/* * Move include file symbolTable from mst to mift */ public void mvIncludeFiles(List fileList) throws IOException { for (Iterator<String> it1 = this.getIncludeFiles().iterator(); it1.hasNext(); ) { String s = it1.next(); if (GlobalDataApp.args_flags[3] == 1) { if (GlobalDataSqli.MainSymbolTable.containsKey(s) == true) { GlobalDataSqli.MainIncludeFilesTable.put( s, (SymbolTable) GlobalDataSqli.MainSymbolTable.get(s)); GlobalDataSqli.MainSymbolTable.remove(s); } else { if (GlobalDataSqli.MainIncludeFilesTable.containsKey(s) == false) { try { // file include do not exists in mst and mift // Create AST buildAST ast = new buildAST(s, 0); CommonTreeNodeStream nodes = ast.getNodes(); // build walker tree to SQLI buildWalkerTree_sqli sqli = new buildWalkerTree_sqli( nodes, s, GlobalDataSqli.MainSymbolTable, GlobalDataSqli.MainIncludeFilesTable, GlobalDataSqli.MainFunctionsTable, GlobalDataSqli.MainFunctionsTaintedTable, GlobalDataSqli.MainTaintedTable, GlobalDataSqli.mus, GlobalDataSqli.MainLinesToCorrect, GlobalDataSqli.MainClassesTable, GlobalDataSqli.MainInstancesTable, fileList); GlobalDataSqli.MainIncludeFilesTable.put( s, (SymbolTable) GlobalDataSqli.MainSymbolTable.get(s)); GlobalDataSqli.MainSymbolTable.remove(s); } catch (RecognitionException ex) { Logger.getLogger(SymbolTable.class.getName()).log(Level.SEVERE, null, ex); } } } SymbolTable st_aux = GlobalDataSqli.MainIncludeFilesTable.get(s); if (st_aux.getIncludeFiles().isEmpty() == false) { st_aux.mvIncludeFiles(fileList); } } if (GlobalDataApp.args_flags[6] == 1) { if (GlobalDataCodeInj.MainSymbolTable.containsKey(s) == true) { GlobalDataCodeInj.MainIncludeFilesTable.put( s, (SymbolTable) GlobalDataCodeInj.MainSymbolTable.get(s)); GlobalDataCodeInj.MainSymbolTable.remove(s); } else { if (GlobalDataCodeInj.MainIncludeFilesTable.containsKey(s) == false) { // file include do not exists in mst and mift // Create AST buildAST ast = new buildAST(s, 0); CommonTreeNodeStream nodes = ast.getNodes(); // build walker tree to SQLI buildWalkerTree_CodeInj ci = new buildWalkerTree_CodeInj( nodes, s, GlobalDataCodeInj.MainSymbolTable, GlobalDataCodeInj.MainIncludeFilesTable, GlobalDataCodeInj.MainFunctionsTable, GlobalDataCodeInj.MainFunctionsTaintedTable, GlobalDataCodeInj.MainTaintedTable, GlobalDataCodeInj.mus, GlobalDataCodeInj.MainLinesToCorrect, GlobalDataCodeInj.MainClassesTable, GlobalDataCodeInj.MainInstancesTable, fileList); GlobalDataCodeInj.MainIncludeFilesTable.put( s, (SymbolTable) GlobalDataCodeInj.MainSymbolTable.get(s)); GlobalDataCodeInj.MainSymbolTable.remove(s); } } SymbolTable st_aux = GlobalDataCodeInj.MainIncludeFilesTable.get(s); if (st_aux.getIncludeFiles().isEmpty() == false) { st_aux.mvIncludeFiles(fileList); } } if (GlobalDataApp.args_flags[7] == 1) { if (GlobalDataXSS.MainSymbolTable.containsKey(s) == true) { GlobalDataXSS.MainIncludeFilesTable.put( s, (SymbolTable) GlobalDataXSS.MainSymbolTable.get(s)); GlobalDataXSS.MainSymbolTable.remove(s); } else { if (GlobalDataXSS.MainIncludeFilesTable.containsKey(s) == false) { // file include do not exists in mst and mift // Create AST buildAST ast = new buildAST(s, 0); CommonTreeNodeStream nodes = ast.getNodes(); // build walker tree to SQLI buildWalkerTree_XSS xss = new buildWalkerTree_XSS( nodes, s, GlobalDataXSS.MainSymbolTable, GlobalDataXSS.MainIncludeFilesTable, GlobalDataXSS.MainFunctionsTable, GlobalDataXSS.MainFunctionsTaintedTable, GlobalDataXSS.MainTaintedTable, GlobalDataXSS.mus, GlobalDataXSS.MainLinesToCorrect, GlobalDataXSS.MainClassesTable, GlobalDataXSS.MainInstancesTable, fileList); GlobalDataXSS.MainIncludeFilesTable.put( s, (SymbolTable) GlobalDataXSS.MainSymbolTable.get(s)); GlobalDataXSS.MainSymbolTable.remove(s); } } SymbolTable st_aux = GlobalDataXSS.MainIncludeFilesTable.get(s); if (st_aux.getIncludeFiles().isEmpty() == false) { st_aux.mvIncludeFiles(fileList); } } } }
public static void outputAnalysis( String type_analyse, FileWriter outFile, String diff_date_ldapi, List files) throws IOException { int vuu = 0, fpp = 0; Integer j; for (Iterator<Integer> it = GlobalDataLDAPi.MainNumVul.values().iterator(); it.hasNext(); ) { j = it.next(); vuu += j; } for (Iterator<Integer> it = GlobalDataLDAPi.MainNumFP.values().iterator(); it.hasNext(); ) { j = it.next(); fpp += j; } String setPlainText = ""; String setBoldText = ""; if (GlobalDataApp.isWindows.booleanValue() == false) { setPlainText = "\033[0;0m"; setBoldText = "\033[0;1m"; } System.out.println(setBoldText + "\n\n + Type of Analysis: LDAPI"); System.out.println(" > Summary:" + setPlainText); if (GlobalDataApp.args_flags[4] == 1) { outFile.write("\n\n + Type of Analysis: LDAPI\n"); outFile.write(" > Summary:\n"); } if (vuu + fpp > 0) { System.out.println(" - Time of analysis: " + diff_date_ldapi); System.out.println( " - Number of vulnerabilities detected: " + setBoldText + (vuu + fpp) + setPlainText); System.out.println(" - Real vulnerabilities: " + setBoldText + vuu + setPlainText); System.out.println(" - False positives: " + setBoldText + fpp + setPlainText); System.out.println( " - Number of vulnerable files: " + setBoldText + GlobalDataLDAPi.MainListVulners.size() + setPlainText); System.out.println(" - List of vulnerable files:"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - Time of analysis: " + diff_date_ldapi + "\n"); outFile.write(" - Number of vulnerabilities detected: " + (vuu + fpp) + "\n"); outFile.write(" - Real vulnerabilities: " + vuu + "\n"); outFile.write(" - False positives: " + fpp + "\n"); outFile.write( " - Number of vulnerable files: " + GlobalDataLDAPi.MainListVulners.size() + "\n"); outFile.write(" - List of vulnerable files:\n"); } for (Iterator<ListVulners> it = GlobalDataLDAPi.MainListVulners.values().iterator(); it.hasNext(); ) { ListVulners lv = it.next(); System.out.println("\t " + lv.getFilename()); if (GlobalDataApp.args_flags[4] == 1) { outFile.write("\t " + lv.getFilename() + "\n"); } } if (GlobalDataApp.args_flags[5] == 0) { // code needed for keyboard input BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); String temp; System.out.println("\n\nPress enter to view vulnerabilities..."); temp = br.readLine(); } } else { System.out.println(" - Time of analysis: " + diff_date_ldapi); System.out.println( " - Number of vulnerabilities detected: " + setBoldText + "none" + setPlainText); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - Time of analysis: " + diff_date_ldapi + "\n"); outFile.write(" - Number of vulnerabilities detected: none\n"); } return; } ListVulners lv = null; for (Iterator<ListVulners> it = GlobalDataLDAPi.MainListVulners.values().iterator(); it.hasNext(); ) { lv = it.next(); if (GlobalDataApp.args_flags[5] == 0) { String file = lv.getFilename(); ManageFiles ff = new ManageFiles(file); System.out.println( setBoldText + "\n> > > > File: " + setPlainText + file + setBoldText + " < < < <" + setPlainText); System.out.println(setBoldText + " > Information:" + setPlainText); System.out.println(" - Number of Lines of Code: " + ff.getNumberLinesFile()); if (GlobalDataApp.args_flags[4] == 1) { outFile.write("\n> > > > File: " + file + " < < < <\n"); outFile.write(" > Information:\n"); outFile.write(" - Number of Lines of Code: " + ff.getNumberLinesFile() + "\n"); } // is a include file? if (GlobalDataLDAPi.MainIncludeFilesTable.containsKey(file) == true) { System.out.println(" - It is a include file: yes"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - It is a include file: yes\n"); } } else { System.out.println(" - It is a include file: no"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - It is a include file: no\n"); } } // list of included files from "regular" or include file SymbolTable st = null; if (GlobalDataLDAPi.MainSymbolTable.containsKey(file) == true) st = GlobalDataLDAPi.MainSymbolTable.get(file); else st = GlobalDataLDAPi.MainIncludeFilesTable.get(file); if (st.getIncludeFiles().isEmpty() == false) { System.out.println(" - Included files:"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - Included files:\n"); } for (int i = 0; i < st.getIncludeFiles().size(); i++) { System.out.println("\t " + st.getIncludeFiles().get(i)); if (GlobalDataApp.args_flags[4] == 1) { outFile.write("\t " + st.getIncludeFiles().get(i) + "\n"); } } } else { System.out.println(" - Included files: none"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - Included files: none\n"); } } // list of defined user functioms if (GlobalDataLDAPi.MainFunctionsTable.containsKey(file) == true) { MethodTable mt = GlobalDataLDAPi.MainFunctionsTable.get(file); System.out.println(" - Defined user functions:"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - Defined user functions:\n"); } for (Iterator<MethodSymbol> it1 = mt.getMembers().iterator(); it1.hasNext(); ) { MethodSymbol ms = it1.next(); System.out.println("\t " + ms.getFunctionName()); if (GlobalDataApp.args_flags[4] == 1) { outFile.write("\t " + ms.getFunctionName() + "\n"); } } } else { System.out.println(" - Defined user function: none"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write(" - Defined user function: none\n"); } } // list of vulnerabilities of file VulnerLDAPI v; vuu = lv.getListOfVulners().size(); fpp = 0; for (Iterator<VulnerLDAPI> it1 = lv.getListOfVulners().iterator(); it1.hasNext(); ) { v = it1.next(); if (v.IsFP() == 1) fpp++; } vuu -= fpp; System.out.println( " - Number of Vulnerabilities detected: " + setBoldText + lv.getListOfVulners().size() + setPlainText); System.out.println( " - Real Vulnerabilities: " + setBoldText + vuu + setPlainText); System.out.println(" - False positives: " + setBoldText + fpp + setPlainText); if (GlobalDataApp.args_flags[4] == 1) { outFile.write( " - Number of Vulnerabilities detected: " + lv.getListOfVulners().size() + "\n"); outFile.write(" - Real Vulnerabilities: " + vuu + "\n"); outFile.write(" - False positives: " + fpp + "\n"); } analysisOfFile(lv, outFile, file.toString()); if (it.hasNext() && GlobalDataApp.args_flags[0] == 1) { // code needed for keyboard input BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); String temp; System.out.println("\n\nPress enter to view vulnerabilities of next file..."); temp = br.readLine(); } } } // CORRECAO no file if (GlobalDataApp.args_flags[0] == 0) { // code needed for keyboard input BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); String temp; System.out.println("\n\nPress enter to proceed automatic correction..."); temp = br.readLine(); try { LinesToCorrect ltc; int i = GlobalDataLDAPi.MainLinesToCorrect.size(); for (Iterator<LinesToCorrect> it = GlobalDataLDAPi.MainLinesToCorrect.values().iterator(); it.hasNext(); ) { ltc = it.next(); OutputAnalysisLDAPi.outputAnalysisWithCorrection(type_analyse, ltc.getNameFile(), ltc, i); i--; } } catch (Exception e) { } System.out.println("\n\nAutomatic correction complete !!!"); if (GlobalDataApp.args_flags[4] == 1) { outFile.write("\n\nAutomatic correction complete !!!\n"); } } }