OWASP O2 Platform Blog

O2 Tool – AST Search (.NET Static Analysis)

Here is a very useful tool built on top of O2‘s AST-base static analysis engine.

The tool is is called ‘Search AST’ and allows for ‘AST based’ searches of C# source code files.

How to use this tool

  • On main O2 Gui, in the ‘Custom O2s’ tab, click on the ‘DotNet Static Analysis’ button:

Image:4_10_2011_7_00_07_AM_tmp5801.jpg

  • Then on the ‘AST & PoCS’ tab , click on the ‘ascx_SearchAST’  button:

Image:4_10_2011_7_00_37_AM_tmpCB3E.jpg

  • This will open a gui that looks like this:

Image:4_10_2011_7_02_34_AM_tmp967A.jpg

  • Now find the folder with the C# source code to analyse and drag & Drop it into the rigth-left treeview

Image:4_10_2011_7_05_44_AM_tmp7A1B.jpg

  • Once that loads up, you can select on the INode types on the left to see the cases where they show up

Image:4_10_2011_7_06_43_AM_tmp616F.jpg

  • You can do searches on the selected INode type (in this find searching for WebMethod in the Attribute INodes)

Image:4_10_2011_7_10_52_AM_tmp29E2.jpg

  • and you can also do a global search on ALL INodes

Image:4_10_2011_7_12_07_AM_tmp513C.jpg

  • the list show on the Search Result TreeView is the unique list of string matches

Image:4_10_2011_7_13_00_AM_tmp1D18.jpg

  • and the list that is show on the ‘Source Code Lines’ Treeview is a list of the source code lines that match the current selected item

Image:4_10_2011_7_14_27_AM_tmp720B.jpg

April 10, 2011 - Posted by | .NET, .NET SAST

2 Comments »

  1. […] script will show how to use the control that builds up the O2 Tool – Search AST to perform a custom search for all variables that are assigned the value of […]

    Pingback by Scripting “O2 Tool – AST Search” to find Null references (.NET Static Analysis) « O2Platform.com for Developers | April 10, 2011 | Reply

  2. […] O2 Tool – AST Search (.NET Static Analysis) […]

    Pingback by Script to fetch and present large number of Wordpress.com blog entries « O2Platform.com for Developers | April 16, 2011 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: