndexes.id);

foreach (IO2Finding o2Finding in o2Findings)
{
if (o2Finding.file == null)
o2Finding.file = "[Findings with NO file mappped]";

if (false == filesMappedToO2Findings.ContainsKey(o2Finding.file))
filesMappedToO2Findings.Add(o2Finding.file, new List<AssessmentAssessmentFileFinding>());

filesMappedToO2Findings[o2Finding.file].Add(OzasmtUtils_OunceV6.getAssessmentAssessmentFileFinding(
o2Finding, dStringIndexes, dFilesIndexes));
}
// finaly update the main string and file indexes
assessmentRun.StringIndeces = OzasmtUtils_OunceV6.createStringIndexArrayFromDictionary(dStringIndexes);
assessmentRun.FileIndeces = OzasmtUtils_OunceV6.createFileIndexArrayFromDictionary(dFilesIndexes);
return filesMappedToO2Findings;
}

/// <summary>
/// This function loads up the ozasmtSource file and adds its stats to a new finding called savedCreatedOzasmtAs
/// which will have the fingdings in o2AssessmentTarget
/// </summary>
/// <param name="ozasmtSource"></param>
/// <param name="o2AssessmentTarget"></param>
/// <param name="savedCreatedOzasmtAs"></param>
public bool addAssessmentStatsFromSourceToO2AssessmentAndSaveIt(string ozasmtSource, IO2Assessment o2AssessmentTarget, string savedCreatedOzasmtAs)
{
AssessmentRun assessmentRunToImport = OzasmtUtils_OunceV6.LoadAssessmentRun(ozasmtSource);
var targetAssessmentRun = createAssessmentRunObject(o2AssessmentTarget);
// map assessmentRunToImport to targetAssessmentRun

// add targetAssessmentRun top level data
targetAssessmentRun.AssessmentStats = assessmentRunToImport.AssessmentStats;
targetAssessmentRun.AssessmentConfig = assessmentRunToImport.AssessmentConfig;
targetAssessmentRun.Messages = assessmentRunToImport.Messages;
// add Assessment data
targetAssessmentRun.Assessment.assessee_name = assessmentRunToImport.Assessment.assessee_name;
targetAssessmentRun.Assessment.AssessmentStats = assessmentRunToImport.AssessmentStats;
targetAssessmentRun.Assessment.owner_name = assessmentRunToImport.Assessment.owner_name;
targetAssessmentRun.Assessment.owner_type = assessmentRunToImport.Assessment.owner_type;

// add project and file data

//create backup of current findings
var currentAssessmentDataBackup = targetAssessmentRun.Assessment.Assessment[0]; // there should only be one
// assign current Assessment array to assessmentRunToImport.Assessment.Assessment
targetAssessmentRun.Assessment.Assessment = assessmentRunToImport.Assessment.Assessment;
// remove all findings references (since what we want is the stats
foreach (var assessment in targetAssessmentRun.Assessment.Assessment)
if (assessment.AssessmentFile != null)
foreach (var assessmentFile in assessment.AssessmentFile)
assessmentFile.Finding = null;
// apppend the currentAssessmentDataBackup to the current Assessment Array
var assessments = new List<Assessment>(targetAssessmentRun.Assessment.Assessment);
assessments.Add(currentAssessmentDataBackup);
targetAssessmentRun.Assessment.Assessment = assessments.ToArray();
//targetAssessmentRun.name = "AAAA";
// save it
return OzasmtUtils_OunceV6.SaveAssessmentRun(assessmentRun, savedCreatedOzasmtAs);
}*/
    }
       
    public class O2Assessment_OunceV7_Utils
    {
     public static AssessmentRun getVersionFromDirectLoad(string ozasmtFile)
{
return OzasmtUtils_OunceV7_0.getAssessmentRunObjectFromXmlFile(ozasmtFile);
}

public static AssessmentRun getVersionFromSaveEngine(string ozasmtFile)
{
var findings = ozasmtFile.loadO2Findings();
var assessmentSave = new O2AssessmentSave_OunceV7();
assessmentSave.createAssessmentRunObject(findings);
return assessmentSave.assessmentRun;
}
    
        public static AssessmentRun getDefaultAssessmentRunObject()
        {
            // this is what we need to create a default assessment
            var defaultName = "DefaultAssessmentRun_v8";
            var defaultVersion = "8.6.0.0";
            
            var arNewAssessmentRun = new AssessmentRun
                                          {
                                             AssessmentStats = new AssessmentRunAssessmentStats(),
AssessmentConfig = new AssessmentRunAssessmentConfig(),
SharedDataStats = new AssessmentRunSharedDataStats(),
StringPool = new AssessmentRunString[] {},
FilePool = new AssessmentRunFile[] {},
SitePool = new AssessmentRunSite[] {},
TaintPool = new AssessmentRunTaint[] {},
FindingDataPool = new AssessmentRunFindingData[] {},
// Assessment = new AssessmentRunAssessment(),
Messages = new AssessmentRunMessage[] {},
name = defaultName,
version = defaultVersion
                                          };
//not sure if this is needed
/* var armMessage = new AssessmentRunMessage
{
id = 0,
message =
("Custom Assessment Run File created on " +
DateTime.Now)
};
arNewAssessmentRun.Messages = new[] { armMessage };*/
            arNewAssessmentRun.Assessment = new AssessmentRunAssessment { Assessment = new[] { new Assessment() } };
            // need to populate the date
            arNewAssessmentRun.AssessmentStats.date =
                (uint)(DateTime.Now.Minute * 1000 + DateTime.Now.Second * 50 + DateTime.Now.Millisecond);
            // This should be enough to create unique timestamps
            return arNewAssessmentRun;
        }
    }
    
    
    public static class O2Assessment_OunceV7_ExtensionMethods
    {
     public static List<string> files (this AssessmentRunFile[] assessmentRunFiles)
     {
     return assessmentRunFiles.Select((assessmentRunFile)=> assessmentRunFile.value).toList();
     }
    
     public static List<string> strings (this AssessmentRunString[] assessmentRunStrings)
     {
     return assessmentRunStrings.Select((assessmentRunString)=> assessmentRunString.value).toList();
     }
    }
}
Something went wrong with that request. Please try again.