private static void analysisOfFile(ListVulners lv, FileWriter outFile, String filename)
throws IOException {
VulnerLDAPI v;
String cl, correctedCode = "", aux = "";
Iterator<VulnerLDAPI> it;
int i = 0;
LinesToCorrect ltc;
Object key;
String setPlainText = "";
String setBoldText = "";
if (GlobalDataApp.isWindows.booleanValue() == false) {
setPlainText = "\033[0;0m";
setBoldText = "\033[0;1m";
}
for (it = lv.getListOfVulners().iterator(); it.hasNext(); ) {
v = it.next();
if (v.IsFP() == 0)
System.out.println(setBoldText + "\n\t= = = = Vulnerability n.: " + (i + 1) + " = = = =");
else
System.out.println(
setBoldText
+ "\n\t= = = = Vulnerability n.: "
+ (i + 1)
+ " >>> is a possible False Positive <<< = = = =");
System.out.println("\tVulnerable code:" + setPlainText);
if (GlobalDataApp.args_flags[4] == 1) {
if (v.IsFP() == 0)
outFile.write("\n\t= = = = Vulnerability n.: " + (i + 1) + " = = = =\n");
else
outFile.write(
"\n\t= = = = Vulnerability n.: "
+ (i + 1)
+ " >>> is a possible False Positive <<< = = = =\n");
outFile.write("\tVulnerable code:\n");
}
i++;
try {
// escrever vulnerabilidade e sua correccao no ecra
String f;
correctedCode = "";
for (int l = v.getLinesOfVulner().size() - 1; l >= 0; l--) {
f = "";
if (v.getFilesOfVulner().get(l).equals(lv.getFilename()) == false)
f = (String) v.getFilesOfVulner().get(l);
ManageFiles fff = new ManageFiles((String) v.getFilesOfVulner().get(l));
cl = fff.getLineOfCode((Integer) v.getLinesOfVulner().get(l));
System.out.println("\t" + v.getLinesOfVulner().get(l) + ": " + cl);
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\t" + v.getLinesOfVulner().get(l) + ": " + cl + "\n");
}
if (f.equals("") == false) {
System.out.println("\t (" + f + ")");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\t (" + f + ")\n");
}
}
if (v.IsFP() == 0) {
// escrita do corrected code no ecra
ltc = GlobalDataLDAPi.MainLinesToCorrect.get(v.getFileOfLineToSanitize());
Map sortedMap = new TreeMap(ltc.getMapLinesToCorrect());
if (ltc.getMapLinesToCorrect().containsKey(v.getLinesOfVulner().get(l)) == true) {
key = v.getLinesOfVulner().get(l);
aux = "\t" + (Integer) key + ": " + sortedMap.get(key).toString() + "\n";
} else aux = "\t" + v.getLinesOfVulner().get(l) + ": " + cl + "\n";
correctedCode = correctedCode + aux;
}
}
} catch (Exception e) {
aux = "\tSome unexpected error in analysis happened. Sorry :-(";
correctedCode = correctedCode + aux;
}
if (v.IsFP() == 0) {
System.out.println(setBoldText + "\n\tCorrected code:" + setPlainText);
System.out.println(correctedCode);
if (GlobalDataApp.args_flags[4] == 1)
outFile.write("\n\tCorrected code:\n" + correctedCode);
}
}
}
public static void outputAnalysis(
String type_analyse, FileWriter outFile, String diff_date_ldapi, List files)
throws IOException {
int vuu = 0, fpp = 0;
Integer j;
for (Iterator<Integer> it = GlobalDataLDAPi.MainNumVul.values().iterator(); it.hasNext(); ) {
j = it.next();
vuu += j;
}
for (Iterator<Integer> it = GlobalDataLDAPi.MainNumFP.values().iterator(); it.hasNext(); ) {
j = it.next();
fpp += j;
}
String setPlainText = "";
String setBoldText = "";
if (GlobalDataApp.isWindows.booleanValue() == false) {
setPlainText = "\033[0;0m";
setBoldText = "\033[0;1m";
}
System.out.println(setBoldText + "\n\n + Type of Analysis: LDAPI");
System.out.println(" > Summary:" + setPlainText);
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\n\n + Type of Analysis: LDAPI\n");
outFile.write(" > Summary:\n");
}
if (vuu + fpp > 0) {
System.out.println(" - Time of analysis: " + diff_date_ldapi);
System.out.println(
" - Number of vulnerabilities detected: "
+ setBoldText
+ (vuu + fpp)
+ setPlainText);
System.out.println(" - Real vulnerabilities: " + setBoldText + vuu + setPlainText);
System.out.println(" - False positives: " + setBoldText + fpp + setPlainText);
System.out.println(
" - Number of vulnerable files: "
+ setBoldText
+ GlobalDataLDAPi.MainListVulners.size()
+ setPlainText);
System.out.println(" - List of vulnerable files:");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - Time of analysis: " + diff_date_ldapi + "\n");
outFile.write(" - Number of vulnerabilities detected: " + (vuu + fpp) + "\n");
outFile.write(" - Real vulnerabilities: " + vuu + "\n");
outFile.write(" - False positives: " + fpp + "\n");
outFile.write(
" - Number of vulnerable files: "
+ GlobalDataLDAPi.MainListVulners.size()
+ "\n");
outFile.write(" - List of vulnerable files:\n");
}
for (Iterator<ListVulners> it = GlobalDataLDAPi.MainListVulners.values().iterator();
it.hasNext(); ) {
ListVulners lv = it.next();
System.out.println("\t " + lv.getFilename());
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\t " + lv.getFilename() + "\n");
}
}
if (GlobalDataApp.args_flags[5] == 0) {
// code needed for keyboard input
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String temp;
System.out.println("\n\nPress enter to view vulnerabilities...");
temp = br.readLine();
}
} else {
System.out.println(" - Time of analysis: " + diff_date_ldapi);
System.out.println(
" - Number of vulnerabilities detected: " + setBoldText + "none" + setPlainText);
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - Time of analysis: " + diff_date_ldapi + "\n");
outFile.write(" - Number of vulnerabilities detected: none\n");
}
return;
}
ListVulners lv = null;
for (Iterator<ListVulners> it = GlobalDataLDAPi.MainListVulners.values().iterator();
it.hasNext(); ) {
lv = it.next();
if (GlobalDataApp.args_flags[5] == 0) {
String file = lv.getFilename();
ManageFiles ff = new ManageFiles(file);
System.out.println(
setBoldText
+ "\n> > > > File: "
+ setPlainText
+ file
+ setBoldText
+ " < < < <"
+ setPlainText);
System.out.println(setBoldText + " > Information:" + setPlainText);
System.out.println(" - Number of Lines of Code: " + ff.getNumberLinesFile());
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\n> > > > File: " + file + " < < < <\n");
outFile.write(" > Information:\n");
outFile.write(" - Number of Lines of Code: " + ff.getNumberLinesFile() + "\n");
}
// is a include file?
if (GlobalDataLDAPi.MainIncludeFilesTable.containsKey(file) == true) {
System.out.println(" - It is a include file: yes");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - It is a include file: yes\n");
}
} else {
System.out.println(" - It is a include file: no");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - It is a include file: no\n");
}
}
// list of included files from "regular" or include file
SymbolTable st = null;
if (GlobalDataLDAPi.MainSymbolTable.containsKey(file) == true)
st = GlobalDataLDAPi.MainSymbolTable.get(file);
else st = GlobalDataLDAPi.MainIncludeFilesTable.get(file);
if (st.getIncludeFiles().isEmpty() == false) {
System.out.println(" - Included files:");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - Included files:\n");
}
for (int i = 0; i < st.getIncludeFiles().size(); i++) {
System.out.println("\t " + st.getIncludeFiles().get(i));
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\t " + st.getIncludeFiles().get(i) + "\n");
}
}
} else {
System.out.println(" - Included files: none");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - Included files: none\n");
}
}
// list of defined user functioms
if (GlobalDataLDAPi.MainFunctionsTable.containsKey(file) == true) {
MethodTable mt = GlobalDataLDAPi.MainFunctionsTable.get(file);
System.out.println(" - Defined user functions:");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - Defined user functions:\n");
}
for (Iterator<MethodSymbol> it1 = mt.getMembers().iterator(); it1.hasNext(); ) {
MethodSymbol ms = it1.next();
System.out.println("\t " + ms.getFunctionName());
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\t " + ms.getFunctionName() + "\n");
}
}
} else {
System.out.println(" - Defined user function: none");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(" - Defined user function: none\n");
}
}
// list of vulnerabilities of file
VulnerLDAPI v;
vuu = lv.getListOfVulners().size();
fpp = 0;
for (Iterator<VulnerLDAPI> it1 = lv.getListOfVulners().iterator(); it1.hasNext(); ) {
v = it1.next();
if (v.IsFP() == 1) fpp++;
}
vuu -= fpp;
System.out.println(
" - Number of Vulnerabilities detected: "
+ setBoldText
+ lv.getListOfVulners().size()
+ setPlainText);
System.out.println(
" - Real Vulnerabilities: " + setBoldText + vuu + setPlainText);
System.out.println(" - False positives: " + setBoldText + fpp + setPlainText);
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write(
" - Number of Vulnerabilities detected: "
+ lv.getListOfVulners().size()
+ "\n");
outFile.write(" - Real Vulnerabilities: " + vuu + "\n");
outFile.write(" - False positives: " + fpp + "\n");
}
analysisOfFile(lv, outFile, file.toString());
if (it.hasNext() && GlobalDataApp.args_flags[0] == 1) {
// code needed for keyboard input
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String temp;
System.out.println("\n\nPress enter to view vulnerabilities of next file...");
temp = br.readLine();
}
}
}
// CORRECAO no file
if (GlobalDataApp.args_flags[0] == 0) {
// code needed for keyboard input
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String temp;
System.out.println("\n\nPress enter to proceed automatic correction...");
temp = br.readLine();
try {
LinesToCorrect ltc;
int i = GlobalDataLDAPi.MainLinesToCorrect.size();
for (Iterator<LinesToCorrect> it = GlobalDataLDAPi.MainLinesToCorrect.values().iterator();
it.hasNext(); ) {
ltc = it.next();
OutputAnalysisLDAPi.outputAnalysisWithCorrection(type_analyse, ltc.getNameFile(), ltc, i);
i--;
}
} catch (Exception e) {
}
System.out.println("\n\nAutomatic correction complete !!!");
if (GlobalDataApp.args_flags[4] == 1) {
outFile.write("\n\nAutomatic correction complete !!!\n");
}
}
}