Casaba’s simple code scanners is a tool we developed to use when we do manual code reviews. During our years doing various penetration tests we’ve come to realize that there is a need for a simple way to manage Regex patterns that lead to specific vulnerabilities. Without having a the weight of a full fledge code analysis tool. CS2 introduces a few lightweight concepts to meet these needs.

 

The core types:

 

-Database backed types-


Issue – Issue’s contain a set of regex patterns. These are used to group patterns into specific vulnerability classes. Issues contain patterns, a template and Classification.

Pattern – This is a representation of a Regex pattern that will be searched on. Patterns indicate issues, and as such have their own data associated with them. (Why is this pattern a problem, how to identify incorrect usage, and proper usage.).

Language – High level language construct for managing the file types searched on and to differentiate patterns between different languages.

File Extension – A simple file extension to be associated with a language to help filter the files actually being searched.

Template – a Razor based template used for bug generation. This is what can be used to generate a bug from a combination of the Issue, Pattern, Classification and MatchInfo (FileInfo, Line, Context data, etc).

Classification – A way to group Issues and Pull text/language for bug generation via Templates.

 

--Result Types--

MatchInfo – This contains all the information about a particular pattern match. This includes things like the : FileInfo, Pattern, Line#, Line, Line Context, etc.

Bug – Contains one or more MatchInfos, along with the selected Template + Issue category.

FileInfo – Contains the Path and File Name.


GrepResult – Contains Many MatchInfo’s for a particular GrepRequest. 

Last edited Nov 19, 2012 at 4:33 PM by lafkuku, version 3

Comments

No comments yet.