OWASP O2 Platform Blog

O2 Tool – AST Search (.NET Static Analysis)

Here is a very useful tool built on top of O2‘s AST-base static analysis engine.

The tool is is called ‘Search AST’ and allows for ‘AST based’ searches of C# source code files.

How to use this tool

  • On main O2 Gui, in the ‘Custom O2s’ tab, click on the ‘DotNet Static Analysis’ button:


  • Then on the ‘AST & PoCS’ tab , click on the ‘ascx_SearchAST’  button:


  • This will open a gui that looks like this:


  • Now find the folder with the C# source code to analyse and drag & Drop it into the rigth-left treeview


  • Once that loads up, you can select on the INode types on the left to see the cases where they show up


  • You can do searches on the selected INode type (in this find searching for WebMethod in the Attribute INodes)


  • and you can also do a global search on ALL INodes


  • the list show on the Search Result TreeView is the unique list of string matches


  • and the list that is show on the ‘Source Code Lines’ Treeview is a list of the source code lines that match the current selected item


April 10, 2011 - Posted by | .NET, .NET SAST


  1. […] script will show how to use the control that builds up the O2 Tool – Search AST to perform a custom search for all variables that are assigned the value of […]

    Pingback by Scripting “O2 Tool – AST Search” to find Null references (.NET Static Analysis) « O2Platform.com for Developers | April 10, 2011 | Reply

  2. […] O2 Tool – AST Search (.NET Static Analysis) […]

    Pingback by Script to fetch and present large number of Wordpress.com blog entries « O2Platform.com for Developers | April 16, 2011 | Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: